Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Vivian Ho | 20 May 2009 19:33:56 GMT | 0 comments

In the last couple of months we’ve seen medical image spam offers resurfacing with regularity. Image spam advertising meds is easy to recognize, with a prominent med promotion image in the body. The subject lines advertise the products’ effectiveness and include noise added in the image attachment to attempt to bypass antispam filters. These are old techniques that are still common in med spam.

Spammers are also developing new tactics to attract visitors. They attempt to play mind tricks on the spam recipients, using warnings that are similar to what might be received from a system admin and personal greetings in subject lines—both attempts to lower recipients’ awareness in order to get their messages read.

We’ve recently observed a round of med spam that is sent in ordinary e-postcard form. In these messages we see that the spammers are using warning-style subject lines in order to try to dupe recipients into thinking they are violating...

Samir_Patil | 15 May 2009 14:39:28 GMT | 0 comments
Do you wish to attend finals of the 54th Eurovision Song Contest in Russia?  Why not, spammers have made it seem easy to grab those hard to get tickets for the event.
Eurovision is one of the most prestigious annual competitions held among active member countries of the European Broadcasting Union. The competition runs from May 12th-16th with the 16th being the Grand Final.
We've recently come across some Russian spam emails that attempt to sell tickets to the Grand Final. The email even claims to offer free home delivery of the tickets. There is no URL in the message to buy tickets, but instead an obfuscated phone number is provided at the bottom of the email to contact for further communication.
Below are a few of the subjects observed in the recent spam campaign:
 
...
Samir_Patil | 13 May 2009 18:18:09 GMT | 0 comments

The deadly wildfires of southern California have affected thousands of people and destroyed many homes and unfortunately is just adding fuel to the spammers’ fire. In one of the recently observed samples, recipients are informed about the wildfire in the Subject line of the email and a URL is provided that redirects users to an online pharmacy website.

In other spam samples, headlines linked with wildfire are being used either in Subject lines or in the body of the email. The difference is, there is no URL or attachment observed in these samples.

Below are some of the various headlines used in this recent spam run:

 

Subject: California fire burns, homes destroyed
Subject: Fierce California wildfire burns into fourth night
Subject: More than 30,000 ordered to flee Calif. wildfire
Subject: California Wildfires Roar To Life – Again
Subject: Calif. fire crews hope dry...

Mayur Kulkarni | 13 May 2009 12:21:11 GMT | 0 comments

Interested in a 20-40% discount for dinner at your favorite restaurant? Obviously this sounds like a delicious offer, especially if you only have to provide your personal information and interest in a job offer. However, when we checked out these job offers, we found many similarities to the offers discussed in our earlier blog on Italian job offer scams. This time around, spammers felt the need to use a different approach. So, they are offering recipients discount coupons that they claim are valid in all of the renowned restaurants in town. In return, all they want is user information, such as:

•    Name
•    Year of birth
•    City name
•    Favorite restaurant
•    Number of visits to the restaurant
•   ...

Robert Vivas | 13 May 2009 10:31:14 GMT | 0 comments

Last week we blogged about Japanese adult dating spam. Another often-seen spam type in the Japanese language is the “make money fast” (MMF) offer. The following are some common MMF subject lines:

 

1.    Work at home business
2.    SOHO – Small Office Home Office
3.    Make Money Without Doing Anything

With this type of message, we have observed that spammers rely heavily on third-party mailers to distribute their email. The main reason why these spammers are using third-party mailers is to try and bypass anti-spam filtering. Spammers do so by utilizing shortened URL services to redirect end-users to their actual site. By using shortened URL sites, spammers can mask their actual URL domain in the message, thereby hoping to not be detected and/or blocked by anti-spam vendors. Below are a couple of examples:

 

Example 1:...

Mayur Kulkarni | 12 May 2009 17:57:14 GMT | 0 comments

Get a PhD or MBA degree for free in two weeks! No exams, no classes, and no prior work experience—sound cool? Well, in the underground email economy there are a wide variety of degrees up for grabs. Degrees in criminal justice, massage therapy, nursing, and “degrees for working moms” are among the most common diplomas that are offered. There are several messages sent across by spammers to entice email users to consider such offers. During these times of recession, many professionals/students opt for higher education in an effort to enhance their skills in the gloomy job market. Perhaps it is during the recession period that spammers fancy their chances of getting more responses from email users through fake degree spam campaigns.

Emails with following subject lines are commonly seen:

 

Nominated for a Ph.d
Online University diploma degrees
Get your MBA degree
Consider Massage...

Kelly Conley | 11 May 2009 15:31:50 GMT | 0 comments

We have been closely monitoring Japanese dating spam for a while now, and have recently identified "adult dating" as one of the most often observed attacks. Adult dating spam has been around for quite some time, but how are spammers using these types of messages to their advantage?  Dating spam is often referred to as Sakura. The term Sakura can be described as a group of "fake customers"—women looking for dates through a dating site, systematically trained to attract real customers. The spammer's intent for distributing these adult dating offers is to lure recipients into signing up for fake dating services and/or to harvest active email address accounts. Many of these spam offers are easily identifiable by the randomly generated From lines and erotic Subject lines:

 

From: 石本 孝治 <r543r2hiqlhf3mh5zp@yahoo.com>
From: startup <cjyoud@yahoo.com.cn>
From: ninjya_ark@yahoo.co.jp...

Dermot Harnett | 08 May 2009 21:25:59 GMT | 0 comments

Spam volumes continue to creep back up to normal, and are currently sitting at 94 percent of their pre-McColo levels. The recent swine flu outbreak has become yet another example of how spam continues to respond to current events. The use of the swinef flu outbreak in this manner is yet another case of history repeating itself, since it follows closely on the spammer’s abuse of the Italian earthquake and the U.S. tax day.

In another example of history repeating itself, image spam has recently made an unwelcome return.  While it has not yet returned to the dizzying heights of January 2007, when it reached 52 percent of all spam messages, image spam hit an average of sixteen percent of all spam messages towards the end of April 2009.

Click here to download the May 2009 State of Spam Report, which highlights the following trends...

Amanda Grady | 05 May 2009 16:26:19 GMT | 0 comments

Spam messages with empty bodies are often associated with “directory harvest attacks,” which is a spamming technique where email servers are bombarded with thousands of emails in the hope of discovering the valid ones; or it may be that the call to action is entirely contained in the subject line (as is described here). In recent weeks Symantec has been observing a different type of blank-body spam attack.

In these attacks, when the message arrives on the end-user’s machine, the “subject,” “from” line, “to” line, and “body” are all completely blank. If the full message headers are examined, a typical pharmaceutical spam advertisement can been seen in the message headers, along with the content headers from the data stage of the SMTP conversation, as shown below.

 

...

Dermot Harnett | 29 Apr 2009 19:22:04 GMT | 0 comments

According to recent political opinion polls, U.S. President Obama’s approval rating currently stands at 65%. It is clear that when his first 100 days in office are analyzed, spammers also view him favorably. In the last few weeks there has been a noticeable boost in the number of spam messages that use his name and popularity to promote certain spam products and services.

 

 

 

 

President Obama first became a target for spammers in 2008, when Obama and his then challenger Senator John McCain had their names linked with "portable dewrinkle machine" spam, medical product spam, and get-rich-quick spam messages. When President Obama took his campaign to Europe in July 2008, Spammers duly followed up with a spam campaign that contained links to malware. Ever since President Obama was...