Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Jo Hurcombe | 16 Dec 2014 15:06:05 GMT

link_spam_increase.jpg

Contributor: Satnam Narang 

Attackers behind malicious spam campaigns have shifted their tactics in recent months and are increasingly attempting to infect victims by luring them into clicking on links rather than sending them malicious attachments.

Since late November, Symantec Security Response has seen a spike in the number of malicious emails using this tactic. Over the last six months, there were relatively few spam emails containing malicious links. For example, in October, only seven percent of malicious spam emails contained links. That number jumped to 41 percent in November and has continued to climb in early December.

While many malicious emails come with an attachment, organizations can block and filter these types of messages. Symantec believes that the Cutwail botnet (...

Sean Butler | 29 Oct 2014 06:04:06 GMT

spam_campaign_concept.jpg

Symantec has recently seen a spam campaign involving fake wire transfer request emails. While this technique is not new, and has had some coverage in the press this year, we have seen an increase in this type of spam recently.

The purpose of this type of email is very simple—to get the recipient to process a payment for non-existent goods or services by way of a wire or credit transfer. The scammers send an email to a target recipient, usually pretending to be from the CEO or a senior executive of an organization. The scammers will usually send the fake wire transfer emails to employees working in the finance department of a company, as those employees will have the ability to action payment requests.

Another tactic the scammers use...

Bhaskar Krishna | 20 Oct 2014 16:45:39 GMT

Contributor: Joseph Graziano

PDF invoices sent over email have become increasingly common in today’s business world. However, that doesn’t mean that there are no complications with the file format. Addressing these invoices without requiring verification from the recipient can lead to a compromised computer with the user’s confidential data in jeopardy.

Over the past week, Symantec has observed a spam campaign involving suspicious emails that masquerade as unpaid invoices. However, these suspicious emails come with a nasty surprise attached in the form of a malicious .pdf file.

Fig1_19.png
Figure 1. Malicious .pdf file attached to suspicious email

While these invoices may appear to be legitimate because the sender’s email address may be associated with a major company, the emails contain spelling errors in the subject line and the body of the email...

Satnam Narang | 02 Oct 2014 22:08:55 GMT

In May, Snapchat released an update to the popular photo-messaging application that put the “chat” into Snapchat by allowing users to send messages within the app.  We previously warned that criminals would inevitably leverage this feature in future spam campaigns. Sure enough, a number of Snapchat users have recently reported receiving chat messages and photos from their friends promoting diet pill spam.

Fruit spam on Snapchat
This is not the first campaign of this type we have seen. In February 2014, a number of Snapchat accounts were compromised and used to send images of fruit drinks, promoting websites called FrootSnap and SnapFroot....

Symantec Security Response | 05 Sep 2014 16:46:11 GMT

Days after numerous celebrities were found to have their iCloud accounts compromised, a major botnet has turned its attention to Apple customers, launching a phishing email campaign aimed at luring victims into disclosing their Apple ID’s and passwords.

Symantec has observed Kelihos (also known as Waledac) being used to send spam emails purporting to be from Apple, informing the victim that a purchase has been made using their account on the iTunes Store. Samples of the emails discovered by Symantec bear the subject line “Pending Authorisation Notification.” The email says that the victim’s account has been used to purchase the film “Lane Splitter” on a computer or device that hadn’t previously been linked to their Apple ID. The email gives an IP address that was used to make the alleged purchase and claims the address is located in Volgograd, Russia.

...

Avdhoot Patil | 26 Aug 2014 08:40:29 GMT

Celebrity lures continue in the world of phishing. We have seen several phishing sites in the past that used altered celebrity images to get users’ attention. Today, we have a couple of examples in which phishers continued their celebrity  promotion campaigns with glamour models Martisha and Denise Milani. These phishing sites are typically developed for the purpose of stealing personal information from a large number of these celebrities’ fans.

In one campaign, the phishing page spoofed Facebook’s branding and contained an image of glamour model Martisha along with a message in the Arabic language. This message translates to “Chat with Arab boys and girls on Facebook”. The phishing site gave the impression that the user could get involved in adult chats when they entered their login credentials. In reality, after the user inputted their login credentials, they were redirected to the legitimate Facebook login page while their information was sent to the phishers. The...

Lionel Payet | 22 Aug 2014 10:17:15 GMT

automobile-sector-concept.png

Contributor: Mark Anthony Balanza

As a successful business sector, the automobile industry is an attractive target for cybercrime. The automobile industry is composed of a multitude of businesses ranging from manufacturers and sellers to garages offering maintenance and repair. Earlier this month, we observed a spam campaign that targeted several small to medium sized companies within the automobile industry in Europe with Infostealer.Retgate (also known as Carbon Grabber).

The Carbon Grabber crimeware kit first appeared on underground forums earlier this year. Crimeware kits are not new and since the Zeus (Trojan.Zbot) malware’s notoriety,...

Avdhoot Patil | 19 Aug 2014 23:33:39 GMT

Phishers are known for capitalizing on current events and using them in their phishing campaigns. Celebrity scandals are popular and Symantec recently observed a phishing attack on the Facebook platform that claimed to have the sex tape of well-known Filipino television host and news anchor Paolo Bediones. Paolo Bediones became a hot topic last month when an adult video featuring a person resembling this TV host appeared online.

Symantec discovered a fake Facebook site behind a campaign that offered the "sex scandal" video of Paolo Bediones.

image1_0.jpg

Figure. Phishing site requests user login, then steals credentials

A message on the phishing site requests users to login to watch the full sex video. If users enter their Facebook login credentials, the phishing page...

Satnam Narang | 14 Aug 2014 21:32:10 GMT

Within 48 hours of the news surrounding the death of actor and comedian Robin Williams, scammers honed in on the public’s interest and grief. There is currently a scam campaign circulating on Facebook claiming to be a goodbye video recorded by the actor just before his death.
 

fbscam-bbcnews-rw.png

Figure 1. Fake BBC news site with fake Robin Williams goodbye video
 

There is no video. Users that click on the link to the supposed video are taken to a fake BBC News website. As with many social scams, users are required to perform actions before they can view the content. In this case, users are instructed to share the video on Facebook before watching.
 

fbscam-share-numbers.png

Figure 2. Facebook share dialog with fake...

Symantec Security Response | 06 Aug 2014 12:10:36 GMT

Since its emergence in 2007, Trojan.Asprox has remained one of the most prolific botnets on the threat landscape. During this time it has evolved into a formidable threat encompassing new functionalities which have been well documented within the information security industry. While always maintaining a presence on the threat landscape, since late last year the Asprox botnet has resurged and has been steadily increasing its numbers as a result of ongoing self-propagating spam campaigns.

Now Symantec has observed Trojan.Asprox.B, adding yet another new module to its arsenal in the form of a URL viewer that is used to push advertising pages to a victim’s browser. To date, we have observed Asprox push casino, loan, mobile spyware, and pornographic adverts to unwilling victims’ browsers. In...