Video Screencast Help
Security Response
Showing posts tagged with Message Filter
Showing posts in English
Mathew Maniyara | 01 Mar 2011 14:13:39 GMT

On February 22, 2011, a massive 6.3 magnitude earthquake devastated the New Zealand city of Christchurch. As per the official reports, the death toll has reached 75—a number that may yet increase. Thousands of people in New Zealand have lost their homes and search operations are still in progress. Fraudsters, as usual, are taking advantage of this by sending spam mails that request donations. In January, phishers had used the same ploy of asking for fake donations for victims of the Serrana floods.


 

The phishing site spoofed the Red Cross website for New Zealand and requested help from end users. Firstly, the phishing site gave details of the earthquake, highlighting the extent of the damage in the city...

Samir_Patil | 23 Feb 2011 13:51:47 GMT

The Tunisian wave has captured the minds of people across the Middle East region. What is surprising to note is the creative use of the Internet in discussing such sensitive issues. The unrest in Tunisia has "tsunamied" into a mass movement straight at the heart of the Arab world. Egypt, with the ousting of President Hosni Mubarak, has become ground zero of this wave. But, as this movement gains momentum and spreads, there are many waiting to misuse this space—as demonstrated in the sample discussed below.

 
In this typical 419 scam message, the scammer masquerades as the erstwhile President Hosni Mubarak. A handsome proposal, considering the (bogus) bonanza of a 30% handling fee to be given to the one who cooperates in siphoning his booty out of Egypt. Further, because of the urgency of the situation, one is required to give "full contact information" as well...

Amanda Grady | 22 Feb 2011 19:38:38 GMT

With just over two months to go before the wedding of Prince William and Kate Middleton, it’s no surprise to find this significant event is being used to promote products. Emails advertising a replica of Princess Diana’s engagement ring were observed in the past few days, sent by well established spammers.

Although infected botnet machines are responsible for the vast majority of spam sent globally (77% at the end of 2010), these attacks do not fall in that category, and in fact the IP which is sending the spam is the same as the one hosting the domain which is linked to in the email. This domain has also been used in other spam campaigns, such as the long running Who’s Who social networking spam messages (see our May 2008 State of Spam report for similar attacks)....

Samir_Patil | 18 Feb 2011 14:47:28 GMT

In the United States, Presidents' Day is celebrated on the third Monday of February to honor two of America’s greatest presidents, Abraham Lincoln and George Washington. This year, Presidents' Day will be celebrated on February 21. Recently, Symantec has observed spam attacks leveraging Presidents' Day and has seen attempts to exploit the "groups" function of a social networking site.

The samples shown below are screenshots of one such group from a social networking website. The group is quite obviously trying to exploit the Presidents' Day event:

 

The group description “MEGA SPAM!... Spam YOUR A TOOL! on your messages” [sic] is an attempt to inspire group members...

Eric Park | 11 Feb 2011 12:21:34 GMT

The global spam volume, which has been the discussion topic for several months, appears to have finally stopped its decline. The month-over-month global spam volume was down in January again, but this was mostly due to the Rustock botnet shutdown, seen for the first 10 days of the year. We expect to see a month-over-month increase in spam volume in February, which will be a first since August 2010. Overall, spam made up 79.55% of all messages in January, compared with 81.69% in December.  

To find out more, click here the February 2011 State of Spam & Phishing Report, which highlights the following trends:

•    Conclusion of Spam Volume Saga
•    Turmoil in Egypt Shuts Down the Spammers
•    Scammers Seek Support for Serrana Flood Victims
•...

Samir_Patil | 09 Feb 2011 15:47:32 GMT

The domain .РФ (.rf) is the internationalized domain name (IDN) for domains registered under the Russian Federation. The .rf top-level domain (TLD) became operational on May 13, 2010, and was officially opened up for public registration on November 11, 2010. The traditional country code top-level domain (ccTLD) for Russia is .ru. In recent times, we have been observing a considerable amount of spam emanating from the .ru TLD. With .rf domains becoming available for public use, spammers will now have a new lease of life.

Let's delve a little deeper into what TLD means to Russia. рф (Российская Федерация) is transliterated as “Rossiyskaya Federatsiya”, i.e. the Russian Federation. The domain has an ASCII representation of xn--p1ai, derived as punycode for use in the domain name system (DNS). It is intended for...

Samir_Patil | 07 Feb 2011 23:39:45 GMT

The most awaited tournament for cricket lovers, the ICC World Cup 2011, begins on February 19, 2011. The ICC World Cup is being played in the Indian subcontinent, and the country’s cricket-crazy population is all set to get hold of World Cup tickets in every possible way—all to witness and experience live international cricket in action. Since this is a hugely followed international sporting event across the world, Symantec has anticipated spam attacks and other Internet threats related to the event. As expected, we are observing World Cup spam in the Symantec Probe Network.

The spam message invites users to attend the final game of World Cup 2011 in Mumbai, India. The invite offers multiple executive club facilities such as a private table, a gourmet champagne brunch, and much more for 10 guests. This may sound like an attractive deal; however, it is simply bait for Internet users/cricket fans who are keen to be a part of the World Cup Final and experience the...

Shravan Shashikant | 02 Feb 2011 18:55:33 GMT

The events in Egypt over the past few days have captured the attention of people around the world. As history unravels in Egypt, there have been attempts to cut down on all communications. We’ve been tracking the spam output originating from Egypt in our systems over the past few days.

As also reported by Arbor networks, around 2:00 pm on January 27 we started noticing a fall in spam traffic from Egypt. When we look at a city-level breakdown, it appears that traffic from Cairo was affected immediately. Traffic from Giza seemed to continue for a few more hours, albeit at spotty levels, and eventually dropped off around midnight Pacific Time:

 

Since then, traffic from Egypt has been...

Vivian Ho | 31 Jan 2011 18:04:52 GMT

Giving gifts for Chinese New Year is a traditional custom, not only for families but also for businesses to show their gratitude to customers. While everyone is ready to welcome the Year of the Rabbit, spammers have already provided many holiday surprises for them.

Chinese New Year is on February 3 this year, about half a month earlier than last couple of years. Spammers have also adjusted their attack schedule for the upcoming festival.

Product and business promotion spam have been observed since last December. Most attacks have customized the ‘From’ line alias and use promotional ‘Subject’ lines related to Chinese New Year.

The following two samples are medical product promotions with a customized ‘From’ line and have a subject line related to the occasion.

From:可输入多个<[Details Removed]>

Subject:过年了!给领导送什么哪?(AD)

Translation:

From: you may enter multiple choices...

Samir_Patil | 31 Jan 2011 16:33:28 GMT

Valentine’s Day brings excitement for celebrating love and affection between dear ones. Spammers are  gearing up for  Valentine’s Day with several offers like product spam, gift cards, personalised cards, and financial spam. Symantec has been  observing Valentine’s Day-related spam since early January and we have recently seen a spike in product spam related to the event.

Below are Valentine’s day related spam samples:

Subject: An original gift for Valentine's Day

Subject: Take Her Breath Away

Subject: Super great designer watches

Subject: Personalized gifts for your Valentine

Subject: Very Hush-Hush Valentines Day Offer

Subject: The best Valentines gifts

Subject: Quick and Easy Valentine's Day Gifts

Subject: $19.99 Flowers for Valentine's Day + FREE Vase

Spammers promoting fake product offers at discounted price and the URL mentioned in the message redirects the...