Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Email Security.cloud
Showing posts in English
Sean Butler | 29 Oct 2014 06:04:06 GMT

spam_campaign_concept.jpg

Symantec has recently seen a spam campaign involving fake wire transfer request emails. While this technique is not new, and has had some coverage in the press this year, we have seen an increase in this type of spam recently.

The purpose of this type of email is very simple—to get the recipient to process a payment for non-existent goods or services by way of a wire or credit transfer. The scammers send an email to a target recipient, usually pretending to be from the CEO or a senior executive of an organization. The scammers will usually send the fake wire transfer emails to employees working in the finance department of a company, as those employees will have the ability to action payment requests.

Another tactic the scammers use...

Symantec Security Response | 28 Feb 2014 07:29:50 GMT

While the Sochi Winter Olympics may now be over without incident, considering all of the media attention and fears surrounding a potential terrorist attack at the event, it should come as no surprise that cyberattackers were preying on these uncertainties to target potential victims of interest.

During the games, Symantec saw multiple targeted email campaigns that used Sochi Olympics themes to bait potential victims. These observed email campaigns were blocked by our Symantec.Cloud service. In one such campaign, we saw that targets were being sent the following email.

figure1_0.jpg

Figure 1. Email purporting to relate to a terrorist threat at the Sochi Olympics

In this campaign...

Joseph Graziano | 06 Feb 2014 04:01:19 GMT

It was only a few months ago that Paul Walker that left us in a fiery car accident. These days it is common for spammers and malware writers to use a celebrity’s death to spread malware. In this case, it started with emails with links to a video of Paul Walker’s car on fire, but instead contained a link to a malicious file.

In the latest slew of emails, the sender makes a plea to the victim to find a Dodge Viper GT that was supposedly racing with Paul Walker’s car. The email asks that anyone with information call a number in the email or open the attached file to view a picture of the Viper GT’s driver. In every sample we have dealt with there is always a promise of reimbursement or compensation for helping capture the Viper GT’s driver.

These attacks are unique because of the regular change of subject lines and body text to bypass spam filters. The attacker tries to personalize the email with the recipient’s name in the body, subject, or attached file name.

...

Anand Muralidharan | 30 Sep 2013 14:00:20 GMT
Symantec has observed a new spam tactic targeting YouTube using .avi and .mp3 extensions in URLs by placing a random YouTube link in the email content. This spam threat is also targeting the pharmaceutical industry, as we have previously observed in this blog: Pharma Spammers Brandjack YouTube.
 
In this new spam threat, users will be redirected to a fake pharmacy website when they click on the links. The following URLs were seen in spam samples using .avi and .mp3 extensions examined by Symantec:
 
http://www.[REMOVED].com/Fox.avi
http://www.[REMOVED].com/Yamamoto.avi
http://www.[REMOVED].vn/Larue.avi 
http://www.[REMOVED].com/McAlear.avi
http://www.[REMOVED].ru/87342.mp3
http://www.[REMOVED].ru/327182.mp3
http://www.[REMOVED].fr/472738.mp3
http://www.[REMOVED...
Nick Johnston | 12 Sep 2013 11:14:56 GMT
Phishers are known for making their phishing sites look exactly like the sites they are spoofing. We have seen plenty of examples of the detail they employ, like using JavaScript to include the current date in their static pages. In recent times, Symantec have seen an increase in generic email phishing. Unlike normal phishing, where phishing messages usually have a target in mind (bank customers or social network users, for instance), the generic email phishing technique is slightly different. In generic email phishing, the phishers will target any email address; who the target is does not matter.
 
These generic phishing messages usually claim that the recipient's mailbox size has been exceeded, and direct them to urgently "re-validate" their mailbox to prevent disruption to their email. Symantec recently identified a generic email phishing website which, at first glance, appeared normal. It looked fairly amateurish—demonstrating...
Christopher Mendes | 09 Sep 2013 17:22:41 GMT

Contributor: Binny Kuriakose

Spammers continue to leverage the crisis in Syria for their personal gain. Besides taking advantage of a scam message that claimed to be from The Red Cross, spammers are now taking advantage of emails about the news in Syria. They have snuck in a few malicious messages containing random URLs that entice users to go to a compromised malicious website that hosts obfuscated JavaScript codes that downloads the Trojan, Downloader.Ponik.

When the Trojan is executed, it may create the following files:

  • %TEMP%\[RANDOM CHARACTERS FILE NAME].bat
  • %UserProfile%\Local Settings\Application Data\pny\pnd.exe

The files then inject a malicious executable payload, which may allow the attacker to steal passwords and sensitive...

Christopher Mendes | 19 Aug 2013 19:36:42 GMT

Contributor: Sujay Kulkarni

image1_9.png

The Ashes Test cricket series, one of most popular Test series in cricket, is played between England and Australia. It is played alternately in England and Australia and is the oldest test rivalry between these two sides. Cricket fans are glued to the TV and their online devices to watch this riveting series.

In the current Ashes series England is leading 3-0 and is on the cusp of creating history against Australia—if they beat them hands down in the last test match, which now is a real possibility. However, what is making the rounds is not Scholes, Carrick, or Robin Van Persie, but Captain Cook and his elite squad waiting to steamroll Australia.

This...

Christopher Mendes | 07 Aug 2013 08:17:13 GMT

It may sound strange, but one surefire sign that the economy is on the mend is an increase in stock spam. Yes, stock spam is a bellwether signal of an economic revival and if you want proof, check your email. Scattered in your bulk folder, you may find a myriad of such spam promising you ‘an opportunity of a life time.’ Rearing its ugly head every time there is a hint of an economic recovery, stock spam never misses an opportunity to try and con victims out of their hard-earned cash.

Over the years, stock spam has evolved, honing its method of psychologically hustling a victim into buying a particular stock that will ‘imminently’ be pumped up by some sort of syndicate. Stock spam creates an unwarranted urgency and promises a pot of gold at the end of it all.

Stock spam relies on a strategy called ‘pump and dump,’ where spammers create pseudo hysteria, beckoning victims to invest in penny or sub-penny stocks that would give...

Pavlo Prodanchuk | 25 Jul 2013 08:28:48 GMT

Last month Symantec posted few blogs (here and here) on an increase in spam messages with .pw URLs.

Since then the volume of URLs with .pw domains has considerably decreased. At the beginning of May the peak volume .pw domains accounted for about 50 percent of all spam URLs. Currently, .pw domains account for less than 2 percent for the last seven days.

Figure1_6.png

Figure 1. .pw TLD appearance in spam messages

The decrease in .pw domains is the result of a close collaboration between Symantec and Directi in reporting and taking down the .pw domains associated with spam.

The latest evidence from the Global Intelligence Network shows that even with such a small presence of...

Pavlo Prodanchuk | 23 Jul 2013 12:41:01 GMT

For the last few months, Symantec has been observing pharmacy related spam attacks where spammers are using the legitimate Google Translate service to avoid anti spam filters. 

Most of the samples received were sent from hijacked email addresses from popular free mail services. 
The majority of the messages’ subject lines were promoting either online pharmacies or well-known  tablets such as Viagra, Cialis and others. Furthermore, in an effort to make the spam immune to filters, several observed subject lines contained randomized non-English characters or words inserted at the beginning or end of the subject line. 

Figure1_4.png

Figure 1. Sample subject lines

The body of the spam message contains a Google Translate link as well as promotional text explaining the advantages...