Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Ollie Whitehouse | 29 Dec 2006 08:00:00 GMT | 0 comments

While speaking with an industry friend recently, he mentioned that he had received some spam. When viewed in plain text, the spam looked like this (the filename has been changed to save the compromised):

Subject: You have received a greeting from a family member! You can pick up your postcard at the following web address http://62.75.XXX.XXX/~XXXXXXXX/XXXXXXXXXX.exe

However, if you remove the executable from the URL, you get a directory listing:

OW_dcrim_index.jpeg

So, from this we can see the machine had been compromised for two months prior to the malicious code being placed upon the site (one day before my friend received the message). However, the individual in this...

Kelly Conley | 21 Dec 2006 08:00:00 GMT | 0 comments

We've noticed a tricky new spam tactic occurring recently and thought we'd share it with you. It’s always exciting when a new spamming technique comes along and it’s even more exciting when our filtering capabilities are successful against it. Most users running our product will not have seen this. Spam filtering can still protect you from this “new spam technique,” but, even if you have seen it or even opened it, you probably gave it a one-two glance and wondered “Eh? This isn't what I thought it was.”

The headers are legit – coming from a newsletter or ad that you have signed up for. You should be receiving this mail, right? Nope, it's a spam email. Look closer. There at the top of the page. It's an ad for something entirely different than what you thought was going to be in that email.

It's an online pharmacy ad within a legitimate NFL newsletter. That is really sneaky. It looks legitimate from your Inbox. You did sign up for that NFL newsletter. Not...

Kelly Conley | 08 Dec 2006 08:00:00 GMT | 0 comments

Besides the obvious inconvenience of time wasted clicking through and deleting spam email messages, what are some of the negative effects of spam? To the average user, it’s as simple as having better things to do than hunt through their email accounts for ”real” messages – messages they want to receive. For businesses, it is money spent paying employees for work they aren’t doing because they’re spending work hours picking through emails.

Then we have the hapless user who falls into a phish trap. To this user the problem can include a financial hit, not to mention the endless hours spent trying to get their money back or pursuing legal action. This often leads to a long lasting fear of future dealings with the company that was phished. This scenario also has a negative impact on said company because they may lose a customer do to fear of recurrence. In fact, they may lose several customers if word spreads on the Internet. We call this “negative brand image” – and no...

Patrick Fitzgerald | 22 Nov 2006 08:00:00 GMT | 0 comments

Malware is becoming increasingly complex. Take Rustock.B for example: this threat goes above and beyond to prevent analysis and detection. A blog article is probably too small of a space to describe everything Rustock does technically, but you shouldn’t be surprised, considering its complexity, that Rustock has a clear financial motive. In particular, apart from hiding itself with advanced rootkit techniques, the primary goal of this threat is to send a lot of spam. Because we capture spam such as this, it allows us to update our email security products, such as Brightmail AntiSpam. In addition to pharmaceuticals, mortgages, and imitation product spam, Rustock has also sent stock-based spam. Stock-based spam usually consists of some random text, followed by an image, followed by more random text. Below is an example of one of the stock-based...

Kelly Conley | 18 Sep 2006 07:00:00 GMT | 0 comments

Diet pills? Ambien? HGH? If any of these are up your alley, you were in luck this past month. Online pharmacy spam represented a significant number of spam attacks that were seen by the Symantec Brightmail antispam probe network. In fact, this spam type was one of the top categories of spam sent out in August and has been around for a long, long time. The Internet is a gold mine of “cheap prescription drugs” that “don’t require a prescription!”

How can you recognize this spam type? For starters, it is often text-based and includes a “non-clickable” URL. A non-clickable URL requires a person to copy and paste the URL into a browser window to navigate to the Web site. You may wonder “Who would manually copy and paste these URLs into a Web browser?”, but someone must. In fact, many people must do this because it is a popular component to the success of online pharmacy spam. Spammers wouldn’t do it if end users weren’t so gullible and it didn’t work as well as it does....

