Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Hosted Mail Security
Showing posts in English
Malware and Phishing Attacks Flourish Following News of Osama’s Death
Samir_Patil | 03 May 2011 12:17:05 GMT | 0 comments

The first spam using the news of Osama Bin Laden’s death was seen in the wild within three hours of the event—Symantec reported this spam activity along with other spam samples in a blog entitled “Osama Dead” is No Longer a Hoax. As anticipated, we started observing a rise in malicious and phishing attacks.

Phishing attacks usually target big brands. In one such phishing attack capitalizing on Bin Laden news, spammers targeted CNN Mexico. The spam email contains a link to bogus “photos and uncensored videos” and redirects users to a phishing site:

The phishing site shows an auto-running Bin Laden related video in an iframe and asks the user to click on a link to download a “complete” video. Clicking on that link forces the download of an ....

Read more
“Osama Dead” Is No Longer a Hoax
Samir_Patil | 02 May 2011 20:55:28 GMT | 0 comments

That’s right, and this time it’s not a hoax! Bin Laden was killed by a CIA-led operation on Sunday night at a mansion in Abbottabad, north of Islamabad. In 2004, Symantec reported a hoax email attack with the subject “Osama bin Laden Captured” which contain a link to a Web site that hosted malware. Similar attacks that used such false information about Osama Bin Laden were also distributed in 2005 and 2006.

News targeting famous/notorious personalities are often used in scams. At this moment, we at Symantec Probe Network are observing a huge inflow of legitimate messages carrying links to the news. However, in all likelihood, there will be an increase in spam volume targeting this news.

In one of the spam samples, the message is poisoned using the news of Osama’s death. The news snippet is glued in an HTML <title>...

Read more
#SecChat: A Live Twitter Chat
Kevin Haley | 29 Apr 2011 22:43:22 GMT | 0 comments

On Tuesday, April 26, Symantec hosted a live Twitter chat centered around our latest Internet Security Threat Report and the changing threat landscape. We’d like to extend a big thank you to those who participated and joined the conversation.

 Using the #SecChat hash tag in Twitter, we were able to guide a lively discussion around what’s top of mind with regard to the current security threat landscape for those of you in the security industry.

One aspect of the discussion focused on end-user security education and its importance, while others questioned whether dollars spent toward user education made any difference at all. We certainly heard all sides to the story. If there is anything people agree on it’s that the “user is like water, following the path of least resistance to their end goal,” in the words of one tweeter.

Those in support...

Read more
Cyber Crooks All Set to Crash the British Royal Wedding
Suyog Sainkar | 28 Apr 2011 08:30:17 GMT | 0 comments

As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software through black hat search engine optimization (SEO) techniques.
 

Spam campaigns

We have blogged previously about “snowshoe” spammers targeting the upcoming British Royal Wedding of Prince William and Kate Middleton. Spam email messages advertising a replica of Princess Diana’s engagement ring that were observed in February are still making the rounds on the Internet, and the eve of the royal wedding is now upon us. Furthermore, as we had anticipated, we have recently observed additional spam campaigns making use of this significant event to promote various products.

In one such recent spam campaign, email promoting a "...

Read more
Rush Towards Gold Related Spam
Dermot Harnett | 20 Apr 2011 21:44:04 GMT | 0 comments

On April 20, for the first time ever, gold rose above $1,500 an ounce as worries over the U.S. economic outlook boosted demand for the metal as a haven. Within hours, Symantec observed this spammer’s response: a hit-and-run spam attack with the Subject line “Subject: Is Gold Your Ticket To A Golden Future?”

Hit-and-run spam (or snow-shoe spam) is a threat known for its large volumes of spam messages in short bursts, where domains are quickly rotating and the sending IP hops within a certain /24 IP range.

Key characteristics include:

  • The message is in HTML
  • There is some type of word salad or word obfuscation injected between various tags and/or in the URL by means of multiple directories
  • The message is typically sent within the same /24 IP range
  • Domains are rotated quickly

The call to action for this particular attack is a URL in the message body which directs the recipient to a Web site where the...

