Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Email
Showing posts in English
Mathew Maniyara | 25 Oct 2011 21:55:06 GMT

Co-author: Avdhoot Patil

Celebrity promotion has gained momentum in the world of phishing. In October 2011, we observed Indonesian rock star Ahmad Dhani was being used as phishing bait and phishers continue their stream of celebrity bait with popular singers Selena Gomez and Demi Lovato. Celebrities with a large fan following are phishers’ favorites (because they believe a larger audience will mean more duped users).

In today's example, phishers created phishing sites that spoofed the login pages of a popular information services website. The phishing pages contained a picture of the singer and the page altered to give the impression that users could gain access to additional content about the celebrity after entering their own login credentials. It should be noted good websites will never alter the format of their login page for celebrity promotions. After the...

Mathew Maniyara | 19 Oct 2011 00:10:04 GMT

Thanks to the co-author of this blog, Avdhoot Patil.

In the month of January 2011 Symantec reported adult scams that targeted Indonesian Facebook users. These scams claimed to have an application in which users could view adult videos of Indonesian celebrities, taken from hidden cameras.

It seems that phishers are now using specific celebrities as bait for their phishing sites. This is unlike the previous Indonesian adult scams whose phishing pages gave the impression that the adult video would be of a random celebrity. In October 2011 phishers continued their adult scams on Facebook, but this time they chose the Indonesian rock star Ahmad Dhani in particular. Dhani is the frontman of the rock bands “Dewa 19” and “Ahmad Band”. The phishing site contained a photograph of Ahmad Dhani and Indonesian singer Dewi Persik. The Indonesian caption of...

Samir_Patil | 12 Oct 2011 01:07:37 GMT

Contributor: Christopher Mendes

When stalwarts pass away the world mourns their loss, tributes flow and emotions run high. Whenever we lose a legendary figure, their death brings shock or grief and people are hungry for any and every available piece of information about the "How" and the "Why" and the "When" related to the death of these important figures. We studied the aftermath of these icons’ passing and the eulogy written by spammers. The spammer’s sole motive is to use incidents to compromise weak systems.

On further examination of the collected data we traced a predictable pattern, the details of which are given below:

Michael Jackson Subject: Michael Jackson not dead
Subject: Michael Jackson seen alive
Subject: Michael Jackson lives
Samir_Patil | 07 Oct 2011 19:02:10 GMT

Contributor: Anand Muralidharan

The sad news making the rounds these days is the death of Steve Jobs, Apple Co-founder and former CEO. His death has been a terrible loss to both Apple and Apple fans everywhere.

Spammers are capitalizing on this incident by sending malicious links related to the news of Steve Jobs’ death. Below is a screenshot of one such spam email containing a malicious link:

More malicious links found relating to death spam are:


All these websites contain obfuscated code leading to a BlackHole exploit. Most of the domains are recently registered, however a few of the older domains look quite legitimate and seem to be hijacked.

Below are the Subject lines which have been...

Samir_Patil | 27 Sep 2011 15:41:19 GMT

The holiday season is about to commence and spammers have resurfaced with new offers well in advance. We have already observed spam for Christmas and New Year in the month of September, not to mention spam for Halloween, which is fast approaching!

So, what’s on the spammers’ holiday menu?  Well, there are virus e-cards, bogus meds, some interesting Internet gift offers with crazy discounts, and loans to help you celebrate a spammy whammy Christmas and to welcome the New Year! And don’t despair, because for Halloween you have the much coveted replica products! The list is definitely going to extend as the season comes closer. Discussed in detail below is the spammers’ vacation bonanza.

Here are some of the various spam subject lines being used for the upcoming holiday season:

Subject: Re: Happy new year!!!!
Subject: You have received a Christmas Greeting Card!
Subject: Rolex For You Now -85%
Subject: With...

Samir_Patil | 23 Sep 2011 21:39:48 GMT

Thanks to Shravan Shashikant and the Norton Confidential Online team for providing the data, and to Christopher Mendes for compiling it.

Does phish taste better than spam? Yes, perhaps it does. Allow me to explain.

The recent past has been one of the most volatile financial periods in history. World economies have reached a very critical stage—sovereign debt crises, bailouts, loan defaulters causing banks to shiver, sales shrinkages causing trade surplus, and bankruptcies. Add to all of this the fears of a double-dip economic recession theory making the rounds and it looks like a really dreadful picture.

But how does this affect the consumer from the point of view of email security? The consumer is the fulcrum point, the hinge of the story! All these negatives hits consumer spending in a very big way. The first wave of recession had definitely dented consumer confidence, and with the “Double Dip” theory lurking on the horizon it...

Samir_Patil | 19 Sep 2011 20:20:39 GMT

Thanks to Anand Muralidharan for contributing to this blog.

Recently there was a serious bomb blast outside the high court in Delhi, the capital of India. The blast happened on September 7, 2011, and the investigations are continuing with the National Investigation Agency (NIA). News of this terrifying event is being used by spammers to promote fake pharmaceutical products. In the past we’ve seen Mumbai terror attack news used by spammers for advertising pills—we blogged about it in Spammers Attempting to Cash in on Mumbai Terror.

Below are some spam subject samples:

Subject: Delhi explosion
Subject: Bombing at Delhi court kills 10

The domains that are included with these latest spam messages lead users to fake online pharmacies. Using domain names...

Samir_Patil | 09 Sep 2011 21:50:48 GMT

Thanks to Vivek Krishnamurthi for contributing to this blog.

Every sensitive event is an opportunity to exploit. With this motive in the background, it is not surprising to see spammers exploit 9/11.  With the 10th anniversary of the tragedy just a day away, spammers want to make the best use of this emotionally charged environment. 

Here are two examples of scams that Symantec has noticed in recent days that attempt to exploit the emotional scars left by 9/11:
First email example exploiting 9/11
Figure 1: First email example exploiting 9/11
Second email example exploiting 9/11
Figure 2: Second email example exploiting 9/11
The first sample tries to entice...
Samir_Patil | 07 Sep 2011 00:04:33 GMT

Thanks to Amit Kulkarni for his contributions to this blog.

Since its launch, the Apple iPhone has been on the wish lists of most consumers.  The iPhone 4 has already made an impression in the marketplace, so it is obvious that spammers will make the best of this opportunity.  Symantec observed spam tactics just before the release of iPhone 4 and is expecting an even greater spam volume when iPhone 5 is released to the market.

The next generation of iPhone is expected to hit the market in September and spammers don’t want people to wait until the official release. Below is a sample of spammer hype campaigning to lure people into their trap. As usual, the bait is a survey one has to complete to be eligible to own “this coveted piece of art!”


Mathew Maniyara | 05 Sep 2011 21:32:40 GMT

Thanks to the co-author of this blog, Wahengbam RobinSingh.

Phishers are constantly looking for new ideas in their efforts of tricking end users. In August, Symantec observed a phishing site that utilized a number of new tricks. The phishing site masqueraded as a well known software company and claimed to offer associated software products at discounted rates. The phishing page highlighted these fake offers as “summer offerings” and stated that customers could save 80% on their purchases. Users were prompted to enter their billing information, personal information, and credit card details to complete their purchases. The personal information that was requested consisted of the user’s email address and phone number. The credit card details that were asked for were the card number, CVV code, and card expiration date. If any users had fallen victim to the phishing site, the phishers would have successfully stolen their confidential information for...