Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Spam
Showing posts in English
Old hoaxes don’t die…
Marc Fossi | 27 Sep 2007 07:00:00 GMT | 0 comments

…they just move to new mediums. Waaaay back in 1994, a computervirus hoax known as Good Times was passed around the Internet. Whilenot the first computer virus hoax, it is probably one of the bestknown. Since then there have been many similar hoaxes all promisingcertain destruction of your computer if you open an email originatingfrom a certain address or simply by reading certain words that appearon your monitor. Naturally, when many people receive one of thesehoaxes they decide to forward the message to all their friends andfamily to save them from this fate, thus helping the chain letter tospread (if I tell two friends and they tell two friends…).

In recent years, I noticed that these messages were showing up in myinbox less and less frequently. Did people learn not to believe thesemessages? Well, apparently not. They seem to be making a comeback, butrather than being sent via email they’re now sent through the messagingsystems on various social networking sites, as well...

Read more
Pump-and-dump stock morphs again
Kelly Conley | 24 Sep 2007 07:00:00 GMT | 0 comments

Pump-and-dump stock, or penny stock, spam has been around for a longtime. Most memorably it has the distinction of being the maindeliverable of image spam. Regardless of the morphing or variations itis still pump-and-dump stock and while we're not stock advisors wewould advise against it, unless you like parting from your money.

The most recent morphing we've observed over the past few daysincludes highly obfuscated messages with a few distinctive features.For starters, none of the message headers in the attack contain asubject line. This means that when it lands in your inbox there will beno subject line for the message. Spammers may be utilizing this tacticas a means to entice end users to open the message by banking on thecuriosity of an end user to open the mysterious message. There is asubject line in the body of the message. The spammer is most likelydoing this for obfuscation purposes.

Other features of this pump and dump attack are the inclusion ofrandom,...

Read more
Phishing and Spam in 2007: ISTR XII
Ron Bowes | 20 Sep 2007 07:00:00 GMT | 0 comments

Volume XII of Symantec's Internet Security Threat Reportlooks at a variety of trends that were seen in phishing and spam.Although spammers' and phishers' techniques and targets constantlyvary, one thing remains the same: they're trying to make money – andthey're getting better at it.

Phishing attacks targeting financial services remained the mostpopular target than any other sector, making up 79 percent of uniquebrands phished, and 72 percent of all phishing Web sites. The reasonfor this is obvious: phishers want money, and stealing bank account orcredit card information is one of the quickest ways to make it. Andwith credit cards commonly selling for less than ten dollars on theblack market, and bulk rates offered on credit card sales, the phishersneed a lot of them to turn a profit.

In an attempt to get more bang for their buck, phishers have starteddeveloping...

Read more
Peacomm spam finally "gets right to the point"
Nicolas Falliere | 14 Sep 2007 07:00:00 GMT | 0 comments

Peacomm samples - the so-called Storm worm- started sending unusual spam yesterday. For once, the mail did notcontain a hard-coded IP address linking to fake videos, pseudo Torclients or NFL "tracker programs". The spam advertises a website,http://www.vs-amounts.net:

From: xxx@yyy.com
To: victim@domain.com
Subject: Cold Hard Cash!

Seeking highly motivated individuals interested in a unique opportunity in financial services.

Building an exciting career where you determine your own hours and compensations.

http://www.vs-amounts.net/

Hmm. Already this looksvery suspicious, but let's check that link anyway. The site hostsphpbb, a popular open-source PHP-based Bulletin Board, and opensdirectly to the following announcement message:

OK...

Read more
September State of Spam Report
Kelly Conley | 05 Sep 2007 07:00:00 GMT | 0 comments

The September State of Spam Report is out and includes several interesting highlights and trends seen inAugust. Some highlights in this report include an update on the stateof PDF spam, different variations that have been observed in e-cardspam tactics, including fake YouTube sites, as well as insight intosome new and novel tactics that were observed by Symantec during August.

Where did PDF spam go? Highlighted in a previous postas an emerging trend, PDF and other attachment spam reached a high inearly August but closed out the month with record lows. First seen inJune of 2007 with PDF files, attachment spam grew to encompass PDF, XLSand RAR files. By Early August, this spam type was seen in 20 percentof all...

