Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Vivian Ho | 01 Jul 2009 00:04:12 GMT

The Internet has gone wild since Michael Jackson, the “King of Pop,” was reported dead on June 25. Symantec Security Response has already blogged about how we observed spammers trying to capitalize on this event in many ways, both with messages including malware, and scams tied to this talented celebrity’s death. We expect that spam and malware will keep coming in, given Michael Jackson’s popularity and following. Recipients should be extra cautious about messages that appear to be related to Jackson’s death, especially any email that comes from an unknown or unexpected source.

The following are some examples of what we have seen circulating:

Sample 1.1

Spammers hide behind a spoofed message, which appears as a rip-off of a familiar social network notification, in an attempt to try to trick recipients to...

Symantec Security Response | 30 Jun 2009 17:33:08 GMT

Symantec Security Response has discovered a mass-mailing worm using Michael Jackson's death as a bait. The worm sends out spam emails with the subject “Remembering Michael Jackson” and an attachment named “Michael songs and” The .zip file contains another file called “MichaelJacksonsongsandpictures.doc.exe,” which is a copy of the worm that is executed on the user’s machine when the file is opened.
Symantec has detection for this worm as W32.Ackantta.F@mm. It is important to keep in mind that W32.Ackantta.F@mm spreads not only through email, but also via removable drives using autorun.inf.
Below is a snapshot of the email that W32.Ackantta.F@mm sends out:

imagebrowser image

Mayur Kulkarni | 30 Jun 2009 17:08:59 GMT

We know that 419 scammers aren’t the least bit concerned with email headers and will continue using free Webmail services to send spam. However, they recognize the fact that most anti-spam filters are using the body characteristics of scam emails to effectively bar these messages from reaching a user’s inbox. So, they feel they must always change their storyline, as far as the message body is concerned anyway. In recent times, spammers have been regularly using text-based attachments (.rtf, .doc, and .txt) in an attempt to evade anti-spam filters. A new tactic observed is the use of URLs, where the actual message is posted on a free Web-hosting site for the recipient to read.

Here is a snapshot of one of these types of URL spam messages:

 imagebrowser image

As shown in the above example, a URL is added at the end of the message. If a user clicks on the URL, they will see the...

Eric Park | 29 Jun 2009 22:30:00 GMT | 0 comments

A typical phishing email message tries to represent (falsely) a single institution. For example, a spammer sends a phishing message, forging the email to appear as if it’s from a financial institution. The recipient is then asked to enter personal information for some fictional reason (for example, “verify your identity”). In an effort to obtain as much information as possible about the unsuspecting user, the spammer usually asks for more information than what is asked at a legitimate website. While a legitimate site may only ask for username and password, a phishing site usually seeks additional information such as a credit card or pin number, mother’s maiden name, and/or a social security number. Once the user hits the “submit” button, the private information is sent into the hands of criminals.

Symantec has recently observed a spam message that is pretending to be from HM Revenue & Customs in the United Kingdom. The message is very...

Symantec Security Response | 26 Jun 2009 23:12:31 GMT | 0 comments

This week has seen the tragic deaths of three iconic American super stars: Ed McMahon, Farrah Fawcett, and Michael Jackson. As always, events such as these seem to be prime targets for spammers and malicious code authors alike.

Internet users should expect to see a flurry of threats seeking to play upon the emotions and curiosity of the public around these events. If you’re looking for news, videos, pictures, or any information regarding these individuals and their lives, Symantec recommends that you only visit sites you’re familiar with and trust. Don’t click on every link you see related to this story and always keep your security solutions up-to-date.

For example, Symantec has observed spam that appears to be a spoof on CNN that actually contains a link to a malicious Web page.




Robert Vivas | 26 Jun 2009 16:57:10 GMT | 0 comments

The spammers of enhancement medication have recently revitalized the use of obfuscated image attachments and are therefore reemerging as a top threat to email users. By using .jpg-formatted image attachments, these spammers are trying every trick in the book to bypass spam filters, including randomizing the subject lines with misspelled sexually suggestive catch phrases, using minimal message body content, and closing with obfuscated attached images.

Here are some examples of the kinds of message body content that has been observed:


•    Canadiian policce ads pulled from gang Web sites
•    Chocoholic squtirrel steals treatts from Finnish shop
•    Perpetual Student Wants Onnne More Year
•    The animal that stows its tongue inn its rib cage
•    New Orleans R&B star begins posthumous mayoral bid


Eric Park | 23 Jun 2009 22:06:29 GMT | 0 comments

With more people using the Internet now than ever before, free homepage hosting providers are increasing in popularity. These sites offer users free Web space so that they can make their own homepage, publish it, and share with friends and family. When the popularity of this type of service was near its peak, spammers began to use these websites as part of their spamming efforts. This was accomplished through the creation of many free websites, often using automation, and sending spam with a newly created webpage URL. The randomization of such URLs hindered typical anti-spam efforts. When an unsuspecting user clicked on one of these newly created URLs, more often than not they were taken to a page similar to the one shown here:



While this spam material (online pharmacy spam) is nothing new, the page that contains...

Sammy Chu | 17 Jun 2009 22:22:19 GMT | 0 comments

Last month we reported that spammers had used Twitter as bait to lure innocent victims into a phishing trap, and now we’re seeing a wave of fake Twitter invitations that come carrying a mass-mailing worm. The observed messages appear as if they have been sent from a Twitter account; however, unlike a legitimate Twitter message, there is no invitation URL present in the body. Instead, the user will see an attachment that appears as a .zip file that purportedly contains an invitation card.

Invitation is the name of the malicious attachment, and it is being identified as W32.Ackantta.B@mm, which was first discovered in an e-card virus attack in February. W32.Ackantta.B@mm is a mass-mailing worm that gathers email addresses from the compromised computer and spreads by copying itself to removable drives and shared folders.


Here is what the message looks like in an inbox:




Samir_Patil | 17 Jun 2009 18:32:56 GMT | 0 comments

Since Father’s Day is just a week away, we at Symantec have been tracking the prevalence of Father’s Day spam during the past two weeks. Father's Day is a day honoring fathers, celebrated on the third Sunday of June in the United States and many other countries. This year it will be celebrated on June 21.
Father’s Day typically involves gift-giving, special dinners, and family-oriented activities. This common knowledge gives spammers an opportunity to promote fake products and come up with lucrative-sounding offers.

The majority of the spam related to Father’s Day that we have observed consisted of Internet offers for special discounts on various products such as PDAs, cigars, and satellite dish-DVRs. Other offers included personalized gift cards, wine makers, premium coffee collections, and e-cards.

The spam messages linked to Father’s Day typically involve words like “Father’s Day,”...

Samir_Patil | 16 Jun 2009 00:22:42 GMT | 0 comments

Over the past few weeks we’ve observed an increase in spam emails carrying attachments of various file types, such as jpg, jpeg, png, zip, and rtf. Attachment spam volumes slowly crept upward between May 1 and June 13, 2009.






The main target of image spam is the health spam category, which usually has an embedded jpeg, jpg, or png image promoting ED pills. We’ve observed a spike in spam carrying rich text format (.rtf) attachments between the last week of May 2009 and the early days of June 2009. The email has a blank message body with an attached .rtf file of approximately 360 bytes. This file contains online pharmacy promotional messages and a URL that leads users to an online pharmacy store. These emails use random subject lines that are usually obfuscated,...