Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Kelly Conley | 07 May 2008 21:59:10 GMT | 0 comments

As April came to a close, NDR (non-delivery report) spam diminished. In the April State of Spam Report, Symantec reported that NDR spam was 3.7% of all spam observed. Spammers appeared to be playing with the viability of this technique. At this time the numbers of this spam type are down to less than 2%. Symantec has been tracking this spam type over the past couple of months and has provided a graph in the May State of Spam Report that shows the changing volume levels.

However, the loss of momentum with NDR spam does not mean that spammers were resting. This was evidenced by the emergence of "calendar invite" spam in April. The samples observed were "419" or "Nigerian" spam sent with a meeting or calendar invitation attached. While the volume of this emerging spam was low, it does still illustrate the lengths that spammers are willing to go to spread their messages.

"Spear phishing" attacks are also discussed in the latest State of Spam Report...

khaley | 16 Apr 2008 20:00:21 GMT | 0 comments

Sometimes in this job you can be a kill joy. Take, for instance, a situation I was involved in a couple of weeks ago. I had the unpleasant task of informing someone that they were not going to be given 12 million dollars.

I had been invited on the morning show at KSON-FM in San Diego. One of the DJs had received an email he wanted to ask me about. I assumed it was a phishing attack, or perhaps the recent IRS scam that Kelly Conley has blogged about. It turned out he had received an email telling him he was going to be given 12 million dollars. I had to ruin his day. He was not going to be rich, and if he wasn’t careful he might become a victim of the old Spanish Prisoner scam.

This con has been around since the 16th century. 500 years ago you would have received a letter from a man held in a Spanish prison. The...

Shunichi Imano | 14 Apr 2008 22:16:03 GMT | 0 comments
Today, April 14th, 2008, Symantec Security Response received reports from a number of our customers regarding a possible targeted spam attack against several Japanese companies.

The spam email associated with this attack spoofs itself as an email from a Japanese government agency and entices the user to open the attached .zip file to check recent organizational changes. The attached .zip file contains 2 files: 0414.xls and 0414.exe. 0414.xls is a legitimate file containing a list of names, addresses, and personnel positions that may or may not really exist. There is no evidence to suggest that any exploit attempts are made on this file.

However, the other file, 0414.exe, is a variant of Backdoor.Darkmoon, which has a keylogging capabilities. At the time of writing, we have seen several variants of...

Kelly Conley | 03 Apr 2008 07:00:00 GMT | 0 comments

The April State of Spam Report is out today and its findings show that spam levels bounced even higher, averaging 81 percent of all email in March and peaking at all-time highs of nearly 88 percent. “Bounce” being the operative word, because the new report highlights a marked increase in bounced message spam observed by Symantec. With these particular attacks in March, spammers took advantage of mail transfer agent (MTA) programs by utilizing the practice of backscatter to bounce massive volumes of emails to unsuspecting end users. The majority of the bounces observed were Russian language messages, containing images and text that change regularly, often a few times per day.

Spammers take advantage of MTA programs, which can be configured to send back not only a list of failed recipient addresses and an explanation why each address failed, but also a copy of the original message in its entirety. This practice allows spammers to bounce messages around the Internet,...

Kelly Conley | 17 Mar 2008 07:00:00 GMT | 0 comments

As reported in the February State of Spam report, we have observed spammers disguising themselves as the IRS and dangling an offer of a tax refund to unwitting recipients. That is, a refund made available once you input your credit card information into their site. A site that does not bear the IRS URL. A site that is fraudulent and nothing more than a collection tool for credit card and other personal information. And while we are still seeing this, we have recently observed a few new types of spam in relation to tax season. This spam being of a more sinister type as it directs you to download a virus.

In one example, the spammer indicates that a new law requires you to download tax software. Well, that in itself is ridiculous because taxes are traditionally done on paper and there is no existing law...

Kelly Conley | 05 Mar 2008 08:00:00 GMT | 0 comments

Social engineering was the driving forcebehind spammers during the month of February. While overall spam volumehovered steadily at 78.5% of email and tactics remained relatively thesame, the use of events, big brands, and public figures drove spamcampaigns during the month. The March State of Spam report highlights several of these.

With the U.S. presidential elections just around the corner thecandidates have turned their focus on each other, just as spammers havefocused their campaigns on the candidates. The first example of thiswas spam leveraging Ron Paul back in October of 2007. Last month,spammers began to spread bogus links purporting to show a HillaryClinton speech, but in actuality the links were cloaking a maliciousTrojan. Most recently we’ve seen spammers leveraging the last remainingfront-runners of the 2008 presidential elections; Obama, McCain...

Kelly Conley | 14 Feb 2008 08:00:00 GMT | 0 comments

It's election year in the United States,everyone must be aware of that by now. We've just observed a Trojanbeing spammed out utilizing a candidate's name, Hillary Clinton, asbait. The email asks you to click a link to download an interview withher. The email circulating has the following subject line:

Subject: Hillary Clinton Full Video !!!

The body of the email looks like this:

The link looks to be coming from[REMOVED]/rdown.php?PNDcx"=id=3D

Looking closer, we see the actual link is:[REMOVED]/rdown.php?PNDcx"=id=3D


Kelly Conley | 05 Feb 2008 08:00:00 GMT | 0 comments

The February State of Spam Reporthighlights an interesting trend in the shift of spam moving from NorthAmerica to EMEA. The percentage of spam originating from EMEA hassurpassed that of North America, which represents a significant shiftin where the bulk of the world’s spam is “supposedly” sent from.

This trend has been observed for the past three months with aculmination in January of approximately 44% of all spam email noworiginating from Europe, versus 35.1% from North America. But is thisspam mail really originating in Europe? Although it appears that waythe very nature of spam distribution makes it difficult to accuratelypinpoint the true geographic origin the sender. Spammers often takeadvantage of tricks that allow them to mask their real location andbypass DNS block lists.

Why the increase in spam...

Kelly Conley | 11 Jan 2008 08:00:00 GMT | 0 comments

The January State of Spam reportshows that as 2007 ended, spam surged and accounted for 75 percent ofall email, increasing to 83 percent in the last few days leading up tothe holiday season. The December State of Spam report had showed that 72% of email traffic was spam.

Spammers changed their techniques for the holidays by insertingseasonal oriented keywords into URLs, subject lines, and embeddedimages within their messages. The objective here was to implant theholiday spirit into the readers' minds and provide blatant gift-givingideas. No, there were no guessing games here as to what the spammerswanted to sell you for the gift giving season. The hot items...

Kelly Conley | 04 Jan 2008 08:00:00 GMT | 0 comments

China is a major exporter of goods and isknown for mass production of cheap products. How often do you see "Madein China" on toys, gadgets, or the latest "it" thing? Who doesn't wantto get these hot products cheap and direct from the manufacturer?Spammers are hoping that you do and have ramped up their game to gainbusiness. Below I'm going to give an outline of the recent history of"Made in China" wholesale product spam.

This spam type originated with bidding Web sites - online auctionhouses. Spammers opened accounts on these bidding sites and posted highpriced, hot products at cheap prices hoping to gain bidder interest.When a potential bidder asked a question through the site the spammerwould provide their "wholesale supplier product Web site," contactemail, and instant messaging ID for contact purposes. The email addressand IM are all registered with third party free email services.

If users don't ask questions, the spammer then sends a fake Q&...