Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Joji Hamada | 18 Mar 2013 10:59:34 GMT

SMS messages attempting to lure Android device owners to download an app that supposedly allows the camera on the device to see through clothes are circulating in Japan. This type of spam is usually sent by the malware authors themselves, but in this case the authors have developed an app to send the spam messages by SMS to phone numbers stored in the device’s Contacts. This allows the recipients of the spam to be tricked easier because the invitation to download the app is coming from someone they know rather than from an unknown sender. If a friend is recommending an app, why would you not at least try it out, right?

Figure 1. SMS message sent from a person whose device is compromised

The site where the link takes the user to introduces an app called Infrared X-Ray that supposedly allows the user to see through clothes when viewed through the...

Samir_Patil | 15 Mar 2013 08:33:49 GMT

Contributor: Vivek Krishnamurthi

The Cheltenham Festival, also known as the National Hunt Meeting, is a popular horse racing event that occurs every year in March in the United Kingdom. The festival usually coincides with Saint Patrick's Day. This year, the festival is currently in progress and will end on March 15. A large amount of gambling takes place during the Cheltenham Festival, a fact that spammers seem to be well aware of as we are presently observing an increase in online gambling spam.

One particular sample of spam included instructions on how to register a free bet. The link provided in the message directs the user to a form where they can sign up and get a free bet worth up to £50.

Some of the email header information found in this spam campaign includes the following:

  • Subject: Bet on Cheltenham with the Best Odds!
  • ...
Anand Muralidharan | 14 Mar 2013 15:02:04 GMT

St. Patrick’s Day is a global celebration of Irish culture and a religious holiday on March 17, and it is very special to Irish communities and organizations. Recently, we have observed numerous St. Patrick’s Day related spam messages flowing into the Symantec Probe Network. Many of the spam samples observed are encouraging users to take advantage of clearance sales of cars as well as other product offers.

Interestingly, in one spam campaign, we observed a malicious spam email that tries to trick users by using the name of the event in conjunction with a popular site that allows users to send and receive large files. By clicking on the link, the user is redirected to a Web page that downloads some malicious code, which exploits several common vulnerabilities. The main motive of these spam campaigns is to lure recipients by taking advantage of the St. Patrick’s day holiday in the subject line and body of the email, such as: “Patrick[RANDOM NUMBERS]...

Carlos Mejia | 08 Mar 2013 09:47:56 GMT

Rumors of Venezuelan President Hugo Chavez’s death were rampant on the news and Internet over the past month, and last Tuesday, the Venezuelan Vice President confirmed that Chavez died after a two year battle with cancer. Chavez’s death has triggered reactions worldwide, from world leaders to ordinary citizens, and everyone is talking about his ideas and actions as Venezuelan President. At the same speed as the news is spreading, cybercriminals are using this opportunity to send malicious links related to his death as well as hypothetical theories about the cause of his sickness and death.

All the links that we have seen contain malware. Some domains have been registered recently and others seem to have been hijacked.

Here is an example email used in these attacks:

The following URLs are the malicious links that we have observed:

  • [http://][REMOVED].tv/bbb-...
Mathew Maniyara | 07 Mar 2013 00:51:04 GMT

Contributor: Avdhoot Patil

Phishers have already made their mark in Southeast Asia by targeting Indonesians. For the past couple of years, celebrities have been their key interest in the region. Aura Kasih and Ahmad Dhani are good examples. In March 2013, phishers turned their attention toward Myanmar by incorporating model and actress Wut Hmone Shwe Yee in a phishing site.

The phishing site spoofed a popular social networking site in order to ask for user login credentials. The phishing page was in Burmese. The background image contained a photograph of Yee from her recent modeling photo shoot. The phishing site stated that users can learn more about the model after logging into the social networking site. Phishers even...

Symantec Security Response | 01 Mar 2013 09:53:26 GMT

Over the last few years, many reports, white papers, and blogs have been released detailing targeted attacks. For example, some attacks employ sophisticated infection methods, such as watering hole attacks, and some rely on exploit code hidden in document files mixed with social engineering schemes. Some time ago, when the malware world was still dominated by mass-mailing worms that used fake emails as the infection method, one of the schemes was a fraudulent license renewal notification from well-known antivirus vendors.

Some may think that this scheme had become extinct but we saw evidence recently that it is still alive and kicking when an email was sent to an electric power company and a major industrial company in Japan.

Figure 1. Fake antivirus email with a Zip file attached

...

Evan liu | 27 Feb 2013 05:20:56 GMT

Major events and holidays have always been a time for celebrations. Unfortunately, it also attracts unscrupulous spammers searching to make a quick offer. Symantec observes that spam email usually spikes in conjunction with these holidays.

One such occasion is Defender of the Fatherland Day observed on February 23, which is a Russian holiday in countries of the former Soviet Union, such as Belarus and Tajikistan. Aside from parades and processions in honor of veterans, it is also customary for women to give small presents to men in their lives, such as fathers, husbands, and co-workers. Consequently, the holiday is often referred to as Men's Day.

As such, most spam emails revolve around souvenirs, small gifts, and even men’s medicine such as Viagra. Below is an example of some of these emails:

Subject: Волшебные подарки на 23 февраля
Translation: Magical gifts for February 23

...

Anand Muralidharan | 25 Feb 2013 20:01:22 GMT

February is a short month, but not too short for spam events to make an impact. Valentine's Day and its associated threats has passed, so now it is time for International Women's Day—celebrated on March 8 every year. This is a great occasion to express love, respect, and kindness toward women and spammers will always attempt to take advantage of these events. The following is a spam campaign we have observed targeting International Women’s Day with a fake product promotion.

Often, spam originating from Russia will attack targets using online marketing promotions with odd phone numbers. Here, spammers targeted users by providing fake offers for great gifts for Valentine’s and International Women’s Day and also some peculiar phone numbers are provided for ordering a gift certificate.

The following is an example of the Russian spam observed by...

Joji Hamada | 21 Feb 2013 16:57:15 GMT

The report, APT1: Exposing One of China's Cyber Espionage Units, published by Mandiant earlier this week has drawn worldwide attention by both the security world and the general public. This interest is due to the conclusion the report has drawn regarding the origin of targeted attacks, using advanced persistent threats (APT), performed by a certain group of attackers dubbed the Comment Crew. You can read Symantec’s response to the report here.

Today, Symantec has discovered someone performing targeted attacks is using the report as bait in an attempt to infect those who might be interested in reading it. The email we have come across is in Japanese, but this does not mean there are no emails in other languages spreading in the wild. The...

Anand Muralidharan | 08 Feb 2013 15:59:49 GMT

Most people are eagerly waiting for Valentine's Day. The day is an opportunity to spread affection and excitement amongst loved ones by exchanging gifts. Last year we observed prominent spam attacks using Valentine’s Day as bait. Messages promoted unbelievably discounted jewelry, dinning opportunities, and expensive gifts.

This year, various Valentine’s Day spam messages have started flowing through Symantec’s Probe Network. The top word combinations used in spam messages include the following:

  • Find-Your-Valentine
  • eCards-for-Valentine
  • Valentine’s-Day-Flowers

The e-card spam message, shown in Figure 1, arrives with a malicious attachment called ValentineCard4you.zip. After opening the attachment, malware is downloaded on to the user's computer. Symantec detects the attachment as...