Video Screencast Help
Security Response
Showing posts tagged with Messaging Gateway
Showing posts in English
Samir_Patil | 12 Nov 2013 08:34:49 GMT

Contributor: Vijay Thawre

Typhoon Haiyan, one of the strongest tropical cyclones on record struck the Philippines this week, leaving behind a trail of mass destruction. With more than 10,000 people dead, call for help has been raised by several NGOs and organizations worldwide. Donation requests have been posted on different social networks as well as some popular websites. Meanwhile, spammers have started taking advantage of the situation by sending email containing fake donation requests.

Figure_0.png

Figure. Philippines Typhoon Haiyan scam email

In the the example shown in this blog, the spammer has sent an email that seems perfectly fine at first glance, but when you take a closer look, you can see the email is sent from a different email ID with the subject line "HELP PHILIPPINES".

The spammer disguises himself as a...

Christopher Mendes | 30 Oct 2013 07:35:35 GMT

Diwali is just around the corner and many users will be doing their festive shopping online since online shopping is cool, fast and easy these days.

India has come of age when it comes to online shopping. Many Indians are turning towards this easier mode of purchase, which is less time consuming and comes with better bargains. But online shopping is also turning out to be an easy hunting ground for opportunistic cybercriminals. Scammers and fraudsters are once again doing the rounds with "out-of-the-world offers and speedy deliveries" to users’ doorsteps.

In the sample case discussed in this blog, third-party mailers and recently registered spammy domains are being used for nefarious Web activities. The samples discussed below illustrate how the spammers have conducted a thorough study of India’s online shopping environment, and customized their campaigns accordingly.

Subject: This Diwali Gift  B[REMOVED] – A...

Anand Muralidharan | 28 Oct 2013 06:33:53 GMT

Many people are waiting eagerly for Halloween, a holiday filled with mystery, magic and fantasy, where bonfires were lit and costumes were worn to ward off roaming ghosts. As expected, Halloween Day spam messages have started flowing through Symantec’s Probe Network. In this spam, users are asked to complete a fake survey, and then to click a URL containing the spam message, which redirects them to a website with a bogus Halloween Day offer.

 Top word combinations used in spam messages include:

  • Halloween – Costumes
  • Halloween – treat
  • Halloween – Special
  • Halloween – Survey

figure 1.png

Figure 1. The spam asks users to complete a fake survey for an offer

After a user completes the survey, a...

Samir_Patil | 17 Oct 2013 12:23:13 GMT

Contributor: Binny Kuriakose

The funding gap in US, which resulted in a shutdown of a large portion of the United States federal government, has  started affecting economic growth in the country. Large portions of the federal workforce were required to work without immediate pay, while some were indefinitely furloughed.

Symantec recently uncovered spam campaigns, which started promptly following the shutdown announcement, targeting the affected victims. In the past,  spammers tried to take advantage of the general gloom, but now they are directly targeting the raw financial state the sudden shutdown has left people in. This could probably be a last ditch effort to haul in more spoils before the US shutdown is lifted, especially in light of the senate’s deal, which is currently being made to end the shutdown.

This new wave of spam is designed  to manipulate  victims into applying for loans and inevitably disclose their...

Anand Muralidharan | 14 Oct 2013 10:33:39 GMT

Diwali, also known as the festival of lights, is a much loved five-day long Hindu festival. The festival is enjoyed by many people and lifts the mood and spirit of everyone taking part in the celebrations. This year, the festival of Lights is being celebrated in November and as expected Diwali themed scam emails have started to flow into the Symantec Probe Network.

One scam email we have identified, appears to be from the Reserve Bank of India and claims that the email recipient has been awarded a prize of 4 crore and 70 lac Indian rupees, which equates to 10,700,000 Indian rupees or approximately US$175,000, in a Diwali celebration promotion. To claim the prize, the recipient is asked to send their personal information to a given email address.

The following subject line has...

Ashish Diwakar | 03 Oct 2013 14:11:54 GMT

Spammers are now leveraging news around the Kenya terror attack by targeting users through an email message that claims to contain news on the attack but in fact contains malware. The spam email includes a malicious URL in the body of the message that redirects users to a compromised Web page that downloads W32.Extrat.

When the malware is executed, it may create the following file:

  • %Windir%\installdir\server.exe

This allows the attacker to steal passwords and gain access to sensitive files and information belonging to the user.

Kenya.png

Figure. Screenshot of spam email asking user to download .exe file

The email displays a message to “Click HERE to view & watch” videos and images of the terror attack at the...

Anand Muralidharan | 02 Oct 2013 10:42:56 GMT

The latest news making headlines around the world is about the partial shutdown of the US government, which failed to agree on a new budget. Ever quick to take advantage of a situation, cybercriminals have begun to send various spam messages related to the government shutdown. These spam messages have started flowing into the Symantec Probe Network. We have observed that most of the spam samples encourage users to take advantage of clearance sales on cars and trucks. Clicking the included URL will automatically redirect the user to a website containing a bogus offer.

US_Gov_Spam.png

Figure 1. US government shutdown themed spam email

In the messages Symantec has observed, the spammers are using a random email header, which may be an attempt to evade antispam filters. Some of the headers used in this latest spam campaign can be easily recognized...

Anand Muralidharan | 30 Sep 2013 14:00:20 GMT
Symantec has observed a new spam tactic targeting YouTube using .avi and .mp3 extensions in URLs by placing a random YouTube link in the email content. This spam threat is also targeting the pharmaceutical industry, as we have previously observed in this blog: Pharma Spammers Brandjack YouTube.
 
In this new spam threat, users will be redirected to a fake pharmacy website when they click on the links. The following URLs were seen in spam samples using .avi and .mp3 extensions examined by Symantec:
 
http://www.[REMOVED].com/Fox.avi
http://www.[REMOVED].com/Yamamoto.avi
http://www.[REMOVED].vn/Larue.avi 
http://www.[REMOVED].com/McAlear.avi
http://www.[REMOVED].ru/87342.mp3
http://www.[REMOVED].ru/327182.mp3
http://www.[REMOVED].fr/472738.mp3
http://www.[REMOVED...
Nick Johnston | 12 Sep 2013 11:14:56 GMT
Phishers are known for making their phishing sites look exactly like the sites they are spoofing. We have seen plenty of examples of the detail they employ, like using JavaScript to include the current date in their static pages. In recent times, Symantec have seen an increase in generic email phishing. Unlike normal phishing, where phishing messages usually have a target in mind (bank customers or social network users, for instance), the generic email phishing technique is slightly different. In generic email phishing, the phishers will target any email address; who the target is does not matter.
 
These generic phishing messages usually claim that the recipient's mailbox size has been exceeded, and direct them to urgently "re-validate" their mailbox to prevent disruption to their email. Symantec recently identified a generic email phishing website which, at first glance, appeared normal. It looked fairly amateurish—demonstrating...
Christopher Mendes | 09 Sep 2013 17:22:41 GMT

Contributor: Binny Kuriakose

Spammers continue to leverage the crisis in Syria for their personal gain. Besides taking advantage of a scam message that claimed to be from The Red Cross, spammers are now taking advantage of emails about the news in Syria. They have snuck in a few malicious messages containing random URLs that entice users to go to a compromised malicious website that hosts obfuscated JavaScript codes that downloads the Trojan, Downloader.Ponik.

When the Trojan is executed, it may create the following files:

  • %TEMP%\[RANDOM CHARACTERS FILE NAME].bat
  • %UserProfile%\Local Settings\Application Data\pny\pnd.exe

The files then inject a malicious executable payload, which may allow the attacker to steal passwords and sensitive...