Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Messaging Gateway
Showing posts in English
Mayur Kulkarni | 29 Apr 2010 20:56:35 GMT

Surprising? Not the least bit. Spammers have always shown their liking for big names and brands. And very often these brands are abused to spread malware or gain access to users’ accounts. However, they are also sometimes used only to entice users to open emails. These emails may contain links to pornographic or pharmacy sites.

During recent times we have monitored spam attacks that have used the email templates of famous Internet brands such as Amazon, Apple, and now, Twitter. Using the email templates of well-known newsletters and notifications is a commonly known trick to make recipients believe the authenticity of spam email. Recipients may treat these emails as legitimate and may open them without any suspicion. Though this attack uses an old trick, we feel it is important that users are reminded about this type of spam campaign, which has been observed for over a month or so. We have seen...

Suyog Sainkar | 27 Apr 2010 21:11:56 GMT

We first reported a similar 419 scam email back in the July 2008 State of Spam report. Let’s first understand what a 419 scam is. 419 spam is named after the section of the Nigerian Criminal Code dealing with fraud, and refers to spam email that typically alerts end users that they are entitled to a sum of money, by way of lottery or a new job or by being nominated as beneficiaries to the fortune of a retired government official or a wealthy person. This is also sometimes referred to as an advance fee fraud.

Symantec recently observed another 419-type spam attack where the spammer obtained a user’s credentials and sent out email to the contacts in the victim’s address book, seeking help in the form of money—obviously with a cooked-up story. Here is a spam message sample:

From: "Xxx Xxxx" <...

Samir_Patil | 22 Apr 2010 20:15:28 GMT

A series of volcanic eruptions in Iceland has affected thousands of people worldwide. Poor visibility due to a plume of ash and smoke impelled several European countries to completely close their airspace. Because of this, large numbers of travelers willing to travel to or from Europe have been stuck in airports.

Now, without mercy, spammers are utilizing this catastrophe to push health-related spam. In the Symantec Probe Network we have monitored thousands of spam messages linked to the Icelandic volcanic eruption.

The subject line samples are as follows:

Subject: Fears volcano chaos will continue airstream
Subject: Sport left grounded by volcano affreight
Subject: Volcano ash affects air travel adjuror
Subject: Sport left grounded by volcano acid
Subject: Fears volcano chaos will continue albumoses
Subject: Fears volcano chaos will continue achtel

The spam message looks like a legitimate news alert. The...

Eric Park | 16 Apr 2010 07:56:38 GMT

After the tragic earthquakes in Haiti and in Chile, there were no additional natural disasters for spammers to take advantage of. Instead, spammers continued to focus on seasonal and calendar events such as the Easter holiday to deliver spam messages. With respect to spam message size, there was a marked increase in spam messages between 5kb and 10kb (a rise of over 10 percentage points), which correlates to an increase in attachment spam. Overall, spam made up 89.34 percent of all messages in March, compared to 89.99 percent in February.

Click to download the April 2010 State of Spam & Phishing Report, which highlights the following trends:

•    Spam as Economic Indicator
•    Mass Phishing of Retail Electronic Payment Brands
•    Phishing of Indian Job Sites...

Mayur Kulkarni | 16 Apr 2010 07:49:41 GMT

The Polish President Lech Kaczynski, his wife, and top Polish officials were recently killed in a tragic plane crash in a forest near Smolensk, Russia. Without wasting a moment, scammers have latched onto this dreadful incident to send spam email messages. Symantec has come across scam messages that refer to this plane crash and there have been numerous attempts to lure recipients into a so-called opportunity of becoming a beneficiary of massive wealth.

The messages in this latest spam run take the form of a typical “419 scam” email, in which the scammer introduces himself as a banker who is in charge of a deceased customer’s account; in this case he claims to be a director of a bank in Malaysia and the customer is Mrs. Maria Kaczynski, wife of Polish President Lech Kaczynski. The scammer claims that he will use his purported director’s position to change all of the information and documents related to the actual fund beneficiary in favor of the...

