Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Hosted Mail Security
Showing posts in English
Whitewashed Spam – How Antispam Laws Are Helping Spammers
Samir_Patil | 23 May 2013 23:14:57 GMT | 0 comments

Contributor: Binny Kuriakose

Anonymity disguised as freedom of expression and lack of clear cut laws makes cyberspace murky from a security point of view. Countries are waking up and realizing that there is a need for laws which enable authorities to catch and punish cyberspace miscreants; however, these miscreants are very crafty.

Spammers are known to use ingenious methods to peddle spam and lately they have even begun using antispam laws themselves in an effort to spearhead spam attacks. This blog is not about analyzing the effectiveness of antispam laws; it is about how spammers are quoting the laws in emails in order to make the spam look legitimate.

There are some “grey area” emails, which fall somewhere between spam and legitimate mail, and sometimes there can be something very inconspicuous in the mail that can tip the balance in the mind of a recipient. Quoting antispam law in the body of the email and claiming that the email...

Read more
Rise in URL Spam
Samir_Patil | 23 May 2013 12:03:44 GMT | 0 comments

Symantec is observing an increase in spam containing URLs. On May 16, URL spam volume increased by 12% from 84% to 96% and since then the URL spam volume fluctuated between 95% and 99%. That means 95% of the spam messages delivered during this period has one or more URLs in it.

Figure1_0.png

Figure 1. URL spam message volume

During this period, .ru was the most used top-level domain (TLD). As illustrated in Figure 2, it is interesting to note a drop in .ru spam and a simultaneous rise in .com and .pw spam. Over 73% of the URL spam contained the .ru, .com, or .pw TLDs.

Figure2.png

Figure 2. Top 3 TLDs distribution (last seven days)

...

Read more
Phishers’ New Fake Social Media Apps
Mathew Maniyara | 23 May 2013 06:03:47 GMT | 0 comments

Phishers are trying everything they can to improve their chances of harvesting user credentials. They are known for experimenting with different fake social media applications in a desperate move to lure users. Recently, we found a few examples of some new fake apps.

In the first example, the phishing site used an image of a girl along with the Facebook Like button. After clicking the button, users are prompted for their Facebook login credentials in order to “like” the photo. After the credentials are entered, the phishing site acknowledges the login and asks users to click another Like button. The button is placed beside a fake number indicating the number of likes already gained. The phishing site was hosted on servers based in Amsterdam, Netherlands.

Phishers_fake_FB_image1.png

Figure 1. Facebook Like button...

Read more
Spammers Targeting Oklahoma Tornado Victims
Anand Muralidharan | 23 May 2013 04:11:25 GMT | 0 comments

Natural disasters, like tornadoes and earthquakes, are quite common in the United States of America. Unfortunately, the Oklahoma City suburb of Moore experienced a violent tornado on Monday, May 20, that sadly resulted in dozens of casualties. Spammers take advantage of natural disasters with luring scams and Symantec Security Response has started to observe spam messages related to this tornado flowing into the Symantec Probe Networks. The top word combinations used in message headlines include:

  • Tornado – hits – Oklahoma
  • Massive – Tornado
  • Huge – Tornado
  • Tornado – survivors

Spammers Targetting 1.jpeg

Figure 1: Oklahoma City tornado spam campaign
 

These headers have been observed in the spam attack:

...
Read more
Spammers Make Memorial Day Memorable
Anand Muralidharan | 20 May 2013 19:02:16 GMT | 0 comments

Memorial Day is celebrated on May 27 and it is a day for memorializing the men and women who have died in military service for the United States. It is a common practice for cybercriminals to take advantage of events and holidays. This year, various spam messages related to Memorial Day have begun flowing into the Symantec Probe Network. We have observed that most of the spam samples encourage users to take advantage of clearance sales on cars and trucks. Clicking the URL will automatically redirect the user to a website containing some bogus offer.
 

