Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Mayur Kulkarni | 02 Apr 2009 22:41:33 GMT | 0 comments

April Fools’ Day was noted as the expansion date of the Conficker worm, with the possibility of a major threat launch. We have found spam samples attempting to capitalize on the frenzy over Conficker (a.k.a. Downadup), offering the latest in antivirus security software that purportedly protects users from the Conficker threat. Some of these spam messages even use names and images of software much like our own Norton AntiVirus 2009. In the example below, it even mentions the name of one of our Symantec employees frequently cited in the press.

Here is the sample image of the message:

 

 

 

 

In an attempt to increase financial gain, the product...

Mayur Kulkarni | 02 Apr 2009 12:09:19 GMT | 0 comments

In the past, spoofed news alerts have been used to carry malicious links or attachments. Spammers tap into the curiosity of the reader and attempt to trick them into clicking bad links or opening harmful attachments. This often results in the infection of a victim’s machine, unless it is properly protected by an updated antivirus program and firewall. We are currently monitoring spam attacks that employ the spoofed news alert approach, but contrary to the malicious approach, the news alert spam doesn't contain any URLs or attachments.

With these types of spam attempts, we try to isolate the reasons for such attempts and consider the possible outcomes for spammers using this approach. When we look at the received lines in these messages, we find them originating from diverse geographical locations, suggesting that this may be a botnet attack. So then, why are these messages sent? It may be because the spammers want to confirm the validity of a recipient’s email...

Mayur Kulkarni | 02 Apr 2009 11:45:23 GMT | 0 comments

Spammers have recently adopted a different strategy to lure users into viewing their messages and clicking the links inside them. Typically, spam messages attempt to lure unsuspecting users with an email using a linked phrase, such as “Click this website to know more” or “Open this website to check.” We are monitoring a new approach in attempting to draw in readers to open these links. The hyperlinked text will say something like:

 

Read my blog to learn how I did it
Just check out <NAME>’s Blog to find out how he did it
Read about it on my blog

It’s common for the subject line of these emails, as well as the sender line, to make reference to some blog. These instances can lure users to open the message, and further check the so-called blog by clicking the embedded URL. However, the links actually redirect to Web pages selling health-related products or...

Takako Yoshida | 31 Mar 2009 18:04:42 GMT | 0 comments

From bank accounts to credit card numbers, personal information is at high risk as spammers are very fond of gathering data that will sell on the underground economy. Therefore, users are advised to be cautious and not expose their information (i.e. don’t submit personal details to questionable sites). So, what would you say if there is a service that protects your personal identification, such as a Social Security number? Would you be interested and want to find out more details? The answer should be “NO” if this offer is from a spammer.

Symantec has recently observed a message that appears to be a direct service promotion from an identity theft protection company, claiming that they can keep Social Security numbers away from risk:

 

 

 

 

The spam...

Dermot Harnett | 31 Mar 2009 17:00:28 GMT | 0 comments

If you are a resident of the United States and haven’t already filed your tax returns, maybe you should consider reading the following blog post. The countdown to “tax day” (April 15 in the United States) is currently in full swing, with the IRS offering daily tips for filing.

The run-up to tax day in the United States has traditionally become a time when phishing directed towards the IRS becomes more prevalent. As reported in previous Symantec State of Spam reports, spammers continue to attempt to disguise themselves as the IRS, dangling tax refund offers in front of unsuspecting users.

These “offers” are aimed towards recipients who may be unaware that the IRS “does not initiate communication with taxpayers through email.” The purpose of...

Francisco Pardo | 31 Mar 2009 11:55:53 GMT | 0 comments

During hard economic times, people look for ways to save money. Spending money on necessities such as tax preparation is no exception. Recently, spammers have been offering ways to save money on tax preparation as a means to enter a user’s inbox.
 
Below are some examples of subject lines spammers are using to lure users into opening messages:

 

File Your Returns Now!
TaxAct Online Home of the Totally Free federal tax return.
Prepare Free Print Free IRS e-file FREE
Click the link below to start your tax return


These messages are not just limited to taxpayers in the United States. Since spammers are part of  international underground corporations, other countries fall victim to spammers’ tactics as well. Our technicians have monitored emails directed to the people of France using the same principle. Here is an example:


Madame,...

Mayur Kulkarni | 24 Mar 2009 22:04:33 GMT | 0 comments

It seems malicious attacks on job seekers were not enough. We are now seeing MMF (Make Money Fast) spam also stepping up to exploit the financial situation. Recent spam related to the recession included fake job offers as well as rejections. Some of the spam offered to help recipients out of the recession by making available financial help within 24 hours or less, without considering their credit ratings.

We will discuss MMF spam in this blog - one of the categories which targets users hit by the recession. This particular technique includes spammers sending plain text e-mails with phone numbers inside the message, enticing the recipients to call and earn easy money. This may not be a new spamming method; however it is the dire situation that spammers are cashing on. Some of the subjects related to ‘recession’ include:

Fight...

Takako Yoshida | 24 Mar 2009 20:55:43 GMT | 0 comments

As the Internet community continues to pay more attention to the reputation of websites and email senders, spammers are doing their best to hide behind well-established and reputable brands. Social networking sites have for some time now been used by spammers in the spam war. As more and more people become connected through social networking sites, it is not unusual to receive notifications of status update or sharing information from your friends. Symantec has recently observed a number of spam attacks claiming to be messages from various social networking sites.

One recent sample attempted to attract the attention of the recipient by using the following tactics:
1.    Claiming to be from a social networking site
2.    Indicating in the Subject line that message was from a social networking site
3.    The message indicated that the recipient had a personal message.

 

 ...

Mayur Kulkarni | 23 Mar 2009 22:48:55 GMT | 0 comments

When somebody throws us a challenge, we get ready to tackle it. There is nothing wrong with taking a challenge; however it is not wise when such tests are marked with trickery, and can cause financial losses.  We have observed recent messages, where the spammer challenges the recipient to an IQ test. The challenges can be found in the following subject lines:

How smart (or dumb) are you?
Someone Thinks You Are Dumb - Take The Quiz and Prove Them Wrong!
TestUrIQ
Pick Your Brain With This Quiz

By clicking on the URL inside the message, the user is redirected to the page in the graphic below. This page informs the user of the current high IQ score and invites them to take a test. The page also describes the terms of the quiz, and that results will be provided to the user upon completion of a mobile game subscription offer. These terms are placed at the bottom of the page with a small font...

Dermot Harnett | 18 Mar 2009 16:12:44 GMT

Given the ominous subject line, “Take care about yourself!” [sic], fear mixed with excitement might propel some recipients to disregard security consequences and click on URLs that link to malware. In this recent spam example, geo-location services were used to target the recipients of the message. Depending on the relative location of the message recipient, the location of the fake terrorist attack mentioned in the text of the message differs.

 

In one particular location the spammer indicated that there was a “Powerful explosion burst in San Pablo this morning,” and in another they indicated that there was a “Powerful explosion burst in Pune this morning.” Then, there is a brief description of the “attack” including, “At least 12 people have been killed and more than 40 wounded in a bomb blast“ and “explosion was caused by 'dirty' bomb.” The logo of a prominent news wire service was added...