Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Mail Security for Exchange/Domino
Showing posts in English
Suyog Sainkar | 07 Apr 2011 16:43:21 GMT

Symantec has blogged previously about spammers exploiting the recent catastrophic situation in Japan. Since then, Symantec has observed additional variations in spam attacks in which the spammers are continuing to exploit the tragedy, even as the earthquake and tsunami relief efforts are in progress. Similar to what we have seen in the past, virus attacks in the form of messages containing links to images in the message body were observed in the third week of March. Such attacks, along with scam emails, are usually prevalent after such disasters have occurred. The subject line and screenshot of a sample message body of the virus attack can be seen below.

Subject: Novo tsunami atinge Sendai e Japao declara estado de emergencia em usina nuclear
[Subject: New tsunami hits Japan Sendai and declares state of emergency in nuclear plant]


Mathew Maniyara | 06 Apr 2011 16:56:18 GMT

In the past couple of months, Symantec observed phishing sites that spoofed online FIFA games. The legitimate game is played by forming a team of footballers purchased with coins. The more games you win with your team, the more coins you gain. The popular and more skilled footballers demand a higher number of coins.

The phishing campaign was launched with fake offers of free coins to lure online FIFA players. One of the phishing sites was purportedly from a player who sympathized with end users who struggle with the game. The phishing site contained a message from this fictitious player which expressed the embarrassment one goes through for having a team of low profile footballers. The message explained that the site would help players generate free coins so that they could form a more expensive team of footballers. The phishing site prompted users to login with their email address and password to gain up to 10,000 free coins per day. The phishing pages featured popular...

Vivian Ho | 30 Mar 2011 12:46:48 GMT

In the past couple of days, Symantec has observed a spike of email attacks that are designed to distribute malicious threats. All of the observed samples are spoofed to appear as if they are legitimate delivery warnings or notifications from UPS or Post Express. The message text asks recipients to open the zipped executable file for further details or actions necessary to take delivery of the item.

Below are the sample headers observed in this spam attack:

From: "United Parcel Service" <info***>
From: "UPS� Customer Services"<***>
From: "United Parcel Service" <***>
From: "Neil Molina" United Parcel Service  <[Details Removed]@ [Details Removed]>
From: "Kimberley Miner" United Parcel Service  <[Details Removed]@ [Details Removed]>...

Vikram Thakur | 23 Mar 2011 22:59:12 GMT

Earlier today news was made public regarding nine fraudulent digital certificates which were issued by a company named Comodo. The certificates were issued through a breached registration authority (RA), causing the applicant to be improperly verified. Mozilla, Google, and Microsoft (major browser vendors) have updated their applications, or put out patches, in order to block the certificates from being used. The certificates have already been revoked as of last week.

To provide a little background, browsers include a list of certificates which are 'blacklisted'. These certificates are ones which have been compromised through some method and no longer validate the authenticity of the person using it. Since they were reported as 'compromised', the browser vendors ship a patch, or updated version of the browser itself, which recognizes these certificates and blocks them from being used.

Users who don't use updated browsers or patched machines may be...

Stephen Doherty | 23 Mar 2011 22:42:48 GMT

Recently at Symantec Security Response, we came across a seemingly innocuous program which was being hosted at a number of different URLs. What flagged the file as unusual was the fact many different customers were submitting the same file for analysis.

The basic behaviour of the program is to run you through a job suitability questionnaire before redirecting you to one of the following URLs:

hxxp:// /registration/1

You cannot simply browse to these pages without first downloading and completing the suitability test.


Eric Park | 21 Mar 2011 17:39:49 GMT

When Brian Krebs posted a report about Rustock botnet takedown, Symantec observed a decline in overall spam traffic. posted a blog about this, and the Wall Street Journal is now reporting that Microsoft led this takedown.

On March 16, Symantec saw global spam drop 24.7% compared to March 15. On March 17, global spam volume dropped another 11.9% compared to March 16. Compared to a week prior, the volume on March 17 was down 40.4%.

As we typically see with a drop in global spam volume, the overall spam percentage saw a similar decline when spam volume...

Mathew Maniyara | 18 Mar 2011 20:13:20 GMT

Recently, phishers have used several types of bait on phishing sites where they impersonated universities, asked for fake donations, targeted celebrities, etc. Now, they are trying their luck on end users who play the lottery with a brand based in the UK. The bait used in the phishing site was a lottery prize of 1356 pounds. The phishing site prompted users to enter their confidential information to have the lottery prize credited to their debit card account.

Lottery is a game where there may be only one winner among participants. But what are the odds for a phisher to harvest the confidential information of lottery winners?

The bigger the lottery prize, fewer are the number of winners. Hence, the motive of phishers was to target a large number of users because they perceive that by duping more users, they would increase their chances of phishing confidential information. Financial gain is a common motive for phishers but this time they were seeking a larger sum from...

Dylan Morss | 18 Mar 2011 18:14:08 GMT

The earthquake and aftershocks which have struck New Zealand in the last few months are still being exploited by spammers and phishers in an attempt to feed upon the fears of Internet users. Symantec has recently observed continued phishing attacks against these users.

In this case, the phishers are asking users to check in with the bank and provide some additional information. The information will then most likely be used to access users’ banking accounts and personal information with the intent of stealing money and probably identities as well.

By the time Symantec went to analyze the data, this site had already been taken down. Although the volume of New Zealand specific attacks continues to dwindle as the events in Japan take center stage, we will continue to see such scams.

Internet users are advised to follow best practices to avoid phishing attacks:


Samir_Patil | 17 Mar 2011 17:11:32 GMT

Symantec observed a spike of malicious spam activity in the early morning of March 16. These spam samples use subject lines related to the recent natural disaster in Japan and political unrest in the middle east. This blog discusses the end-to-end analysis of the attack.

As shown in the samples below, the spam mail uses subject lines related to the nuclear disaster due to series of explosions at Japanese nuclear plants, earthquake and tsunami effects on the global economy, and unrest in middle east.

Below are some of the subjects used in the attack.

Subject: Japanese Stocks May Defy Earthquake, Gain as Global Demand Drives Exports - Bloomberg

Subject: Quake-prone California questions nuclear safety - Reuters

Subject: Yen slips as risk aversion flows subside - Reuters

Subject: Japan Adds to Global Economy Woes

Subject: Apple delays Ipad 2 launch in Japan - Inquirer

Subject: European hospitals may aid Japan


Samir_Patil | 17 Mar 2011 13:53:17 GMT

St. Patrick’s Day is a religious holiday celebrated internationally on March 17. Traditionally, this day is celebrated with festive parades and music in Ireland, Europe, and even New York City. Among the many popular traditions that surround St. Patrick’s Day, one cannot miss out on the food, drink, and merriment at local pubs.

Symantec is monitoring St. Patrick’s Day spam, which is, as usual, offering various bogus products. In one such sample, all that the recipient needs to do is to take part in a very simple survey. Upon completion of the survey, the user will receive a $250 gift card reward absolutely FREE! But wait a minute—think twice before you even try clicking that button. Although the offer is perfectly tailored for the occasion, the reward that awaits the tempted is disastrous.

Subject: Are You Celebrating St. Patty.s Day?

Subject: St. Patty's Day Clearance - Huge Discounts on New Cars.

Subject: You have (1)...