Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Kelly Conley | 17 Mar 2008 07:00:00 GMT | 0 comments

As reported in the February State of Spam report, we have observed spammers disguising themselves as the IRS and dangling an offer of a tax refund to unwitting recipients. That is, a refund made available once you input your credit card information into their site. A site that does not bear the IRS URL. A site that is fraudulent and nothing more than a collection tool for credit card and other personal information. And while we are still seeing this, we have recently observed a few new types of spam in relation to tax season. This spam being of a more sinister type as it directs you to download a virus.

In one example, the spammer indicates that a new law requires you to download tax software. Well, that in itself is ridiculous because taxes are traditionally done on paper and there is no existing law...

Kelly Conley | 05 Mar 2008 08:00:00 GMT | 0 comments

Social engineering was the driving forcebehind spammers during the month of February. While overall spam volumehovered steadily at 78.5% of email and tactics remained relatively thesame, the use of events, big brands, and public figures drove spamcampaigns during the month. The March State of Spam report highlights several of these.

With the U.S. presidential elections just around the corner thecandidates have turned their focus on each other, just as spammers havefocused their campaigns on the candidates. The first example of thiswas spam leveraging Ron Paul back in October of 2007. Last month,spammers began to spread bogus links purporting to show a HillaryClinton speech, but in actuality the links were cloaking a maliciousTrojan. Most recently we’ve seen spammers leveraging the last remainingfront-runners of the 2008 presidential elections; Obama, McCain...

Kelly Conley | 14 Feb 2008 08:00:00 GMT | 0 comments

It's election year in the United States,everyone must be aware of that by now. We've just observed a Trojanbeing spammed out utilizing a candidate's name, Hillary Clinton, asbait. The email asks you to click a link to download an interview withher. The email circulating has the following subject line:

Subject: Hillary Clinton Full Video !!!

The body of the email looks like this:

The link looks to be coming from[REMOVED]/rdown.php?PNDcx"=id=3D

Looking closer, we see the actual link is:[REMOVED]/rdown.php?PNDcx"=id=3D


Kelly Conley | 05 Feb 2008 08:00:00 GMT | 0 comments

The February State of Spam Reporthighlights an interesting trend in the shift of spam moving from NorthAmerica to EMEA. The percentage of spam originating from EMEA hassurpassed that of North America, which represents a significant shiftin where the bulk of the world’s spam is “supposedly” sent from.

This trend has been observed for the past three months with aculmination in January of approximately 44% of all spam email noworiginating from Europe, versus 35.1% from North America. But is thisspam mail really originating in Europe? Although it appears that waythe very nature of spam distribution makes it difficult to accuratelypinpoint the true geographic origin the sender. Spammers often takeadvantage of tricks that allow them to mask their real location andbypass DNS block lists.

Why the increase in spam...

Kelly Conley | 11 Jan 2008 08:00:00 GMT | 0 comments

The January State of Spam reportshows that as 2007 ended, spam surged and accounted for 75 percent ofall email, increasing to 83 percent in the last few days leading up tothe holiday season. The December State of Spam report had showed that 72% of email traffic was spam.

Spammers changed their techniques for the holidays by insertingseasonal oriented keywords into URLs, subject lines, and embeddedimages within their messages. The objective here was to implant theholiday spirit into the readers' minds and provide blatant gift-givingideas. No, there were no guessing games here as to what the spammerswanted to sell you for the gift giving season. The hot items...

Kelly Conley | 04 Jan 2008 08:00:00 GMT | 0 comments

China is a major exporter of goods and isknown for mass production of cheap products. How often do you see "Madein China" on toys, gadgets, or the latest "it" thing? Who doesn't wantto get these hot products cheap and direct from the manufacturer?Spammers are hoping that you do and have ramped up their game to gainbusiness. Below I'm going to give an outline of the recent history of"Made in China" wholesale product spam.

This spam type originated with bidding Web sites - online auctionhouses. Spammers opened accounts on these bidding sites and posted highpriced, hot products at cheap prices hoping to gain bidder interest.When a potential bidder asked a question through the site the spammerwould provide their "wholesale supplier product Web site," contactemail, and instant messaging ID for contact purposes. The email addressand IM are all registered with third party free email services.

If users don't ask questions, the spammer then sends a fake Q&...

Kelly Conley | 31 Dec 2007 08:00:00 GMT | 0 comments

Job offer spam has been around a while. Itused to work like this: spammer joins job hunting site as a prospectiveemployer, "researches" resumes of prospective employees, and then spamsthose individuals with job offers of home-based businesses. Or,sometimes no job hunting site was involved at all. It was just aspammer sending spam on a home-based business offer. Home-basedbusiness can be legitimate; however, if the offer comes to you via spamthan it most likely is not.

The spammers used to use the job hunting sites themselves to sendthe offers. The recipient would receive the job offer through the siteswhere they had uploaded their resumes and it all looked legitimateuntil they read what the "job offer" actually was. What we are seeingnow is spammers branching out. They appear to have collected the namesof job hunters through these sites and are now sending the job offersdirectly to the prospective employees without going through the jobhunting sites.

The emails...

Jitender Sarda | 24 Dec 2007 08:00:00 GMT | 0 comments

Penny stock spammers have started using ahigh definition video file format to promote stock symbols. As we comeup to the end of the year, spammers have moved quickly on using videoformats for spamming with pump-and-dump stock symbols. Traditionally inpenny stock spam, JPEG images were embedded in the email, followed byURLs that were redirected to other JPEG images. This year we havewitnessed huge rounds of PDF and MP3 file formats to promote stocksymbols.

Penny stock spammers have also used legitimate video commercials (TVand online media commercials) and clippings of professional financialnews reports or programs. Often there are conversations between thehost and the guest star "professional financial analyst," discussingthe company’s strategies and financial prospects. The following are acouple of sample messages of the penny stock spam email:

Date: Fri, 07 Dec 2007 03:21:59 -0500
Subject: Catch The Wave Video...

Kelly Conley | 14 Dec 2007 08:00:00 GMT | 0 comments

On the first day of Christmas
a spammer offered me –
a brand new shiny PC.

On the second day of Christmas
a spammer offered me –
a Rolex watch,
and a brand new shiny PC.

On the third day of Christmas
a spammer offered me –
cheesy business cards,
a Rolex watch,
and a brand new shiny PC.

On the fourth day of Christmas,
a spammer offered me –
H – D – TV,
cheesy business cards,
a Rolex watch,
and a brand new shiny PC

On the fifth day of Christmas
a spammer offered me –
Vi – a – grrrr – ra,
H – D – TV,
cheesy business cards,
a Rolex watch,
and a brand new shiny PC.

On the sixth day of Christmas,
a spammer offered me –
a pink iPod nano,
Vi – a – grrrr – ra,
H – D – TV,
cheesy business cards,
a Rolex watch,
and a brand new shiny PC.


Kelly Conley | 12 Dec 2007 08:00:00 GMT | 0 comments

We've observed some adult spam in disguise.The usual adult spam that we see is simple text with links and adultphrases that make it quite obvious what it is. The mutation that we'verecently observed includes an email that has two parts—HTML and plaintext—where the plain text portion looks completely legitimate and infact is a portion of a legitimate newsletter of some kind. However, theheaders make it apparent that it is not from the legitimate company.


From: Sexy Girls Waiting Live Now

Subject: Tired Of The Overpriced Cam Sites

Text body:

(click for larger image)

What makes it even more obvious that this is...