Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Spam
Showing posts in English
Trojan.Peacomm: Building a Peer-to-Peer Botnet
Amado Hidalgo | 19 Jan 2007 08:00:00 GMT | 0 comments

Symantec Security Response has seen some moderate spamming of a new Trojan horse. The threat arrived in an email with an empty body and a variety of subjects such as:

A killer at 11, he's free at 21 and kill again!
U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
British Muslims Genocide
Naked teens attack home director.
230 dead as storm batters Europe.
Re: Your text

The attachments may have any of the following filenames:
FullVideo.exe
Full Story.exe
Video.exe
Read More.exe
FullClip.exe

The attachment is not a video clip, but a Trojan horse program, which Symantec heuristic technology...

Read more
Beware you morbid types...
Hon Lau | 08 Jan 2007 08:00:00 GMT | 0 comments

It hasn't been long since reports surfaced that videos of Saddam Hussein’s execution are available for download on the Internet. It’s no surprise that enterprising malware creators have latched on to this latest news in an attempt to spread their wares.

What we have is an email spam sent to unsuspecting targets with details about where you can download a video.
Of course, this email (like past, present, and future spam) is once again taking advantage of human nature to help it spread. In this case, it is trying to appeal to the dark side of the individuals who are on the receiving end of the email.

The subject line of the email looks like this:

From: videosadan@kibeloco.com.br
Subject: Video completo da morte de Saddam Hussein

The body of the email looks like this:

...

Read more
Is This the World’s Dumbest Digital Criminal?
Ollie Whitehouse | 29 Dec 2006 08:00:00 GMT | 0 comments

While speaking with an industry friend recently, he mentioned that he had received some spam. When viewed in plain text, the spam looked like this (the filename has been changed to save the compromised):

Subject: You have received a greeting from a family member! You can pick up your postcard at the following web address http://62.75.XXX.XXX/~XXXXXXXX/XXXXXXXXXX.exe

However, if you remove the executable from the URL, you get a directory listing:

OW_dcrim_index.jpeg

So, from this we can see the machine had been compromised for two months prior to the malicious code being placed upon the site (one day before my friend received the message). However,...

Read more
Tricky New Spam Tactic
Kelly Conley | 21 Dec 2006 08:00:00 GMT | 0 comments

We've noticed a tricky new spam tactic occurring recently and thought we'd share it with you. It’s always exciting when a new spamming technique comes along and it’s even more exciting when our filtering capabilities are successful against it. Most users running our product will not have seen this. Spam filtering can still protect you from this “new spam technique,” but, even if you have seen it or even opened it, you probably gave it a one-two glance and wondered “Eh? This isn't what I thought it was.”

The headers are legit – coming from a newsletter or ad that you have signed up for. You should be receiving this mail, right? Nope, it's a spam email. Look closer. There at the top of the page. It's an ad for something entirely different than what you thought was going to be in that email.

It's an online pharmacy ad within a legitimate NFL newsletter. That is really sneaky. It looks legitimate from your Inbox. You did sign up for that NFL...

Read more
The High Cost of Spam
Kelly Conley | 08 Dec 2006 08:00:00 GMT | 0 comments

Besides the obvious inconvenience of time wasted clicking through and deleting spam email messages, what are some of the negative effects of spam? To the average user, it’s as simple as having better things to do than hunt through their email accounts for ”real” messages – messages they want to receive. For businesses, it is money spent paying employees for work they aren’t doing because they’re spending work hours picking through emails.

Then we have the hapless user who falls into a phish trap. To this user the problem can include a financial hit, not to mention the endless hours spent trying to get their money back or pursuing legal action. This often leads to a long lasting fear of future dealings with the company that was phished. This scenario also has a negative impact on said company because they may lose a customer do to fear of recurrence. In fact, they may lose several customers if word spreads on the Internet. We call this “negative brand image...

