Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Vikram Thakur | 02 Oct 2007 07:00:00 GMT | 0 comments

A few weeks ago I posted an entryabout how malicious software was using stolen personal information tosend spam which made users believe in its authenticity. Recently, we'veacquired another email claiming to come from an employer who has founda resume matching an open position in their company. Again, looking atthe job profile it seems very lucrative with slim to no work involved.

The position is that of a PayPal Account Manager. The only realrequisite for this job is the possession of a valid PayPal account witha verified bank account. The position description even mentions thatpersonal data such as one’s Social Security number and passwords arenot going to be asked for.


Ollie Whitehouse | 28 Sep 2007 07:00:00 GMT | 0 comments

Interesting tidbit: I subscribe to the Messaging Newsemail newsletter. (I don’t actually remember signing up for it – buthey ho). I couldn’t find this replicated on their site so I am going toquote the interesting bits of the newsletter.

What caught by eye was the title ‘Cell Phone Users Experience Text Spam’. We’ve discussed this before with the most interesting incident being when one operator took legal action. Anyway back to the Messaging News newsletter, they said the following:

“Across the country this past weekend, many folks received a spammessage for the first time. While a common problem with email, theshear...

Marc Fossi | 27 Sep 2007 07:00:00 GMT | 0 comments

…they just move to new mediums. Waaaay back in 1994, a computervirus hoax known as Good Times was passed around the Internet. Whilenot the first computer virus hoax, it is probably one of the bestknown. Since then there have been many similar hoaxes all promisingcertain destruction of your computer if you open an email originatingfrom a certain address or simply by reading certain words that appearon your monitor. Naturally, when many people receive one of thesehoaxes they decide to forward the message to all their friends andfamily to save them from this fate, thus helping the chain letter tospread (if I tell two friends and they tell two friends…).

In recent years, I noticed that these messages were showing up in myinbox less and less frequently. Did people learn not to believe thesemessages? Well, apparently not. They seem to be making a comeback, butrather than being sent via email they’re now sent through the messagingsystems on various social networking sites, as well...

Kelly Conley | 24 Sep 2007 07:00:00 GMT | 0 comments

Pump-and-dump stock, or penny stock, spam has been around for a longtime. Most memorably it has the distinction of being the maindeliverable of image spam. Regardless of the morphing or variations itis still pump-and-dump stock and while we're not stock advisors wewould advise against it, unless you like parting from your money.

The most recent morphing we've observed over the past few daysincludes highly obfuscated messages with a few distinctive features.For starters, none of the message headers in the attack contain asubject line. This means that when it lands in your inbox there will beno subject line for the message. Spammers may be utilizing this tacticas a means to entice end users to open the message by banking on thecuriosity of an end user to open the mysterious message. There is asubject line in the body of the message. The spammer is most likelydoing this for obfuscation purposes.

Other features of this pump and dump attack are the inclusion ofrandom,...

Ron Bowes | 20 Sep 2007 07:00:00 GMT | 0 comments

Volume XII of Symantec's Internet Security Threat Reportlooks at a variety of trends that were seen in phishing and spam.Although spammers' and phishers' techniques and targets constantlyvary, one thing remains the same: they're trying to make money – andthey're getting better at it.

Phishing attacks targeting financial services remained the mostpopular target than any other sector, making up 79 percent of uniquebrands phished, and 72 percent of all phishing Web sites. The reasonfor this is obvious: phishers want money, and stealing bank account orcredit card information is one of the quickest ways to make it. Andwith credit cards commonly selling for less than ten dollars on theblack market, and bulk rates offered on credit card sales, the phishersneed a lot of them to turn a profit.

In an attempt to get more bang for their buck, phishers have starteddeveloping...

Nicolas Falliere | 14 Sep 2007 07:00:00 GMT | 0 comments

Peacomm samples - the so-called Storm worm- started sending unusual spam yesterday. For once, the mail did notcontain a hard-coded IP address linking to fake videos, pseudo Torclients or NFL "tracker programs". The spam advertises a website,

Subject: Cold Hard Cash!

Seeking highly motivated individuals interested in a unique opportunity in financial services.

Building an exciting career where you determine your own hours and compensations.

Hmm. Already this looksvery suspicious, but let's check that link anyway. The site hostsphpbb, a popular open-source PHP-based Bulletin Board, and opensdirectly to the following...

Kelly Conley | 05 Sep 2007 07:00:00 GMT | 0 comments

The September State of Spam Report is out and includes several interesting highlights and trends seen inAugust. Some highlights in this report include an update on the stateof PDF spam, different variations that have been observed in e-cardspam tactics, including fake YouTube sites, as well as insight intosome new and novel tactics that were observed by Symantec during August.

Where did PDF spam go? Highlighted in a previous postas an emerging trend, PDF and other attachment spam reached a high inearly August but closed out the month with record lows. First seen inJune of 2007 with PDF files, attachment spam grew to encompass PDF, XLSand RAR files. By Early August, this spam type was seen in 20 percentof all...

Vikram Thakur | 21 Aug 2007 07:00:00 GMT | 0 comments

We recently analyzed a sample of Infostealer.Monstres, and our colleague Amado posted an interesting entrywith some details of its actions. As the analysis of this threatcontinued, new details emerged. We've been able to acquire some emailtemplates that the Trojan may use to send targeted spam to individuals,using stolen personal information.

The templates acquired all point to the same position. The job isthat of a 'Transfer Manager' at an investment company. The jobdescription states that the position would entail facilitatingfinancial transactions made by the clients of the investment company.The email looks very realistic and may convince many that it has beensent from or

Here are some of the email...

David McKinney | 14 Aug 2007 07:00:00 GMT | 0 comments

This month Microsoft has released nine security bulletins. All ofthese vulnerabilities could let an attacker execute arbitrary code onan affected computer. All of the issues are also classified as“client-side vulnerabilities”, meaning that they require someinteraction on the part of the user for exploitation to occur. Thiswill usually entail visiting a malicious Web page or opening amalicious file that is sent through email or other means.

Microsoft’s summary of the bulletins can be found here.

  1. MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)

    This bulletin consists of a code execution vulnerability(CVE-2007-2223/BID 25301) affecting Microsoft XML Core Services.Attackers could exploit this issue through a malicious Web page.

    Affects: Microsoft XML Core Services 3.0/4.0/6.0 on...

Kelly Conley | 07 Aug 2007 07:00:00 GMT | 0 comments

The August State of Spam Reporthighlights the continuing decline of image spam, which reached a low inJuly from its peak in January. In addition, we observed the emergenceof a new focus - greeting card spam, PDF and other file attachmentsspam, and the rise in URLs with Chinese top-level domains (TLDs)marketing spam. This month’s spotlight includes regional spam trends inEMEA.

Though still steadily declining, what we’ve come to think of as‘image spam’ has not gone away. The preferred delivery method of thisspam type is now PDF, which emerged in June of 2007 and was discussedin a previous post. Symantec is seeing PDF spam ranging between two toeight percent of all spam. July also saw the emergence of yet moretactics focused on spamming images. These tactics include the use ofXLS and ZIP files. At this time, the volume of these spam types is lowbut Symantec is closely...