Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Messaging Gateway
Showing posts in English
What’s On the Spammers’ Menu This Holiday Season?
Samir_Patil | 27 Sep 2011 15:41:19 GMT | 0 comments

The holiday season is about to commence and spammers have resurfaced with new offers well in advance. We have already observed spam for Christmas and New Year in the month of September, not to mention spam for Halloween, which is fast approaching!

So, what’s on the spammers’ holiday menu?  Well, there are virus e-cards, bogus meds, some interesting Internet gift offers with crazy discounts, and loans to help you celebrate a spammy whammy Christmas and to welcome the New Year! And don’t despair, because for Halloween you have the much coveted replica products! The list is definitely going to extend as the season comes closer. Discussed in detail below is the spammers’ vacation bonanza.

Here are some of the various spam subject lines being used for the upcoming holiday season:

Subject: Re: Happy new year!!!!
Subject: You have received a Christmas Greeting Card!
Subject: Rolex For You Now -85%
Subject: With...

Read more
Phish Tastes Better Than Spam
Samir_Patil | 23 Sep 2011 21:39:48 GMT | 0 comments

Thanks to Shravan Shashikant and the Norton Confidential Online team for providing the data, and to Christopher Mendes for compiling it.

Does phish taste better than spam? Yes, perhaps it does. Allow me to explain.

The recent past has been one of the most volatile financial periods in history. World economies have reached a very critical stage—sovereign debt crises, bailouts, loan defaulters causing banks to shiver, sales shrinkages causing trade surplus, and bankruptcies. Add to all of this the fears of a double-dip economic recession theory making the rounds and it looks like a really dreadful picture.

But how does this affect the consumer from the point of view of email security? The consumer is the fulcrum point, the hinge of the story! All these negatives hits consumer spending in a very big way. The first wave of recession had definitely dented consumer confidence, and with the “Double Dip” theory lurking on the horizon it...

Read more
Delhi Blast Triggers Fake Pharmaceutical Products Spam Explosion
Samir_Patil | 19 Sep 2011 20:20:39 GMT | 0 comments

Thanks to Anand Muralidharan for contributing to this blog.

Recently there was a serious bomb blast outside the high court in Delhi, the capital of India. The blast happened on September 7, 2011, and the investigations are continuing with the National Investigation Agency (NIA). News of this terrifying event is being used by spammers to promote fake pharmaceutical products. In the past we’ve seen Mumbai terror attack news used by spammers for advertising pills—we blogged about it in Spammers Attempting to Cash in on Mumbai Terror.

Below are some spam subject samples:

Subject: Delhi explosion
Subject: Bombing at Delhi court kills 10

The domains that are included with these latest spam messages lead users to fake online pharmacies. Using domain names...

Read more
Spammers Mark 10th Anniversary of 9/11
Samir_Patil | 09 Sep 2011 21:50:48 GMT | 0 comments

Thanks to Vivek Krishnamurthi for contributing to this blog.

Every sensitive event is an opportunity to exploit. With this motive in the background, it is not surprising to see spammers exploit 9/11.  With the 10th anniversary of the tragedy just a day away, spammers want to make the best use of this emotionally charged environment. 

Here are two examples of scams that Symantec has noticed in recent days that attempt to exploit the emotional scars left by 9/11:
 
First email example exploiting 9/11
Figure 1: First email example exploiting 9/11
 
 
Second email example exploiting 9/11
Figure 2: Second email example exploiting 9/11
 
The first sample tries to entice...
Read more
Be the First to Snatch the Coveted iPhone 5
Samir_Patil | 07 Sep 2011 00:04:33 GMT | 0 comments

Thanks to Amit Kulkarni for his contributions to this blog.

Since its launch, the Apple iPhone has been on the wish lists of most consumers.  The iPhone 4 has already made an impression in the marketplace, so it is obvious that spammers will make the best of this opportunity.  Symantec observed spam tactics just before the release of iPhone 4 and is expecting an even greater spam volume when iPhone 5 is released to the market.

The next generation of iPhone is expected to hit the market in September and spammers don’t want people to wait until the official release. Below is a sample of spammer hype campaigning to lure people into their trap. As usual, the bait is a survey one has to complete to be eligible to own “this coveted piece of art!”


 
When...

