Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Kelly Conley | 03 Sep 2008 17:34:51 GMT | 0 comments

The theme to Flash Gordon is going through my head. You can't hear it, but I can. He's the savior of the universe, king of the impossible, and he'll save ev'ry one of us.

These lyrics seem so appropriate when it comes to all of the .swf (Flash) spam that we're observing. I imagine the spammer looks upon .swf files as saving his spam by ensuring it will bypass filters. Is .swf the "king of the impossible," able to avoid detection? The answer is "no."

What we have observed are spam messages that contain a link to an .swf file. This file is hosted on a popular image hosting site. When clicked, the link redirects to various Web sites and so far we've seen medical supplement and adult-oriented sites as the destination of the redirects.

The .swf attack with the largest volume observed is the German pharmacy attack, with over 300 million instances seen. The body of this message is in German and includes a list of medications that are...

Kelly Conley | 29 Aug 2008 17:58:32 GMT | 0 comments

Notice! The virus-spreading spammer doesn't have your baby but is claiming to. In recent emails observed by Symantec, malicious code is being spread by hoax emails claiming to have pictures of your hijacked [sic] baby. The Subject line makes the claim that someone has  "hijacked" your baby and the attachment on the message is not a photo, but rather a zip file containing a downloader:

Subject: We have hijacked your baby
Content-Type: application/zip;        name=""

The body will look similar to the following:

"Hey We have hijacked your baby but you must pay once to us $50 000. The details we will send later...
We has attached photo of your fume"

The email comes with an attached zip file called "," which...

Candid Wueest | 27 Aug 2008 17:59:48 GMT | 0 comments

I must admit that I was puzzled for a second when I saw an email with a suicide note as a subject line in my spam inbox. I wondered what product they might try to sell with that note or which drive-by download site might be hidden behind it. So, I opened it. The email was actually written like a real suicide note.

In the text of the message, a young Swiss guy explains that he has had enough with the world and that he has given up his painful fight against the Russian cyber-criminals. With some side notes, he explains that he had at least profited a little from their own tricks and was able to transfer some cash for himself from Swiss online banking accounts. Of course, he explains, all in the name of the greater good.

The mail then takes a tangent and tells a story about him catching his girlfriend red-handed with another guy, which finalized his...

Kelly Conley | 21 Aug 2008 07:20:52 GMT | 0 comments

In the past few days Symantec has observed virus spam masquerading as news articles regarding the current Georgia-Russia conflict. We felt it was important to blog about this because this particular event is garnering a lot of media attention and holds a very high profile. Because of this, there is an extremely high potential for the spreading of malicious code by spam email using information on this event as a lure.

The messages themselves contain an attachment, along with instructions and passwords for the download of the attachment. The subject line appears to be a legitimate news story about the Russia/Georgia conflict. One subject line that has been seen reads: “Subject: Journalists Shot in Georgia.” A short description of a “news event” related to the Russia-Georgia conflict is contained within the body of the message.

The use of the attention-grabbing subject line seems to be intended as a social engineering tactic to entice recipients to click the link...

Kelly Conley | 05 Aug 2008 14:52:39 GMT | 0 comments

As we enter August, Symantec takes note in the State of Spam Report that spammers are continuing to attempt to entice users to open their messages by sensationalizing false news events. Popular targets of this headline or tabloid spam include current public events and figures, such as Obama and McCain.

In July, some of the subject lines observed were:

  • Beijing Olympics cancelled
  • Beijing postpones Olympics due to McCain-Dalai Lama meeting
  • Mccain Says Unsure If Obama A Secret Hippopotamus
  • Kick-up - Obama speaks in London - video

In the samples observed, the URLs were hosting malicious code (malware). There is a continuing link between spam and other security threats with a penchant for spammers to utilize current events to...

Silas Barnes | 11 Jul 2008 16:40:35 GMT | 0 comments

Everyone knows that in a matter of hours, hype can turn a small event into something much larger in the minds of society. Enter the latest round of malicious spam we have seen here at Symantec—the death of the Internet.

The following spam subject lines have been seen:

Secret Plan To Kill Internet By 2012: Leaked?


2012: The year the Internet as we know it dies...

2012: The Year The Internet Ends

This certainly sounds devastating because many of us spend a rather large amount of our time, both as part of work and as part of life, online. Addition information on this apocalyptic event continues in the various body texts we have seen, including:

Every significant Internet provider around the globe is currently in talks


Kelly Conley | 02 Jul 2008 13:49:52 GMT | 0 comments

The July State of Spam Reportopens with optimistic words from 2004, from one Bill Gates: “Two yearsfrom now, spam will be solved.” While we wish that we could say theoptimistic words came to fruition, the reality is that ithas continued to increase and is now accounting for 80% of all email.Over the past month spammers have shown in a variety of ways how theyare still trying to best antispam filters. Some of the spam attacksseen in June include:

- Hacked personal email account used to scam contacts

- Spammers simplify email harvesting technique

- China Earthquake tragedy used to spread viruses

- Olympics-related lottery scam emerges

- Bogus news events continue to be used by spammers to net...

Kelly Conley | 25 Jun 2008 21:33:11 GMT | 0 comments

John Doe, sitting in his office, was scrolling through email in his inbox when he noticed an email with this subject line:

Mail delivery failed: returning message to sender

John thought to himself, “Message delivery failed? Did my message to Jane get blocked?” He then proceeded to open the message and found that it was an online pharmacy spam message he had allegedly sent. John is initially puzzled because he never sent that message himself. Soon, he realizes that the message is NDR spam.

Symantec has observed a wave of non-delivery receipt (NDR) attacks over the past month. While this technique is certainly not new, a spike in volume was significant enough for us to take a deeper look. A lot of people are confused about these messages. Where do they come from? What is the purpose?

This spam type utilizes a...

Kelly Conley | 03 Jun 2008 20:08:06 GMT | 0 comments

The June State of Spam Report demonstrates that spammers are utilizing current events to their advantage. The economic slowdown has been at the forefront of current event topics for some time, and is indisputably a hot item for spammers. In May, Symantec observed the continued offers by spammers to avoid home foreclosure. Many of these attempts are directed towards harvesting personal information and not towards helping anyone out of a loan crisis.

Other current events being used by spammers to take advantage of the public include rising gas prices, the economic stimulus package, and recent natural disasters. In the wake of rising gas prices, spammers are offering gas from unusual sources, like your water faucet. Free gas cards and other products aimed at creating gas out of  other unusual sources are...

Yazan Gable | 13 May 2008 14:19:34 GMT | 0 comments

CAPTCHAs (completely automated public Turing tests to tell computers and humans apart) are common these days. In case you aren’t familiar with the terminology, they are those images with obscured letters that you need to transcribe into a text box whenever you sign up for a new Web mail or forum account, for example. They may be annoying, and sometimes a bit difficult to puzzle through, but they have likely saved the world from a lot of spam.

When they were introduced, their goal was to make it impossible for automated processes to create email or forum accounts, making it difficult for spammers to use these free Web mail accounts to post or send spam. However, that was almost ten years ago, and the times seem to be changing.

This year, the CAPTCHA algorithms of three major Web mail services were cracked (see references below). ...