Mayur Kulkarni | 14 Apr 2010 08:59:50 GMT

Does anyone really care about opening a zip file to examine an RTF or JPEG file? This task—combined with a dull, unexciting, unstimulating subject line—competes with the content of the email to win a race of worthlessness. This is how we at Symantec feel about recent, short-lived spam attacks using compressed RTF and JPEG files. Spammers have traditionally used zip files to carry executables, but in most cases the subject line or the content of the message made an effort to encourage users to open the attachment.

There are cases of spamming attacks in which HTML attachments opened up a fully functional Web page, capable of carrying sensitive user information back to the fraudsters. However, with this latest spam attack using zipped files, not only have the spammers made an attempt to escape anti-spam filters, they’re missing out on reaching any users as well. The scope of returns for these messages looks to be much less rewarding than other comparable...

Dermot Harnett | 09 Apr 2010 23:07:51 GMT

...and some of it masquerades as “marketing” and “newsletter” emails.

In March 2010, spam continued to account for a high percentage of all email traffic, peaking at 93.6% of all messages. The majority of this spam email was sent using certain tactics that were deployed to hijack unsecured computers and hide the senders’ identity. Recently, however, there has been an uptick in spam “marketing” and “newsletter” emails. These spam marketing and newsletter emails share one significant commonality with “regular” spam emails, which is that they are unwanted email messages sent to individuals who have no formal relationship with the message sender.

The distinction between the spam marketing and newsletter email and regular spam email includes the following:

•    The sender of the spam marketing and newsletter email may not go to extraordinary...

Mayur Kulkarni | 09 Apr 2010 08:09:48 GMT

The Indian Premier League 2010 is a huge attraction for the cricket-crazy population in India. These matches are packed with all the ingredients to entertain, and are capable of satisfying viewers’ hunger for more and more cricket matches. People are ready to buy tickets in all possible ways just to watch their local and international cricket stars play. Symantec was anticipating a spamming campaign against ticket sales during the initial period of the sporting extravaganza; however, it is just halfway through the event and still not too late to lure email users with offers related to IPL tickets.

Symantec has now come across few spam samples that offer free tickets/passes to the recipients. In return, users need to register on a website. After registering with this website, spammers claim that users may receive a free IPL ticket through a lucky draw.

Here are a few sample images of the spam messages:
 
...

Dermot Harnett | 08 Apr 2010 19:00:00 GMT

The National Bureau of Economic Research has previously indicated that the United States has been in a recession since December 2007. What is interesting to note here is that Symantec first reported that spammers were showing an interest in the slowdown of the economy in October and November of 2007, so this begs the question, “Can the focus of spam email be used as an economic indicator or barometer?” Let’s take a brief look at the recession (thus far) by looking through Symantec's spam folder (a.k.a. the Symantec Global Intelligence Network).

•    October 2007: Spammers Feed Off Housing Crisis
•    January 2008: As Oil Prices Hike, Spammers Strike:
•    February 2008: Rising gas prices lead spammers to bio-fuel
•    June 2008: Economic Climate Helps Fuel Spam Climate
•...

Vivian Ho | 01 Apr 2010 20:46:00 GMT

As Easter approaches, spam related to this upcoming holiday is expected. Spammers didn’t send malicious greetings like last year—they sent out various product promotion ads instead. One particular coupon promotion page offers recipients a free coupon for digital TV service for Easter. A domain attack was observed from this spam attack, and the offer page changed to different product coupons on a daily basis.

From: "The Easter Bunny" <EasterBunny@ [Details Removed]>
Subject: How to make this Easter even more magical...

In another Easter spam message we observed a gift basket promo message that is just like ordinary hit-and-run spam, in which the spammers try to bypass spam filters by changing the registered domains while using the same promotional ads. Spam...