Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Kelly Conley | 14 Dec 2007 08:00:00 GMT | 0 comments


On the first day of Christmas
a spammer offered me –
a brand new shiny PC.

On the second day of Christmas
a spammer offered me –
a Rolex watch,
and a brand new shiny PC.

On the third day of Christmas
a spammer offered me –
cheesy business cards,
a Rolex watch,
and a brand new shiny PC.

On the fourth day of Christmas,
a spammer offered me –
H – D – TV,
cheesy business cards,
a Rolex watch,
and a brand new shiny PC

On the fifth day of Christmas
a spammer offered me –
Vi – a – grrrr – ra,
H – D – TV,
cheesy business cards,
a Rolex watch,
and a brand new shiny PC.

On the sixth day of Christmas,
a spammer offered me –
a pink iPod nano,
Vi – a – grrrr – ra,
H – D – TV,
cheesy business cards,
a Rolex watch,
and a brand new shiny PC.

On...

Kelly Conley | 12 Dec 2007 08:00:00 GMT | 0 comments

We've observed some adult spam in disguise.The usual adult spam that we see is simple text with links and adultphrases that make it quite obvious what it is. The mutation that we'verecently observed includes an email that has two parts—HTML and plaintext—where the plain text portion looks completely legitimate and infact is a portion of a legitimate newsletter of some kind. However, theheaders make it apparent that it is not from the legitimate company.

Headers:

From: Sexy Girls Waiting Live Now

Subject: Tired Of The Overpriced Cam Sites

Text body:


(click for larger image)

What makes it even more obvious that this is...

Kelly Conley | 10 Dec 2007 08:00:00 GMT | 0 comments

Here we are the end of another year. As 2007 rolls to a close the December State of Spam Report reviews this past month’s key trends and reflects on some of the year’s most notable spam events and trends.

Monitoring more than 450 million inboxes worldwide, Symantecobserved spam surge to 72% of overall email traffic in November.Spammers were also on the hunt for new email addresses, initiating amassive harvesting campaign. During a harvesting campaign spammersbombard email servers with guessed email addresses. Those that are notrejected are assumed to be valid email addresses and are added to spamlists for future attacks. Symantec estimates that it blockedapproximately 35 million of these harvesting emails.

Throughout November, Symantec also observed spam with a seasonal "hook." Some highlights include:

...
Jitender Sarda | 04 Dec 2007 08:00:00 GMT | 0 comments

'Tis the season of exchanging greetings,what with Thanksgiving and Xmas rounding out the year's end.Unfortunately, malicious code writers are on the job trying to exploitthese occasions by sending out mass spam email greeting cards withattractive and fancy links that serve the purpose of downloadingmalicious files to a victim's computer.

These eCards are purportedly sent from a legitimate source and tryto lure the victim to click on the link to view the eCards, which haveunderlying tricks to try and infect the computer. With the Xmas bellsstarting to ring, here is the first incidence where Xmas ecards havestarted doing the rounds. The URL included in the eCards attempts todownload "sos385.tmp" file, which is a downloader.

In this particular sample below, the "From:" header alias isdisplaying an eCard from a well known company; however, it is of coursea spoofed header. The spammer has also deliberately inserted the text "(no worm , no...

Jitender Sarda | 28 Nov 2007 08:00:00 GMT | 0 comments

Malicious code writers have always usedpopular Web brand names to spread malicious code through spam vectorsand these days the YouTube brand name is popping up more and more.However, the spoofed URL in this latest scam redirects visitors todynamic domain names with seemingly unusual top level domains (TLDs),such as .li, .ch, and .es. Last month, spammers used the YouTube brandname in an attempt to spread spam regarding male enhancement pills andget-rich-quick schemes.

The email looks harmless enough, because the “From” header is spoofed to appear as if it's coming from "YouTube Service" ,which helps it to look like a legitimate invitation. The video'sdescription is enticing and seems innocuous, inviting potential victimsto open a shared video file, which is a fake YouTube link. Here is asample of one of these scam emails:

From: "YouTube Service" service@youtube.com
To: [REMOVED]
Bcc: [...

