Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Mail Security for Exchange/Domino
Showing posts in English
Phishers Return For Tax Returns
Mathew Maniyara | 19 May 2011 15:42:29 GMT | 0 comments

The Income Tax Department of India recently announced that the last date for sending income tax returns for AY 2010-2011 has been extended to July 31, 2011. During 2010, phishers had plotted their phishing scams based on the tax return deadline. As the deadline for tax returns of the current financial year approaches, phishers have returned with their stream of phishing sites.

This time, phishers have spoofed the Reserve Bank of India’s Web site as a ploy for a tax refund scam. The phishing site attempts to lure users by stating that the bank would take full responsibility for depositing the tax refund to the user’s personal bank account. The user is prompted to select the name of the bank and enter their customer ID and password. There is a list of eight banks to choose from. In...

Read more
Spam and Phishing Landscape: May 2011
Eric Park | 18 May 2011 15:41:10 GMT | 0 comments

The unexpected raid and resulting death of Osama Bin Laden shocked the world. As always, spammers were quick to jump on this headline and send a variety of spam messages leveraging the event. The “Fallout from the Death of Osama Bin Laden” section includes samples of some of the spam monitored in different languages.

The effect of the Rustock shutdown from the previous month continued this month. After falling 27.43 percent in March, the average daily spam volume fell another 5.35 percent in April. Compared to a year ago , it is down 65.42 percent. Overall, spam made up 74.81 percent of all messages in April, compared with 74.68 percent in March. Going back a year, the percentage of spam was 89.22 in April 2010.

To find out more, click here to download the May 2011 State of Spam & Phishing Report, which highlights the...

Read more
Spammers Claim Wikipedia for Pharma Fakes
Samir_Patil | 16 May 2011 12:27:17 GMT | 0 comments

Last year, phishers targeted Wikipedia with a large number of spam emails that directed unsuspecting users to a fraudulent Wikipedia website. Currently, we are observing a new spam tactic being used, which targets the Wikipedia name for the promotion of fake pharmaceutical products.

In the last couple of days, we have observed various spam email messages that use a wiki template to promote bogus online pharmacies. The “Subject” line in these attacks has a lot of randomization. The “From” header is either fake or a hijacked ISP account that gives a personalized look to the email.

Below are some subject lines that were observed in the spam samples:

Subject: wWIKIp
Subject: kWIKIx
Subject: yWIKIg
Subject: hWikiPharmacyl
Subject: oWikiPharmacyp
Subject: uWikiPharmacym
 

In the image shown...

Read more
419 Spam Goes Lingo
Samir_Patil | 12 May 2011 15:23:38 GMT | 0 comments

Have you ever received an email from an unknown person offering you an exorbitant amount of money and asking for your personal information in return? Well, that is exactly what a “419 scam” is!

419 spam, also known as Nigerian spam, is named after the Nigerian penal code, section 4-1-9. The most common forms of 419 spam are fake business proposals, fake fund transfers, and email lottery winning notifications—all of which include the spammers’ requests for personal information, such as name, account number, phone number, email address, bank details, etc.

419 spam is often seen in English, German, Spanish, and some other European languages, but spammers are now targeting Asian countries because of the increased Internet user base and widespread broadband infrastructure.

For the first time, Symantec has observed 419 spam created in Hindi using Devnagari script. This is a big paradigm shift where 419 spam is concerned. Hindi is a widely...

Read more
Dotted Decimal URL Obfuscation
Sammy Chu | 10 May 2011 19:38:34 GMT | 0 comments

Spamming with dotted decimal URL (a dotted decimal URL refers to the four-byte IP address notation as a sequence of four decimal numbers separated by dots) is one of the most often seen URL-obfuscation techniques employed by spammers. Unfortunately, to the computer, an IP address is just a 32-bit binary number, and a dotted decimal is just one out of the many numeral systems for IP address expression. With this flexibility in interpretation, spammers have developed a new way to obfuscate their URLs; they start converting their dotted decimal URLs into different numeral systems.

Below are some of the IP address numeral system obfuscation techniques Symantec has observed of spammers. (All of the samples below are just different numeral representations of the IP address for Symantec.com)

An IP address converted to hexadecimal format. (Hexadecimal is a base-16 numeral system.)

