Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Nishant Doshi | 10 Apr 2012 23:28:32 GMT

Twitter recently filed a lawsuit in the San Francisco Federal Court against five of the most aggressive spammers and spam tool providers. The defendants listed in the suit are TweetAttacks,TweetAdder, TweetBuddy, James Lucerno of justinlover.info, and Garland E. Harris of troption.com. We have been researching and tracking such spam and wanted to give you a rundown of the features and capabilities of some of these spam tools.

TweetAttacks

Figure 1. TweetAttacks
 

TweetAttacks positions itself as a Twitter marketing product. It has three versions: TwitterAttacks Pro, Twitter Attacks Lite, and TwitterAttacks Free Edition. It allows the user to post Tweets and re-Tweets through thousands of accounts simultaneously.

...

Satnam Narang | 04 Apr 2012 19:36:50 GMT

Spammers are traversing through various social networks in order to find a new pool of users to dupe. We recently observed spam on social photo-sharing app Instagram. This campaign is similar to an earlier blog post which highlighted how spammers use social networking accounts to get users to click through to affiliate pages. Instagram users will see a comment on their photos claiming Instagram has partnered with an organization, in this particular case Best Buy, encouraging visits to the fake profile with free gift card giveaways:
 


 

...

Eric Park | 20 Mar 2012 18:41:34 GMT

During the past two weeks, Symantec has observed an increase in hit & run spam activities (also known as snowshoe spam) in its Global Intelligence Network. Hit & run spam messages have the following characteristics:

  • Usually originates from IP ranges with neutral reputation
  • Uses a large IP range to dilute the amount of spam sent from each IP address
  • Contains features (such as Subject line, From line, and URLs) which change quickly
  • URL is the call-to-action
  • Often uses large quantity of “throw-away” domains in a single spam campaign

Here is a breakdown of top three products or services promoted by such spam over last week:

Date

#1Spam Promo

...
Mathew Maniyara | 19 Mar 2012 18:58:25 GMT

Co-Author: Avdhoot Patil

Phishing sites with adult content are not uncommon. Phishers have often used adult content as bait in fake social networking applications. In March 2012, a phishing site spoofing a gaming brand claimed to have an adult webcam application. The phishing site was hosted on a free web hosting site and the phishing page was in Italian.

A fake offer was given on the phishing site and an adult webcam image was placed below it. According to the fake offer, the gaming brand had prepared a list of users who were willing to perform nude webcam shows for a small price, even free. The phishing site further claimed that by entering login credentials one could receive through email the names of the users willing to perform and be able to add them to their contact list. The phishing site explained that login credentials were required because the brand decided could not disclose the names of performers outside the network to maintain privacy. To gain...

Ruby Yang | 15 Mar 2012 13:04:04 GMT

Nobody knew about Jeremy Lin a couple of months ago. But now, Linsanity rocks the world. Being a new NBA star, his name has already been mentioned countless times on ESPN, NY Times, and all other sports media.

If you are a fan of Jeremy Lin, you would probably like to collect his No.17 T-shirt, posters, and signature. One thing you would not like to collect is Linsanity junk mail. Unfortunately, spammers are jumping on the bandwagon as well.

As a Taiwanese descendant, Jeremy Lin’s background makes him unique in the NBA. Jeremy Lin inspires not only an enthusiasm for basketball, but also an interest in learning Chinese.  His humbleness and hard work also attract lots of overseas commercial invitations, especially in the Chinese market. In this particular trend, spammers use his fame to promote this Chinese flashcard website.

Lin has claimed that he is in no rush to use his...

Mathew Maniyara | 12 Mar 2012 22:35:45 GMT

Co-Authors: Ashish Diwakar and Avdhoot Patil

Phishers often choose baits with the motive of targeting a large audience. Using popular celebrities as bait is a good example. Phishers understand that choosing celebrities with a large fan base would target the largest audience and supply more duped users. This month phishers are using the same strategy but, instead of targeting a popular celebrity, they associated their phishing site with the popular FC Barcelona football club. FC Barcelona is the world’s second richest football club and has a large fan following. The phishing site, hosted on a free web hosting site, has since been removed and is no longer active. However, though phishing sites are frequently short-lived, internet users should be aware that other phishing sites using this or a similar template could easily be encountered in future.

The phishing site...

Mathew Maniyara | 08 Mar 2012 23:50:37 GMT

Co-Author: Ayub Khan

Phishers regularly introduce new types of fake applications with the motive of improving their chance to harvest user credentials. In February 2012, Symantec observed a phishing site recommending a fake application that allegedly removes “Timeline” profile for Facebook users. The phishing site was hosted on a free web hosting site.

The phishing site embedded the Facebook Timeline promotion video from YouTube, with the claim “Remove Timeline Now”. According to this phishing site, users will have their “Timeline” removed from their Facebook profile and get back their old profile page—only after they enter their login credentials. To make the fake application look more authentic, phishers added that it was protected by an antivirus product with the logo of the antivirus brand placed...

Stephen Doherty | 07 Mar 2012 22:35:24 GMT

Contributor: Pavlo Prodanchuk

A wave of spam emails promoting a rally against newly elected president Vladimir Putin of Russia began around March 5. An attachment purporting to contain details of an upcoming anti-Putin demonstration accompanied email subjects with varying call-to-action lines:

  • “All to demonstration”
  • “Instructions what to do”
  • “Meeting for the equal elections”

Here is a sample email that was sent:

File name: Инструкция_митинг.doc (Instructions_rally.doc)
Subject: Instructions - what to do at the meeting
Body: Instructions of your actions on rally against Putin

The body of the email contains just one sentence indicating the attached document contains “Instructions of...

Sean Butler | 21 Feb 2012 16:55:45 GMT

Recently I came across an airline booking confirmation phishing email.  Whilst this is not necessarily a new phishing technique, the email and associated phishing website are quite interesting and at first glance could appear to be legitimate.  In the email, it states confirmation of payment made by credit card, and that the recipient should click an embedded link in order to print their tickets and flight information.

The email itself is in plain text and looks nothing out of the ordinary.  However, upon further investigation I noticed that the sending domain, which is spoofed, is not actually one associated with the airline.  It looks similar but the actual sending domain that is spoofed is for an air purifier and cleaner company and is not associated with the airline in any way.  This would appear to be just laziness on the part of the spammer for not checking that the...

Samir_Patil | 21 Feb 2012 15:24:14 GMT

Thanks to Poonam Keluskar for their assistance with this research.

Maslenitsa (Маслница) is a religious holiday celebrated in Russia and Ukraine during the last week before Lent, i.e. the seventh week before Pascha (Easter). This festival is also known as Pancake week or Butter week. During this week people enjoy the social activities that are forbidden during the prayerful Lenten season, such as partying, dancing etc. This year the Maslenitsa will be celebrated from February 20 to February 26.

We are observing Maslenitsa spam targeting Russian and Ukrainian users that offers attractive tour packages. Similar to other Russian spam messages like online marketing promotions, spammers have provided a phone number to book the carnival package.

Below is a sample of a tour package spam:

Translation:

...