Video Screencast Help
Security Response
Showing posts tagged with Message Filter
Showing posts in English
Mayur Kulkarni | 16 Apr 2010 07:49:41 GMT

The Polish President Lech Kaczynski, his wife, and top Polish officials were recently killed in a tragic plane crash in a forest near Smolensk, Russia. Without wasting a moment, scammers have latched onto this dreadful incident to send spam email messages. Symantec has come across scam messages that refer to this plane crash and there have been numerous attempts to lure recipients into a so-called opportunity of becoming a beneficiary of massive wealth.

The messages in this latest spam run take the form of a typical “419 scam” email, in which the scammer introduces himself as a banker who is in charge of a deceased customer’s account; in this case he claims to be a director of a bank in Malaysia and the customer is Mrs. Maria Kaczynski, wife of Polish President Lech Kaczynski. The scammer claims that he will use his purported director’s position to change all of the information and documents related to the actual fund beneficiary in favor of the...

Mayur Kulkarni | 14 Apr 2010 08:59:50 GMT

Does anyone really care about opening a zip file to examine an RTF or JPEG file? This task—combined with a dull, unexciting, unstimulating subject line—competes with the content of the email to win a race of worthlessness. This is how we at Symantec feel about recent, short-lived spam attacks using compressed RTF and JPEG files. Spammers have traditionally used zip files to carry executables, but in most cases the subject line or the content of the message made an effort to encourage users to open the attachment.

There are cases of spamming attacks in which HTML attachments opened up a fully functional Web page, capable of carrying sensitive user information back to the fraudsters. However, with this latest spam attack using zipped files, not only have the spammers made an attempt to escape anti-spam filters, they’re missing out on reaching any users as well. The scope of returns for these messages looks to be much less rewarding than other comparable...

Dermot Harnett | 09 Apr 2010 23:07:51 GMT

...and some of it masquerades as “marketing” and “newsletter” emails.

In March 2010, spam continued to account for a high percentage of all email traffic, peaking at 93.6% of all messages. The majority of this spam email was sent using certain tactics that were deployed to hijack unsecured computers and hide the senders’ identity. Recently, however, there has been an uptick in spam “marketing” and “newsletter” emails. These spam marketing and newsletter emails share one significant commonality with “regular” spam emails, which is that they are unwanted email messages sent to individuals who have no formal relationship with the message sender.

The distinction between the spam marketing and newsletter email and regular spam email includes the following:

•    The sender of the spam marketing and newsletter email may not go to extraordinary...

Mayur Kulkarni | 09 Apr 2010 08:09:48 GMT

The Indian Premier League 2010 is a huge attraction for the cricket-crazy population in India. These matches are packed with all the ingredients to entertain, and are capable of satisfying viewers’ hunger for more and more cricket matches. People are ready to buy tickets in all possible ways just to watch their local and international cricket stars play. Symantec was anticipating a spamming campaign against ticket sales during the initial period of the sporting extravaganza; however, it is just halfway through the event and still not too late to lure email users with offers related to IPL tickets.

Symantec has now come across few spam samples that offer free tickets/passes to the recipients. In return, users need to register on a website. After registering with this website, spammers claim that users may receive a free IPL ticket through a lucky draw.

Here are a few sample images of the spam messages:
 
...

Dermot Harnett | 08 Apr 2010 19:00:00 GMT

The National Bureau of Economic Research has previously indicated that the United States has been in a recession since December 2007. What is interesting to note here is that Symantec first reported that spammers were showing an interest in the slowdown of the economy in October and November of 2007, so this begs the question, “Can the focus of spam email be used as an economic indicator or barometer?” Let’s take a brief look at the recession (thus far) by looking through Symantec's spam folder (a.k.a. the Symantec Global Intelligence Network).

•    October 2007: Spammers Feed Off Housing Crisis
•    January 2008: As Oil Prices Hike, Spammers Strike:
•    February 2008: Rising gas prices lead spammers to bio-fuel
•    June 2008: Economic Climate Helps Fuel Spam Climate
•...

Vivian Ho | 01 Apr 2010 20:46:00 GMT

As Easter approaches, spam related to this upcoming holiday is expected. Spammers didn’t send malicious greetings like last year—they sent out various product promotion ads instead. One particular coupon promotion page offers recipients a free coupon for digital TV service for Easter. A domain attack was observed from this spam attack, and the offer page changed to different product coupons on a daily basis.

From: "The Easter Bunny" <EasterBunny@ [Details Removed]>
Subject: How to make this Easter even more magical...

In another Easter spam message we observed a gift basket promo message that is just like ordinary hit-and-run spam, in which the spammers try to bypass spam filters by changing the registered domains while using the same promotional ads. Spam...

Samir_Patil | 30 Mar 2010 18:52:38 GMT

Keeping personal information private on the Internet is always a concern for computer users. In a new spam tactic, spammers seem keen to bring disrepute to social networking sites and Webmail services by introducing fear, uncertainty, and doubt regarding the security of private online data.

In this spam attack, spammers allege that social networking and Webmail service providers are spying on and reading every email that users send and this can seriously impact use, privacy, and safety. Spammers are targeting human emotions, such as concern for children’s safety and personal online security. The spam message states that a privacy protection service will help users keep social networking and email accounts from being spied on.

Sample email:

The so-called “privacy protectors” claim to give subscribers audio updates about the privacy invaders. To protect the...

Mayur Kulkarni | 25 Mar 2010 12:31:29 GMT

Who wouldn’t want some tax benefits in the current economic times? Don’t phishers and scammers know that all too well! In a new phishing scheme, Symantec has found that Child Tax Credit is being used as bait to lure parents to disclose their financial data. This attack specifically tries to convince users to make claims for credit and lower their tax burden by using their children’s education expenses.

According to the Internal Revenue Service (IRS) website [PDF], taxpayers may be able to reduce their federal income tax by up to $1,000 for each qualifying child. Making use of this information, spam email discusses the expensive education of children and quickly advises recipients to use this expense to make claims for tax credits under the numerous tax benefits provided by the IRS. They make a further appeal that as a U.S. citizen or resident, recipients should apply for their tax returns...

Dylan Morss | 23 Mar 2010 19:52:08 GMT

One can be both impressed and amused at how far image spammers will go in distorting their image payloads in an attempt to slip through spam filtering technologies. If the spammer somehow manages to slip spam through spam filters from time to time, it allows email users to see how badly mangled the images must become. The images are, for all practical purposes, illegible. Take, for instance, this example below:

Seriously, Mr. Spammer, thank you for trying so hard! Perhaps this piece of Internet debris finally arrived in your potential customer’s inbox; too bad it’s more noise than message. In fact, it’s completely useless.

What is that?
Pills what?
A URL, is it?

You really expect anyone to follow through with such bad presentation?

Take a look at the ironic subject line in this particular message:

From:  "NNNN...

Eric Park | 11 Mar 2010 17:39:32 GMT

In February, spammers continued to use the news of the earthquake in Haiti and the recent earthquake in Chile as another vector to utilize. Scam and phishing messages accounted for 19 percent of all spam in February, which is 2 percentage points lower than in January, but nevertheless an elevated level.

In addition to spam tactics involving current events, this month’s report also highlights international threats. While spam is truly a global problem affecting all countries, the report showcases spam and phishing threats in four high growth, emerging countries often referred to as the “BRIC”: Brazil, Russia, India, and China.

For these discussions and much more, download the March 2010 Symantec State of Spam & Phishing Report [PDF], which highlights the following trends:

•    Still No...