Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Anand Muralidharan | 30 Sep 2013 14:00:20 GMT
Symantec has observed a new spam tactic targeting YouTube using .avi and .mp3 extensions in URLs by placing a random YouTube link in the email content. This spam threat is also targeting the pharmaceutical industry, as we have previously observed in this blog: Pharma Spammers Brandjack YouTube.
 
In this new spam threat, users will be redirected to a fake pharmacy website when they click on the links. The following URLs were seen in spam samples using .avi and .mp3 extensions examined by Symantec:
 
http://www.[REMOVED].com/Fox.avi
http://www.[REMOVED].com/Yamamoto.avi
http://www.[REMOVED].vn/Larue.avi 
http://www.[REMOVED].com/McAlear.avi
http://www.[REMOVED].ru/87342.mp3
http://www.[REMOVED].ru/327182.mp3
http://www.[REMOVED].fr/472738.mp3
http://www.[REMOVED...
Symantec Security Response | 24 Sep 2013 09:14:38 GMT

While Craigslist has always been a favorite social engineering theme for scammers, Symantec has identified another on-going SMS spam campaign abusing Craigslist’s popularity. The scam tricks users into installing free and legitimate open source software on their PC by leveraging phone numbers posted on Craigslist ads. The software comes bundled with additional software that will allow scammers to make money through affiliate programs. 

craigslist_sms_spam_scam02.gif

FigureHow the SMS spam redirects users to download open source software

The first stage of the scam involves the victim receiving an SMS text message on their device. Online research suggests that the scammers are harvesting phone numbers directly from online Craigslist postings for this scam campaign. The sale of spamming and harvesting...

Satnam Narang | 20 Sep 2013 20:26:03 GMT

On the heels of its most highly acclaimed episode, Breaking Bad fans tweeting about the popular AMC show may find themselves targeted by a new Twitter spam tactic.

Traditionally, spammers and scammers abused the reply functionality built into the service but over the years, spammers have searched for different ways to gain visibility amongst Twitter users. The most recent tactic being utilized is called list spam.

A Twitter list consists of a curated group of Twitter users. Users can create their own lists or subscribe to existing lists already created by others. Spammers are using this feature to get the attention of Twitter users.

Various lures have been used in Twitter list spam recently, from offering celebrity phone numbers to free gift cards, devices, and video games.
...

Nick Johnston | 12 Sep 2013 11:14:56 GMT
Phishers are known for making their phishing sites look exactly like the sites they are spoofing. We have seen plenty of examples of the detail they employ, like using JavaScript to include the current date in their static pages. In recent times, Symantec have seen an increase in generic email phishing. Unlike normal phishing, where phishing messages usually have a target in mind (bank customers or social network users, for instance), the generic email phishing technique is slightly different. In generic email phishing, the phishers will target any email address; who the target is does not matter.
 
These generic phishing messages usually claim that the recipient's mailbox size has been exceeded, and direct them to urgently "re-validate" their mailbox to prevent disruption to their email. Symantec recently identified a generic email phishing website which, at first glance, appeared normal. It looked fairly amateurish—demonstrating...
Christopher Mendes | 09 Sep 2013 17:22:41 GMT

Contributor: Binny Kuriakose

Spammers continue to leverage the crisis in Syria for their personal gain. Besides taking advantage of a scam message that claimed to be from The Red Cross, spammers are now taking advantage of emails about the news in Syria. They have snuck in a few malicious messages containing random URLs that entice users to go to a compromised malicious website that hosts obfuscated JavaScript codes that downloads the Trojan, Downloader.Ponik.

When the Trojan is executed, it may create the following files:

  • %TEMP%\[RANDOM CHARACTERS FILE NAME].bat
  • %UserProfile%\Local Settings\Application Data\pny\pnd.exe

The files then inject a malicious executable payload, which may allow the attacker to steal passwords and sensitive...

Nick Johnston | 29 Aug 2013 08:24:31 GMT

As the international community coordinates its response to the deepening crisis in Syria, scammers have once again demonstrated their skill at using current, high-profile events to their advantage. We have previously covered these methods in regards to Egypt, Libya, and the Rugby World Cup.

We recently identified a scam message that claimed to be from The Red Cross. The message explains how the conflict is creating a humanitarian crisis and urges people to support The Red Cross and The Red Crescent.

SyriaScam.png

Curiously, the email includes a link to the actual British Red Cross...

Christopher Mendes | 19 Aug 2013 19:36:42 GMT

Contributor: Sujay Kulkarni

image1_9.png

The Ashes Test cricket series, one of most popular Test series in cricket, is played between England and Australia. It is played alternately in England and Australia and is the oldest test rivalry between these two sides. Cricket fans are glued to the TV and their online devices to watch this riveting series.

In the current Ashes series England is leading 3-0 and is on the cusp of creating history against Australia—if they beat them hands down in the last test match, which now is a real possibility. However, what is making the rounds is not Scholes, Carrick, or Robin Van Persie, but Captain Cook and his elite squad waiting to steamroll Australia.

This...

Christopher Mendes | 07 Aug 2013 08:17:13 GMT

It may sound strange, but one surefire sign that the economy is on the mend is an increase in stock spam. Yes, stock spam is a bellwether signal of an economic revival and if you want proof, check your email. Scattered in your bulk folder, you may find a myriad of such spam promising you ‘an opportunity of a life time.’ Rearing its ugly head every time there is a hint of an economic recovery, stock spam never misses an opportunity to try and con victims out of their hard-earned cash.

Over the years, stock spam has evolved, honing its method of psychologically hustling a victim into buying a particular stock that will ‘imminently’ be pumped up by some sort of syndicate. Stock spam creates an unwarranted urgency and promises a pot of gold at the end of it all.

Stock spam relies on a strategy called ‘pump and dump,’ where spammers create pseudo hysteria, beckoning victims to invest in penny or sub-penny stocks that would give...

Pavlo Prodanchuk | 25 Jul 2013 08:28:48 GMT

Last month Symantec posted few blogs (here and here) on an increase in spam messages with .pw URLs.

Since then the volume of URLs with .pw domains has considerably decreased. At the beginning of May the peak volume .pw domains accounted for about 50 percent of all spam URLs. Currently, .pw domains account for less than 2 percent for the last seven days.

Figure1_6.png

Figure 1. .pw TLD appearance in spam messages

The decrease in .pw domains is the result of a close collaboration between Symantec and Directi in reporting and taking down the .pw domains associated with spam.

The latest evidence from the Global Intelligence Network shows that even with such a small presence of...

Pavlo Prodanchuk | 23 Jul 2013 12:41:01 GMT

For the last few months, Symantec has been observing pharmacy related spam attacks where spammers are using the legitimate Google Translate service to avoid anti spam filters. 

Most of the samples received were sent from hijacked email addresses from popular free mail services. 
The majority of the messages’ subject lines were promoting either online pharmacies or well-known  tablets such as Viagra, Cialis and others. Furthermore, in an effort to make the spam immune to filters, several observed subject lines contained randomized non-English characters or words inserted at the beginning or end of the subject line. 

Figure1_4.png

Figure 1. Sample subject lines

The body of the spam message contains a Google Translate link as well as promotional text explaining the advantages...