Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Kelly Conley | 13 Feb 2007 08:00:00 GMT | 0 comments

It seems like only yesterday I was blogging about a new spam report that Symantec Messaging and the Web Security team have published regarding the state of spam. Now, the February report is online, which gives a good overview of spam activity in January of 2007.

This issue highlights several interesting trends. While spam continues to be a high percentage of all email, there was a slight reduction of spam in January to approximately 69 percent. The technique du jour, image spam, reached a high in January, but ended the month around 30 percent. It's amazing to think that 30 percent of the total spam volume is image spam. We look at it every day, and still it continues to arrive, most notably in emails for penny stock and fake Rolex.

Have you noticed a decline in adult-oriented email lately? So have we. Once consistently in the top categories of...

Kelly Conley | 08 Feb 2007 08:00:00 GMT | 0 comments

I just received a legitimate e-newsletter from a science gadget company. I'm reading along about robotic arms and hands and the use of these objects in operating rooms. I'm immersed in this email. It's pretty interesting stuff. To imagine the steps that we've made with science and technology in the past 50 years or less, is truly mind boggling. Then I get to the end. Or not.

There it is. A URL. Why is it there and where does it lead? It must have something to do with scientific gadgets. Does it take me back to the main Web site? Does it take me to another reference of robotic use in operating rooms? It isn’t the opt-out, because that URL is just above this one.

I click and it doesn't take me anywhere that I would have guessed. In fact, it is not related to science or technology at all. The URL takes me to an adult-related meds site. What is the correlation? Is there supposed to be one between readers of science newsletters and viagra? I have no idea what the...

Kelly Conley | 26 Jan 2007 08:00:00 GMT | 0 comments

The Symantec Messaging and Web Security team started off 2007 with the release of a new monthly report geared towards the media. This report, entitled The State of Spam: A Monthly Report was released last week, covers December 2006, and can be found here.

Do you want to know what the top spam type for last month was? Or how about what new techniques spammers are currently using? Did you see some unusual spam in your Inbox? Check out our report and see if it's a new trend. People interested in what’s going on in the ever-changing world of spam will want to get their hands on a copy of this report for the metrics, latest trends, new spam examples, and data points of interest.

Have you noticed more spam? You're not going crazy. Symantec AntiSpam tracking has shown an increase in spam by over 15 percent from the month of October to mid-December. In...

Dave Cole | 25 Jan 2007 08:00:00 GMT | 0 comments

We’re happy to report that so far today, Peacomm and Mixor.Q activity is lighter than the maelstrom of activity we’ve seen in previous days. We’ve noted no new spam runs today, with the malware submissions and activity levels tapering off a bit as well. Phew! Our Security Response team in Pune, India, has pulled together a slick Flash-based run through of the attack, which can be viewed using the following URL:
http://www.symantec.com/content/en/us/home_homeoffice/media/flash/peacomm.html

Just a little more info on this threat you may have not heard before—it is communicating over peer-to-peer using the Overnet protocol and network (of eDonkey fame). After connecting to the network, the threat then searches for some particular hashes (searches are done by hash, not by specific filename) and eventually it receives a reply that includes some 'meta tag' information...

Symantec Security Response | 23 Jan 2007 08:00:00 GMT | 0 comments

While we often report on the number of infections we’re seeing for a threat and what our honeynets are catching, we haven’t often shared the numbers on the amount of malicious code we’re seeing via Symantec’s antispam solutions. With Trojan.Peacomm still very much on the prowl and repeatedly blasting spam in short bursts of five to ten minutes, we thought we’d share some of our statistics on the malware we see being spammed around the globe. All of the numbers below are from December 22, 2006 to January 22, 2007.

...

Amado Hidalgo | 22 Jan 2007 08:00:00 GMT | 0 comments

Since I posted my blog last Friday, the Trojan.Peacomm threat has (not surprisingly) evolved. The attachments have new filenames, some dropped files have changed, and the subject lines of the spam email are also changing. Please have a look at the full details in our updated write-up here.

The bot machines are now communicating over UDP port 7871, instead of port 4000. Symantec’s Threat Management System confirms this change:

peacomm_port7871-SRC_IPs.jpeg
Figure 1. IPs originating activity - UDP port 7871

More interestingly, the new version of the threat has...

Amado Hidalgo | 19 Jan 2007 08:00:00 GMT | 0 comments

Symantec Security Response has seen some moderate spamming of a new Trojan horse. The threat arrived in an email with an empty body and a variety of subjects such as:

A killer at 11, he's free at 21 and kill again!
U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
British Muslims Genocide
Naked teens attack home director.
230 dead as storm batters Europe.
Re: Your text

The attachments may have any of the following filenames:
FullVideo.exe
Full Story.exe
Video.exe
Read More.exe
FullClip.exe

The attachment is not a video clip, but a Trojan horse program, which Symantec heuristic technology already detected as...

Hon Lau | 08 Jan 2007 08:00:00 GMT | 0 comments

It hasn't been long since reports surfaced that videos of Saddam Hussein’s execution are available for download on the Internet. It’s no surprise that enterprising malware creators have latched on to this latest news in an attempt to spread their wares.

What we have is an email spam sent to unsuspecting targets with details about where you can download a video.
Of course, this email (like past, present, and future spam) is once again taking advantage of human nature to help it spread. In this case, it is trying to appeal to the dark side of the individuals who are on the receiving end of the email.

The subject line of the email looks like this:

From: videosadan@kibeloco.com.br
Subject: Video completo da morte de Saddam Hussein

The body of the email looks like this:

...

Ollie Whitehouse | 29 Dec 2006 08:00:00 GMT | 0 comments

While speaking with an industry friend recently, he mentioned that he had received some spam. When viewed in plain text, the spam looked like this (the filename has been changed to save the compromised):

Subject: You have received a greeting from a family member! You can pick up your postcard at the following web address http://62.75.XXX.XXX/~XXXXXXXX/XXXXXXXXXX.exe

However, if you remove the executable from the URL, you get a directory listing:

OW_dcrim_index.jpeg

So, from this we can see the machine had been compromised for two months prior to the malicious code being placed upon the site (one day before my friend received the message). However, the individual in this...

Kelly Conley | 21 Dec 2006 08:00:00 GMT | 0 comments

We've noticed a tricky new spam tactic occurring recently and thought we'd share it with you. It’s always exciting when a new spamming technique comes along and it’s even more exciting when our filtering capabilities are successful against it. Most users running our product will not have seen this. Spam filtering can still protect you from this “new spam technique,” but, even if you have seen it or even opened it, you probably gave it a one-two glance and wondered “Eh? This isn't what I thought it was.”

The headers are legit – coming from a newsletter or ad that you have signed up for. You should be receiving this mail, right? Nope, it's a spam email. Look closer. There at the top of the page. It's an ad for something entirely different than what you thought was going to be in that email.

It's an online pharmacy ad within a legitimate NFL newsletter. That is really sneaky. It looks legitimate from your Inbox. You did sign up for that NFL newsletter. Not...