Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Mathew Maniyara | 29 Nov 2012 06:53:37 GMT

Contributor: Wahengbam RobinSingh

Phishers continue to devise diverse strategies to improve their chances of harvesting users’ confidential information. Symantec constantly monitors and keeps track of these phishing trends. In November 2012, Symantec observed a phishing site that loaded a malicious browser add-on. The malicious add-on, if installed, would lead users to phishing sites even when a legitimate website is entered in the address bar. Phishers utilized a typosquatting domain to host the phishing site and their primary motive in this strategy was financial gain. The phishing site spoofed a popular e-commerce website.

Figure 1. Browser prevents automatic installation of the malicious add-on

 

The phishing site detects the specific browser application used by the user and prompts...

Satnam Narang | 28 Nov 2012 22:14:57 GMT

While death and taxes may be certainties in our lives, in the digital world—especially in social networking—one certainty is spam.

I recently wrote about gift card spam targeting the popular photo-sharing application Instagram. The service now has over 100 million users and it recently surpassed Twitter with more average daily visitors (Figure 1). As the number of users of Instagram continues to increase, we expect to see a corresponding increase in Instagram spam.

Figure 1. Instagram daily visitor growth
 

Cash Rules Everything Around Me (C.R.E.A.M.)

While gift cards work quite well as a lure in social engineering, the...

Anand Muralidharan | 15 Nov 2012 13:22:37 GMT

Some events familiar among people in the United States are commencing this month, including: Thanksgiving—a great occasion to thank dear friends and family for their kindness; and Black Friday—a day after Thanksgiving, usually the busiest retail shopping day of the year. Spam messages related to these events have begun flowing into the Symantec Probe Network. Many of the spam samples observed are encouraging users to take advantage of e-cards, clearance sales of cars and trucks, products bidding to get the best deals, replica watches. Clicking the URL will automatically redirect the user to a fake offer website.
 

Figure 1: An e-card for Thanksgiving day
 

...
Ben Nahorney | 14 Nov 2012 16:04:40 GMT

Spammers have long been leveraging social networking sites to pull off scams. Generally speaking, as the popularity of a service increases, so too do the illicit activities of scammers. It seems that the popular photo-sharing service Instagram is the latest social networking site to catch the attention of these scammers.

I discovered this first-hand when I received an Instagram photo comment, from an unfamiliar account, which had nothing to do with the photo:

"Hi there, Get a FREE Game in my Profile, OPEN it up, Get 85.90$ :-) xx"

I went to check out the user, who appeared to be a rather attractive woman with followers in the thousands, but surprisingly for a photo-sharing service, not a single photo.

Figure 1. Scammer’s Instagram profile

Who was this mysterious lady? Her profile bio said largely the...

Candid Wueest | 13 Nov 2012 21:39:34 GMT

Even with mobile phones now being an essential part of our lives, I am still not used to receiving text message spam. Hence, I was kind of excited when I recently received one on my private number. The claim was that I had won something from Apple. The spam was sent from a number in Virginia, +1 540 514 [REMOVED], and it looks like the scam is currently run in a few different countries.
 

Figure 1. Swiss German version of scam text message
 

If you click on the link, which you obviously should not do, you will end up at a site that tells you that your gift is a brand new iPhone 5. All you have to do is enter the winning code that you received in the text message. The text is badly written with several spelling errors, just like in the old...

Anand Muralidharan | 08 Nov 2012 23:03:41 GMT

It is more than a month until Christmas, but spammers are all set to spam the vacation season. We have observed Christmas related spam messages flowing into the Symantec Probe Network.

For greeting card spam, spammers used a legitimate look and feel in the email with headers (Subject & From) and flash animations that included a message to open the "Christmas Card.zip" attachment. After opening the attachment, the malicious code is downloaded on to the user's system. Symantec detects the attachment as W32/AutoRun.BBC!worm.
 

Figure 1. Christmas card example
 

As expected, spammers are promoting fake offers by targeting specific categories, including:

  • Products
  • Health
  • Internet
  • Finances
  • Replicas

Most of these spam messages encourage users to buy the...

Samir_Patil | 31 Oct 2012 14:30:39 GMT

Hurricane Sandy, one of the most devastating Superstorms in decades, hit the US East coast. Causing the loss of lives and businesses and leaving countless people without electricity, Sandy has now added spam to its list of misery. We are observing spam messages related to the hurricane flowing into Symantec Probe Networks. The top word combinations in message headlines are "hurricane – sandy", "coast – sandy", "sandy – storm", and "sandy – superstorm."

Figure 1. Message volume over a two-day period

Typical spam attacks like "Gift card offer" and "Money making & Financial" spam are currently targeting the disaster. Below are the screenshots of some spam samples.

...

Samir_Patil | 30 Oct 2012 11:16:13 GMT

In a couple of days we will be celebrating Halloween. Some of us will be booking family trips, others will be preparing for themed parties with interesting costumes and fun games. To make it easy for their customers, various online companies offer goodies along with Halloween necessities. You might even receive emails from them regarding discounts and freebies. However, in a frenzy to get ready for this long awaited event, do not get carried away if suddenly you see an out of this world offer like the ones listed below.

While some organizations will offer reasonable discounts, others offer the sun and the moon in lieu of your purse or your personal details. Spammers have laid snares for unsuspecting Internet users ready to fall for these offers.

For example, you might decide to shop around for a new car this Halloween or you might want to do some last minute online purchases for your child. Spammers, keeping these needs in mind have already prepared an array of...

Eric Park | 19 Oct 2012 17:01:26 GMT

Symantec is observing an increase in spam messages containing .gov URLs. A screenshot of a sample message is below:
 


 

Traditionally, .gov URLs have been restricted to government entities. This brings up the question of how spammers are using .gov URLs in spam messages.

The answer is on this webpage:

1.USA.gov is the result of a collaboration between USA.gov and bitly.com, the popular URL shortening service. Now, whenever anyone uses bitly to shorten a URL that ends in .gov or .mil, they will receive a short, trustworthy 1.usa.gov URL in return.

While this feature has legitimate uses for government agencies and employees, it has also opened a door for...

Mathew Maniyara | 28 Sep 2012 14:48:20 GMT

Contributor: Avdhoot Patil

Phishers have recently gained a lot of interest in football. After the scam on the 2014 FIFA World Cup, they have set their eyes on footballer Lionel Messi. In September 2012, Symantec observed the use of various social-networking themes in phishing. A number of these themes featured Lionel Messi. The phishing sites were hosted on free web-hosting sites.

In the first example, the background image of the phishing site was of Lionel Messi and the theme promoted football club Barcelona FC. On the other hand, the legitimate social-networking site in question does not provide users with any theme. End users were prompted to login in order to gain access to Messi’s social networking page. Of course, this is only a ploy and there is no gain for users from a phishing site. After the login credentials are entered, the phishing site redirected to the...