Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Mail Security for Exchange/Domino
Showing posts in English
Mathew Maniyara | 16 Mar 2011 15:51:57 GMT

On March 11, 2011, Japan faced its worst nightmare when a massive earthquake struck with a magnitude of 9.0. Nations all over the world are giving their support through aid to Japan. On the other hand, phishers are trying to take advantage of this situation to steal and exploit well meaning donors.

Symantec observed a phishing site that spoofed a popular payment gateway requesting a donation for Japan’s earthquake victims. Phishers paid attention to every minute detail to make the page look like the legitimate brand’s Web site. On the top left corner of the page, phishers used the logo of the American Red Cross, a humanitarian organization, to make it appear that the donation would be sent to them! A donation summary was highlighted towards the left of the phishing page that displayed an amount of one euro. A hyperlink, “Donation for Japan earthquake victims”, was provided...

Eric Park | 16 Mar 2011 15:21:30 GMT

As predicted in last month’s report, average daily global spam volume increased month-over-month for the first time since August 2010. The average daily spam volume increased 8.7 percent in February. This rise in spam volume also increased the overall spam percentage, as spam made up 80.65 percent of all messages in February, compared with 79.55 percent in January.

On the phishing side, we take a look at phishing attempts using fake SSL. Fraudulent sites are becoming more sophisticated and are using fake, or even basic domain validated SSL certificates to fool visitors. An Extended Validation (EV) SSL certificate, which turns the address bar green and ensures a more rigorous validation process, is conducted to verify the website owner is who it says it is.

To find out more, click here to download the March 2011 State of Spam &...

Samir_Patil | 14 Mar 2011 12:33:14 GMT

Only a few days ago, Japan experienced one of the worst earthquakes in its history. The earthquake registered 8.9 on the Richter scale and triggered an enormous tsunami. The heart-wrenching images on television have left the world shaken. It was the worst earthquake and tsunami in the past century and at least 50 countries have since received related tsunami warnings.

As the death and injury tolls continue to rise, one must not forget those who awake to exploit such delicate situations—spammers continue to maintain the guise of charitable institutions and governmental organizations! Don’t be surprised to  suddenly see an email message in your inbox marked as URGENT and pleading with you for "monitory help" [sic] or a phishing mail urging you to donate to the rehabilitation of those affected by the quake and tsunami. Use prudence in finding out the genuine intent of email senders before you reach out or respond.

Within the first few hours of...

Mathew Maniyara | 01 Mar 2011 14:13:39 GMT

On February 22, 2011, a massive 6.3 magnitude earthquake devastated the New Zealand city of Christchurch. As per the official reports, the death toll has reached 75—a number that may yet increase. Thousands of people in New Zealand have lost their homes and search operations are still in progress. Fraudsters, as usual, are taking advantage of this by sending spam mails that request donations. In January, phishers had used the same ploy of asking for fake donations for victims of the Serrana floods.


The phishing site spoofed the Red Cross website for New Zealand and requested help from end users. Firstly, the phishing site gave details of the earthquake, highlighting the extent of the damage in the city...

Samir_Patil | 23 Feb 2011 13:51:47 GMT

The Tunisian wave has captured the minds of people across the Middle East region. What is surprising to note is the creative use of the Internet in discussing such sensitive issues. The unrest in Tunisia has "tsunamied" into a mass movement straight at the heart of the Arab world. Egypt, with the ousting of President Hosni Mubarak, has become ground zero of this wave. But, as this movement gains momentum and spreads, there are many waiting to misuse this space—as demonstrated in the sample discussed below.

In this typical 419 scam message, the scammer masquerades as the erstwhile President Hosni Mubarak. A handsome proposal, considering the (bogus) bonanza of a 30% handling fee to be given to the one who cooperates in siphoning his booty out of Egypt. Further, because of the urgency of the situation, one is required to give "full contact information" as well...

Amanda Grady | 22 Feb 2011 19:38:38 GMT

With just over two months to go before the wedding of Prince William and Kate Middleton, it’s no surprise to find this significant event is being used to promote products. Emails advertising a replica of Princess Diana’s engagement ring were observed in the past few days, sent by well established spammers.

Although infected botnet machines are responsible for the vast majority of spam sent globally (77% at the end of 2010), these attacks do not fall in that category, and in fact the IP which is sending the spam is the same as the one hosting the domain which is linked to in the email. This domain has also been used in other spam campaigns, such as the long running Who’s Who social networking spam messages (see our May 2008 State of Spam report for similar attacks)....

Samir_Patil | 18 Feb 2011 14:47:28 GMT

In the United States, Presidents' Day is celebrated on the third Monday of February to honor two of America’s greatest presidents, Abraham Lincoln and George Washington. This year, Presidents' Day will be celebrated on February 21. Recently, Symantec has observed spam attacks leveraging Presidents' Day and has seen attempts to exploit the "groups" function of a social networking site.

The samples shown below are screenshots of one such group from a social networking website. The group is quite obviously trying to exploit the Presidents' Day event:

The group description “MEGA SPAM!... Spam YOUR A TOOL! on your messages” [sic] is an attempt to inspire group members to start...

Eric Park | 11 Feb 2011 12:21:34 GMT

The global spam volume, which has been the discussion topic for several months, appears to have finally stopped its decline. The month-over-month global spam volume was down in January again, but this was mostly due to the Rustock botnet shutdown, seen for the first 10 days of the year. We expect to see a month-over-month increase in spam volume in February, which will be a first since August 2010. Overall, spam made up 79.55% of all messages in January, compared with 81.69% in December.  

To find out more, click here the February 2011 State of Spam & Phishing Report, which highlights the following trends:

•    Conclusion of Spam Volume Saga
•    Turmoil in Egypt Shuts Down the Spammers
•    Scammers Seek Support for Serrana Flood Victims

Samir_Patil | 09 Feb 2011 15:47:32 GMT

The domain .РФ (.rf) is the internationalized domain name (IDN) for domains registered under the Russian Federation. The .rf top-level domain (TLD) became operational on May 13, 2010, and was officially opened up for public registration on November 11, 2010. The traditional country code top-level domain (ccTLD) for Russia is .ru. In recent times, we have been observing a considerable amount of spam emanating from the .ru TLD. With .rf domains becoming available for public use, spammers will now have a new lease of life.

Let's delve a little deeper into what TLD means to Russia. рф (Российская Федерация) is transliterated as “Rossiyskaya Federatsiya”, i.e. the Russian Federation. The domain has an ASCII representation of xn--p1ai, derived as punycode for use in the domain name system (DNS). It is intended for...

Samir_Patil | 07 Feb 2011 23:39:45 GMT

The most awaited tournament for cricket lovers, the ICC World Cup 2011, begins on February 19, 2011. The ICC World Cup is being played in the Indian subcontinent, and the country’s cricket-crazy population is all set to get hold of World Cup tickets in every possible way—all to witness and experience live international cricket in action. Since this is a hugely followed international sporting event across the world, Symantec has anticipated spam attacks and other Internet threats related to the event. As expected, we are observing World Cup spam in the Symantec Probe Network.

The spam message invites users to attend the final game of World Cup 2011 in Mumbai, India. The invite offers multiple executive club facilities such as a private table, a gourmet champagne brunch, and much more for 10 guests. This may sound like an attractive deal; however, it is simply bait for Internet users/cricket fans who are keen to be a part of the World Cup Final and experience the...