Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Dermot Harnett | 06 Mar 2009 23:09:20 GMT | 0 comments

With the constant talk of the dismal economic climate and general doom and gloom in February 2009, spammers remind us that Spring is here and are suggesting various vacation “offers” to lighten the mood. Spammers have advertised vacation offers in Mexico (Cancun in particular), Lake Tahoe, Arizona, South Carolina and multiple timeshares with the subject lines including:

  • Looking for savings on a Mexico vacation? Book online
  • 4 Days & 3 Nights Confirmation
  • Visit Cancun With A 3 Night Free Stay - No Purchases Required
  • Need a Vacation - Get great travel deals sent right to your inbox
  • Mind, Body, Spirit - Come to Sedona Arizona On Us
  • Experience North Lake Tahoe With Complimentary Accommodations
  • Escape to the Outer Banks for Breathtaking Beauty and the perfect family getaway
  • Don't just dream of the Sand and Sun, experience its beauty


Takako Yoshida | 06 Mar 2009 22:22:11 GMT | 0 comments

A certain type of bank transfer scam, referred to as a “Hey-it’s-me” scam, seems to be on the rise in Japan these days. According to the National Police Agency in Japan, more than 20,000 cases of this type of scam were recorded in 2008—up from 17,930 cases in 2007. The “Hey-it's-me” scam is a common type of fraud in Japan that often plays out as follows: A scammer makes a phone call to an elderly person and says, “Hi grandpa, it’s me! I’m in big trouble and need some money. Could you transfer funds into my bank account?” Sometimes the scammers even use a name from a selection of the victim’s relatives by obtaining a list of students or employees beforehand. Recently, police have increased their efforts to thwart this type of scam by taking measures such as posting warning signs and placing police officers at ATMs.

While a scam carried out over the telephone receives greater local attention, people are now...

Mayur Kulkarni | 04 Mar 2009 21:47:44 GMT | 0 comments

Does online gambling give the biggest thrill? Why not—earning easy money is always exciting. Do you want to know the results of the big games in advance? It guarantees big returns, after all. There will always be someone falsely claiming to be able to help you achieve this dream.

Symantec has recently observed emails regarding online betting that claim to provide recipients with details behind the “fixed” football matches. The spammers claim that confidential information on the results of such matches can be used for a betting advantage. The sender claims that he can be contacted at a pre-provided email address, if the recipient is interested in buying this information cheaply. Or, the victim could be drawn in one step further and could bet on these matches using a spammer-owned website.

Users should be aware that online gambling is often associated with fraud, unless strictly regulated. There are various risks involved, the least of which is...

Vivian Ho | 04 Mar 2009 21:19:21 GMT | 0 comments

In the past decade, rapid economic growth has been observed in China. Enterprises have expanded their businesses rapidly and business travelers are often required to conduct business across China. All enterprises require employees to file expense reports, which include tax invoices or receipts in order to obtain financial compensation.

In China the tax is issued before the purchase occurs, and one may purchase a tax invoice from a government agency. This is quite different from the United States or European countries where tax is added after the purchase occurs. Tax invoice counterfeiters use spam emails to make offers to sell tax invoices to a business owner at a reduced rate. For this tax evasion service, these invoice counterfeiters will quite often offer a large purchase discount. The service involving selling and issuing fake invoices to help business owners deduct tax expenses has always been the most frequently seen spam in the simplified Chinese language.


Dylan Morss | 02 Mar 2009 22:36:58 GMT | 0 comments

Over the month of February I decided to keep an eye on spam messages that were using the cult of the Academy Awards celebrity to peddle products. I tracked spam using the names of the actors nominated for best actor and actress in a leading role in the subject line.
The results were overwhelming! It seems that although an Oscar nomination can mean big bucks and recognition in the world of big budget films, studios, and pop culture, it doesn't carry so much weight in the world of spam finance.
Of the ten actors nominated, only three appeared in spam subject lines in February. Anne Hathaway received an honorable mention with one spam message. The rest of the spam went to Brad Pitt and Angelina Jolie. The other seven actors received no spam counts and will have to be satisfied with not being chosen to help fatten the pockets of spammers. If the spammers could vote for the awards, it’s obvious that things would have turned out a whole lot...

