Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Rui Brito | 10 Feb 2009 00:16:44 GMT | 0 comments

While reviewing some Russian spam samples recently, I came across an amusing message. It extols the financial benefits of promotional email messages, also known as “spam” in layman’s terms. The spammer sells it in true snake oil peddler style, all the while quoting Lenin for a great mix of capitalism and communism! The message contains many of the telltale signs of recent Russian language-based spam attacks: short, text-based, and a phone number for a call to action.

As always, be wary of any email received from an unknown or untrusted source. Below is an example of this type of message (translated text follows after the original content):

Subject: Информация для вас

Если вы спросите, Что такое спам?      
То можно с уверенностью ответить, это доходный и стабильный бизнес.   

Dermot Harnett | 05 Feb 2009 12:55:28 GMT | 0 comments

The February State of Spam Report has just been published (available to download here) and while it was widely predicted and not unexpected, spam levels continue to rise post-McColo shutdown, accounting for over 79 percent of all email in recent days. The speed with which spammers have returned to business is not totally unexpected. Let's remember that as long as the profit motive exists for spammers, new spam campaigns will continue to emerge.
There have been a few changes on the “spamscape” since McColo was shut down in November 2008. The presence of active zombies around the world continues to shift and while the United States retains the “honor” of being the primary region of origin for spam, and has consistently been one of the largest sources of spam, new botnets in Latin America and Asia are increasingly...

Dermot Harnett | 04 Feb 2009 20:12:10 GMT | 0 comments

As U.S. President Obama focuses on preparing an economic stimulus package, it is clear that spammers are also working on their own unique version of a “stimulus package.” Spam levels are continuing to rise post-McColo shutdown, accounting for over 79 percent of all email in recent days. As the economic situation continues to worsen across the globe (with the unemployment rate in the U.S. expected to have jumped to 7.5 percent in January from 7.2 percent the month prior) it is clear that spammers believe that some clouds have a silver lining. A number of economic stimulus-related spam emails have emerged in recent days.
One example claimed to be from the Internal Revenue Service (IRS) and encouraged the recipient to “Submit your Economic Stimulus Payment form.” This is a common spam tactic used by spammers to try and obtain personal information from a recipient who may be unfamiliar with such attacks. It should also be noted that as the April...

Dylan Morss | 03 Feb 2009 22:40:15 GMT | 0 comments

After I posted a blog entry last week (1/28/2009) on Valentine’s Day spam subject lines, I thought it would be interesting to take a closer look at specific words related to Valentine’s Day that have been appearing in spam subject lines recently to see if there were any trends. I had previously noted an increase in the appearance of a few Valentine’s Day related words; “cupid,” “Feb 14,” and “February 14,” and I wanted to expand the search a bit. I was hoping to try and redeem the reputation of Valentine’s Day spam since my previous post put the spammer’s intentions in a less romantic light than the holiday warrants. I decided to search for traditional Valentine phrases such as the following: chocolate, cupid, Feb 14, February 14, flowers, heart, jewelry, Valentine, and Valentine...

Dylan Morss | 28 Jan 2009 22:57:35 GMT | 0 comments

What would your Valentine like this year? Perhaps a shopping spree, a watch, cash, or an assortment of E.D. or weight loss pills?
We are nearing the end of January and Valentine’s Day spam is in full swing. Spammers have been busy making sure they have the perfect gift for your loved ones this year.
The top 20 Valentine’s Day spam subject lines seem more like a laundry list of solutions for a cast of depressed porn stars than an array of truly romantic gifts. What says "Happy Valentine’s Day" quite as well as "Hi Sweetie, here are some weight loss pills for you this year, maybe you can drop a few pounds!"?

The top 20 Valentine’s Day-related subject lines for January

Increase your length, the best valentine's gift
Show off your length for valentine's
Get it before Valentine's day and watch her smile
You have been invited to partake...

