Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Email Security.cloud
Showing posts in English
Mathew Maniyara | 16 Apr 2013 17:15:29 GMT

Contributor: Sandeep Ingale

When it comes to financial organizations, being informed about best security practices is every customer’s right. Many organizations provide this information on their websites to help their customers learn how to take full advantage of the services available to them while staying secure. Interestingly, these Web pages, meant for the guidance and protection of customers, were mimicked by phishers with the intent of tricking people into handing over personal information.

In March, we discovered a phishing site spoofing a popular credit card services company that asked users for confidential information, allegedly for additional security. It should be kept in mind that a legitimate site will never ask for confidential information for this reason.

The phishing site prompts users through a three-step procedure for activating their card and adding higher security. The first step asks users for personal and card-related...

Mathew Maniyara | 28 Mar 2013 15:07:04 GMT

Contributor: Avdhoot Patil

New methods to entice victims into handing over their personal information are always being devised by the people behind phishing websites and the use of fake social networking applications is always popular.

During the past month, phishing on social media sites consisted of 8.6 percent of all phishing activity. Among the phishing sites targeting social media, 0.8 percent consisted of fake applications offering features such as free cell phone airtime, adult videos, video chatting, adult chatting, etc.

In March 2013, phishers used a fake Asian chat application on a phishing site hosted on a free web hosting site.

fig1.jpg

Figure 1. Phishing page spoofing a social networking site

The phishing site spoofs a popular social networking site and is titled “Pakistani chat room - Pakistani girls...

Anand Muralidharan | 25 Mar 2013 14:47:12 GMT

Easter Sunday is one of the most important festivals in the Christian calendar and it is observed anywhere between March 22 and April 25 each year; this year it falls on March 31. Spam messages related to Easter have begun flowing into the Symantec Probe Network. As expected, most of the spam samples are encouraging users to take advantage of products offers, personalized letters, e-cards, as well as clearance sales of cars and replica watches. Clicking the URL will automatically redirect the user to a website containing some bogus offer.

flowers.png

Figure 1. Spam product offer related to Easter

Spammers are also exploiting the event by sending casino spam email using the name "Easter bonnet". The Easter bonnet represents the tail-end of a tradition of wearing new clothes at an Easter festival.

The following spam sample provides...

Mathew Maniyara | 21 Mar 2013 18:06:11 GMT

Contributor: Ayub Khan

Symantec has been constantly monitoring phishing sites hosted on compromised Indian websites. In 2011, our study detailed these compromised sites and we did a similar study of phishing sites in 2012.

From August 2012 to November 2012, 0.11% of all phishing sites were hosted on compromised Indian websites. Phishers continue to target Indian sites across many disciplines to host their phishing sites. These Indian sites were classified in various categories. The most targeted sites were information technology (14.40%), education (11.90%), product sales and services (9.80%), industrial and manufacturing (7.30%), and tourism, travels and transport (5.80%). The figures for secure websites such as government, telecommunication, and ISP were low and at the bottom of the list. This offers evidence that phishers opt to target more vulnerable websites.
...

Samir_Patil | 19 Mar 2013 09:29:04 GMT

Contributor: Saurabh Farkade

The Vatican City has been in the news a lot in the past few weeks due to Benedict XVI’s resignation and the election of Pope Francis. Spammers have picked up on this opportunity for spreading malware.

Symantec Security Response has observed attackers distributing spam which leads users to a site hosting the Blackhole Exploit Kit. The good news is, Symantec customers are protected and this threat is detected as Blackhole Toolkit Website.

