Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Spam
Showing posts in English
You Know it's Election Year When…
Kelly Conley | 14 Feb 2008 08:00:00 GMT | 0 comments

It's election year in the United States,everyone must be aware of that by now. We've just observed a Trojanbeing spammed out utilizing a candidate's name, Hillary Clinton, asbait. The email asks you to click a link to download an interview withher. The email circulating has the following subject line:

Subject: Hillary Clinton Full Video !!!

The body of the email looks like this:

The link looks to be coming from http://www.google.com/pagead/iclk?sa=3Dl&ai=3DRwGGv&num=3D96249&a=durl=http://canotajetrilly.com/[REMOVED]/rdown.php?PNDcx"=id=3D

Looking closer, we see the actual link is:

http://canotajetrilly.com/[REMOVED]/rdown...

Read more
February State of Spam Report
Kelly Conley | 05 Feb 2008 08:00:00 GMT | 0 comments

The February State of Spam Reporthighlights an interesting trend in the shift of spam moving from NorthAmerica to EMEA. The percentage of spam originating from EMEA hassurpassed that of North America, which represents a significant shiftin where the bulk of the world’s spam is “supposedly” sent from.

This trend has been observed for the past three months with aculmination in January of approximately 44% of all spam email noworiginating from Europe, versus 35.1% from North America. But is thisspam mail really originating in Europe? Although it appears that waythe very nature of spam distribution makes it difficult to accuratelypinpoint the true geographic origin the sender. Spammers often takeadvantage of tricks that allow them to mask their real location andbypass DNS block lists.

Why the...

Read more
January State of Spam Report
Kelly Conley | 11 Jan 2008 08:00:00 GMT | 0 comments

The January State of Spam reportshows that as 2007 ended, spam surged and accounted for 75 percent ofall email, increasing to 83 percent in the last few days leading up tothe holiday season. The December State of Spam report had showed that 72% of email traffic was spam.

Spammers changed their techniques for the holidays by insertingseasonal oriented keywords into URLs, subject lines, and embeddedimages within their messages. The objective here was to implant theholiday spirit into the readers' minds and provide blatant gift-givingideas. No, there were no guessing games here as to what the spammerswanted to sell you for the gift giving season. The...

Read more
Chinese Products from Wholesale Suppliers - The Online Scam History
Kelly Conley | 04 Jan 2008 08:00:00 GMT | 0 comments

China is a major exporter of goods and isknown for mass production of cheap products. How often do you see "Madein China" on toys, gadgets, or the latest "it" thing? Who doesn't wantto get these hot products cheap and direct from the manufacturer?Spammers are hoping that you do and have ramped up their game to gainbusiness. Below I'm going to give an outline of the recent history of"Made in China" wholesale product spam.

This spam type originated with bidding Web sites - online auctionhouses. Spammers opened accounts on these bidding sites and posted highpriced, hot products at cheap prices hoping to gain bidder interest.When a potential bidder asked a question through the site the spammerwould provide their "wholesale supplier product Web site," contactemail, and instant messaging ID for contact purposes. The email addressand IM are all registered with third party free email services.

If users don't ask questions, the spammer then sends a fake Q...

Read more
Home-Based Business Offers
Kelly Conley | 31 Dec 2007 08:00:00 GMT | 0 comments

Job offer spam has been around a while. Itused to work like this: spammer joins job hunting site as a prospectiveemployer, "researches" resumes of prospective employees, and then spamsthose individuals with job offers of home-based businesses. Or,sometimes no job hunting site was involved at all. It was just aspammer sending spam on a home-based business offer. Home-basedbusiness can be legitimate; however, if the offer comes to you via spamthan it most likely is not.

The spammers used to use the job hunting sites themselves to sendthe offers. The recipient would receive the job offer through the siteswhere they had uploaded their resumes and it all looked legitimateuntil they read what the "job offer" actually was. What we are seeingnow is spammers branching out. They appear to have collected the namesof job hunters through these sites and are now sending the job offersdirectly to the prospective employees without going through the jobhunting sites....