Mayur Kulkarni | 28 Jan 2009 17:49:49 GMT | 0 comments

During the past few days we have observed a rise in Russian spam that is offering various local trade services at cheap rates. Instead of using the old standby methods, they are spamming out telephone and ICQ numbers in their ads rather than redirecting email recipients to malicious websites, as is usually seen with spam related to pharmacy or watch replicas, for example.

The interesting concept of this spam lies in the simplicity of the localized services offered. For example, the majority of these spam emails consist of ads for everything from audio books to real estate, from personalized accounting services to the installation of auto glass. For these types of services, it may be that maintaining a dedicated website can be costly and unnecessary. Also, this may be an effort to move away from embedding URLs in emails because anti-spam filters commonly block such messages.

The primary action required for the recipients of these spam messages is to call a telephone...

Dermot Harnett | 28 Jan 2009 00:43:57 GMT | 0 comments

As the Chinese New Year (Spring Festival) continues to be celebrated around the world, a recent increase in the abuse of the .cn (China) country code top-level domain (ccTLD) has been observed in spam messages. A top-level domain (TLD) is the part of a domain name that follows the final “dot” of any domain name. A ccTLD is a top-level domain generally reserved or used by a country or dependent territory. As noted in the January 2009 Symantec State of Spam Report, approximately 90 percent of all spam messages today contain some kind of URL. In January 2009, an average of 32.5 percent of the URLs observed have had a .cn ccTLD, compared to the average of 57 percent of URLs that had a .com TLD.

Spammers often rotate domains and TLDs in their spam messages because they likely feel this tactic allows them to circumvent some anti-spam filters that...

Kelly Conley | 27 Jan 2009 19:26:28 GMT | 0 comments

Macau is the only place in China where there is legalized gambling.* In order to gamble legally in China a person would need to spend money on travel and accommodations to get there. Is there a way to avoid the hassle and expenditure of traveling to Macau for those persons that are interested in gambling? Well, it seems that spammers are offering a solution to the Chinese population: gambling online, from the comfort of your home.

Symantec has recently observed what we believe to be the first instance of online casino and sports betting spam using the Chinese language. The layout of the message is very similar to what we frequently see in English-language casino spam. The message asks users to download a number of software packages and register an account. By registering an account, a user automatically becomes eligible for a random amount of free cash or bonus points. This is all a very common occurrence in English-language spam related to gambling. But,...

khaley | 20 Jan 2009 00:02:56 GMT | 0 comments

Have you booked any airline travel recently? One way or the other, you may be surprised to find some email in your inbox telling you that you have. And, that your credit card has been charged for it! Don’t let curiosity or concern get the better of you—do not open the attachment that is likely accompanying the message. If you do, you would probably end up installing malicious code on your machine.

There are spam messages circulating that are purportedly coming from several major airlines. United Airlines is the latest airline that has been mentioned, but Security Response has seen spam email falsely claiming to be from Northwest Airlines, JetBlue, Midwest Airlines, and Sun Country Airlines. Undoubtedly other airlines will be exploited as well. The email will usually name a specific dollar amount that your credit card has supposedly been charged for air travel. It even offers you a login and password for the airline’s website, but what the...

Zulfikar Ramzan | 19 Jan 2009 15:44:00 GMT | 0 comments

In previous blog postings, I talked about politically themed online malicious activity, focusing on what we observed during the recent U.S. presidential election cycle. Even though the election itself has long since been over, we are continuing to see similar political themes in today’s attacks.

As anticipation builds around President Elect Barack Obama’s upcoming inauguration ceremony, Symantec’s Threat Intelligence team analyzed a new wave of malicious spam messages with a “Presidential theme” that found their way into one of our vast number of global sensors.

The corresponding emails have subjects and bodies similar to the following:

Subject: You must look at this!
Our new president has gone

Yours truly,
Dan Harrison

Subject: Breaking news
Barack Obama refused to be the president of...