An IP address...

Read more
Email Spam Re-produce False News Alerts for “Work From Home” Scams
Mayur Kulkarni | 10 May 2011 15:51:15 GMT | 0 comments

Scammers have been busy these days generating false news alerts through email spam. In this way, they are trying to advertise their so-called rewarding “work from home” business. They are using names of well known news agencies in the email headers to arouse curiosity in the email reader’s mind. Using these names in the Subject and From headers, they want to give recipients an impression of authenticity. In doing so, users may feel compelled to believe in claims made in the email contents and, of course, to click URLs as well. One of the sample subjects below even goes on to blame the U.S. President Barack Obama and his policies for affecting the unemployed.

Some of the sample headers seen in the attack:

Subject: Yahoo! investigates "impossible" claims.

Subject: Need some money...

Read more
Let the Games Begin!
Mathew Maniyara | 09 May 2011 21:05:55 GMT | 0 comments

Gone are the days when phishing targeted financial brands alone. Phishers today are eyeing several other sectors to steal users’ confidential information. For the past few months, the gaming sector has increasingly been a target for phishers. Symantec is actively keeping track of these phishing sites that spoof gaming brands.

So what’s so lucrative about phishing for gaming site credentials? Gaming sites are popular with young generations who are passionate about playing and winning more and more games. Many of these gaming sites have a section for paid members that contain members’ exclusive games and added features. The primary motive of phishers is to lure users with the hopes of stealing their credentials to gain access to the members’ section. Since these credentials are in high demand, phishers also intend to sell stolen usernames and passwords on the Internet.

The following are some noteworthy statistics of phishing on gaming sites for...

Read more
Manual Script Scams on Facebook Generating Event Invitations
Candid Wueest | 04 May 2011 22:25:31 GMT | 0 comments

We know that Facebook scammers can be very creative and that they are experimenting with new ways to achieve their goals. Besides the omnipresent malicious Facebook apps that will steal the user’s permissions to post to his or her wall, we currently see a rise in the number of manual script attacks, with a few hundred thousand users falling victim daily.

The user is lured with a message as bait to a prepared site. The all time favourite “See who viewed your profile” is used a lot these days, but we have seen others with free credits for social games and the like. This landing page could be a Facebook page, a Facebook application page, or a remote site on some domain. It asks the user to copy some simple looking Javascript to the browser address bar and to click the ‘Enter’ key.

The scammers want to ensure sure that the users are not strained by...

Read more
Love Your Mother At ALL Costs?
Eric Lin | 04 May 2011 10:09:29 GMT | 0 comments

Who was the one who held you in their arms when you let out your first cry in the world? Did you say “doctor?” Well, that may be true in some cases, but the more obvious answer is “mother.”

Dating back to ancient Greece, mankind held a festival worshiping Cybele, mother of the Greek gods. Mother’s Day is now celebrated around the world, mainly sometime in March, April, or May. The most common date is the second Sunday in May when, in most countries, mothers receive flowers and gifts in celebration of the day. How can spammers miss this special occasion when people are surfing the Internet to try and dig up a sweet surprise to express love and gratitude towards their mothers?

The following are Mother’s Day spam samples that Symantec has recently observed. There is a range of product spam, including flowers, watches, gift cards, and diet products. This latest spam campaign involved both dictionary and domain attack techniques,...

Read more
Malware and Phishing Attacks Flourish Following News of Osama’s Death
Samir_Patil | 03 May 2011 12:17:05 GMT | 0 comments

The first spam using the news of Osama Bin Laden’s death was seen in the wild within three hours of the event—Symantec reported this spam activity along with other spam samples in a blog entitled “Osama Dead” is No Longer a Hoax. As anticipated, we started observing a rise in malicious and phishing attacks.

Phishing attacks usually target big brands. In one such phishing attack capitalizing on Bin Laden news, spammers targeted CNN Mexico. The spam email contains a link to bogus “photos and uncensored videos” and redirects users to a phishing site:

The phishing site shows an auto-running Bin Laden related video in an iframe and asks the user to click on a link to download a “complete” video. Clicking on that link forces the download of an ....

Read more