Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Kelly Conley | 11 May 2009 15:31:50 GMT | 0 comments

We have been closely monitoring Japanese dating spam for a while now, and have recently identified "adult dating" as one of the most often observed attacks. Adult dating spam has been around for quite some time, but how are spammers using these types of messages to their advantage?  Dating spam is often referred to as Sakura. The term Sakura can be described as a group of "fake customers"—women looking for dates through a dating site, systematically trained to attract real customers. The spammer's intent for distributing these adult dating offers is to lure recipients into signing up for fake dating services and/or to harvest active email address accounts. Many of these spam offers are easily identifiable by the randomly generated From lines and erotic Subject lines:

From: 石本 孝治 <>
From: startup <>

Dermot Harnett | 08 May 2009 21:25:59 GMT | 0 comments

Spam volumes continue to creep back up to normal, and are currently sitting at 94 percent of their pre-McColo levels. The recent swine flu outbreak has become yet another example of how spam continues to respond to current events. The use of the swinef flu outbreak in this manner is yet another case of history repeating itself, since it follows closely on the spammer’s abuse of the Italian earthquake and the U.S. tax day.

In another example of history repeating itself, image spam has recently made an unwelcome return.  While it has not yet returned to the dizzying heights of January 2007, when it reached 52 percent of all spam messages, image spam hit an average of sixteen percent of all spam messages towards the end of April 2009.

Click here to download the May 2009 State of Spam Report, which highlights the following trends...

Amanda Grady | 05 May 2009 16:26:19 GMT | 0 comments

Spam messages with empty bodies are often associated with “directory harvest attacks,” which is a spamming technique where email servers are bombarded with thousands of emails in the hope of discovering the valid ones; or it may be that the call to action is entirely contained in the subject line (as is described here). In recent weeks Symantec has been observing a different type of blank-body spam attack.

In these attacks, when the message arrives on the end-user’s machine, the “subject,” “from” line, “to” line, and “body” are all completely blank. If the full message headers are examined, a typical pharmaceutical spam advertisement can been seen in the message headers, along with the content headers from the data stage of the SMTP conversation, as shown below.


Dermot Harnett | 29 Apr 2009 19:22:04 GMT | 0 comments

According to recent political opinion polls, U.S. President Obama’s approval rating currently stands at 65%. It is clear that when his first 100 days in office are analyzed, spammers also view him favorably. In the last few weeks there has been a noticeable boost in the number of spam messages that use his name and popularity to promote certain spam products and services.

President Obama first became a target for spammers in 2008, when Obama and his then challenger Senator John McCain had their names linked with "portable dewrinkle machine" spam, medical product spam, and get-rich-quick spam messages. When President Obama took his campaign to Europe in July 2008, Spammers duly followed up with a spam campaign that contained links to malware. Ever since President Obama was inaugurated on January 20th 2009, spam attacks with...

Mayur Kulkarni | 28 Apr 2009 10:21:17 GMT | 0 comments

The swine flu outbreak in Mexico and the United States is making news headlines all over the world, with updates coming out in real time from the Centers for Disease Control and Prevention. The scare has spawned a spamming frenzy, like sharks smelling blood in the water. Symantec has been monitoring the spam and is continuing to analyze the underlying intentions of the associated messages. In the past, such current event spam campaigns included sending malicious messages, in which the email user is lured into clicking malicious links that pretend to be a harmless link or a related video. However, this time around it is an email address that the spammers are more interested in collecting—perhaps as part of a harvest for their future campaigns.

One of the samples (shown below) simply informs recipients of the disaster, using linked news headlines from reputable news agencies. Users are asked whether they...

Mayur Kulkarni | 27 Apr 2009 20:18:26 GMT | 0 comments

In an effort to track the prevalence of Mother’s Day spam, we’ve started monitoring recent spam samples and have found that the spammers seem less enthusiastic about Mother’s Day than other events around the world, such as the resurgence of interest in the swine flu. Most of the Mother’s Day-related spam we analyzed consisted of Internet offers providing personalized gifts such as photo frames or jewelry. Others included gift cards, kitchen related products, and the ever-present weight-loss solutions.

Some of the common subject lines are listed below:

Personalized Mothers Day Gifts
Mother's Day Gifts
This is about Mother's Day next month
Microwavable pasta cooker. Mother's Day is near!
Your Mothers Day Gifts are Here!

Samir_Patil | 20 Apr 2009 18:47:55 GMT | 0 comments

We’ve observed a new malicious spam threat that arrives as an email promoting a free software trial that purportedly can be used to spy on people’s SMS (Short Message Service) messages. The spammers are claiming that this software can be used to snoop around the SMS messages of your partner, or for general SMS spying, and a URL is provided for a download of a 30-day free trial of the software.

Unfortunately the URL leads a user to download an executable file that goes by different names, such as sms.exe, smstrap.exe, and freetrial.exe—all of which are nothing but pieces of malicious code. Symantec security products identify the particular malware served up in this attack as W23.Waledac.

As is common in spam, these messages target human emotions such as fear, jealousy, and suspicion to spread the malware. But, as always,...

Samir_Patil | 15 Apr 2009 19:33:33 GMT | 0 comments

Many anti-spam techniques work by searching for patterns in the header or body of the email message and creating signatures for them. To bypass these filters, the spammer intentionally introduces obfuscation by misspelling certain keywords, inserting random lines, or adding invisible words in the message.

Recently, Symantec has observed dating- and health-related spam messages where the URLs of well-known brands are used to obfuscate the message. The spammer has added URLs varying in number—from 5 to 15 in a single message. These URLs are invisible, since the font color of the URLs is the same color as the background of message. These URLs are actually the “postmaster information” Web page or a “news” Web page of reputable companies.

Some of the subject and legitimate URLs found in the samples are as follows:

Subject: Good Day To You
Subject: OMG your hot we should chat!
Subject: Hey whats up wanna chat?

<a href...

Vivian Ho | 14 Apr 2009 20:09:32 GMT | 0 comments

Happy Easter! Are you really blessed? Spammers always have favorite holidays. And while they couldn’t join your family for an egg hunt this year, they didn’t forget to send their greetings during Easter week. During the past week we observed fraudulent e-card notifications spoofing a well known Internet e-card service site.

The message contains legitimate From: and Subject: lines, along with a heart-warming Easter message to make up the body content. Spammers used a legitimate-looking pick up notification hyperlink to lure the recipient to click it. However, a PHP URL is embedded into HTML, which actually links users to another URL where malicious code may be downloaded onto their system.

This is a typical spam tactic, but recipients should still be aware of it during this post-holiday season, since the scam still exists. We urge recipients to be aware of this type of greeting to avoid vicious attacks. Most importantly, do not open emails with suspicious...

Mayur Kulkarni | 08 Apr 2009 21:46:41 GMT | 0 comments

When trying to solve difficult problems, people examine different approaches and strategies. This includes applying known techniques or variations to deliver favorable results. Though variations can be interesting, using a known method has a better chance of getting results. Spammers are no exeption– they are again trying their hand with image spam, seeking an opportunity to catch some anti-spam filters off-guard and sneak through to reach a user’s inbox.
During the last couple of weeks, we have observed an increase in use of images especially with health-related spam. As seen in the past, we also see different obfuscation techniques being used. This includes adding noise to the image to avoid detection of similar images. Along with images, random texts in the message are also observed - again an attempt to bypass the filters. Currently, we don’t see this old technique of using images interfering with anti-spam effectiveness.