Read more
Spam and Stock Speculation
Patrick Fitzgerald | 22 Nov 2006 08:00:00 GMT | 0 comments

Malware is becoming increasingly complex. Take Rustock.B for example: this threat goes above and beyond to prevent analysis and detection. A blog article is probably too small of a space to describe everything Rustock does technically, but you shouldn’t be surprised, considering its complexity, that Rustock has a clear financial motive. In particular, apart from hiding itself with advanced rootkit techniques, the primary goal of this threat is to send a lot of spam. Because we capture spam such as this, it allows us to update our email security products, such as Brightmail AntiSpam. In addition to pharmaceuticals, mortgages, and imitation product spam, Rustock has also sent stock-based spam. Stock-based spam usually consists of some random text, followed by an image, followed by more random text. Below is an example of one of the...

Read more
Name your poison
Kelly Conley | 18 Sep 2006 07:00:00 GMT | 0 comments

Diet pills? Ambien? HGH? If any of these are up your alley, you were in luck this past month. Online pharmacy spam represented a significant number of spam attacks that were seen by the Symantec Brightmail antispam probe network. In fact, this spam type was one of the top categories of spam sent out in August and has been around for a long, long time. The Internet is a gold mine of “cheap prescription drugs” that “don’t require a prescription!”

How can you recognize this spam type? For starters, it is often text-based and includes a “non-clickable” URL. A non-clickable URL requires a person to copy and paste the URL into a browser window to navigate to the Web site. You may wonder “Who would manually copy and paste these URLs into a Web browser?”, but someone must. In fact, many people must do this because it is a popular component to the success of online pharmacy spam. Spammers wouldn’t do it if end users weren’t so gullible and it didn’t work as well as...

Read more
Hammered by image spam?
Kelly Conley | 28 Aug 2006 07:00:00 GMT | 0 comments

You are not alone. Practically everyone with an email account has encountered this problem. Image spam is everywhere these days and for the recipients it is a headache of fake Rolex, Chialis, and stock recommendations, to name only a few of the favorites. While antispam vendors mobilize to keep up with this new trend, the spammers infiltrate your Inbox.

The most frustrating thing is that these messages all look pretty much the same when reading them in your email. However, they are very different in the raw, which is why it makes the creation of effective filters much more difficult. Some of the techniques being employed by spammers to get these image-based ads into your Inbox are so subtle they are virtually imperceptible to the naked eye. These include, but are in no way limited to slight changes in text size and color, as well as image placement from one message to the next. The spammers keep utilizing more and more elaborate avoidance techniques to get...

Read more
SMS/MMS: The New Frontier for Spam and Phishing
Ollie Whitehouse | 14 Jul 2006 07:00:00 GMT | 0 comments

I've always wondered why SMS/MMS isn't used more often for spam or other malicious activities (CommWarrior being one notable exception). After talking to people in the industry about this, (that is, the security industry with a cellular or mobile flavor) it became apparent that we all have numerous hypotheses that try to explain the lack of SMS/MMS spam or phishing attacks. Some of the ideas that I've heard over the years include:
a) It costs money to send SMS/MMS messages, whereas to send e-mail it, for all intents and purposes, is free.
b) Any spam originating from a single operator or third party SMS/MMS originator can easily be shut down.
c) There is no need to complicate things as people still fall for e-mail phishing.

These opinions are certainly valid, but I think the tide may be turning, albeit on a very small scale. SMS is...

Read more
Money for Nothing (And the Cops for Free)
Candid Wueest | 07 Jul 2006 07:00:00 GMT | 0 comments

The amount of email I have received lately regarding "making easy money from home" has increased tremendously. These “job offers” all have two things in common; you are required to have an online bank account and you must be able to check email frequently. In return for these requirements there are promises that large amounts of money can be made, usually five to ten percent in commission for every payment forwarded to the company headquarters.

To make it even more convincing, fake companies are created and complete Web sites with job offers and background information are generated. Interested parties receive convincing job offers with social benefits and health care plans. So, what's behind it? As you have probably guessed by now, these are recruitment emails from phishers. They are constantly searching for "money mules" that will receive payments from stolen accounts and then transfer the cash back to the real attacker. Many phishers are swimming in...

Read more