Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Sammy Chu | 17 Jun 2009 22:22:19 GMT | 0 comments

Last month we reported that spammers had used Twitter as bait to lure innocent victims into a phishing trap, and now we’re seeing a wave of fake Twitter invitations that come carrying a mass-mailing worm. The observed messages appear as if they have been sent from a Twitter account; however, unlike a legitimate Twitter message, there is no invitation URL present in the body. Instead, the user will see an attachment that appears as a .zip file that purportedly contains an invitation card.

Invitation Card.zip is the name of the malicious attachment, and it is being identified as W32.Ackantta.B@mm, which was first discovered in an e-card virus attack in February. W32.Ackantta.B@mm is a mass-mailing worm that gathers email addresses from the compromised computer and spreads by copying itself to removable drives and shared folders.

 

Here is what the message looks like in an inbox:

 

 

...

Samir_Patil | 17 Jun 2009 18:32:56 GMT | 0 comments

Since Father’s Day is just a week away, we at Symantec have been tracking the prevalence of Father’s Day spam during the past two weeks. Father's Day is a day honoring fathers, celebrated on the third Sunday of June in the United States and many other countries. This year it will be celebrated on June 21.
   
Father’s Day typically involves gift-giving, special dinners, and family-oriented activities. This common knowledge gives spammers an opportunity to promote fake products and come up with lucrative-sounding offers.

The majority of the spam related to Father’s Day that we have observed consisted of Internet offers for special discounts on various products such as PDAs, cigars, and satellite dish-DVRs. Other offers included personalized gift cards, wine makers, premium coffee collections, and e-cards.

The spam messages linked to Father’s Day typically involve words like “Father’s Day,”...

Samir_Patil | 16 Jun 2009 00:22:42 GMT | 0 comments

Over the past few weeks we’ve observed an increase in spam emails carrying attachments of various file types, such as jpg, jpeg, png, zip, and rtf. Attachment spam volumes slowly crept upward between May 1 and June 13, 2009.

 

 

 

 

 

The main target of image spam is the health spam category, which usually has an embedded jpeg, jpg, or png image promoting ED pills. We’ve observed a spike in spam carrying rich text format (.rtf) attachments between the last week of May 2009 and the early days of June 2009. The email has a blank message body with an attached .rtf file of approximately 360 bytes. This file contains online pharmacy promotional messages and a URL that leads users to an online pharmacy store. These emails use random subject lines that are usually obfuscated,...

Mayur Kulkarni | 15 Jun 2009 12:04:32 GMT | 0 comments

It may not be encouraging news for scammers, but users are slowly but surely adopting a see-and-delete approach for the usual fake stories related to lotteries, dormant bank accounts, an inheritance of huge wealth, and relatives of deceased or exiled political leaders sharing their millions. However, lately the trends seem to show that news stories involving current events are being piggybacked or manipulated by scammers to trap users into falling for fraudulent offers. For instance, in an earlier blog we discussed how recipients were offered dinner coupons for any restaurant in their city.

Another recent scam we have been monitoring involves an event resembling the highly rated television reality show Big Brother, which began on June 4 in the UK. Scammers have been inviting recipients to participate in their Big Brother World to be held on July 12 in London...

Dermot Harnett | 05 Jun 2009 15:55:43 GMT | 0 comments

While the McColo shutdown is all but a distant memory and spam levels are consistent with the levels observed over a year ago, the fight against cybercrime continues in earnest for June 2009. The FTC's recent efforts to shut down Internet service provider Pricewert LLC is another example of how security professionals can work together in the fight against cybercrime.

Symantec assisted by providing security intelligence to back up the FTC's case in the form of information on what threats were detected as being associated with the ISP, for example the Cutwail botnet. However, a repeat of the spam volume decline observed following the closure of McColo in November 2008 is not expected in this case. Those behind Pricewert LLC are already taking their business elsewhere—perhaps learning from their past experience—and it is expected that this will be more of a blip rather than a significant decrease in any malicious activity.

