Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Satnam Narang | 17 Jun 2014 19:36:05 GMT

Over the weekend, a large number of Pinterest accounts were compromised and used to pin links to a miracle diet pill spam called Garcinia Cambogia Extract. Since most of the compromised accounts were linked to Twitter, these spam “pins” on Pinterest were also cross-posted to Twitter.

Pinterest and Tumblr 1 edit.png

Figure 1. Pinterest miracle diet spam cross-posted to Twitter

Back in April, we published a blog on compromised Twitter accounts used to promote the same miracle diet pill spam. During our investigation, we made a connection to the Pinterest hack reported by TechCrunch in late March.

...

Sammy Chu | 12 Jun 2014 21:23:05 GMT

The Symantec Global Intelligence network has detected a significant increase in hit-and-run spam attacks (sometimes referred to as ‘snowshoe’ spam attacks) from .club domains in the last 24 hours. Earlier this year the Internet Corporation for Assigned Names and Numbers (ICANN) released a number of generic top-level domains (gTLD), with .club among them. Spammers have taken to abusing gTLDs, and specifically, the .club gTLD to perform hit-and-run spam attacks. Hit-and-run spam attacks quickly cycle through domains and IP addresses with unknown reputation to avoid detection. In this case they are using domains with the .club gTLD because of their lack of reputation.

We have observed the following “From:” header lines in these attacks:

  • From: "CarClearanceLot" <CarClearanceLot@[REMOVED].club>
  • From: "CarSavingsEvents" <CarSavingsEvents@[REMOVED].club>
  • From: "PriceNewCar" <PriceNewCar@[REMOVED].club>
  • From: Gift Cards <...
Lionel Payet | 11 Jun 2014 08:16:05 GMT

Contributor: Roberto Sponchioni

It’s well known that hot political topics make enticing lures for cyberattacks and, as such, Symantec is constantly on the lookout for attacks using this tactic. Recent monitoring of the global political landscape led us to observe a malicious campaign piggybacking on the coup d’état that occurred in Thailand three weeks ago (May 19, 2014) after months of turmoil in the country. We have seen the emergence of a limited and targeted spam campaign against government officials in Southeast Asia

The malicious emails claim to be from a well-known media institution based in Myanmar and come in three variations where only the attached Word document’s name changes:

  • The_Military_situation_in_Thailand.doc
  • Thai_Coup_Leader_Says_He_Has_Received_King.doc
  • ...
Satnam Narang | 05 Jun 2014 10:59:51 GMT

Dating back to last year, Symantec has been following a trend involving adult webcam spam on social networks, dating applications, and photo sharing applications. Our research found that no matter which platform it was found on, most adult webcam spam shared a common thread: it led users to a mobile messaging service called Kik.

What is Kik?
Kik is an instant messaging service available for all smartphone platforms. The service has more than 100 million users and is extremely popular with teenagers.

A recent history of adult webcam spam

Twitter
The first cross advertising for Kik spam made its way to Twitter towards the end of summer 2013. Spam bots would target specific keywords and send a reply when one was found. For instance, tweets with the word “horny” would be met with a response from a spam bot, posing as a female, containing the word “horny.” The message would ask the user to reply back...

Satnam Narang | 27 May 2014 16:21:34 GMT

image1_24.png

Symantec has discovered a paid retweet service targeting aspiring artists, managers and bands on Twitter with the promise of retweets from real users. These scammers are charging victims 50 cents for every "person" they hire to retweet every tweet for 30 days. Despite claiming that each account is operated by a real person, the service consists of little more than automated accounts, also known as Twitter spam bots.
 

image2_14.png

Figure 1. Retweet service offering pitched to managers of artists
 

As you would expect, numbers define popularity on social media—from the number of Facebook "likes" to the number of Twitter followers and Twitter retweets....

Binny Kuriakose | 16 May 2014 15:02:41 GMT

May 13, 2014 witnessed the release of another posthumous compilation album of Michael Jackson recordings, named Xscape. This reworked collection of Jackson tracks was highly anticipated by music lovers, ever since its announcement in March, 2014. News of the album release has once again made Michael Jackson a hot topic and, unsurprisingly, spammers have been quick to exploit this.

This spam campaign uses a very simple email which is crafted to appear like personal mail. It uses Michael Jackson’s name and some of his song titles to create intriguing subject lines. The body of the email contains a link along with a generic comment. A name is used to sign the email message, as seen in Figure 1, in an effort to give the impression that an acquaintance has sent you an email with a link to the new Jackson album. The URL in the body of the email redirects to a fake pharmacy domain which promises cheap medicines without prescription.

The following are subject lines seen in...

Binny Kuriakose | 09 May 2014 02:42:51 GMT

On May 11, 2014, many countries will celebrate Mother’s Day. Plenty of online articles have been giving gifts ideas and advice for making the day special for mom. Companies have also been sending a huge number of promotional emails with a special message about Mother’s Day. Unsurprisingly, spammers have been exploiting this occasion to send out a fresh batch of spam.

Symantec started observing Mother’s Day spam from early April and we have seen a steady increase in the volume of messages ever since. Previous Mother’s Day spam emails often stuck to certain categories. Spam emails offering flower deliveries, jewelry, personalized messages, coupons, and other gifts for mothers were the most common. Survey and product replica spam were also observed in the past.

The following are the major Mother’s Day themed spam campaigns seen this year.

Flowers for Mother
A beautiful bunch of flowers is something any mother will love and spammers use this...

Satnam Narang | 01 May 2014 23:08:41 GMT

Earlier today, photo-messaging application Snapchat unveiled new features that enable users to chat directly within the application, a frequently requested feature. The addition of this feature, while an improvement, provides the individuals responsible for Snapchat spam a new feature to play with in their efforts to target users of the service.

History of Snapchat Spam

Chat Snapchat 1.png

Figure 1. Previous iterations of porn and dating spam on Snapchat

We have written ...

Tsering_Paljor | 23 Apr 2014 13:24:55 GMT

Contributor: Binny Kuriakose

Symantec has recently detected phishing emails related to the Heartbleed Bug. The phisher attempts to gather information by posing as a US military insurance service with a message about the Heartbleed bug.

The Heartbleed bug is a recently discovered security vulnerability affecting OpenSSL versions 1.0.1 to 1.0.1f. This vulnerability was fixed in OpenSSL 1.0.1g. Symantec’s security advisory gives more details on the bug and offers remediation steps.

Spammers and phishers are known to use trending news and popular topics to disguise their payloads. In the case of phishing emails, phishers often cite security concerns to legitimize and disguise their social engineering methods. The payloads of these emails attempt to compel the messages’ recipients into divulging sensitive information.

In this...

Binny Kuriakose | 16 Apr 2014 16:51:58 GMT

Contributor: Azam Raza

Easter, like all other celebrations is meant to be a day of jubilation, which of course means gifts, shopping, and spreading cheer. However, cheer is not the only thing that is being spread this holiday. Spammers have also started spreading their handiwork. With just a few days left before Easter, the volume of spam is on the rise.

Each year Symantec observes certain categories of spam using Easter as a theme and this year is no different. Let’s take a look at some of the different types of spam Symantec sees year-over-year, as well as some samples from this year.

Replica goods spam
With gifts being at the core of many major celebrations, product spam (replica goods spam in particular) is the spam category Symantec observes the most. In this spam, items such as fake watches and jewelry are promoted using catchy subject lines and product images. Email header examples include:

From: "WorldOfWatches"...