Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Spam
Showing posts in English
California Wild Fire Scams
Kelly Conley | 06 Nov 2007 08:00:00 GMT | 0 comments

Over the past week we have seen some scamspurporting to be generating from the IRS. The scams are requestingdonations for the wildfires that ravaged the Southern California regionlast week. A portion of the email is below:

From: Internal Revenue Service<61yu9@irs.gov>Subject: Help for California Wildfire Victims

Right now California is asking you for help !
If you chose to take part in our program (initiated by IRS & U.S GOVERNMENT)
click on the link below and make a small contribution.
Together we can rebuild California !

BE HUMAN GET INVOLVED ! BE AMERICAN ! CALIFORNIA NEEDS YOUR HELP !

https://www.irs.gov/help/donate.html

This email is not from the IRS. The link redirectsto a fraudulent Web site created by scam spammers to steal your money.It is unfortunate...

Read more
Google's Advanced Search Operators Abused by Spammers
Jitender Sarda | 02 Nov 2007 07:00:00 GMT | 0 comments

Imagine Google’s search engine being exploited for sending spam URLs. Unbelievable? Believe it!

Google is the one of the most widely used search engines on the Webtoday. To make life easier, it supports a few advanced query wordswhich narrow the scope of a search to a great extent. It appears thatspammers have found a way to exploit this facility to direct the enduser to a URL advertising their products or services, using Google’sadvanced search operators.

Recently, we came across few offer spam mails which had the following URL in it:
http://www.google.com/search?hl=en&q=inurl:replica%20intext:%22Perfect+cheap+replica+watches+online.%22&btnI=

A first glance, it appeared to be a “Google search results” link andwe were expecting it to take us to the search results page. However,when...

Read more
MP3 Version of Pump-and-Dump Stock Spam
Jitender Sarda | 18 Oct 2007 07:00:00 GMT | 0 comments

Pump-and-dump stock spam is a classicexample of sophistication and diversity of spam techniques. Recentlythe pump-and-dump spammers have started using mp3 files as a new methodof spreading stock spam.

In the latest observations we’ve seen an mp3 file as an attachmentin the body of an email message – without any content – and the subjectline usually includes “RE:”, “FW:”, or is sometimes just blank. The“From:” address is usually random. Another feature of this newpump-and-dump stock attack is that the mp3 files have random names,such as the following examples:

"ciara.mp3"
“elvis.mp3"
"crazylady.mp3"
"chrisbrown.mp3
“jillscott.mp3"
"crush.mp3"

The average file size is approximately 63.3 kb, with the garbledstock tip lasting for about 30 seconds. The Audio content soundssomething like the below example:

Hello, this is an Investor alert. XXXX Inc. hasannounced it is ready to launch its...

Read more
Skype Hunting
Ben Nahorney | 18 Oct 2007 07:00:00 GMT | 0 comments

I was recently reminded of a childhood gamemy friends and I used to play in the forests near where I grew up. I’dstand near the edge of the tree line, holding a burlap sack, while myfriends snuck into the underbrush looking for snipes.You had to be really quiet, see, because those critters would scareeasily. You had to have patience too; sometimes you’d be standing therefor hours in your snipe-catching crouch. On more than one occasion itseemed my friends got lost in their hunt, and as dusk turned intoevening, I’d have to head home empty-handed, before my parents startedwondering where I was.

I was a gullible kid.

In much the same way, many people these days are being misled bymessages they receive about threats on their computer. But where theworst that came of our snipe-hunting adventures was wariness of what myfriends would tell me, believing these messages can...

Read more
PDF spam on the comeback trail?
Kelly Conley | 05 Oct 2007 07:00:00 GMT | 0 comments

Are spammers trying their hand at PDF spam again? Symantec hasobserved a small comeback of PDF spam in the early days of October. PDFspam volume was observed at about zero percent at the end of Septemberand is currently at around two percent.

