Video Screencast Help

Security Response

Showing posts tagged with Message Filter
Showing posts in English
Amanda Grady | 22 Feb 2011 19:38:38 GMT

With just over two months to go before the wedding of Prince William and Kate Middleton, it’s no surprise to find this significant event is being used to promote products. Emails advertising a replica of Princess Diana’s engagement ring were observed in the past few days, sent by well established spammers.

Although infected botnet machines are responsible for the vast majority of spam sent globally (77% at the end of 2010), these attacks do not fall in that category, and in fact the IP which is sending the spam is the same as the one hosting the domain which is linked to in the email. This domain has also been used in other spam campaigns, such as the long running Who’s Who social networking spam messages (see our May 2008 State of Spam report for similar attacks)....

Samir_Patil | 18 Feb 2011 14:47:28 GMT

In the United States, Presidents' Day is celebrated on the third Monday of February to honor two of America’s greatest presidents, Abraham Lincoln and George Washington. This year, Presidents' Day will be celebrated on February 21. Recently, Symantec has observed spam attacks leveraging Presidents' Day and has seen attempts to exploit the "groups" function of a social networking site.

The samples shown below are screenshots of one such group from a social networking website. The group is quite obviously trying to exploit the Presidents' Day event:


The group description “MEGA SPAM!... Spam YOUR A TOOL! on your messages” [sic] is an attempt to inspire group members...

Eric Park | 11 Feb 2011 12:21:34 GMT

The global spam volume, which has been the discussion topic for several months, appears to have finally stopped its decline. The month-over-month global spam volume was down in January again, but this was mostly due to the Rustock botnet shutdown, seen for the first 10 days of the year. We expect to see a month-over-month increase in spam volume in February, which will be a first since August 2010. Overall, spam made up 79.55% of all messages in January, compared with 81.69% in December.  

To find out more, click here the February 2011 State of Spam & Phishing Report, which highlights the following trends:

•    Conclusion of Spam Volume Saga
•    Turmoil in Egypt Shuts Down the Spammers
•    Scammers Seek Support for Serrana Flood Victims

Samir_Patil | 09 Feb 2011 15:47:32 GMT

The domain .РФ (.rf) is the internationalized domain name (IDN) for domains registered under the Russian Federation. The .rf top-level domain (TLD) became operational on May 13, 2010, and was officially opened up for public registration on November 11, 2010. The traditional country code top-level domain (ccTLD) for Russia is .ru. In recent times, we have been observing a considerable amount of spam emanating from the .ru TLD. With .rf domains becoming available for public use, spammers will now have a new lease of life.

Let's delve a little deeper into what TLD means to Russia. рф (Российская Федерация) is transliterated as “Rossiyskaya Federatsiya”, i.e. the Russian Federation. The domain has an ASCII representation of xn--p1ai, derived as punycode for use in the domain name system (DNS). It is intended for...

Samir_Patil | 07 Feb 2011 23:39:45 GMT

The most awaited tournament for cricket lovers, the ICC World Cup 2011, begins on February 19, 2011. The ICC World Cup is being played in the Indian subcontinent, and the country’s cricket-crazy population is all set to get hold of World Cup tickets in every possible way—all to witness and experience live international cricket in action. Since this is a hugely followed international sporting event across the world, Symantec has anticipated spam attacks and other Internet threats related to the event. As expected, we are observing World Cup spam in the Symantec Probe Network.

The spam message invites users to attend the final game of World Cup 2011 in Mumbai, India. The invite offers multiple executive club facilities such as a private table, a gourmet champagne brunch, and much more for 10 guests. This may sound like an attractive deal; however, it is simply bait for Internet users/cricket fans who are keen to be a part of the World Cup Final and experience the...

Shravan Shashikant | 02 Feb 2011 18:55:33 GMT

The events in Egypt over the past few days have captured the attention of people around the world. As history unravels in Egypt, there have been attempts to cut down on all communications. We’ve been tracking the spam output originating from Egypt in our systems over the past few days.

As also reported by Arbor networks, around 2:00 pm on January 27 we started noticing a fall in spam traffic from Egypt. When we look at a city-level breakdown, it appears that traffic from Cairo was affected immediately. Traffic from Giza seemed to continue for a few more hours, albeit at spotty levels, and eventually dropped off around midnight Pacific Time:


Since then, traffic from Egypt has been...

Vivian Ho | 31 Jan 2011 18:04:52 GMT

Giving gifts for Chinese New Year is a traditional custom, not only for families but also for businesses to show their gratitude to customers. While everyone is ready to welcome the Year of the Rabbit, spammers have already provided many holiday surprises for them.

Chinese New Year is on February 3 this year, about half a month earlier than last couple of years. Spammers have also adjusted their attack schedule for the upcoming festival.

Product and business promotion spam have been observed since last December. Most attacks have customized the ‘From’ line alias and use promotional ‘Subject’ lines related to Chinese New Year.

The following two samples are medical product promotions with a customized ‘From’ line and have a subject line related to the occasion.

From:可输入多个<[Details Removed]>



From: you may enter multiple choices...

Samir_Patil | 31 Jan 2011 16:33:28 GMT

Valentine’s Day brings excitement for celebrating love and affection between dear ones. Spammers are  gearing up for  Valentine’s Day with several offers like product spam, gift cards, personalised cards, and financial spam. Symantec has been  observing Valentine’s Day-related spam since early January and we have recently seen a spike in product spam related to the event.

Below are Valentine’s day related spam samples:

Subject: An original gift for Valentine's Day

Subject: Take Her Breath Away

Subject: Super great designer watches

Subject: Personalized gifts for your Valentine

Subject: Very Hush-Hush Valentines Day Offer

Subject: The best Valentines gifts

Subject: Quick and Easy Valentine's Day Gifts

Subject: $19.99 Flowers for Valentine's Day + FREE Vase

Spammers promoting fake product offers at discounted price and the URL mentioned in the message redirects the...

Samir_Patil | 20 Jan 2011 14:48:12 GMT

Many countries are going through turbulent times due to natural disasters. In fact, emotions do run high when disasters strike—people are moved and understandably want to share in helping affected victims by donating to relief funds. The most recent natural disaster that Australia, Brazil, and the Philippines are grappling with is the flash flooding and the immense loss that it has caused to life and property.

History tells us that when natural disasters such as bush fires, floods, earthquakes and other natural calamities strike, they cause untold repercussions. Rehabilitation, restructuring, and methods to curtail further losses become a formidable challenge. One method used to combat such situations is the appeal for relief funds, donations, and government compensations in cash or kind.

Spammers would never let any such opportunities pass by without preying on them. Don’t be surprised to see your inbox bombarded with heart-wrenching emails requesting you...

Eric Park | 12 Jan 2011 22:01:59 GMT

In this blog about spam volume, we discussed the virtual shutdown of three botnets including Rustock that caused the global spam volume to plummet around Christmas day. MessageLabs has indicated in their blog that those botnets have restarted, although they are sending less volume than pre-shutdown levels at the moment.

As seen in the chart below, we are indeed seeing a spike up in volume as of January 10. We will be keeping a close eye on this over the next few days to see if the increase holds up. For now, it looks like holidays are indeed over for spammers.

We saw a drop in the use of the ‘.ru’ domain...