Video Screencast Help
Security Response
Showing posts tagged with Messaging Gateway
Showing posts in English
Samir_Patil | 27 May 2010 17:35:10 GMT

The 2010 FIFA World Cup kicks off on June 11th in South Africa. As 32 countries warm up for this esteemed international soccer event, cyber criminals are getting busier, too.

So far, Symantec has observed scam, phishing, and malicious attachment spam related to the 2010 FIFA World Cup. Of these, 419-scam messages stand out as major contributors. Below are two examples of typical 419-spam related to the FIFA World Cup:

In many of the phishing samples spammers are targeting the Visa brand, which is one of the six global FIFA partners. Visa announced a “Go Fans” promotion offer in which card holders get the chance to win a trip to South Africa to experience the 2010 World Cup matches. Aware of the fan frenzy involved with watching live World Cup...

Eric Park | 12 May 2010 19:02:01 GMT

“Dotted quad” spam makes a splashy return to this report as the volume more than tripled from the month prior. The most observed spam subject line of the month was also the dotted quad spam attack. With respect to message size, attachment spam continued to creep up in volume in March. This, along with an increase in NDR spam, raised the average message size. The 5kb – 10kb bucket increased by over four percentage points and the 10+kb bucket increased by over nine percentage points. With respect to spam categories, scam and phishing messages in April accounted for 17 percent of all spam, remaining unchanged compared to March. Overall, spam made up 89.22 percent of all messages in April, compared with 89.34 percent in March.

Please download the May 2010 State of Spam & Phishing Report, which highlights the following trends:...

Samir_Patil | 10 May 2010 20:12:05 GMT

In April, when a sequence of volcanic eruptions took place at Eyjafjallajökull in Iceland, Symantec reported a wave of online pharmacy spam in which news related to the volcano was used in spam “Subject” lines. The blog, entitled Iceland Volcano Eruption Triggers Blue Pill Cloud, discusses the first of several rounds of spam related to the volcanic ash cloud.

This recent spate of volcano spam attempts to spread a malicious binary that is detected as Infostealer.Bancos by Symantec antivirus. The mail message claims to have the first videos of an air crash that took place in Portugal because of problems with the volcanic ash. The message alleges that the cloud of ash damaged the aircraft engine, causing it to crash into homes and kill more than 150...

Vivian Ho | 10 May 2010 19:10:57 GMT

Mother’s Day was yesterday—hopefully you didn’t forget! I also hope you weren’t too worried about getting a decent gift for your mom. There was no shortage of spammers who wanted to help you out with that. Symantec observed that spam related to Mother’s Day had, of course, increased since mid-April. Touching gift selections as well as flowers and greeting cards were being offered.

The following Mother’s Day spam samples were the most frequent types of messages that were seen. The messages came in hit-and-run spam form, the body content often changing from domains and promotional text to advertising images:

From: "eCards" <eCards@[Details Removed]>
Subject: Make your Mother smile this Sunday


From: Mothers Day Flowers <flowers@[Details Removed]>
Subject: $19.99 Mothers Day Flowers + Free...

Samir_Patil | 07 May 2010 13:09:59 GMT

Protecting personal information on the Internet is always a concern for computer users. Phishers are notorious for plotting sophisticated attacks that push them into a user’s inbox. In the Symantec Probe Network we have observed an interesting phishing sample in which spammers are focusing on individualized attacks.
With this tactic the phishing message is tweaked slightly to give a personalized look. The email message is an online fund transfer notification and contains the name of the user in the email salutation. The message also alleges that funds have been transferred to a user’s account by an actual person, and the supposed name of that person is provided. The “From” header is forged to appear as if the email originates from a legitimate bank. The URL provided in the message actually directs the user to the phishing website.


Mayur Kulkarni | 29 Apr 2010 20:56:35 GMT

Surprising? Not the least bit. Spammers have always shown their liking for big names and brands. And very often these brands are abused to spread malware or gain access to users’ accounts. However, they are also sometimes used only to entice users to open emails. These emails may contain links to pornographic or pharmacy sites.

During recent times we have monitored spam attacks that have used the email templates of famous Internet brands such as Amazon, Apple, and now, Twitter. Using the email templates of well-known newsletters and notifications is a commonly known trick to make recipients believe the authenticity of spam email. Recipients may treat these emails as legitimate and may open them without any suspicion. Though this attack uses an old trick, we feel it is important that users are reminded about this type of spam campaign, which has been observed for over a month or so. We have seen...

Suyog Sainkar | 27 Apr 2010 21:11:56 GMT

We first reported a similar 419 scam email back in the July 2008 State of Spam report. Let’s first understand what a 419 scam is. 419 spam is named after the section of the Nigerian Criminal Code dealing with fraud, and refers to spam email that typically alerts end users that they are entitled to a sum of money, by way of lottery or a new job or by being nominated as beneficiaries to the fortune of a retired government official or a wealthy person. This is also sometimes referred to as an advance fee fraud.

Symantec recently observed another 419-type spam attack where the spammer obtained a user’s credentials and sent out email to the contacts in the victim’s address book, seeking help in the form of money—obviously with a cooked-up story. Here is a spam message sample:

From: "Xxx Xxxx" <...

Samir_Patil | 22 Apr 2010 20:15:28 GMT

A series of volcanic eruptions in Iceland has affected thousands of people worldwide. Poor visibility due to a plume of ash and smoke impelled several European countries to completely close their airspace. Because of this, large numbers of travelers willing to travel to or from Europe have been stuck in airports.

Now, without mercy, spammers are utilizing this catastrophe to push health-related spam. In the Symantec Probe Network we have monitored thousands of spam messages linked to the Icelandic volcanic eruption.

The subject line samples are as follows:

Subject: Fears volcano chaos will continue airstream
Subject: Sport left grounded by volcano affreight
Subject: Volcano ash affects air travel adjuror
Subject: Sport left grounded by volcano acid
Subject: Fears volcano chaos will continue albumoses
Subject: Fears volcano chaos will continue achtel

The spam message looks like a legitimate news alert. The...

Eric Park | 16 Apr 2010 07:56:38 GMT

After the tragic earthquakes in Haiti and in Chile, there were no additional natural disasters for spammers to take advantage of. Instead, spammers continued to focus on seasonal and calendar events such as the Easter holiday to deliver spam messages. With respect to spam message size, there was a marked increase in spam messages between 5kb and 10kb (a rise of over 10 percentage points), which correlates to an increase in attachment spam. Overall, spam made up 89.34 percent of all messages in March, compared to 89.99 percent in February.

Click to download the April 2010 State of Spam & Phishing Report, which highlights the following trends:

•    Spam as Economic Indicator
•    Mass Phishing of Retail Electronic Payment Brands
•    Phishing of Indian Job Sites...

Mayur Kulkarni | 16 Apr 2010 07:49:41 GMT

The Polish President Lech Kaczynski, his wife, and top Polish officials were recently killed in a tragic plane crash in a forest near Smolensk, Russia. Without wasting a moment, scammers have latched onto this dreadful incident to send spam email messages. Symantec has come across scam messages that refer to this plane crash and there have been numerous attempts to lure recipients into a so-called opportunity of becoming a beneficiary of massive wealth.

The messages in this latest spam run take the form of a typical “419 scam” email, in which the scammer introduces himself as a banker who is in charge of a deceased customer’s account; in this case he claims to be a director of a bank in Malaysia and the customer is Mrs. Maria Kaczynski, wife of Polish President Lech Kaczynski. The scammer claims that he will use his purported director’s position to change all of the information and documents related to the actual fund beneficiary in favor of the...