Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Message Filter
Showing posts in English
Samir_Patil | 20 Jan 2011 14:48:12 GMT

Many countries are going through turbulent times due to natural disasters. In fact, emotions do run high when disasters strike—people are moved and understandably want to share in helping affected victims by donating to relief funds. The most recent natural disaster that Australia, Brazil, and the Philippines are grappling with is the flash flooding and the immense loss that it has caused to life and property.

History tells us that when natural disasters such as bush fires, floods, earthquakes and other natural calamities strike, they cause untold repercussions. Rehabilitation, restructuring, and methods to curtail further losses become a formidable challenge. One method used to combat such situations is the appeal for relief funds, donations, and government compensations in cash or kind.

Spammers would never let any such opportunities pass by without preying on them. Don’t be surprised to see your inbox bombarded with heart-wrenching emails requesting you...

Eric Park | 12 Jan 2011 22:01:59 GMT

In this blog about spam volume, we discussed the virtual shutdown of three botnets including Rustock that caused the global spam volume to plummet around Christmas day. MessageLabs has indicated in their blog that those botnets have restarted, although they are sending less volume than pre-shutdown levels at the moment.

As seen in the chart below, we are indeed seeing a spike up in volume as of January 10. We will be keeping a close eye on this over the next few days to see if the increase holds up. For now, it looks like holidays are indeed over for spammers.

We saw a drop in the use of the ‘.ru’ domain...

Suyog Sainkar | 05 Jan 2011 16:33:43 GMT

Since the close of 2010, Symantec has been observing a recent spam attack that is designed to distribute malware. On the arrival of the new year, Internet users often send best wishes to their friends and families through email or make use of online greeting card services. The spammers have exploited this likelihood, since the email messages in this spam attack appear to contain Happy New Year wishes in the form of an e-card, but in fact are distributing malicious code.

Below are some sample subject lines observed in this spam attack:

Subject:  New Year Ecard Notification
Subject:  Have a funfilled and blasting NewYear!
Subject:  Welcome 2011!
Subject:  Happy 2011 To U!
Subject:  Sparkling wishes on the New Year
Subject:  Happy New Year Wishes!
Subject:  Have a Happy New Year!
Subject: New Year 2011 Ecard Special Delivery

The message text urges the user to...

Eric Park | 16 Dec 2010 18:17:46 GMT

The volume of spam continues to drop.  We have been monitoring the decline in overall spam volume over the last few months, and the downtrend continued in November.  The average daily volume in November dropped 17.4 percent month-over-month.  Compared to August, spam volume was down over 56 percent.  This drop in overall spam volume also brought down the overall spam percentage.  Spam made up 84.31 percent of all messages in November, compared with 86.61 percent in October.

In addition to discussing the volume decline, this month’s report contains interesting predictions for 2011.

Click here to download the December 2010 State of Spam & Phishing Report, which highlights the following trends:

·         What’s Happening to Spam Volume?


Samir_Patil | 07 Dec 2010 17:23:16 GMT is in the news after their recent publications linked to leaked government documents. Spammers are now leveraging the current level of interest with social engineering techniques to infect users’ computers. Symantec is observing a wave of spam spoofing WikiLeaks to lure users into becoming infected with a new threat.

The spam email has subject line “IRAN Nuclear BOMB!” and spoofed headers. The “From” header purports to originate from, although this is not in fact the case, and the message body contains a URL. This URL downloads and runs Wikileaks.jar which has a downloader ‘Wikileaks.class’ file. The downloader pulls the threat from http://ugo.file[removed].com/226.exe. Symantec detects this threat as W32.Spyrat.

Below is screenshot of the email and website that downloads the threat:


Vivian Ho | 26 Nov 2010 19:15:44 GMT

When one thinks of Christmas, an aura of emotion arises. We are reminded of our family reunions, Christmas carols, that aroma of turkey being roasted, the cakes and pastries - don’t forget the Christmas gifts! But before we can wish you a merry Christmas we would like to caution you as you prepare your Christmas shopping list.

Please be careful, especially when you do your Christmas shopping online. Spammers are offering a plethora of fake offers, replicas, medication, and loans at unbelievably low interest rates, as is customary, during this season. Don’t get carried away by their cheap offers because no haute couture brand offers their products at such throw-away prices. We again would like to remind you not to get lured into giving your email credentials without first finding out that the Web site you are shopping on is legitimate and real.

We would like to highlight a few more tricks that spammers have pulled out of their hats this Christmas...

Vivian Ho | 16 Jun 2010 21:44:23 GMT

As 52 countries across the world gear up to celebrate Father’s day on Sunday, June 20, Symantec is monitoring the increase in the Father’s Day spam volume since the end of May. Sadly, spammers don’t forget to send out their holiday spam, although a couple of ongoing global events such as the FIFA World Cup and Shanghai World Expo might also draw their attention. The Father’s Day spam messages are similar to Mother’s Day spam, including hit-and-run spam, product promotion, and ecard services. We have observed that spammers registered lots of domains with various From aliases and Subject lines in order to bypass spam filters in hit-and-run spam. These types of spam messages, with Father’s Day headers, can attract readers’ attention.

Symantec is expecting to see more attacks in the coming days and advises users to ignore these messages. Here...

Vivian Ho | 15 Jun 2010 21:37:42 GMT

Spammers are known to be crowd chasers. And so it goes that social networking forums, sports events, and major news-generating events always seem to catch the spammers’ attention. In line with this trait, spammers are now targeting global expos. With around 70 to 100 million visitors expected to turn up at the Shanghai World Expo 2010 this year, spammers couldn't have asked for a better time to make their presence felt.
Spammers are using the Shanghai expo in their subject lines and email messages to deliver fake promotions, sell products, and offer various services. Symantec has been monitoring several different variations of spam types in the campaign.

Sample 1:
Spammers include an expo event subject line to attract hits. In the body, there is a meds promotion URL right in the center and a bogus MSN subscription note at the bottom.

From: <Details Removed>
Subject: 200,000 flood Shanghai Expo...

Samir_Patil | 14 Jun 2010 21:52:21 GMT

Former child star Gary Coleman, who shot to fame on the TV sitcom Diff'rent Strokes, died on May 28, 2010. The American actor is well known not only for his childhood role as Arnold Jackson in Diff'rent Strokes, but also for his small stature as an adult, which was caused by a congenital kidney disease that halted his growth at an early age.

As always, events such as these seem to be prime targets for spammers and malicious code authors alike. Symantec has been monitoring spam samples that tie in to Gary Coleman’s death; in particular, we’ve been observing several health-related spam messages that use the news headlines of Coleman’s death as their Subject lines.

As shown in below example, the message is, in actuality, a promotion of a Canadian pharmacy spam site. The links embedded in the message direct users to this online pharmacy:


Samir_Patil | 11 Jun 2010 20:20:51 GMT

The world’s most awaited sporting event is kicking off today. As the world is getting ready to join the excitement, spammers continue to raise their spam game.
As discussed in the blog last month, we started observing variants of the FIFA spam on top of what we have already seen (like fishing, scams, and malicious attachments). Spammers are dishing out a variety of tactics such as fake gift cards and online pharmacies to lure email users.
In the recent spam promotion, spammer offers fake gift cards and invite users to participate in surveys. Below is a of such an offer where spammers are asking for opinions on the chances of Team USA in this edition of the World Cup. Email users are being offered free gift cards for taking such surveys.
Especially after their good showing in the...