Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Jitender Sarda | 18 Oct 2007 07:00:00 GMT | 0 comments

Pump-and-dump stock spam is a classicexample of sophistication and diversity of spam techniques. Recentlythe pump-and-dump spammers have started using mp3 files as a new methodof spreading stock spam.

In the latest observations we’ve seen an mp3 file as an attachmentin the body of an email message – without any content – and the subjectline usually includes “RE:”, “FW:”, or is sometimes just blank. The“From:” address is usually random. Another feature of this newpump-and-dump stock attack is that the mp3 files have random names,such as the following examples:

"ciara.mp3"
“elvis.mp3"
"crazylady.mp3"
"chrisbrown.mp3
“jillscott.mp3"
"crush.mp3"

The average file size is approximately 63.3 kb, with the garbledstock tip lasting for about 30 seconds. The Audio content soundssomething like the below example:

Hello, this is an Investor alert. XXXX Inc. hasannounced it is ready to launch its new XXXX.com...

Ben Nahorney | 18 Oct 2007 07:00:00 GMT | 0 comments

I was recently reminded of a childhood gamemy friends and I used to play in the forests near where I grew up. I’dstand near the edge of the tree line, holding a burlap sack, while myfriends snuck into the underbrush looking for snipes.You had to be really quiet, see, because those critters would scareeasily. You had to have patience too; sometimes you’d be standing therefor hours in your snipe-catching crouch. On more than one occasion itseemed my friends got lost in their hunt, and as dusk turned intoevening, I’d have to head home empty-handed, before my parents startedwondering where I was.

I was a gullible kid.

In much the same way, many people these days are being misled bymessages they receive about threats on their computer. But where theworst that came of our snipe-hunting adventures was wariness of what myfriends would tell me, believing these messages can...

Kelly Conley | 05 Oct 2007 07:00:00 GMT | 0 comments

Are spammers trying their hand at PDF spam again? Symantec hasobserved a small comeback of PDF spam in the early days of October. PDFspam volume was observed at about zero percent at the end of Septemberand is currently at around two percent.

In recent days we’ve seen the emergence of one PDF pump-and-dumpstock attack of which we have seen over 20,000 messages. This attackconsists of highly randomized headers and body. The body contains thetext for the stock being promoted followed by randomized text in the‘Shakespeare’ technique of spamming. This technique is when a spammertakes blocks of texts from existing works and inserts them into thespam message in attempt to avoid anti-spam filters. A sample of thepump-and-dump stock portion of the message follows:


Fearless International (FRLE) $0.19
Fearless International Inc., a luxury performance boat manufacturer,
has been the focus of the media for the last several months in magazine
such...

Kelly Conley | 03 Oct 2007 07:00:00 GMT | 0 comments

With the housing market taking a continued hit in September,in-boxes also took an increased hit as spammers exploited the recentmarket slowdown and subsequent interest rate cut by the Federal Reservein the U.S. As noted in the October State of Spam Report,Symantec has seen a marked increase in spam directed towards homeownersand prospective homeowners offering refinancing, home equity loans, andactual houses. First, the spammer needs to collect personal informationfrom the recipient to evaluate whether they are eligible for an offer.This is information they can turn around and use to their advantage forfurther spamming.

Image spam levels also showed a continued decrease in September; theOctober State of Spam Report notes that seven percent of all spam fallsinto this category. This is a three percent decrease from August....

Vikram Thakur | 02 Oct 2007 07:00:00 GMT | 0 comments

A few weeks ago I posted an entryabout how malicious software was using stolen personal information tosend spam which made users believe in its authenticity. Recently, we'veacquired another email claiming to come from an employer who has founda resume matching an open position in their company. Again, looking atthe job profile it seems very lucrative with slim to no work involved.

The position is that of a PayPal Account Manager. The only realrequisite for this job is the possession of a valid PayPal account witha verified bank account. The position description even mentions thatpersonal data such as one’s Social Security number and passwords arenot going to be asked for.

