Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Satnam Narang | 22 Oct 2013 14:01:06 GMT

Following media reports that Twitter has restricted URLs in direct messages, spammers found a way around this restriction this weekend in order to push diet pill spam links.

Fig1_5.png

Figure 1. A direct message sends users to the tweet containing the spam link

We first noticed this when someone we follow on Twitter, who has never followed us before, started following us. Shortly after receiving the notification that we had a new follower, we received a direct message from the user.

Fig2_3.png...

Samir_Patil | 17 Oct 2013 12:23:13 GMT

Contributor: Binny Kuriakose

The funding gap in US, which resulted in a shutdown of a large portion of the United States federal government, has  started affecting economic growth in the country. Large portions of the federal workforce were required to work without immediate pay, while some were indefinitely furloughed.

Symantec recently uncovered spam campaigns, which started promptly following the shutdown announcement, targeting the affected victims. In the past,  spammers tried to take advantage of the general gloom, but now they are directly targeting the raw financial state the sudden shutdown has left people in. This could probably be a last ditch effort to haul in more spoils before the US shutdown is lifted, especially in light of the senate’s deal, which is currently being made to end the shutdown.

This new wave of spam is designed  to manipulate  victims into applying for loans and inevitably disclose their...

Anand Muralidharan | 14 Oct 2013 10:33:39 GMT

Diwali, also known as the festival of lights, is a much loved five-day long Hindu festival. The festival is enjoyed by many people and lifts the mood and spirit of everyone taking part in the celebrations. This year, the festival of Lights is being celebrated in November and as expected Diwali themed scam emails have started to flow into the Symantec Probe Network.

One scam email we have identified, appears to be from the Reserve Bank of India and claims that the email recipient has been awarded a prize of 4 crore and 70 lac Indian rupees, which equates to 10,700,000 Indian rupees or approximately US$175,000, in a Diwali celebration promotion. To claim the prize, the recipient is asked to send their personal information to a given email address.

The following subject line has...

Ashish Diwakar | 03 Oct 2013 14:11:54 GMT

Spammers are now leveraging news around the Kenya terror attack by targeting users through an email message that claims to contain news on the attack but in fact contains malware. The spam email includes a malicious URL in the body of the message that redirects users to a compromised Web page that downloads W32.Extrat.

When the malware is executed, it may create the following file:

  • %Windir%\installdir\server.exe

This allows the attacker to steal passwords and gain access to sensitive files and information belonging to the user.

Kenya.png

Figure. Screenshot of spam email asking user to download .exe file

The email displays a message to “Click HERE to view & watch” videos and images of the terror attack at the...

Anand Muralidharan | 02 Oct 2013 10:42:56 GMT

The latest news making headlines around the world is about the partial shutdown of the US government, which failed to agree on a new budget. Ever quick to take advantage of a situation, cybercriminals have begun to send various spam messages related to the government shutdown. These spam messages have started flowing into the Symantec Probe Network. We have observed that most of the spam samples encourage users to take advantage of clearance sales on cars and trucks. Clicking the included URL will automatically redirect the user to a website containing a bogus offer.

US_Gov_Spam.png

Figure 1. US government shutdown themed spam email

In the messages Symantec has observed, the spammers are using a random email header, which may be an attempt to evade antispam filters. Some of the headers used in this latest spam campaign can be easily recognized...

Anand Muralidharan | 30 Sep 2013 14:00:20 GMT
Symantec has observed a new spam tactic targeting YouTube using .avi and .mp3 extensions in URLs by placing a random YouTube link in the email content. This spam threat is also targeting the pharmaceutical industry, as we have previously observed in this blog: Pharma Spammers Brandjack YouTube.
 
In this new spam threat, users will be redirected to a fake pharmacy website when they click on the links. The following URLs were seen in spam samples using .avi and .mp3 extensions examined by Symantec:
 
http://www.[REMOVED].com/Fox.avi
http://www.[REMOVED].com/Yamamoto.avi
http://www.[REMOVED].vn/Larue.avi 
http://www.[REMOVED].com/McAlear.avi
http://www.[REMOVED].ru/87342.mp3
http://www.[REMOVED].ru/327182.mp3
http://www.[REMOVED].fr/472738.mp3
http://www.[REMOVED...
Symantec Security Response | 24 Sep 2013 09:14:38 GMT

While Craigslist has always been a favorite social engineering theme for scammers, Symantec has identified another on-going SMS spam campaign abusing Craigslist’s popularity. The scam tricks users into installing free and legitimate open source software on their PC by leveraging phone numbers posted on Craigslist ads. The software comes bundled with additional software that will allow scammers to make money through affiliate programs. 

craigslist_sms_spam_scam02.gif

FigureHow the SMS spam redirects users to download open source software

The first stage of the scam involves the victim receiving an SMS text message on their device. Online research suggests that the scammers are harvesting phone numbers directly from online Craigslist postings for this scam campaign. The sale of spamming and harvesting...

Satnam Narang | 20 Sep 2013 20:26:03 GMT

On the heels of its most highly acclaimed episode, Breaking Bad fans tweeting about the popular AMC show may find themselves targeted by a new Twitter spam tactic.

Traditionally, spammers and scammers abused the reply functionality built into the service but over the years, spammers have searched for different ways to gain visibility amongst Twitter users. The most recent tactic being utilized is called list spam.

A Twitter list consists of a curated group of Twitter users. Users can create their own lists or subscribe to existing lists already created by others. Spammers are using this feature to get the attention of Twitter users.

Various lures have been used in Twitter list spam recently, from offering celebrity phone numbers to free gift cards, devices, and video games.
...

Nick Johnston | 12 Sep 2013 11:14:56 GMT
Phishers are known for making their phishing sites look exactly like the sites they are spoofing. We have seen plenty of examples of the detail they employ, like using JavaScript to include the current date in their static pages. In recent times, Symantec have seen an increase in generic email phishing. Unlike normal phishing, where phishing messages usually have a target in mind (bank customers or social network users, for instance), the generic email phishing technique is slightly different. In generic email phishing, the phishers will target any email address; who the target is does not matter.
 
These generic phishing messages usually claim that the recipient's mailbox size has been exceeded, and direct them to urgently "re-validate" their mailbox to prevent disruption to their email. Symantec recently identified a generic email phishing website which, at first glance, appeared normal. It looked fairly amateurish—demonstrating...
Christopher Mendes | 09 Sep 2013 17:22:41 GMT

Contributor: Binny Kuriakose

Spammers continue to leverage the crisis in Syria for their personal gain. Besides taking advantage of a scam message that claimed to be from The Red Cross, spammers are now taking advantage of emails about the news in Syria. They have snuck in a few malicious messages containing random URLs that entice users to go to a compromised malicious website that hosts obfuscated JavaScript codes that downloads the Trojan, Downloader.Ponik.

When the Trojan is executed, it may create the following files:

  • %TEMP%\[RANDOM CHARACTERS FILE NAME].bat
  • %UserProfile%\Local Settings\Application Data\pny\pnd.exe

The files then inject a malicious executable payload, which may allow the attacker to steal passwords and sensitive...