Read more
Would you apply for this job?
Vikram Thakur | 21 Aug 2007 07:00:00 GMT | 0 comments

We recently analyzed a sample of Infostealer.Monstres, and our colleague Amado posted an interesting entrywith some details of its actions. As the analysis of this threatcontinued, new details emerged. We've been able to acquire some emailtemplates that the Trojan may use to send targeted spam to individuals,using stolen personal information.

The templates acquired all point to the same position. The job isthat of a 'Transfer Manager' at an investment company. The jobdescription states that the position would entail facilitatingfinancial transactions made by the clients of the investment company.The email looks very realistic and may convince many that it has beensent from Monster.com or Careerbuilder.com.

Here are some of the email...

Read more
Microsoft Patch Tuesday: August 2007
David McKinney | 14 Aug 2007 07:00:00 GMT | 0 comments

This month Microsoft has released nine security bulletins. All ofthese vulnerabilities could let an attacker execute arbitrary code onan affected computer. All of the issues are also classified as“client-side vulnerabilities”, meaning that they require someinteraction on the part of the user for exploitation to occur. Thiswill usually entail visiting a malicious Web page or opening amalicious file that is sent through email or other means.

Microsoft’s summary of the bulletins can be found here.

  1. MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)

    This bulletin consists of a code execution vulnerability(CVE-2007-2223/BID 25301) affecting Microsoft XML Core Services.Attackers could exploit this issue through a malicious Web page.

    Affects: Microsoft XML Core Services 3.0/4.0/6.0 on Windows2000/XP/...

Read more
August State of Spam Report
Kelly Conley | 07 Aug 2007 07:00:00 GMT | 0 comments

The August State of Spam Reporthighlights the continuing decline of image spam, which reached a low inJuly from its peak in January. In addition, we observed the emergenceof a new focus - greeting card spam, PDF and other file attachmentsspam, and the rise in URLs with Chinese top-level domains (TLDs)marketing spam. This month’s spotlight includes regional spam trends inEMEA.

Though still steadily declining, what we’ve come to think of as‘image spam’ has not gone away. The preferred delivery method of thisspam type is now PDF, which emerged in June of 2007 and was discussedin a previous post. Symantec is seeing PDF spam ranging between two toeight percent of all spam. July also saw the emergence of yet moretactics focused on spamming images. These tactics include the use ofXLS and ZIP files. At this time, the volume of these spam types is lowbut Symantec is closely...

Read more
Yo! There is a Complaint Against You Lodged with the FTC/FBI/IRS
Hon Lau | 06 Aug 2007 07:00:00 GMT | 0 comments

Ok, you can substitute whatever agency name you want, but the storyis nearly always the same. A little while ago I blogged about AdvancedTDS, another Mpack-type clone and mentioned how professional some ofthe malware creators are becoming.

At the other end of the spectrum, we still have a large number ofamateurs in the game. The attempts that some of them make in theirsocial engineering trickery is abysmal, to say the least. Take thisexample of a spam email:

Dear Mr./Mrs. D####### P#######

This email was sent to inform you that your complaint case#278250765 filled with the FTC was successfully registered and postedin our Business Sentinel, a business complaint database maintained bythe U. S. Federal Trade Commission. The complaint that you have filledis now accessible to certified government law enforcement andregulatory agencies in ICPEN-member countries. Government agencies mayuse this information to investigate suspect companies and individuals,...

Read more
Zunker is not alone
Orlando Padilla | 17 Jul 2007 07:00:00 GMT | 0 comments

Earlier this year, I saw some screenshots of the Zunker bot and itscontrolling interface. I became curious about the existence of othersimilar interfaces and began paying a bit more attention to the spamcoming into my inbox on a personal account. After a few weeks ofwandering through IP blocks referenced by the spam, I ran across anopen directory containing a few screen shots of what looked likeanother interface actively spamming multiple products.

The following screen shot shows a statistics screen for a botnetthey are currently using. Similar to the Zunker interface, thisinterface also has the ability to group by country. It looks like thefeature is broken though, as you can only see one bot, which isoriginating from Poland. Given that, it is tempting to presume theowner is Polish; however, the interface's text is entirely in Englishand the screen shot was found on a Russian server. It could, however,mean that the person leasing this interface is controlling it from...

Read more