Video Screencast Help
Security Response
Showing posts tagged with Symantec Endpoint Encryption - Device Control
Showing posts in English
Samir_Patil | 21 Feb 2012 15:24:14 GMT

Thanks to Poonam Keluskar for their assistance with this research.

Maslenitsa (Маслница) is a religious holiday celebrated in Russia and Ukraine during the last week before Lent, i.e. the seventh week before Pascha (Easter). This festival is also known as Pancake week or Butter week. During this week people enjoy the social activities that are forbidden during the prayerful Lenten season, such as partying, dancing etc. This year the Maslenitsa will be celebrated from February 20 to February 26.

We are observing Maslenitsa spam targeting Russian and Ukrainian users that offers attractive tour packages. Similar to other Russian spam messages like online marketing promotions, spammers have provided a phone number to book the carnival package.

Below is a sample of a tour package spam:



Samir_Patil | 17 Feb 2012 11:43:08 GMT

Thanks to Anand Muralidharan for their assistance with this research.

The world is mourning the loss of another legendary pop singer also known as the queen of pop - Whitney Houston. Spammers are paying homage to the icon with a wicked malware. The malicious email shows a video of the last appearance of the star in a Los Angeles night club and also downloads an executable binary. This file is detected by Symantec Antivirus as WS.Reputation.1.

The email originated from Ireland and targets Portuguese readers. The malicious file is hosted on a hijacked Japanese website. The email subject is randomized by adding random numbers at the end of the subject field.

Here are a few...

Samir_Patil | 08 Feb 2012 17:17:38 GMT

Thanks to Anand Muralidharan for their assistance with this research.

Televison channels across the world are set to be at the 14th International Exhibition and Forum, World Content Show, held Feb 7- 9, 2012, in Russia. The exhibition showcases the latest technologies and trends in the TV and telecommunication industry.

This techno-fair will be attended in large numbers by leading media businesses, and spammers don’t want to miss the opportunity to circulate spam around the event. In a bid to catch the reader’s attention, one such spam email reveals some appealing facts about the event, such as Interactive Elements, Prize Drawings, Performance of Popular Leader/Star, and Colorful Musical Concerts.

Here is an example of this Russian spam observed by Symantec:

Here are the subject...

Samir_Patil | 07 Feb 2012 22:50:40 GMT

At 3 AM, on February 6, 2012, Symantec Security Response observed spam carrying malicious links which target the upcoming tax season. The spam volume spiked between 6 AM and 1 PM, identifying over 200 unique URLs which lead to a Blackhole toolkit.

A Blackhole toolkit compromises the machine by targeting various vulnerabilities on the victim's machine. Symantec protects our customers with multiple-layer protection of antispam, antivirus, and IPS signatures. The payload downloaded from the malicious website is detected as Trojan.Zbot, for instance, and IPS detects this web attack as “Web Attack: Blackhole Toolkit Website 14” and “...

Samir_Patil | 04 Feb 2012 20:15:18 GMT

You may not need pills to watch the super bowl but spammers feel that this definitely  is an occasion to do so! The most exciting annual championship of the NFL -  the Super Bowl XLVI - starts tomorrow. And as expected, spammers are playing a different ball game with the crazy Super Bowl fans.

Spam related to Super Bowl  can be spotted with the subject listed below:

Subject: Super Bowl [BRAND NAME] Sale
Subject: Super Bowl Special
Subject: Super Bowl
Subject: Super Bowl 2012 - You win no matter which team does!

One such spam sample that we discovered promotes an online pharmacy. The email offers a free generic combo pack after placing medical orders with them.

The link in the spam sample goes to the following online pharmacy site:


Mayur Kulkarni | 01 Feb 2012 01:13:10 GMT

Nothing can be more enticing than to be chosen for some free goodies—be it mementos, a cash prize, or a ticket to watch a game. It gets even more interesting if you are from a cricket crazy continent and suddenly, out of the blue, you receive an email saying that you are “the chosen one”!

What would you do? At first thought you would pounce on the opportunity, like a jungle tiger does its prey. But hang on a second! What you might be thinking is an opportunity of a lifetime, sadly, is just the opposite. Let me put it bluntly: if you have received such an email, you are "the chosen prey”. And if you decide to reply to it, then you could be in for some big trouble!

Millions of people get scammed every day with such fantastic offers. The sad part of the story is that many get plundered in this game. Scammers put in a lot of planning before sending out such emails. Upcoming events are focused upon, strategies are formalized, and...

Sammy Chu | 30 Jan 2012 20:08:01 GMT

Malware is often embedded in email as compressed attachments (such as .zip, .rar, etc.). Recently, however, Symantec has noticed an increase in malicious email attacks with .htm (HTML) attachments.

Here is what the message looks like in your inbox:

The attack contains a .htm attachment and obfuscated JavaScript is embedded in the coding of the file. The purpose of the JavaScript is to redirect your internet browser to a malware-hosting site in Russia which contains Trojan.Pidief and Trojan.Swifi.

Malicious JavaScript, when injected into an HTML file, can:

  • Exploit browser and plugin vulnerabilities to run arbitrary code
  • Display fake antivirus scans and other fraudulent...
Mathew Maniyara | 27 Jan 2012 00:13:11 GMT

Co-Author: Avdhoot Patil

Phishers often choose baits with the motive of reaching out to a large number of end users. In December, 2011, phishers’ choice of bait were songs from the Indian movie "Bodyguard" (starring Salman Khan and Kareena Kapoor). Due to the popularity of the soundtrack, phishers anticipated a large target audience which could improve their chances of harvesting user credentials. This particular phishing site was hosted on a free web hosting site.

The phishing site targeted Facebook and it played a music video from the movie in the bottom left corner of the phishing page. The main content of the phishing page promoted songs as custom graphical "skins" for social networking profiles. The phishing page then encouraged users to enter their social network login credentials, stating that after logging in they could listen to popular songs and enjoy several features. The phishing site also boasted news of being the...

Samir_Patil | 25 Jan 2012 12:22:00 GMT

Spam levels always rise when a holiday or special event approaches. Symantec researchers are observing a surge of spam as Valentine’s Day gets closer and closer. Unbelievable discounts on jewelry, dinners, and expensive gift articles are the key themes for the Valentine’s Day related spam. Further popular fake promotions include: online pharmaceuticals, fake e-cards, gift cards, chocolates, and flowers. The purpose of these fake promotions is to capture a user’s personal and financial details.

Valentine’s Day related spam can easily be spotted by observing the “From” header as shown below:

  • From: "Valentine's Berries" <info@
  • From: "Valentine's Bouquets" <info@
  • From: "Valentine's Gifts" <info@
  • From: "Valentine's Presents" <info@
  • From: "...
Mathew Maniyara | 05 Jan 2012 18:41:38 GMT

Co-author: Avdhoot Patil

Special occasions like Christmas have been a common ground for phishers to introduce new baits in their phishing sites. Last Christmas was no different and this time they used fake lottery prizes and gifts as baits. The phishing sites were hosted on free webhosting sites.

In the first example, a phishing site spoofing a gaming brand stated they wil reward the user with a Christmas gift. The phishing site exclaimed it hoped users like the gift and wished to encourage them to playing the game. To receive the fake gift, the user is asked to enter their login credentials and also complete a simple form.

The questions asked in the form are the following:

  • Will you be playing this Christmas?
  • If you could help, which way would you help us?
  • What is your age?
  • Please select your gift.

The choice of gifts included credit points, VIP status, club membership, and a selection of badges....