In recent days we’ve seen the emergence of one PDF pump-and-dumpstock attack of which we have seen over 20,000 messages. This attackconsists of highly randomized headers and body. The body contains thetext for the stock being promoted followed by randomized text in the‘Shakespeare’ technique of spamming. This technique is when a spammertakes blocks of texts from existing works and inserts them into thespam message in attempt to avoid anti-spam filters. A sample of thepump-and-dump stock portion of the message follows:


Fearless International (FRLE) $0.19
Fearless International Inc., a luxury performance boat manufacturer,
has been the focus of the media for the last several months in magazine
such...

Read more
The October State of Spam report
Kelly Conley | 03 Oct 2007 07:00:00 GMT | 0 comments

With the housing market taking a continued hit in September,in-boxes also took an increased hit as spammers exploited the recentmarket slowdown and subsequent interest rate cut by the Federal Reservein the U.S. As noted in the October State of Spam Report,Symantec has seen a marked increase in spam directed towards homeownersand prospective homeowners offering refinancing, home equity loans, andactual houses. First, the spammer needs to collect personal informationfrom the recipient to evaluate whether they are eligible for an offer.This is information they can turn around and use to their advantage forfurther spamming.

Image spam levels also showed a continued decrease in September; theOctober State of Spam Report notes that seven percent of all spam fallsinto this category. This is a three percent decrease from August....

Read more
Money mules and more...
Vikram Thakur | 02 Oct 2007 07:00:00 GMT | 0 comments

A few weeks ago I posted an entryabout how malicious software was using stolen personal information tosend spam which made users believe in its authenticity. Recently, we'veacquired another email claiming to come from an employer who has founda resume matching an open position in their company. Again, looking atthe job profile it seems very lucrative with slim to no work involved.

The position is that of a PayPal Account Manager. The only realrequisite for this job is the possession of a valid PayPal account witha verified bank account. The position description even mentions thatpersonal data such as one’s Social Security number and passwords arenot going to be asked for.

...

Read more
North America SMS SPAM – The Case of the Recent Cross Carrier SPAM
Ollie Whitehouse | 28 Sep 2007 07:00:00 GMT | 0 comments

Interesting tidbit: I subscribe to the Messaging Newsemail newsletter. (I don’t actually remember signing up for it – buthey ho). I couldn’t find this replicated on their site so I am going toquote the interesting bits of the newsletter.

What caught by eye was the title ‘Cell Phone Users Experience Text Spam’. We’ve discussed this before with the most interesting incident being when one operator took legal action. Anyway back to the Messaging News newsletter, they said the following:


“Across the country this past weekend, many folks received a spammessage for the first time. While a common problem with email, theshear volume that...

Read more
Old hoaxes don’t die…
Marc Fossi | 27 Sep 2007 07:00:00 GMT | 0 comments

…they just move to new mediums. Waaaay back in 1994, a computervirus hoax known as Good Times was passed around the Internet. Whilenot the first computer virus hoax, it is probably one of the bestknown. Since then there have been many similar hoaxes all promisingcertain destruction of your computer if you open an email originatingfrom a certain address or simply by reading certain words that appearon your monitor. Naturally, when many people receive one of thesehoaxes they decide to forward the message to all their friends andfamily to save them from this fate, thus helping the chain letter tospread (if I tell two friends and they tell two friends…).

In recent years, I noticed that these messages were showing up in myinbox less and less frequently. Did people learn not to believe thesemessages? Well, apparently not. They seem to be making a comeback, butrather than being sent via email they’re now sent through the messagingsystems on various social networking sites, as well...

Read more
Pump-and-dump stock morphs again
Kelly Conley | 24 Sep 2007 07:00:00 GMT | 0 comments

Pump-and-dump stock, or penny stock, spam has been around for a longtime. Most memorably it has the distinction of being the maindeliverable of image spam. Regardless of the morphing or variations itis still pump-and-dump stock and while we're not stock advisors wewould advise against it, unless you like parting from your money.

The most recent morphing we've observed over the past few daysincludes highly obfuscated messages with a few distinctive features.For starters, none of the message headers in the attack contain asubject line. This means that when it lands in your inbox there will beno subject line for the message. Spammers may be utilizing this tacticas a means to entice end users to open the message by banking on thecuriosity of an end user to open the mysterious message. There is asubject line in the body of the message. The spammer is most likelydoing this for obfuscation purposes.

Other features of this pump and dump attack are the inclusion ofrandom,...

Read more