In addition to the recent efforts to...

Samir_Patil | 04 Jun 2009 21:19:25 GMT | 0 comments

Recent news or events that attract human interest always help spammers fuel their spam campaigns, since current and often legitimate headlines are used in spam email to catch users’ attention. The latest activities in South Korea and North Korea are generating interest globally, and spammers are using this news to their advantage. We’ve observed spam samples in which news articles referring to the suicide of former South Korean president Roh Moo-Hyun and the recent nuclear and missile tests conducted by North Korea are misused by spammers in product promotion spam and phishing attacks.

In this typical scam story, the URLs of reputed news agencies reporting on this event are provided at the bottom of the email to gain the trust of recipients. Interested users are requested to communicate only over email. Needless to say, spammers are probing whether or not email accounts are active in order to include them in future spam campaigns, or to employ...

Mayur Kulkarni | 29 May 2009 14:19:30 GMT | 0 comments

Stock markets all over the world are seeing a downturn due to the current economy. The Indian markets were no exception to this trend until the Indian election results were declared. Political experts predicted that there would be a fractured mandate; however, the India Election 2009 resulted in a single party winning a majority of the seats. This means that the Indian population can now expect a stable government. This event set such a positive mood in the Indian stock market that it went up nearly 15 percent within seconds of opening on Monday, May 18, 2009. Taking into account that people may try to invest during this period, spammers are sending messages, discussing profits on investments based on their bogus tips.

These spammers claim to be the only research firm in India that delivers 100 percent accurate results. They also state that more than 5,500 people across India earned profits from their stock tips. They have been delivering a profitability ratio of 85 percent...

Mayur Kulkarni | 28 May 2009 14:07:07 GMT | 0 comments

In our earlier blog on online fraud, we explained how HTML attachments are used in phishing attacks. We also mentioned how the attached files were named in order to mislead users. For example:

 

Account reset form.pdf.htm
Bank-Account confirmation form.pdf.htm

These filenames may confuse the recipients and trick them into submitting sensitive banking information through the HTML file. Recently

 

we have come across similar messages that use the same technique, this time for harvesting email addresses. These messages mention the falling sales of a major auto company due to the economic recession. It further states that the government plans to bail them out, but the actual funds have yet to reach the auto company. So, they are offering the sale of...

Mayur Kulkarni | 26 May 2009 20:34:21 GMT | 0 comments

The latest figures from the World Health Organization (WHO) say that there are at least 170 million diabetic patients worldwide, and that number will double by the year 2030. The chronic nature of diabetes means that these patients constantly need to control their blood sugar level using medicines. Along with medicines, lab tests are necessary to check on the disease that will become part of a patient’s routine life. With the ongoing financial crisis affecting all walks of life, recurring expenditures on medical care can be costly for an individual and his or her family. Obviously these patients will look for discounts or offers to help them through their situation.

Online medical suppliers provide varying discounts or offers, one being a free glucose meter to visitors placing a supply order. Spammers have also read the picture well and are providing the...

Samir_Patil | 21 May 2009 21:52:44 GMT | 0 comments

Spammers habitually exploit the reputations of brands for their benefit. As more and more people become connected through social networking sites, it is no surprise that the trust and reputation earned by these websites is misused by spammers. We are monitoring spam attacks this week that try to take advantage of the burgeoning social networking brand Twitter for two spam campaigns: make money fast (MMF) and dating spam.

In the MMF attack, a URL is provided to order a “Risk-Free Twitter Profit Software” kit. When the user clicks on the URL in the promotional email, he or she is redirected to a Web-form that asks for personal information such as name, email, and address. This is followed by another form asking for your credit card number, expiration date, and security code.

Below are some of the subject lines used in this latest MMF spam:

 

Subject: Twitter Guru Reveals All On Video
Subject: Use Twitter to...