Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Response
Showing posts tagged with Symantec Endpoint Encryption - Device Control
Showing posts in English
Satnam Narang | 09 Apr 2014 04:50:42 GMT

Over the last week, Instagram scammers have been posting images offering fake lottery winnings to followers. They have convinced users to share the posts, give up personal information, and even send money back to the scammers.

In this scam, a number of Instagram accounts have been created to impersonate real-life lottery winners from the UK and US. These accounts claim to offer US$1,000 to each Instagram user who follows them and leaves a comment with their email address.

figure1_20.png
Figure 1. Instagram accounts impersonating real-life lottery winners

The accounts impersonating lottery winners have been extremely successful, and have gained anywhere from 5,000 to 100,000 followers.

Once they have amassed a certain number of followers, they reveal a secondary Instagram account belonging to their “accountant”, who is in charge of...

Avdhoot Patil | 07 Apr 2014 07:25:58 GMT

Contributor: Parag Sawant

Phishers continuously come up with various plans to enhance their chances of harvesting users’ sensitive information. Symantec recently observed a phishing campaign where data is collected through a fake voting site which asks users to decide whether boys or girls are greater.

The phishing page, hosted on a free web hosting site, targets Facebook users and contains a fake voting campaign, “WHO IS GREAT BOYS OR GIRLS?” along with the “VOTE” button to register votes. The page is also embedded with pair of bar charts representing voting ratio and displays the total votes gained for the last four years. These give a more legitimate feel to the fake application.

figure1_1.jpg
Figure 1. The Facebook application asks users to register their votes

The first phishing page contains a button to initiate the...

Eric Park | 18 Feb 2014 18:34:22 GMT

In this blog detailing how spammers continue to change their messages in order to increase their success rate, we looked at the evolution of the same spam campaign from missed voicemail messages to spoofing various retailers, and then spoofing utility statements. Clicking on the link led the users to a download for a .zip file containing Trojan.Fakeavlock. Attackers may have realized that those attack vectors no longer entice recipients, so spammers have introduced two new schemes for this campaign that appear to be random and unrelated at first, but they do share a common goal.

The first scheme spoofs various courts around the country:

...

Eric Park | 11 Feb 2014 17:55:34 GMT

One of the most popular methods of spamming is snowshoe spam, also known as hit and run spam. This involves spam that comes from many IP addresses and many domains, in order to minimize the effect of antispam filtering. The spammer typically sends a burst of such spam and moves to new IP addresses with new domains. Previously used domains and IP addresses are rarely used again, if ever.

Some spammers like to use a similar pattern across their spam campaigns. This blog discusses a particular snowshoe spam operation that I have labeled “From-Name snowshoe”. While there are other features in the message that allow the campaigns to be grouped into the same bucket, the messages’ most distinct feature is that all of the email addresses that appear in the “from” line use real names as their usernames. 

  • From: [REMOVED] <Leila.Day@[REMOVED]>
  • From: [REMOVED] <CharlotteTate@[REMOVED]>
  • From: [REMOVED] <Diana.Pope@[REMOVED]>
  • ...
Binny Kuriakose | 30 Jan 2014 09:39:42 GMT
China is gearing up to usher in the Year of the Horse, which begins with the new moon on January 31 this year. With more than a billion people worldwide preparing to celebrate the new year for the lunar calendar, the celebration this year promises more color than ever before.
 
Chinese New Year, also known as the spring festival, is a day for reunion and thanksgiving, where exchanging gifts is at the heart of the celebration. Friends, family, colleagues and even businesses exchange gifts to show love, respect and loyalty. Business owners often send gifts to their customers and shops offer gifts and discounts to show their gratitude. However, spammers are all too aware of this practice.
 
The spammers and fraudsters are known to capitalize on special occasions and exploit the noble gesture of giving gifts in order to send out spam. They are known to pose as friends and business owners and send emails promising gifts and...
Eric Park | 15 Jan 2014 09:29:01 GMT
After a long hiatus, spammers are once again using an old trick, where they attach a .zip file to trick the user into executing the compressed malware. The chart below shows the number of spam messages with .zip attachments over the last 90 days in Symantec’s Global Intelligence Network (GIN).
 
figure1_6.png
Figure 1. Spam messages with .zip attachments over the last 90 days
 
On January 7, 99.81 percent of the .zip attachment spam that came into Symantec’s GIN had the file name “BankDocs-”  followed by 10 hexadecimal characters.
 
figure2_7.png
Figure 2. Email with “BankDocs-” .zip attachment
 
On January 8, 99.34 percent of the .zip...
Christopher Mendes | 15 Jan 2014 07:35:27 GMT

It’s not surprising to see scammers exploiting the laxity of Internet users.

Symantec has observed another malware wave over the past few days following the holiday season. Many users check their utility and other official emails post-vacation to see if they missed out important messages. This is where spammers take a chance and hope that users will click on malicious links in their emails.

In this latest wave of attacks, spammers are taking advantage of users’ desire to open and respond to urgent emails right away. When this happens, the malware infects users’ computers and extracts confidential data.

Last week, I too, received some of these scam emails posing as delivery failure notifications from well-known stores with an online presence, stating that I missed the delivery of a couple of parcels while I was away on vacation.

At first, I wondered how this was possible since I hadn’t placed any orders, and wondered if they might be surprise gifts....

Candid Wueest | 17 Dec 2013 13:51:06 GMT
“Because that’s where the money is!” This is a quote frequently attributed to Willie Sutton as the answer he allegedly gave when asked why he robbed banks. Even though Mr. Sutton never gave this answer, it still holds true. 
 
This paradigm also holds true when it comes to today’s financial malware. Online banking applications are where money is moved; hence they are also the focus of attackers. It should not come as a surprise that we still see further development of Trojans targeting online banking services. One example that we recently blogged about is the Neverquest Trojan, a successor of Trojan.Snifula, which was first seen in 2006 but is still in use. 
 
The number of infections of the most common...
Christopher Mendes | 16 Dec 2013 09:07:53 GMT

Contributor: Binny Kuriakose

‘Hello world’ we are digital! Well that was ages ago. Today the need for speed has made us extra fast. A click of a button and the desired webpage is up and running in an instant. In fact, organizations are switching to the Web because of cost effective business and global presence the Internet provides. This phenomenon has made predators smack their lips. What better environment to make a kill than Christmas, with the unaware and the vulnerable abound!

With a systematic study of business done during Christmas, spammers have leveraged a plethora of categories since early July, ranging from hospitality-related spam for those who plan early on how to celebrate Christmas later in the year, to last minute shoppers who scramble to buy gifts before rushing home. Now, that is a well-planned spread.

  • For the vacation planner, there is a hospitality-related spam, with headers reading:

From:...

Pavlo Prodanchuk | 11 Dec 2013 08:53:49 GMT

The latest trend in Russian language spam shows that spammers have started promoting Make Money Fast (MMF) schemes where users are told that money can be easily made with the use of binary options trading.

The sample observed by Symantec has the usual spam traits including a catchy subject, which highlights a large sum of money someone is making every month, to grab the attention of the recipient.

The spam is sent from mail.ru, the largest free email service in Russia, with the account name stating the age of the person linking it to the subject line. The following is a translation of the email header: 

Subject: $3700 a month – this retiree making more than you?
From: pensioner.vladimir@mail.ru

This is an effective trick, especially during the festive season when many peoples’ finances are stretched.

figure_0.jpg

...