Mayur Kulkarni | 02 Mar 2009 21:16:55 GMT | 0 comments

This is a continuation of our earlier write-up on Russian spam related to phone and ICQ numbers. We are continuing to see these messages, but now with a slight transformation. The message body is blank with all of the content, such as phone numbers, summarized in the subject line.

This technique can be disadvantageous because of the length limitation for a single line in an email. Most email clients support a maximum of 78 characters per line. Secondly, non-ASCII* characters, such as those used with Russian language emails, are encoded using schemes like Base64 or Quoted Printable. This increases the length of an already long subject line, often resulting in a split over a number of lines. As shown in the below example, the encoded line actually spans three lines.

We can now look at two or more such lines in the subject line as additional...

Patrick Fitzgerald | 25 Feb 2009 23:27:18 GMT | 0 comments

Recently we have had a resurgence of people complaining that their online email accounts have been compromised and are being used to send spam. The reports all say the same thing: a message has been sent to every recipient in the Webmail address book, but the user had nothing to do with sending it.

In these types of situations, it usually turns out that a user’s Webmail login credentials are stolen during a phishing attack. The attacker will then use the stolen credentials to change the user’s account settings in order to allow the Webmail account to automatically send out spam email. Also, the attacker will modify or add an email signature so that every future email sent by the user includes additional spam text that the user will be unaware of. In addition, auto-responding vacation notifications are often turned on so that an automatic reply—including spam—is sent to any new incoming email.

The added spam signature text usually contains an...

Shravan Shashikant | 17 Feb 2009 21:37:22 GMT | 0 comments

As discussed in the Symantec State of Spam Report for February, URLs with the “.cn” country code top level domain (ccTLD) have become a popular ingredient in spam messages. A top-level domain (TLD) is the part of a domain name that follows the final dot of any domain name. A ccTLD is a top-level domain generally reserved or used by a country or a dependent territory. According to the February report, URLs with .cn ccTLDs accounted for approximately 32% of all URLs seen during that period. However, we saw a noticeable decrease in this particular technique starting around the end of January with levels dropping down to 7%. On February 12, we once again observed a revival approaching similar levels as was seen in January—these levels are currently sitting around 29%. The URLs are applied to various kinds of spam attacks, but one of the more popular versions uses legitimate...

Mayur Kulkarni | 17 Feb 2009 19:59:47 GMT | 0 comments

With the worsening economic situation, unemployment figures have risen worldwide. This has led millions of people to search for jobs, using whatever resources they can find. One of the most common is online job search sites. Email alerts from recruitment agencies are anxiously viewed for future job prospects and hopes dashed when rejection letters are received.

Malicious code writers are making use of this opportunity to distribute their malware. Symantec has recently observed emails with malicious attachments, informing the recipient of a job rejection and including an attached copy of their purported application. These emails pose as though they have been sent from a genuine recruitment agency.

The attached zip file “copy of your” contains an executable file, detected as...

Dylan Morss | 13 Feb 2009 00:05:11 GMT | 0 comments

This is the third and probably final blog entry for me on Valentine’s Day spam as the minutes tick off before the holiday. Since my last post on February 3, we have continued to observe an increase in spam messages associated with this lovers’ holiday.

I narrowed my search to the month of February, so the data in this blog article only covers spam from February 1 until today. As a throwback to my first Valentine’s Day blog post, I thought I would pull up a recent list of Valentine’s Day spam subject lines.

The top 20 Valentine’s Day-related subject lines for February:

St. Valentine's bomus
Casino St. Valentine's Day
St. Valentine's Casino
Casino - St. Valentine's day
St. Valentine's casino
St. Valentine's games in Casino
St. Valentine's Bonus
Send Valentines Day...