...

Ollie Whitehouse | 28 Sep 2007 07:00:00 GMT | 0 comments

Interesting tidbit: I subscribe to the Messaging Newsemail newsletter. (I don’t actually remember signing up for it – buthey ho). I couldn’t find this replicated on their site so I am going toquote the interesting bits of the newsletter.

What caught by eye was the title ‘Cell Phone Users Experience Text Spam’. We’ve discussed this before with the most interesting incident being when one operator took legal action. Anyway back to the Messaging News newsletter, they said the following:


“Across the country this past weekend, many folks received a spammessage for the first time. While a common problem with email, theshear...

Marc Fossi | 27 Sep 2007 07:00:00 GMT | 0 comments

…they just move to new mediums. Waaaay back in 1994, a computervirus hoax known as Good Times was passed around the Internet. Whilenot the first computer virus hoax, it is probably one of the bestknown. Since then there have been many similar hoaxes all promisingcertain destruction of your computer if you open an email originatingfrom a certain address or simply by reading certain words that appearon your monitor. Naturally, when many people receive one of thesehoaxes they decide to forward the message to all their friends andfamily to save them from this fate, thus helping the chain letter tospread (if I tell two friends and they tell two friends…).

In recent years, I noticed that these messages were showing up in myinbox less and less frequently. Did people learn not to believe thesemessages? Well, apparently not. They seem to be making a comeback, butrather than being sent via email they’re now sent through the messagingsystems on various social networking sites, as well...

Kelly Conley | 24 Sep 2007 07:00:00 GMT | 0 comments

Pump-and-dump stock, or penny stock, spam has been around for a longtime. Most memorably it has the distinction of being the maindeliverable of image spam. Regardless of the morphing or variations itis still pump-and-dump stock and while we're not stock advisors wewould advise against it, unless you like parting from your money.

The most recent morphing we've observed over the past few daysincludes highly obfuscated messages with a few distinctive features.For starters, none of the message headers in the attack contain asubject line. This means that when it lands in your inbox there will beno subject line for the message. Spammers may be utilizing this tacticas a means to entice end users to open the message by banking on thecuriosity of an end user to open the mysterious message. There is asubject line in the body of the message. The spammer is most likelydoing this for obfuscation purposes.

Other features of this pump and dump attack are the inclusion ofrandom,...

Ron Bowes | 20 Sep 2007 07:00:00 GMT | 0 comments

Volume XII of Symantec's Internet Security Threat Reportlooks at a variety of trends that were seen in phishing and spam.Although spammers' and phishers' techniques and targets constantlyvary, one thing remains the same: they're trying to make money – andthey're getting better at it.

Phishing attacks targeting financial services remained the mostpopular target than any other sector, making up 79 percent of uniquebrands phished, and 72 percent of all phishing Web sites. The reasonfor this is obvious: phishers want money, and stealing bank account orcredit card information is one of the quickest ways to make it. Andwith credit cards commonly selling for less than ten dollars on theblack market, and bulk rates offered on credit card sales, the phishersneed a lot of them to turn a profit.

In an attempt to get more bang for their buck, phishers have starteddeveloping...

Nicolas Falliere | 14 Sep 2007 07:00:00 GMT | 0 comments

Peacomm samples - the so-called Storm worm- started sending unusual spam yesterday. For once, the mail did notcontain a hard-coded IP address linking to fake videos, pseudo Torclients or NFL "tracker programs". The spam advertises a website,http://www.vs-amounts.net:

From: xxx@yyy.com
To: victim@domain.com
Subject: Cold Hard Cash!

Seeking highly motivated individuals interested in a unique opportunity in financial services.

Building an exciting career where you determine your own hours and compensations.

http://www.vs-amounts.net/

Hmm. Already this looksvery suspicious, but let's check that link anyway. The site hostsphpbb, a popular open-source PHP-based Bulletin Board, and opensdirectly to the following...