Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Messaging Gateway
Showing posts in English
Anand Muralidharan | 13 Jun 2013 18:43:50 GMT

The International Cricket Council (ICC) Champions Trophy 2013 is currently being held in England and Wales. The group matches are already in progress and the grand finale will be held on June 23. In the past, Symantec observed various spam emails targeting the ICC World T20 and the Cricket World Cup. As expected, we have seen ICC Champions Trophy 2013 scam emails flowing into the Symantec Probe Network.

Nigerian scammers have reached out through text based emails, .doc files, and PDF files. Here, the scam message is attached as a .doc file called ICC UPDATE.doc. The email says that the reader has won a brand new Camry Solara worth 85,000 Euro. This is typical of 419 scams. The scam email explains that the winning email address was obtained in a raffle and was sent to the final drawing conducted at...

Ashish Diwakar | 11 Jun 2013 04:44:49 GMT

Contributor: Avdhoot Patil

It seems that targeting football clubs, football celebrities, and football events has become a habit for phishers. They continue their uncivilized activities and in particular single out football. Now, phishers have set their eyes on the Real Madrid Football Club based in Madrid, Spain. Real Madrid is one of the world’s richest football clubs and has a large fan base.

Real Madrid fake login.png

Figure. Fake Facebook phishing page featuring Real Madrid and Cristiano Ronaldo.

 As we can see in the figure, the phishing page asks users to enter Facebook login...

Anand Muralidharan | 10 Jun 2013 20:59:45 GMT

Contributor: Vivek Krishnamurthi

The International Dance Competition “Dance Grand Prix Europe” is set to begin June 12 and will be hosted in Spain. The purpose of the competition is to showcase all the top dancers from various dance schools and this major event attracts choreographic talent from around the world. Spammers also don’t want to miss this event and the opportunity to circulate a scam.
 

image1_0.jpeg

Figure 1. Dance Grand Prix Europe 2013 spam
 

To grab the reader’s attention, the spam email reveals some appealing facts about the event along with "only a little fee" required but no additional charges for participation in the event. Clicking the URL will automatically redirect the user to a website...

Anand Muralidharan | 10 Jun 2013 13:27:32 GMT

A lot of people are counting down the days until they can express their appreciation and love towards their dads by giving them gifts for Father’s Day, which is celebrated on June 16. Last month we published a blog called Spammers Continue to Exploit Mother’s Day, now it’s the turn of Father’s Day, as spam messages have started flowing into the Symantec Probe Network. Most of the spam emails attempt to encourage users to take advantage of product offers, fake surveys, and replica watches. Clicking the URL contained in the spam message automatically redirects the user to a website containing a bogus offer.

Figure1_1.png

Figure 1. Gift offer spam

Figure2_0.png...

alisa_tsai | 10 Jun 2013 05:13:30 GMT

The Dragon Boat Festival, also known as the Duanwu Festival, is an important traditional holiday that has been celebrated by Chinese people as well as other people in East Asian societies for nearly 2,000 years. It is a day for people to drive away epidemics and evil spirits in summer by holding a series of symbolic activities because in ancient times, summer was considered to be a season of bugs, snakes, and fleas that could cause serious diseases.

There are several traditions followed on this day, such as holding a dragon boat race, eating sticky rice dumplings wrapped in bamboo (Zong zi), drinking realgar wine (Xionghuangjiu), and wearing perfumed medicine bags. Many of these activities involve some sort of commercial component—and spammers will never miss a good opportunity to make a profit.

This year, the Dragon Boat Festival is going to be celebrated on June 12, 2013. In the lead-up...

Ashish Diwakar | 04 Jun 2013 06:55:41 GMT

Contributor: Avdhoot Patil

Phishers have continued to focus on social networking sites as a platform for their phishing activities. Symantec is familiar with various phishing campaigns related to social networking. Celebrity promotions, fake applications, recharge airtime, and grand prizes are often used as phishing bait. In a recent example, phishers have used the Turkish Police Force in their phishing attack targeting Turkish Facebook users. The phishing site was hosted on a free Web hosting site.

Phishers_Turkish_police.png

Figure. Phishing site designed to look like an official Turkish Police Web page

The phishing site was in Turkish and it stated that it is owned by the General Directorate of Security, Turkey. The phishing page further stated that the Turkish Police has recently observed Facebook account...

Samir_Patil | 23 May 2013 23:11:55 GMT

Contributor: Binny Kuriakose

Anonymity disguised as freedom of expression and lack of clear cut laws makes cyberspace murky from a security point of view. Countries are waking up and realizing that there is a need for laws which enable authorities to catch and punish cyberspace miscreants; however, these miscreants are very crafty.

Spammers are known to use ingenious methods to peddle spam and lately they have even begun using antispam laws themselves in an effort to spearhead spam attacks. This blog is not about analyzing the effectiveness of antispam laws; it is about how spammers are quoting the laws in emails in order to make the spam look legitimate.

There are some “grey area” emails, which fall somewhere between spam and legitimate mail, and sometimes there can be something very inconspicuous in the mail that can tip the balance in the mind of a recipient. Quoting antispam law in the body of the email and claiming that the email...

Samir_Patil | 23 May 2013 12:03:44 GMT

Symantec is observing an increase in spam containing URLs. On May 16, URL spam volume increased by 12% from 84% to 96% and since then the URL spam volume fluctuated between 95% and 99%. That means 95% of the spam messages delivered during this period has one or more URLs in it.

Figure1_0.png

Figure 1. URL spam message volume

During this period, .ru was the most used top-level domain (TLD). As illustrated in Figure 2, it is interesting to note a drop in .ru spam and a simultaneous rise in .com and .pw spam. Over 73% of the URL spam contained the .ru, .com, or .pw TLDs.

Figure2.png

Figure 2. Top 3 TLDs distribution (last seven days)

...

Mathew Maniyara | 23 May 2013 06:03:47 GMT

Phishers are trying everything they can to improve their chances of harvesting user credentials. They are known for experimenting with different fake social media applications in a desperate move to lure users. Recently, we found a few examples of some new fake apps.

In the first example, the phishing site used an image of a girl along with the Facebook Like button. After clicking the button, users are prompted for their Facebook login credentials in order to “like” the photo. After the credentials are entered, the phishing site acknowledges the login and asks users to click another Like button. The button is placed beside a fake number indicating the number of likes already gained. The phishing site was hosted on servers based in Amsterdam, Netherlands.

Phishers_fake_FB_image1.png

Figure 1. Facebook Like button...

Anand Muralidharan | 22 May 2013 22:35:08 GMT

Natural disasters, like tornadoes and earthquakes, are quite common in the United States of America. Unfortunately, the Oklahoma City suburb of Moore experienced a violent tornado on Monday, May 20, that sadly resulted in dozens of casualties. Spammers take advantage of natural disasters with luring scams and Symantec Security Response has started to observe spam messages related to this tornado flowing into the Symantec Probe Networks. The top word combinations used in message headlines include:

  • Tornado – hits – Oklahoma
  • Massive – Tornado
  • Huge – Tornado
  • Tornado – survivors

Spammers Targetting 1.jpeg

Figure 1: Oklahoma City tornado spam campaign
 

These headers have been observed in the spam attack:

...