Read more
Spammers Intend to Make You an Easter Bunny
Samir_Patil | 18 Apr 2011 22:14:14 GMT | 0 comments

Easter is a Christian holiday centered on the death of Jesus Christ and his subsequent resurrection several days later. Hence Easter is an important holiday for Christians. But what gets associated with Easter is beautifully decorated Easter eggs found on every decorated shop window this season, and of course the Easter Bunny! To celebrate Easter, people exchange Easter eggs and, with the evolution of time, today we have personalized e-cards and personalized gifts. Spammers have begun to exploit the season by sending personalized e-cards, gift cards, and replica-spam emails.

Here is a screenshot of a personalized Easter e-card:

Here are some of the headers used in Easter e-card spam:

Subject: Give your child the gift of amazement A Package from The Easter Bunny.

Subject: The Most Popular Gift for Kids this Easter 2011

Subject: Send A Personalized Easter Bunny Letter...

Read more
Payday Advance for Phishers on HMRC Tax Year Activity
Dylan Morss | 12 Apr 2011 21:05:25 GMT | 0 comments

As I recently have sent off my tax forms in preparation for the US Federal tax deadline on April 18 this year, a recent phishing scam piqued my interest. This attack is taking advantage of the new tax year beginning for folks in the UK on April 6, 2011.

The message in question was being sent in the name of the HMRC, Her Majesty’s Revenue and Customs, in an attempt to lure users into divulging bank account information with the lure of unclaimed tax overpayment money.

The path of the message had an international flavor, beginning at what looks like a computer at a hotel business center based in the US, then going through servers in New Zealand, then back to the US through the mail servers of a large free email service, and then presumably into the inbox of a user based in the UK.

The URLs in the message also contributed to this internationalized scam by utilizing a domain based in Serbia which would redirect users when they unsuspectingly clicked on the...

Read more
Spammers Continue to Exploit the Disaster in Japan
Suyog Sainkar | 07 Apr 2011 16:43:21 GMT | 0 comments

Symantec has blogged previously about spammers exploiting the recent catastrophic situation in Japan. Since then, Symantec has observed additional variations in spam attacks in which the spammers are continuing to exploit the tragedy, even as the earthquake and tsunami relief efforts are in progress. Similar to what we have seen in the past, virus attacks in the form of messages containing links to images in the message body were observed in the third week of March. Such attacks, along with scam emails, are usually prevalent after such disasters have occurred. The subject line and screenshot of a sample message body of the virus attack can be seen below.

Subject: Novo tsunami atinge Sendai e Japao declara estado de emergencia em usina nuclear
[Subject: New tsunami hits Japan Sendai and declares state of emergency in nuclear plant]

...

Read more
Free Coins for Online FIFA Players
Mathew Maniyara | 06 Apr 2011 16:56:18 GMT | 0 comments

In the past couple of months, Symantec observed phishing sites that spoofed online FIFA games. The legitimate game is played by forming a team of footballers purchased with coins. The more games you win with your team, the more coins you gain. The popular and more skilled footballers demand a higher number of coins.

The phishing campaign was launched with fake offers of free coins to lure online FIFA players. One of the phishing sites was purportedly from a player who sympathized with end users who struggle with the game. The phishing site contained a message from this fictitious player which expressed the embarrassment one goes through for having a team of low profile footballers. The message explained that the site would help players generate free coins so that they could form a more expensive team of footballers. The phishing site prompted users to login with their email address and password to gain up to 10,000 free coins per day. The phishing pages featured popular...

Read more
Trojan Express Delivery
Vivian Ho | 30 Mar 2011 12:46:48 GMT | 0 comments

In the past couple of days, Symantec has observed a spike of email attacks that are designed to distribute malicious threats. All of the observed samples are spoofed to appear as if they are legitimate delivery warnings or notifications from UPS or Post Express. The message text asks recipients to open the zipped executable file for further details or actions necessary to take delivery of the item.

Below are the sample headers observed in this spam attack:

From: "United Parcel Service" <info***3@ups.com>
From: "UPS� Customer Services"<***@secureserver.net>
From: "United Parcel Service" <***@dhl.com>
From: "Neil Molina" United Parcel Service  <[Details Removed]@ [Details Removed]>
From: "Kimberley Miner" United Parcel Service  <[Details Removed]@ [Details Removed]>...

Read more