Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Message Filter
Showing posts in English
Samir_Patil | 22 Apr 2010 20:15:28 GMT

A series of volcanic eruptions in Iceland has affected thousands of people worldwide. Poor visibility due to a plume of ash and smoke impelled several European countries to completely close their airspace. Because of this, large numbers of travelers willing to travel to or from Europe have been stuck in airports.

Now, without mercy, spammers are utilizing this catastrophe to push health-related spam. In the Symantec Probe Network we have monitored thousands of spam messages linked to the Icelandic volcanic eruption.

The subject line samples are as follows:

Subject: Fears volcano chaos will continue airstream
Subject: Sport left grounded by volcano affreight
Subject: Volcano ash affects air travel adjuror
Subject: Sport left grounded by volcano acid
Subject: Fears volcano chaos will continue albumoses
Subject: Fears volcano chaos will continue achtel

The spam message looks like a legitimate news alert. The...

Eric Park | 16 Apr 2010 07:56:38 GMT

After the tragic earthquakes in Haiti and in Chile, there were no additional natural disasters for spammers to take advantage of. Instead, spammers continued to focus on seasonal and calendar events such as the Easter holiday to deliver spam messages. With respect to spam message size, there was a marked increase in spam messages between 5kb and 10kb (a rise of over 10 percentage points), which correlates to an increase in attachment spam. Overall, spam made up 89.34 percent of all messages in March, compared to 89.99 percent in February.

Click to download the April 2010 State of Spam & Phishing Report, which highlights the following trends:

•    Spam as Economic Indicator
•    Mass Phishing of Retail Electronic Payment Brands
•    Phishing of Indian Job Sites...

Mayur Kulkarni | 16 Apr 2010 07:49:41 GMT

The Polish President Lech Kaczynski, his wife, and top Polish officials were recently killed in a tragic plane crash in a forest near Smolensk, Russia. Without wasting a moment, scammers have latched onto this dreadful incident to send spam email messages. Symantec has come across scam messages that refer to this plane crash and there have been numerous attempts to lure recipients into a so-called opportunity of becoming a beneficiary of massive wealth.

The messages in this latest spam run take the form of a typical “419 scam” email, in which the scammer introduces himself as a banker who is in charge of a deceased customer’s account; in this case he claims to be a director of a bank in Malaysia and the customer is Mrs. Maria Kaczynski, wife of Polish President Lech Kaczynski. The scammer claims that he will use his purported director’s position to change all of the information and documents related to the actual fund beneficiary in favor of the...

Mayur Kulkarni | 14 Apr 2010 08:59:50 GMT

Does anyone really care about opening a zip file to examine an RTF or JPEG file? This task—combined with a dull, unexciting, unstimulating subject line—competes with the content of the email to win a race of worthlessness. This is how we at Symantec feel about recent, short-lived spam attacks using compressed RTF and JPEG files. Spammers have traditionally used zip files to carry executables, but in most cases the subject line or the content of the message made an effort to encourage users to open the attachment.

There are cases of spamming attacks in which HTML attachments opened up a fully functional Web page, capable of carrying sensitive user information back to the fraudsters. However, with this latest spam attack using zipped files, not only have the spammers made an attempt to escape anti-spam filters, they’re missing out on reaching any users as well. The scope of returns for these messages looks to be much less rewarding than other comparable...

Dermot Harnett | 09 Apr 2010 23:07:51 GMT

...and some of it masquerades as “marketing” and “newsletter” emails.

In March 2010, spam continued to account for a high percentage of all email traffic, peaking at 93.6% of all messages. The majority of this spam email was sent using certain tactics that were deployed to hijack unsecured computers and hide the senders’ identity. Recently, however, there has been an uptick in spam “marketing” and “newsletter” emails. These spam marketing and newsletter emails share one significant commonality with “regular” spam emails, which is that they are unwanted email messages sent to individuals who have no formal relationship with the message sender.

The distinction between the spam marketing and newsletter email and regular spam email includes the following:

•    The sender of the spam marketing and newsletter email may not go to extraordinary...

Mayur Kulkarni | 09 Apr 2010 08:09:48 GMT

The Indian Premier League 2010 is a huge attraction for the cricket-crazy population in India. These matches are packed with all the ingredients to entertain, and are capable of satisfying viewers’ hunger for more and more cricket matches. People are ready to buy tickets in all possible ways just to watch their local and international cricket stars play. Symantec was anticipating a spamming campaign against ticket sales during the initial period of the sporting extravaganza; however, it is just halfway through the event and still not too late to lure email users with offers related to IPL tickets.

Symantec has now come across few spam samples that offer free tickets/passes to the recipients. In return, users need to register on a website. After registering with this website, spammers claim that users may receive a free IPL ticket through a lucky draw.

Here are a few sample images of the spam messages:

Dermot Harnett | 08 Apr 2010 19:00:00 GMT

The National Bureau of Economic Research has previously indicated that the United States has been in a recession since December 2007. What is interesting to note here is that Symantec first reported that spammers were showing an interest in the slowdown of the economy in October and November of 2007, so this begs the question, “Can the focus of spam email be used as an economic indicator or barometer?” Let’s take a brief look at the recession (thus far) by looking through Symantec's spam folder (a.k.a. the Symantec Global Intelligence Network).

•    October 2007: Spammers Feed Off Housing Crisis
•    January 2008: As Oil Prices Hike, Spammers Strike:
•    February 2008: Rising gas prices lead spammers to bio-fuel
•    June 2008: Economic Climate Helps Fuel Spam Climate

Vivian Ho | 01 Apr 2010 20:46:00 GMT

As Easter approaches, spam related to this upcoming holiday is expected. Spammers didn’t send malicious greetings like last year—they sent out various product promotion ads instead. One particular coupon promotion page offers recipients a free coupon for digital TV service for Easter. A domain attack was observed from this spam attack, and the offer page changed to different product coupons on a daily basis.

From: "The Easter Bunny" <EasterBunny@ [Details Removed]>
Subject: How to make this Easter even more magical...

In another Easter spam message we observed a gift basket promo message that is just like ordinary hit-and-run spam, in which the spammers try to bypass spam filters by changing the registered domains while using the same promotional ads. Spam...

Samir_Patil | 30 Mar 2010 18:52:38 GMT

Keeping personal information private on the Internet is always a concern for computer users. In a new spam tactic, spammers seem keen to bring disrepute to social networking sites and Webmail services by introducing fear, uncertainty, and doubt regarding the security of private online data.

In this spam attack, spammers allege that social networking and Webmail service providers are spying on and reading every email that users send and this can seriously impact use, privacy, and safety. Spammers are targeting human emotions, such as concern for children’s safety and personal online security. The spam message states that a privacy protection service will help users keep social networking and email accounts from being spied on.

Sample email:

The so-called “privacy protectors” claim to give subscribers audio updates about the privacy invaders. To protect the...

Mayur Kulkarni | 25 Mar 2010 12:31:29 GMT

Who wouldn’t want some tax benefits in the current economic times? Don’t phishers and scammers know that all too well! In a new phishing scheme, Symantec has found that Child Tax Credit is being used as bait to lure parents to disclose their financial data. This attack specifically tries to convince users to make claims for credit and lower their tax burden by using their children’s education expenses.

According to the Internal Revenue Service (IRS) website [PDF], taxpayers may be able to reduce their federal income tax by up to $1,000 for each qualifying child. Making use of this information, spam email discusses the expensive education of children and quickly advises recipients to use this expense to make claims for tax credits under the numerous tax benefits provided by the IRS. They make a further appeal that as a U.S. citizen or resident, recipients should apply for their tax returns...