Kelly Conley | 28 Aug 2006 07:00:00 GMT | 0 comments

You are not alone. Practically everyone with an email account has encountered this problem. Image spam is everywhere these days and for the recipients it is a headache of fake Rolex, Chialis, and stock recommendations, to name only a few of the favorites. While antispam vendors mobilize to keep up with this new trend, the spammers infiltrate your Inbox.

The most frustrating thing is that these messages all look pretty much the same when reading them in your email. However, they are very different in the raw, which is why it makes the creation of effective filters much more difficult. Some of the techniques being employed by spammers to get these image-based ads into your Inbox are so subtle they are virtually imperceptible to the naked eye. These include, but are in no way limited to slight changes in text size and color, as well as image placement from one message to the next. The spammers keep utilizing more and more elaborate avoidance techniques to get their ads to...

Ollie Whitehouse | 14 Jul 2006 07:00:00 GMT | 0 comments

I've always wondered why SMS/MMS isn't used more often for spam or other malicious activities (CommWarrior being one notable exception). After talking to people in the industry about this, (that is, the security industry with a cellular or mobile flavor) it became apparent that we all have numerous hypotheses that try to explain the lack of SMS/MMS spam or phishing attacks. Some of the ideas that I've heard over the years include:
a) It costs money to send SMS/MMS messages, whereas to send e-mail it, for all intents and purposes, is free.
b) Any spam originating from a single operator or third party SMS/MMS originator can easily be shut down.
c) There is no need to complicate things as people still fall for e-mail phishing.

These opinions are certainly valid, but I think the tide may be turning, albeit on a very small scale. SMS is starting to be used...

Candid Wueest | 07 Jul 2006 07:00:00 GMT | 0 comments

The amount of email I have received lately regarding "making easy money from home" has increased tremendously. These “job offers” all have two things in common; you are required to have an online bank account and you must be able to check email frequently. In return for these requirements there are promises that large amounts of money can be made, usually five to ten percent in commission for every payment forwarded to the company headquarters.

To make it even more convincing, fake companies are created and complete Web sites with job offers and background information are generated. Interested parties receive convincing job offers with social benefits and health care plans. So, what's behind it? As you have probably guessed by now, these are recruitment emails from phishers. They are constantly searching for "money mules" that will receive payments from stolen accounts and then transfer the cash back to the real attacker. Many phishers are swimming in...

Marc Fossi | 21 Jun 2006 07:00:00 GMT | 0 comments

Almost everyone is aware of the nuisance caused by spam email. When we get to work in the morning we have to delete a bunch of useless messages from our Inbox before we can start the day. When we get home we have to do the same thing before getting around to reading messages from friends and family. Do you ever wonder how these spammers came by our email addresses in the first place?

There are several ways for spammers to gather email addresses to send their messages to. One of the oldest techniques involves sending a “bot” to crawl around on different Web sites, Usenet groups, and other similar Internet resources searching for email addresses. While this method works, it is time-consuming and prone to gathering addresses that are outdated and no longer in use. Another popular method involves generating email addresses using a technique called brute forcing. This method tries sending spam to addresses composed of every possible combination of letters and numbers (for...

Eric Chien | 09 Jun 2006 07:00:00 GMT | 0 comments

I have received reports recently from people who are getting odd spam messages delivered to them that don't actually try to sell them prescription drugs, visas to the US, methods of enlarging his or her body parts, or cheap loans so they can refinance his or her home. Instead of these commonly known scams, the spam messages in question use a recipient's own email address as the return address, and have a subject line and message body containing random numbers. No exploit inside, no malicious code, no links.

Initially, a lot of theories were put forth; from spam software gone wrong, to spammers trying to poison Bayesian spam filters. It turns out the reason for these odd spam messages is nothing other than a familiar mass mailing worm, Beagle. W32.Beagle.FC is another variant of the Beagle family. Beagle is split into many components: one component may just try to...