Read more
Fake Offers with Fake Trust Seals
Mathew Maniyara | 05 Sep 2011 21:32:40 GMT | 0 comments

Thanks to the co-author of this blog, Wahengbam RobinSingh.

Phishers are constantly looking for new ideas in their efforts of tricking end users. In August, Symantec observed a phishing site that utilized a number of new tricks. The phishing site masqueraded as a well known software company and claimed to offer associated software products at discounted rates. The phishing page highlighted these fake offers as “summer offerings” and stated that customers could save 80% on their purchases. Users were prompted to enter their billing information, personal information, and credit card details to complete their purchases. The personal information that was requested consisted of the user’s email address and phone number. The credit card details that were asked for were the card number, CVV code, and card expiration date. If any users had fallen victim to the phishing site, the phishers would have successfully stolen their confidential information for...

Read more
How Long Will Those Libyan Treasures Last?
Kevin Haley | 31 Aug 2011 03:12:41 GMT | 0 comments

Famous or infamous, when you make news, the scammers pay attention. While we have come to expect the famous and infamous to show up in malware attacks that use spam and SEO poisoning, we shouldn’t be surprised when scammers leverage the spotlight that current events shine on the infamous. As Samir Patil blogged on Monday, the Gaddafi family is showing up in 419 scams. After all, few of us know a real Nigerian prince, but most of us have heard of Gaddafi, know he is in a bit of trouble, and might have the resources to buy his way out of trouble.

I can’t predict how events in Libya will end for the Gaddafi family. But I do predict that they will become very popular not only in 419 scams, but in a variation called the inheritance con.

Like the 419/Spanish prison scam, the inheritance con goes way back. The most famous version is the Drake scam, which started shortly after the...

Read more
A Tale of Horses, True Love, and Greed: A Closer Look at Spam Patterns from Asia
Timothy Lee | 24 Aug 2011 07:04:08 GMT | 0 comments

As you sit down and open Outlook to delete yet another “Satisfy her in bed tonight!” solicitation from Angelina Jolie, do you ever wonder if every spam email on earth looks the same? It is true that certain phrases in spam seems to resurface ad nauseum in every language imaginable, such as “replica watch”, “reloj”, and “ologi”. Ultimately however, just as with customs, food, and clothing, culture and lifestyle dictates people’s behavior and affects how they use computers. Spam works very much like advertising in that it also caters to different groups based on their cultural backgrounds and local trends for maximum scamming benefits. I will highlight an example of spam specific to Asian below to demonstrate how spam from the Far East differs from the typical med and 419 scams seen elsewhere.

Keiba (horse racing) scams

Japan has one of the biggest...

Read more
Spammers Leverage Amy Winehouse’s Death to Send Virus
Vivian Ho | 25 Jul 2011 19:45:15 GMT | 0 comments

The five-time Grammy award winner Amy Winehouse was found dead in London on July 23rd. Symantec has already observed spammers who are trying to capitalize on related news headlines by sending out malicious threats less than a day after the news was released.

The two samples given below are examples that we have observed. These Portuguese-language attacks use similar spam techniques. All samples are sent from randomized individual email accounts with various subject lines related to the celebrity’s death in an attempt to lure interested readers to open a malicious URL. Immediately after the link is clicked, a pop-up window is shown, which asks users to download a file that is loosely disguised as an image or video file, for example (anything other than an executable).

The file is given a name that is related to the celebrity, and of course isn’t an image or video file, but a malicious binary. Symantec has detected the threats in these samples as...

Read more
Phishing Apple’s iDisk
Mathew Maniyara | 14 Jul 2011 10:10:36 GMT | 0 comments

Apple's MobileMe is a collection of online services and software. Among its various services is a file-hosting service called iDisk. Recently, Symantec has recorded phishing sites that spoofed iDisk’s Web page. The phishing sites were hosted on a free Web-hosting site.

So, what’s in this service that interests phishers? The service is based on a paid subscription, with which files of up to 20 GB can be uploaded and shared. Phishers are looking to gain access to this service for free. This is an example of a phishing attack targeting user information for reasons other than financial gain.

The phishing site prompts the user to enter their password for logging in. (In this case, the user ID was already populated on the phishing page.) After the password is entered, the page redirects to the legitimate Web page of Apple MobileMe with an error message for an invalid...

Read more