Read more
Video File Formats Used to Promote Stock Symbols
Jitender Sarda | 24 Dec 2007 08:00:00 GMT | 0 comments

Penny stock spammers have started using ahigh definition video file format to promote stock symbols. As we comeup to the end of the year, spammers have moved quickly on using videoformats for spamming with pump-and-dump stock symbols. Traditionally inpenny stock spam, JPEG images were embedded in the email, followed byURLs that were redirected to other JPEG images. This year we havewitnessed huge rounds of PDF and MP3 file formats to promote stocksymbols.

Penny stock spammers have also used legitimate video commercials (TVand online media commercials) and clippings of professional financialnews reports or programs. Often there are conversations between thehost and the guest star "professional financial analyst," discussingthe company’s strategies and financial prospects. The following are acouple of sample messages of the penny stock spam email:

Date: Fri, 07 Dec 2007 03:21:59 -0500
From: [REMOVED]
To: [REMOVED]
Subject: Catch...

Read more
The 12 Days of Christmas Spam
Kelly Conley | 14 Dec 2007 08:00:00 GMT | 0 comments


On the first day of Christmas
a spammer offered me –
a brand new shiny PC.

On the second day of Christmas
a spammer offered me –
a Rolex watch,
and a brand new shiny PC.

On the third day of Christmas
a spammer offered me –
cheesy business cards,
a Rolex watch,
and a brand new shiny PC.

On the fourth day of Christmas,
a spammer offered me –
H – D – TV,
cheesy business cards,
a Rolex watch,
and a brand new shiny PC

On the fifth day of Christmas
a spammer offered me –
Vi – a – grrrr – ra,
H – D – TV,
cheesy business cards,
a Rolex watch,
and a brand new shiny PC.

On the sixth day of Christmas,
a spammer offered me –
a pink iPod nano,
Vi – a – grrrr – ra,
H – D – TV,
cheesy business cards,
a Rolex watch,
and a brand new shiny PC....

Read more
Adult Spam in Disguise – a Spammer's Antispam Filter Evasion Technique
Kelly Conley | 12 Dec 2007 08:00:00 GMT | 0 comments

We've observed some adult spam in disguise.The usual adult spam that we see is simple text with links and adultphrases that make it quite obvious what it is. The mutation that we'verecently observed includes an email that has two parts—HTML and plaintext—where the plain text portion looks completely legitimate and infact is a portion of a legitimate newsletter of some kind. However, theheaders make it apparent that it is not from the legitimate company.

Headers:

From: Sexy Girls Waiting Live Now

Subject: Tired Of The Overpriced Cam Sites

Text body:


(click for larger image)

What...

Read more
December State of Spam Report
Kelly Conley | 10 Dec 2007 08:00:00 GMT | 0 comments

Here we are the end of another year. As 2007 rolls to a close the December State of Spam Report reviews this past month’s key trends and reflects on some of the year’s most notable spam events and trends.

Monitoring more than 450 million inboxes worldwide, Symantecobserved spam surge to 72% of overall email traffic in November.Spammers were also on the hunt for new email addresses, initiating amassive harvesting campaign. During a harvesting campaign spammersbombard email servers with guessed email addresses. Those that are notrejected are assumed to be valid email addresses and are added to spamlists for future attacks. Symantec estimates that it blockedapproximately 35 million of these harvesting emails.

Throughout November, Symantec also observed spam with a seasonal "hook." Some highlights...

Read more
Xmas eCard Spam - Malicious Downloader
Jitender Sarda | 04 Dec 2007 08:00:00 GMT | 0 comments

'Tis the season of exchanging greetings,what with Thanksgiving and Xmas rounding out the year's end.Unfortunately, malicious code writers are on the job trying to exploitthese occasions by sending out mass spam email greeting cards withattractive and fancy links that serve the purpose of downloadingmalicious files to a victim's computer.

These eCards are purportedly sent from a legitimate source and tryto lure the victim to click on the link to view the eCards, which haveunderlying tricks to try and infect the computer. With the Xmas bellsstarting to ring, here is the first incidence where Xmas ecards havestarted doing the rounds. The URL included in the eCards attempts todownload "sos385.tmp" file, which is a downloader.

In this particular sample below, the "From:" header alias isdisplaying an eCard from a well known company; however, it is of coursea spoofed header. The spammer has also deliberately inserted the text "(no...

Read more