The spam email alleges to be from a well-known news channel. The following subject lines are used in this attack:

  • Subject: Opinion: Can New-Pope Benedict be Sued for the Sex Abuse Cases? - [REMOVED]
  • Subject: Opinion: New Pope, Vatican officials sued over alleged sexual abuse! - [REMOVED]
  • Subject: Opinion: New...
Samir_Patil | 15 Mar 2013 08:33:49 GMT

Contributor: Vivek Krishnamurthi

The Cheltenham Festival, also known as the National Hunt Meeting, is a popular horse racing event that occurs every year in March in the United Kingdom. The festival usually coincides with Saint Patrick's Day. This year, the festival is currently in progress and will end on March 15. A large amount of gambling takes place during the Cheltenham Festival, a fact that spammers seem to be well aware of as we are presently observing an increase in online gambling spam.

One particular sample of spam included instructions on how to register a free bet. The link provided in the message directs the user to a form where they can sign up and get a free bet worth up to £50.

Some of the email header information found in this spam campaign includes the following:

  • Subject: Bet on Cheltenham with the Best Odds!
  • ...
Anand Muralidharan | 14 Mar 2013 15:02:04 GMT

St. Patrick’s Day is a global celebration of Irish culture and a religious holiday on March 17, and it is very special to Irish communities and organizations. Recently, we have observed numerous St. Patrick’s Day related spam messages flowing into the Symantec Probe Network. Many of the spam samples observed are encouraging users to take advantage of clearance sales of cars as well as other product offers.

Interestingly, in one spam campaign, we observed a malicious spam email that tries to trick users by using the name of the event in conjunction with a popular site that allows users to send and receive large files. By clicking on the link, the user is redirected to a Web page that downloads some malicious code, which exploits several common vulnerabilities. The main motive of these spam campaigns is to lure recipients by taking advantage of the St. Patrick’s day holiday in the subject line and body of the email, such as: “Patrick[RANDOM NUMBERS]...

Carlos Mejia | 08 Mar 2013 09:47:56 GMT

Rumors of Venezuelan President Hugo Chavez’s death were rampant on the news and Internet over the past month, and last Tuesday, the Venezuelan Vice President confirmed that Chavez died after a two year battle with cancer. Chavez’s death has triggered reactions worldwide, from world leaders to ordinary citizens, and everyone is talking about his ideas and actions as Venezuelan President. At the same speed as the news is spreading, cybercriminals are using this opportunity to send malicious links related to his death as well as hypothetical theories about the cause of his sickness and death.

All the links that we have seen contain malware. Some domains have been registered recently and others seem to have been hijacked.

Here is an example email used in these attacks:

The following URLs are the malicious links that we have observed:

  • [http://][REMOVED].tv/bbb-...
Mathew Maniyara | 07 Mar 2013 00:51:04 GMT

Contributor: Avdhoot Patil

Phishers have already made their mark in Southeast Asia by targeting Indonesians. For the past couple of years, celebrities have been their key interest in the region. Aura Kasih and Ahmad Dhani are good examples. In March 2013, phishers turned their attention toward Myanmar by incorporating model and actress Wut Hmone Shwe Yee in a phishing site.

The phishing site spoofed a popular social networking site in order to ask for user login credentials. The phishing page was in Burmese. The background image contained a photograph of Yee from her recent modeling photo shoot. The phishing site stated that users can learn more about the model after logging into the social networking site. Phishers even...

Evan liu | 27 Feb 2013 05:20:56 GMT

Major events and holidays have always been a time for celebrations. Unfortunately, it also attracts unscrupulous spammers searching to make a quick offer. Symantec observes that spam email usually spikes in conjunction with these holidays.

One such occasion is Defender of the Fatherland Day observed on February 23, which is a Russian holiday in countries of the former Soviet Union, such as Belarus and Tajikistan. Aside from parades and processions in honor of veterans, it is also customary for women to give small presents to men in their lives, such as fathers, husbands, and co-workers. Consequently, the holiday is often referred to as Men's Day.

As such, most spam emails revolve around souvenirs, small gifts, and even men’s medicine such as Viagra. Below is an example of some of these emails:

Subject: Волшебные подарки на 23 февраля
Translation: Magical gifts for February 23

...