Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Spam
Showing posts in English
Kelly Conley | 05 Jul 2007 07:00:00 GMT | 0 comments

Who sends greeting cards for the Fourth of July? Apparently spammers. Beware of emails with Fourth of July subject lines such as:

Subject: Celebrate Your Independence
Subject: America the Beautiful
Subject: July 4th Fireworks Show
Subject: July 4th Family Day
Subject: 4th Of July Celebration
Subject: American Pride, On The 4th

Each message contains a link to the "greeting card". The link in these cases is an exposed IP address, which is a pretty good indicator that it isn’t a greeting card from an established and reputable Ecard service . When clicked, the link delivers a downloader that accesses the Internet and downloads a Trojan onto the computer.

We've been seeing a lot of generic Ecard spam over the past month and have noted it in previous blogs. What makes this one different is that...

Hon Lau | 01 Jul 2007 07:00:00 GMT | 0 comments

Security Response has received reports of a fake email purporting to have come from the US Department of Justice. The email informs the recipient of a complaint received by the IRS against the recipient’s business. The email looks reasonably well crafted and most people would tend to treat emails from the US Department of Justice with at least a bit of urgency.

The details of the email are as follows:

Subject:
Complaint Case Number: 895285164 (Note the case number may vary)

From:
US Department of Justice [abuse@usdoj.gov]

Email Body:
The email may contain the following text. Please note that the name of the plaintiff, the date and case number may vary. Despite the message that states an attachment is included with the email, there may or may not be any attachments.

Dear citizen ,

A complaint has been filled against your company in regards to...

Kelly Conley | 27 Jun 2007 07:00:00 GMT | 0 comments

Hey, you put your Trojan in my spam!

A Trojan in my spam? True. The most recent version of malicious code that we are seeing being delivered by spam is a Trojan in greeting card spam. Malicious code in spam has been around off and on for some time. We’ve even blogged about it in the past; here (from January 2007) and it appears that at least one more spammer thinks it is a novel tactic.

We’ve observed over 18 million of these spam messages in the past few days and have successfully blocked the ones we have seen. Each of the messages we’ve seen so far has a Hong Kong domain (.hk ) in the subject line. Messages containing this Trojan are easy to spot, carrying subject lines such as:

Subject: Mima sent you a .hk! Greeting
Subject: Martha sent you a ..hk! Greeting

The body of the message appears to be a greeting...

Ollie Whitehouse | 20 Jun 2007 07:00:00 GMT | 0 comments

In the words of the Ghost Busters, “We’ve got one…” We’ve got what?, I hear you ask. We now have an example of alleged SMS spam with some real statistics rather than the usual conjecture. We know SMS spam has been growing through the monitoring of such sites as Grumble Text [1] however we’ve never had true insight into the scale of a professional SMS spamming operation.

Well recently that changed - TelecomWeb broke the story [2] that,

“Verizon Wireless filed a lawsuit against Nev.-based I-VEST Global Corporation and various "John Does," alleging they sent unsolicited commercial electronic messages (wireless spam) to its customers.” and that “The lawsuit, filed in U.S. District Court in Trenton, N.J., alleges that, beginning in April, I-VEST attempted to send more than 12 million text messages to Verizon Wireless handsets, offering information about buying stocks or real estate. However, the carrier says spam filtering and network monitoring...

Eric Chien | 19 Jun 2007 07:00:00 GMT | 0 comments

On multiple Windows Live Messenger accounts (formally MSN Messenger), we received the messages (don't visit the link!):

     Get surprise at http://www.messengerweb.info/ Unbelievable!

     Hey, http://www.messengerweb.info/ helps u find out who is your friend!

     U have deleted me! Look here http://www.messengerweb.info

Was this a new worm? Or a bot that was sending out IM spam? Turns out it is neither and instead much more like adware. The site being advertised states they can find out who may have removed you from their contact list. All the service requires is for you to "enter your MSN account and password and we will tell you who has left you out from their lives....

Kelly Conley | 07 Jun 2007 07:00:00 GMT | 0 comments

The June State of Spam Report highlights the ongoing trend in the decline of image spam first reported last month in the May State of Spam Report. Image spam, which reached a high of 52 percent of overall spam in January, has shown a noticeable decline in most recent months, dropping around 10 percent each month in March and April to just 16 percent in May. One reason for the drop image spam is that spammers are always going to follow the money. The drop in image spam over the last two months tells us they think they can find a more effective way to get their messages into inboxes. While we have seen this decrease in image spam, the percentage of overall spam continues to remain the same at an average around 65 percent of email traffic for May....

Ron Bowes | 05 Jun 2007 07:00:00 GMT | 0 comments

Many types of spam are common, such as email, SMS, splog (blog spam), and snail mailer. Dave Cole discussed these in Spam: It's Not Just for Email. Today, I would like to talk about one that isn't discussed as much because it isn't as common yet: spam in multiplayer online games, or, as I like to call it, "smog".

In recent years many big titles in massive multiplayer online games have been released, and are played by millions of people all over the world. With big groups of players, there are always a few that will pay to get ahead, and spammers know that they can exploit them.

I asked several of my close friends who play online games if they've seen smog messages, and they've all experienced the same thing: offers of gold, items, and quick levels in exchange for payment....

Kelly Conley | 07 May 2007 07:00:00 GMT | 0 comments

The May ‘State of Spam’ report is now online. This month’s report highlights several interesting spam trends seen by Symantec, including the reduction in image spam, image uploading hosting solutions used in stock spam, company character assassination spam, and a new twist on the 419 spam technique.

419 spam is named after an article of the Nigerian Criminal Code which deals with fraud, and has primarily been used to defraud individuals with stories about African dictators and the sale of natural African reserves such as oil and gas.

We’ve all seen these scams. Typically they begin with a greeting and then immediately claim to need assistance in the transfer of funds to the U.S. Some try to tug on your heart strings with a story of loss, while others just make a direct play for your purse strings. But the point is, it’s a complete stranger asking for access to...

Andy Cianciotto | 12 Apr 2007 07:00:00 GMT | 0 comments

Security Response has seen a large spam run of what appears to be the latest in the line of Trojan.Peacomm variants. While this is nothing new, this time around the attachments are in the form of password-protected zip files. The recipient is tricked into unzipping the attachment with the included password, then running the unzipped file, to counteract activity related to an unknown worm (with which the recipient has undoubtedly been infected).

We've seen samples arrive in email messages with subjects including, but not limited to, "ATTN!", "Spyware Alert!", "Spyware Detected!", "Trojan Alert!", "Trojan Detected!", "Virus Activity Detected!", "Virus Alert!", "Virus Detected!", "Warning!", and "Worm Activity Detected!". The attachments are generally a .gif image file (...

Dave Cole | 11 Apr 2007 07:00:00 GMT | 0 comments

Alright, I’ll fess up: spam has never been just for email, in spite of our cluttered inboxes that loudly protest to the contrary. Spam’s early commercial origins point back to a message to 6,000 recipients on Usenet by a couple of immigration attorneys named Canter & Siegel from Phoenix, Arizona back in 1994 who were promoting their services to enroll people in the national green card lottery. From these roots, spam moved on to its dominant format today: email. Nonetheless, the flood of SMTP-based spam we see today may obscure the other flavors of spam that have popped up, including IM spam, SMS spam, and the Web 2.0 buzzword-friendly “splog”.

I’ll spare you all the gory details on IM and SMS spam, they’re pretty straightforward. IM spam has yet to reach major proportions, but it’s certainly out there, plugging spy software, ringtones, and other services. SMS spam has been highly visible overseas since 2001, especially in Asia where SMS has been used heavily for some...