Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Kelly Conley | 05 Aug 2008 14:52:39 GMT | 0 comments

As we enter August, Symantec takes note in the State of Spam Report that spammers are continuing to attempt to entice users to open their messages by sensationalizing false news events. Popular targets of this headline or tabloid spam include current public events and figures, such as Obama and McCain.

In July, some of the subject lines observed were:


  • Beijing Olympics cancelled
  • Beijing postpones Olympics due to McCain-Dalai Lama meeting
  • Mccain Says Unsure If Obama A Secret Hippopotamus
  • Kick-up - Obama speaks in London - video


In the samples observed, the URLs were hosting malicious code (malware). There is a continuing link between spam and other security threats with a penchant for spammers to...

Silas Barnes | 11 Jul 2008 16:40:35 GMT | 0 comments

Everyone knows that in a matter of hours, hype can turn a small event into something much larger in the minds of society. Enter the latest round of malicious spam we have seen here at Symantec—the death of the Internet.


The following spam subject lines have been seen:


Secret Plan To Kill Internet By 2012: Leaked?


2012: The year the Internet as we know it dies...

2012: The Year The Internet Ends


This certainly sounds devastating because many of us spend a rather large amount of our time, both as part of work and as part of life, online. Addition information on this apocalyptic event continues in the various body texts we have seen, including:


Every significant Internet provider around the...

Kelly Conley | 02 Jul 2008 13:49:52 GMT | 0 comments

The July State of Spam Reportopens with optimistic words from 2004, from one Bill Gates: “Two yearsfrom now, spam will be solved.” While we wish that we could say theoptimistic words came to fruition, the reality is that ithas continued to increase and is now accounting for 80% of all email.Over the past month spammers have shown in a variety of ways how theyare still trying to best antispam filters. Some of the spam attacksseen in June include:

- Hacked personal email account used to scam contacts

- Spammers simplify email harvesting technique

- China Earthquake tragedy used to spread viruses

- Olympics-related lottery scam emerges

- Bogus news events continue to be used by spammers to net...

Kelly Conley | 25 Jun 2008 21:33:11 GMT | 0 comments

John Doe, sitting in his office, was scrolling through email in his inbox when he noticed an email with this subject line:

Mail delivery failed: returning message to sender

John thought to himself, “Message delivery failed? Did my message to Jane get blocked?” He then proceeded to open the message and found that it was an online pharmacy spam message he had allegedly sent. John is initially puzzled because he never sent that message himself. Soon, he realizes that the message is NDR spam.

Symantec has observed a wave of non-delivery receipt (NDR) attacks over the past month. While this technique is certainly not new, a spike in volume was significant enough for us to take a deeper look. A lot of people are confused about these messages. Where do they come from? What is the purpose?

This spam type utilizes a...

Kelly Conley | 03 Jun 2008 20:08:06 GMT | 0 comments

The June State of Spam Report demonstrates that spammers are utilizing current events to their advantage. The economic slowdown has been at the forefront of current event topics for some time, and is indisputably a hot item for spammers. In May, Symantec observed the continued offers by spammers to avoid home foreclosure. Many of these attempts are directed towards harvesting personal information and not towards helping anyone out of a loan crisis.

Other current events being used by spammers to take advantage of the public include rising gas prices, the economic stimulus package, and recent natural disasters. In the wake of rising gas prices, spammers are offering gas from unusual sources, like your water faucet. Free gas cards and other products aimed at creating gas out of  other unusual sources are...

Yazan Gable | 13 May 2008 14:19:34 GMT | 0 comments

CAPTCHAs (completely automated public Turing tests to tell computers and humans apart) are common these days. In case you aren’t familiar with the terminology, they are those images with obscured letters that you need to transcribe into a text box whenever you sign up for a new Web mail or forum account, for example. They may be annoying, and sometimes a bit difficult to puzzle through, but they have likely saved the world from a lot of spam.

When they were introduced, their goal was to make it impossible for automated processes to create email or forum accounts, making it difficult for spammers to use these free Web mail accounts to post or send spam. However, that was almost ten years ago, and the times seem to be changing.

This year, the CAPTCHA algorithms of three major Web mail services were cracked (see references below). ...

Kelly Conley | 07 May 2008 21:59:10 GMT | 0 comments

As April came to a close, NDR (non-delivery report) spam diminished. In the April State of Spam Report, Symantec reported that NDR spam was 3.7% of all spam observed. Spammers appeared to be playing with the viability of this technique. At this time the numbers of this spam type are down to less than 2%. Symantec has been tracking this spam type over the past couple of months and has provided a graph in the May State of Spam Report that shows the changing volume levels.

However, the loss of momentum with NDR spam does not mean that spammers were resting. This was evidenced by the emergence of "calendar invite" spam in April. The samples observed were "419" or "Nigerian" spam sent with a meeting or calendar invitation attached. While the volume of this emerging spam was low, it does still illustrate the lengths that spammers are willing to go to spread their messages.

"Spear phishing" attacks are also discussed in the latest State of Spam Report...

khaley | 16 Apr 2008 20:00:21 GMT | 0 comments

Sometimes in this job you can be a kill joy. Take, for instance, a situation I was involved in a couple of weeks ago. I had the unpleasant task of informing someone that they were not going to be given 12 million dollars.

I had been invited on the morning show at KSON-FM in San Diego. One of the DJs had received an email he wanted to ask me about. I assumed it was a phishing attack, or perhaps the recent IRS scam that Kelly Conley has blogged about. It turned out he had received an email telling him he was going to be given 12 million dollars. I had to ruin his day. He was not going to be rich, and if he wasn’t careful he might become a victim of the old Spanish Prisoner scam.

This con has been around since the 16th century. 500 years ago you would have received a letter from a man held in a Spanish prison. The...

Shunichi Imano | 14 Apr 2008 22:16:03 GMT | 0 comments
Today, April 14th, 2008, Symantec Security Response received reports from a number of our customers regarding a possible targeted spam attack against several Japanese companies.

The spam email associated with this attack spoofs itself as an email from a Japanese government agency and entices the user to open the attached .zip file to check recent organizational changes. The attached .zip file contains 2 files: 0414.xls and 0414.exe. 0414.xls is a legitimate file containing a list of names, addresses, and personnel positions that may or may not really exist. There is no evidence to suggest that any exploit attempts are made on this file.

However, the other file, 0414.exe, is a variant of Backdoor.Darkmoon, which has a keylogging capabilities. At the time of writing, we have seen several variants of...

Kelly Conley | 03 Apr 2008 07:00:00 GMT | 0 comments

The April State of Spam Report is out today and its findings show that spam levels bounced even higher, averaging 81 percent of all email in March and peaking at all-time highs of nearly 88 percent. “Bounce” being the operative word, because the new report highlights a marked increase in bounced message spam observed by Symantec. With these particular attacks in March, spammers took advantage of mail transfer agent (MTA) programs by utilizing the practice of backscatter to bounce massive volumes of emails to unsuspecting end users. The majority of the bounces observed were Russian language messages, containing images and text that change regularly, often a few times per day.

Spammers take advantage of MTA programs, which can be configured to send back not only a list of failed recipient addresses and an explanation why each address failed, but also a copy of the original message in its entirety. This practice allows spammers to bounce messages around the Internet,...