Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Kelly Conley | 31 Dec 2007 08:00:00 GMT | 0 comments

Job offer spam has been around a while. Itused to work like this: spammer joins job hunting site as a prospectiveemployer, "researches" resumes of prospective employees, and then spamsthose individuals with job offers of home-based businesses. Or,sometimes no job hunting site was involved at all. It was just aspammer sending spam on a home-based business offer. Home-basedbusiness can be legitimate; however, if the offer comes to you via spamthan it most likely is not.

The spammers used to use the job hunting sites themselves to sendthe offers. The recipient would receive the job offer through the siteswhere they had uploaded their resumes and it all looked legitimateuntil they read what the "job offer" actually was. What we are seeingnow is spammers branching out. They appear to have collected the namesof job hunters through these sites and are now sending the job offersdirectly to the prospective employees without going through the jobhunting sites.

The emails...

Jitender Sarda | 24 Dec 2007 08:00:00 GMT | 0 comments

Penny stock spammers have started using ahigh definition video file format to promote stock symbols. As we comeup to the end of the year, spammers have moved quickly on using videoformats for spamming with pump-and-dump stock symbols. Traditionally inpenny stock spam, JPEG images were embedded in the email, followed byURLs that were redirected to other JPEG images. This year we havewitnessed huge rounds of PDF and MP3 file formats to promote stocksymbols.

Penny stock spammers have also used legitimate video commercials (TVand online media commercials) and clippings of professional financialnews reports or programs. Often there are conversations between thehost and the guest star "professional financial analyst," discussingthe company’s strategies and financial prospects. The following are acouple of sample messages of the penny stock spam email:

Date: Fri, 07 Dec 2007 03:21:59 -0500
Subject: Catch The Wave Video...

Kelly Conley | 14 Dec 2007 08:00:00 GMT | 0 comments

On the first day of Christmas
a spammer offered me –
a brand new shiny PC.

On the second day of Christmas
a spammer offered me –
a Rolex watch,
and a brand new shiny PC.

On the third day of Christmas
a spammer offered me –
cheesy business cards,
a Rolex watch,
and a brand new shiny PC.

On the fourth day of Christmas,
a spammer offered me –
H – D – TV,
cheesy business cards,
a Rolex watch,
and a brand new shiny PC

On the fifth day of Christmas
a spammer offered me –
Vi – a – grrrr – ra,
H – D – TV,
cheesy business cards,
a Rolex watch,
and a brand new shiny PC.

On the sixth day of Christmas,
a spammer offered me –
a pink iPod nano,
Vi – a – grrrr – ra,
H – D – TV,
cheesy business cards,
a Rolex watch,
and a brand new shiny PC.


Kelly Conley | 12 Dec 2007 08:00:00 GMT | 0 comments

We've observed some adult spam in disguise.The usual adult spam that we see is simple text with links and adultphrases that make it quite obvious what it is. The mutation that we'verecently observed includes an email that has two parts—HTML and plaintext—where the plain text portion looks completely legitimate and infact is a portion of a legitimate newsletter of some kind. However, theheaders make it apparent that it is not from the legitimate company.


From: Sexy Girls Waiting Live Now

Subject: Tired Of The Overpriced Cam Sites

Text body:

(click for larger image)

What makes it even more obvious that this is...

Kelly Conley | 10 Dec 2007 08:00:00 GMT | 0 comments

Here we are the end of another year. As 2007 rolls to a close the December State of Spam Report reviews this past month’s key trends and reflects on some of the year’s most notable spam events and trends.

Monitoring more than 450 million inboxes worldwide, Symantecobserved spam surge to 72% of overall email traffic in November.Spammers were also on the hunt for new email addresses, initiating amassive harvesting campaign. During a harvesting campaign spammersbombard email servers with guessed email addresses. Those that are notrejected are assumed to be valid email addresses and are added to spamlists for future attacks. Symantec estimates that it blockedapproximately 35 million of these harvesting emails.