Kelly Conley | 15 Nov 2007 08:00:00 GMT | 0 comments

We have recently seen a scam purporting tobe from the China National Offshore Oil Corporation that makes claimsof winning money and a trip to the Beijing Olympics in 2008. The emaillooks like the usual "Winning Notification" lottery emails that are alltoo common. However, the twist is that not only do you "win" money, butyou also win a trip to the 2008 Olympics. This is the first scam thatwe have seen that tries to live off the name of the 2008 Olympics inBeijing.

The China National Oil Corporation is currently a hot stock marketpick and owns a certain portion of valuable crude oil worldwide. Byutilizing this known company to promote a "free" trip to the Olympicsthe scammer is looking to receive a lot of interest on this offer. Andwhat does the spammer hope to receive in return? Valuable personalinformation. Here is a sample of one of the spam emails:

From: XXXXXX@hotmail.com
Subject:...

Kelly Conley | 07 Nov 2007 08:00:00 GMT | 0 comments

Presidential spam? Yes, we have seen it. Asthe race to the Whitehouse builds momentum, one spammer is out thereendorsing his favorite candidate. While there is no evidence that thespam for this particular candidate originates with the candidatehimself, we believe this may be an interesting view into what politicalspam may look like over the course of the next year as the UnitedStates Presidential elections draw nearer. Please have a look at theNovember State of Spam Report to view samples of this type of spam.

A new tactic during the month of October was the inclusion of MP3files to promote pump and dump stock spam. This variation of theclassic pump-and-dump stock is just the most recent technique beingutilized to market these stocks to the masses. A blog was createdearlier in the month regarding this novel type spam attack and can beread ...

Kelly Conley | 06 Nov 2007 08:00:00 GMT | 0 comments

Over the past week we have seen some scamspurporting to be generating from the IRS. The scams are requestingdonations for the wildfires that ravaged the Southern California regionlast week. A portion of the email is below:

From: Internal Revenue Service<61yu9@irs.gov>Subject: Help for California Wildfire Victims

Right now California is asking you for help !
If you chose to take part in our program (initiated by IRS & U.S GOVERNMENT)
click on the link below and make a small contribution.
Together we can rebuild California !

BE HUMAN GET INVOLVED ! BE AMERICAN ! CALIFORNIA NEEDS YOUR HELP !

https://www.irs.gov/help/donate.html

This email is not from the IRS. The link redirectsto a fraudulent Web site created by scam spammers to steal your money.It is unfortunate...

Jitender Sarda | 02 Nov 2007 07:00:00 GMT | 0 comments

Imagine Google’s search engine being exploited for sending spam URLs. Unbelievable? Believe it!

Google is the one of the most widely used search engines on the Webtoday. To make life easier, it supports a few advanced query wordswhich narrow the scope of a search to a great extent. It appears thatspammers have found a way to exploit this facility to direct the enduser to a URL advertising their products or services, using Google’sadvanced search operators.

Recently, we came across few offer spam mails which had the following URL in it:
http://www.google.com/search?hl=en&q=inurl:replica%20intext:%22Perfect+cheap+replica+watches+online.%22&btnI=

A first glance, it appeared to be a “Google search results” link andwe were expecting it to take us to the search results page. However,when...

Jitender Sarda | 18 Oct 2007 07:00:00 GMT | 0 comments

Pump-and-dump stock spam is a classicexample of sophistication and diversity of spam techniques. Recentlythe pump-and-dump spammers have started using mp3 files as a new methodof spreading stock spam.

In the latest observations we’ve seen an mp3 file as an attachmentin the body of an email message – without any content – and the subjectline usually includes “RE:”, “FW:”, or is sometimes just blank. The“From:” address is usually random. Another feature of this newpump-and-dump stock attack is that the mp3 files have random names,such as the following examples:

"ciara.mp3"
“elvis.mp3"
"crazylady.mp3"
"chrisbrown.mp3
“jillscott.mp3"
"crush.mp3"

The average file size is approximately 63.3 kb, with the garbledstock tip lasting for about 30 seconds. The Audio content soundssomething like the below example:

Hello, this is an Investor alert. XXXX Inc. hasannounced it is ready to launch its new XXXX.com...