Spammers Memorial 1 edit.png

Figure 1: Memorial Day financial spam
 

A variety of subject lines have been observed related to the clearance sale spam attacks for Memorial Day:

  • Subject: Memorial Day Auto...
Read more
Phishers Offer Rita Ora’s Video
Mathew Maniyara | 16 May 2013 02:10:31 GMT | 0 comments

Contributor: Avdhoot Patil

Celebrity scandals are always popular and phishers are keen on incorporating them into their phishing sites. Recently, we observed a phishing site featuring British singer and actress Rita Ora. The phishing site was hosted on a free Web hosting site.

rita_ora_phishing.png

 

The phishing site prompted for Facebook login credentials that called the video a “social plugin”. The phishing page contained an image of a fake YouTube video of Rita in the background. The title of the video in question described it as an adult video of Rita Ora. A recent event involving an accidental exposure of Rita instigated phishers into devising this bait. The phishing site gave the impression that users could view the video shown in the background when login credentials are entered. In reality, after login credentials are entered,...

Read more
Increase in Pump and Dump Stock Spam
Anand Muralidharan | 15 May 2013 18:01:13 GMT | 0 comments

In the last few weeks we have observed a drastic increase in “penny stock” spam emails. In 2011 Symantec published a blog entitled Global Debt Crises News Drives Pump-and-Dump Stock Scams, which also dealt with this type of spam.

Penny stocks, also known as cent stocks, are shares in small companies that trade at low prices, often as low as a few cents per share. Penny stocks are a very popular topic used by spammers. The spam emails advertise the cheap shares and state that the company is on the verge of becoming very successful and that the value of the shares will rise significantly. The emails make out that the company is more valuable than it actually is and implies that they have just created some major product or are on the verge of a breakthrough and that the share value is tipped to rise dramatically. The aim is to increase sales of the stock,...

Read more
Fake Promotional Offers Targeting UEFA Champions League 2013
Anand Muralidharan | 10 May 2013 07:40:10 GMT | 0 comments

The 58th season of the UEFA Champions League is coming to an end with the final being played on May 25 at Wembley Stadium in London. Nowadays, cybercriminals are gaining a lot of interest in football, at least inasmuch as how to exploit interest in football to their advantage, and Symantec has recently blogged about cybercriminals continuing to show interest in football.

Spammers are exploiting the latest sporting event by sending spam of fake ticket offers through email. Below is an Italian spam campaign we have observed targeting the UEFA Champions League with a fake ticket offer promotion.

Champions league one.png

The spam can be identified by the following headers:

Subject: Scopri come puoi vincere i biglietti per la Finale UEFA Champions League...

Read more
Escrow Scams Searching New Avenues
Samir_Patil | 09 May 2013 03:10:11 GMT | 0 comments

Contributor: Binny Kuriakose

People dream big when buying expensive items like a car or a property. When those dreams are seen with very affordable price tags it certainly attracts everybody’s interest. There are lots of websites available that allow people to post free classified advertisements online and one of the biggest categories is that of used cars. This is the new breeding ground for the old escrow tricksters.

This blog will discuss an interesting case of how a free classified advertisement and an escrow service turned out to be an online scam.
 

What are escrow services?

Escrow services are essentially mediators in trade that ensure all terms, agreed by both parties, are met. Escrow companies take the payment from the buyer and ‘hold it’ until the seller delivers the goods to the buyer and all the terms of sale are met. If you are buying an item from an unknown party without meeting face-...

Read more
Spammers Continue to Exploit Mother’s Day
Anand Muralidharan | 06 May 2013 08:43:36 GMT | 0 comments

Mother’s Day is celebrated in many countries on May 12 and it’s a day for children, regardless of age, to express their love to their mother by giving her a gift. Spam messages related to Mother’s Day have begun flowing into the Symantec Probe Network. Clicking the URL contained in the spam message automatically redirects the recipient to a website containing a bogus Mother’s Day offer upon completion of a fake survey.

mothers 1.png

Figure 1: Survey spam targeting Mother’s Day

Once the survey is completed, a page is then displayed asking the user to enter their personal information in order to receive the bogus offer.

mothers 2.png

Figure 2...

Read more