Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Mail Security for Exchange/Domino
Showing posts in English
Shravan Shashikant | 02 Feb 2011 18:55:33 GMT

The events in Egypt over the past few days have captured the attention of people around the world. As history unravels in Egypt, there have been attempts to cut down on all communications. We’ve been tracking the spam output originating from Egypt in our systems over the past few days.

As also reported by Arbor networks, around 2:00 pm on January 27 we started noticing a fall in spam traffic from Egypt. When we look at a city-level breakdown, it appears that traffic from Cairo was affected immediately. Traffic from Giza seemed to continue for a few more hours, albeit at spotty levels, and eventually dropped off around midnight Pacific Time:

Since then, traffic from Egypt has been eerily silent...

Vivian Ho | 31 Jan 2011 18:04:52 GMT

Giving gifts for Chinese New Year is a traditional custom, not only for families but also for businesses to show their gratitude to customers. While everyone is ready to welcome the Year of the Rabbit, spammers have already provided many holiday surprises for them.

Chinese New Year is on February 3 this year, about half a month earlier than last couple of years. Spammers have also adjusted their attack schedule for the upcoming festival.

Product and business promotion spam have been observed since last December. Most attacks have customized the ‘From’ line alias and use promotional ‘Subject’ lines related to Chinese New Year.

The following two samples are medical product promotions with a customized ‘From’ line and have a subject line related to the occasion.

From:可输入多个<[Details Removed]>



From: you may enter multiple choices...

Samir_Patil | 31 Jan 2011 16:33:28 GMT

Valentine’s Day brings excitement for celebrating love and affection between dear ones. Spammers are  gearing up for  Valentine’s Day with several offers like product spam, gift cards, personalised cards, and financial spam. Symantec has been  observing Valentine’s Day-related spam since early January and we have recently seen a spike in product spam related to the event.

Below are Valentine’s day related spam samples:

Subject: An original gift for Valentine's Day

Subject: Take Her Breath Away

Subject: Super great designer watches

Subject: Personalized gifts for your Valentine

Subject: Very Hush-Hush Valentines Day Offer

Subject: The best Valentines gifts

Subject: Quick and Easy Valentine's Day Gifts

Subject: $19.99 Flowers for Valentine's Day + FREE Vase

Spammers promoting fake product offers at discounted price and the URL mentioned in the message redirects the...

Samir_Patil | 20 Jan 2011 14:48:12 GMT

Many countries are going through turbulent times due to natural disasters. In fact, emotions do run high when disasters strike—people are moved and understandably want to share in helping affected victims by donating to relief funds. The most recent natural disaster that Australia, Brazil, and the Philippines are grappling with is the flash flooding and the immense loss that it has caused to life and property.

History tells us that when natural disasters such as bush fires, floods, earthquakes and other natural calamities strike, they cause untold repercussions. Rehabilitation, restructuring, and methods to curtail further losses become a formidable challenge. One method used to combat such situations is the appeal for relief funds, donations, and government compensations in cash or kind.

Spammers would never let any such opportunities pass by without preying on them. Don’t be surprised to see your inbox bombarded with heart-wrenching emails requesting you...

Eric Park | 12 Jan 2011 22:01:59 GMT

In this blog about spam volume, we discussed the virtual shutdown of three botnets including Rustock that caused the global spam volume to plummet around Christmas day. MessageLabs has indicated in their blog that those botnets have restarted, although they are sending less volume than pre-shutdown levels at the moment.

As seen in the chart below, we are indeed seeing a spike up in volume as of January 10. We will be keeping a close eye on this over the next few days to see if the increase holds up. For now, it looks like holidays are indeed over for spammers.

We saw a drop in the use of the ‘.ru’ domain...

Suyog Sainkar | 05 Jan 2011 16:33:43 GMT

Since the close of 2010, Symantec has been observing a recent spam attack that is designed to distribute malware. On the arrival of the new year, Internet users often send best wishes to their friends and families through email or make use of online greeting card services. The spammers have exploited this likelihood, since the email messages in this spam attack appear to contain Happy New Year wishes in the form of an e-card, but in fact are distributing malicious code.

Below are some sample subject lines observed in this spam attack:

Subject:  New Year Ecard Notification
Subject:  Have a funfilled and blasting NewYear!
Subject:  Welcome 2011!
Subject:  Happy 2011 To U!
Subject:  Sparkling wishes on the New Year
Subject:  Happy New Year Wishes!
Subject:  Have a Happy New Year!
Subject: New Year 2011 Ecard Special Delivery

The message text urges the user to...

Eric Park | 16 Dec 2010 18:17:46 GMT

The volume of spam continues to drop.  We have been monitoring the decline in overall spam volume over the last few months, and the downtrend continued in November.  The average daily volume in November dropped 17.4 percent month-over-month.  Compared to August, spam volume was down over 56 percent.  This drop in overall spam volume also brought down the overall spam percentage.  Spam made up 84.31 percent of all messages in November, compared with 86.61 percent in October.

In addition to discussing the volume decline, this month’s report contains interesting predictions for 2011.

Click here to download the December 2010 State of Spam & Phishing Report, which highlights the following trends:

·         What’s Happening to Spam Volume?


Samir_Patil | 07 Dec 2010 17:23:16 GMT is in the news after their recent publications linked to leaked government documents. Spammers are now leveraging the current level of interest with social engineering techniques to infect users’ computers. Symantec is observing a wave of spam spoofing WikiLeaks to lure users into becoming infected with a new threat.

The spam email has subject line “IRAN Nuclear BOMB!” and spoofed headers. The “From” header purports to originate from, although this is not in fact the case, and the message body contains a URL. This URL downloads and runs Wikileaks.jar which has a downloader ‘Wikileaks.class’ file. The downloader pulls the threat from http://ugo.file[removed].com/226.exe. Symantec detects this threat as W32.Spyrat.

Below is screenshot of the email and website that downloads the threat:


Vivian Ho | 26 Nov 2010 19:15:44 GMT

When one thinks of Christmas, an aura of emotion arises. We are reminded of our family reunions, Christmas carols, that aroma of turkey being roasted, the cakes and pastries - don’t forget the Christmas gifts! But before we can wish you a merry Christmas we would like to caution you as you prepare your Christmas shopping list.

Please be careful, especially when you do your Christmas shopping online. Spammers are offering a plethora of fake offers, replicas, medication, and loans at unbelievably low interest rates, as is customary, during this season. Don’t get carried away by their cheap offers because no haute couture brand offers their products at such throw-away prices. We again would like to remind you not to get lured into giving your email credentials without first finding out that the Web site you are shopping on is legitimate and real.

We would like to highlight a few more tricks that spammers have pulled out of their hats this Christmas...

Vivian Ho | 16 Jun 2010 21:44:23 GMT

As 52 countries across the world gear up to celebrate Father’s day on Sunday, June 20, Symantec is monitoring the increase in the Father’s Day spam volume since the end of May. Sadly, spammers don’t forget to send out their holiday spam, although a couple of ongoing global events such as the FIFA World Cup and Shanghai World Expo might also draw their attention. The Father’s Day spam messages are similar to Mother’s Day spam, including hit-and-run spam, product promotion, and ecard services. We have observed that spammers registered lots of domains with various From aliases and Subject lines in order to bypass spam filters in hit-and-run spam. These types of spam messages, with Father’s Day headers, can attract readers’ attention.

Symantec is expecting to see more attacks in the coming days and advises users to ignore these messages. Here...