Throughout November, Symantec also observed spam with a seasonal "hook." Some highlights include:

Jitender Sarda | 04 Dec 2007 08:00:00 GMT | 0 comments

'Tis the season of exchanging greetings,what with Thanksgiving and Xmas rounding out the year's end.Unfortunately, malicious code writers are on the job trying to exploitthese occasions by sending out mass spam email greeting cards withattractive and fancy links that serve the purpose of downloadingmalicious files to a victim's computer.

These eCards are purportedly sent from a legitimate source and tryto lure the victim to click on the link to view the eCards, which haveunderlying tricks to try and infect the computer. With the Xmas bellsstarting to ring, here is the first incidence where Xmas ecards havestarted doing the rounds. The URL included in the eCards attempts todownload "sos385.tmp" file, which is a downloader.

In this particular sample below, the "From:" header alias isdisplaying an eCard from a well known company; however, it is of coursea spoofed header. The spammer has also deliberately inserted the text "(no worm , no...

Jitender Sarda | 28 Nov 2007 08:00:00 GMT | 0 comments

Malicious code writers have always usedpopular Web brand names to spread malicious code through spam vectorsand these days the YouTube brand name is popping up more and more.However, the spoofed URL in this latest scam redirects visitors todynamic domain names with seemingly unusual top level domains (TLDs),such as .li, .ch, and .es. Last month, spammers used the YouTube brandname in an attempt to spread spam regarding male enhancement pills andget-rich-quick schemes.

The email looks harmless enough, because the “From” header is spoofed to appear as if it's coming from "YouTube Service" ,which helps it to look like a legitimate invitation. The video'sdescription is enticing and seems innocuous, inviting potential victimsto open a shared video file, which is a fake YouTube link. Here is asample of one of these scam emails:

From: "YouTube Service"
Bcc: [...

Kelly Conley | 15 Nov 2007 08:00:00 GMT | 0 comments

We have recently seen a scam purporting tobe from the China National Offshore Oil Corporation that makes claimsof winning money and a trip to the Beijing Olympics in 2008. The emaillooks like the usual "Winning Notification" lottery emails that are alltoo common. However, the twist is that not only do you "win" money, butyou also win a trip to the 2008 Olympics. This is the first scam thatwe have seen that tries to live off the name of the 2008 Olympics inBeijing.

The China National Oil Corporation is currently a hot stock marketpick and owns a certain portion of valuable crude oil worldwide. Byutilizing this known company to promote a "free" trip to the Olympicsthe scammer is looking to receive a lot of interest on this offer. Andwhat does the spammer hope to receive in return? Valuable personalinformation. Here is a sample of one of the spam emails:


Kelly Conley | 07 Nov 2007 08:00:00 GMT | 0 comments

Presidential spam? Yes, we have seen it. Asthe race to the Whitehouse builds momentum, one spammer is out thereendorsing his favorite candidate. While there is no evidence that thespam for this particular candidate originates with the candidatehimself, we believe this may be an interesting view into what politicalspam may look like over the course of the next year as the UnitedStates Presidential elections draw nearer. Please have a look at theNovember State of Spam Report to view samples of this type of spam.

A new tactic during the month of October was the inclusion of MP3files to promote pump and dump stock spam. This variation of theclassic pump-and-dump stock is just the most recent technique beingutilized to market these stocks to the masses. A blog was createdearlier in the month regarding this novel type spam attack and can beread ...

Kelly Conley | 06 Nov 2007 08:00:00 GMT | 0 comments

Over the past week we have seen some scamspurporting to be generating from the IRS. The scams are requestingdonations for the wildfires that ravaged the Southern California regionlast week. A portion of the email is below:

From: Internal Revenue Service<>Subject: Help for California Wildfire Victims

Right now California is asking you for help !
If you chose to take part in our program (initiated by IRS & U.S GOVERNMENT)
click on the link below and make a small contribution.
Together we can rebuild California !


This email is not from the IRS. The link redirectsto a fraudulent Web site created by scam spammers to steal your money.It is unfortunate...