Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Symantec Security Response | 26 Mar 2007 07:00:00 GMT | 0 comments

Twice a year, Symantec produces the Internet Security Threat Report, a comprehensive report outlining the major trends in Internet security over the previous six-month period. One security concern that is of interest to many people is the growth of spam and spam-related issues. Symantec monitors the source and volume of spam from around the world and uses this information to discuss the major trends in the spam-related landscape.

One trend that has been relatively steady is the largest country of origin for spam messages. In the second half of 2006, around nine out of 20 spam messages were sent from the United States. This highlights that although some other countries are gaining notoriety for being spam havens, the United States is still the number one spam distributor in the world. In fact, spam from the United States outnumbers spam from the second closest country, China, at a rate of seven to one. So although countries like China, Russia, and Brazil are touted...

Kelly Conley | 14 Mar 2007 07:00:00 GMT | 0 comments

Replica watches are all the rage these days. It seems with all the spam that I’ve seen lately about replica watches, they are the "must have" of the season. Come get your replica watch at hundreds and sometimes thousands of dollars off the retail price of the authentic version!

Replica watches are not a new thing. No, they have been hawked on the Internet and streets of major cities for a long, long time. What we at Symantec have recently been seeing, is wave after wave of email spam regarding replica watches over the past few days. Most of these attacks have been high in volume.

What specifically are theses spammers hawking? Replicas of Rolex, Cartier, Breitling, Omega, Hermes, and many other top brands. When you click on the link provided in the spam emails, the intent of the spammers becomes obvious as you are taken to Web sites with large pictures of the wares that they are trying to sell. Every time I open a link to a replica site, I can almost hear the...

Josh Harriman | 09 Mar 2007 08:00:00 GMT | 0 comments

No, this is not a new Monty Python skit. This is a real operation and is being implemented right now by the Securities and Exchange Commission (SEC). Operation Spamalot has halted trading in 35 companies. Their reason is basically that information regarding these companies have been spammed out through email to millions of people touting false or misleading information in order to drive up stock prices. We in Security Response have spoken of this phenomenon before in a couple of recent blogs, Spam and Stock Speculation and Trojan.Peacomm Part 2.

But now, the SEC has stepped in and is trying to put a stop to this...

Kelly Conley | 13 Feb 2007 08:00:00 GMT | 0 comments

It seems like only yesterday I was blogging about a new spam report that Symantec Messaging and the Web Security team have published regarding the state of spam. Now, the February report is online, which gives a good overview of spam activity in January of 2007.

This issue highlights several interesting trends. While spam continues to be a high percentage of all email, there was a slight reduction of spam in January to approximately 69 percent. The technique du jour, image spam, reached a high in January, but ended the month around 30 percent. It's amazing to think that 30 percent of the total spam volume is image spam. We look at it every day, and still it continues to arrive, most notably in emails for penny stock and fake Rolex.

Have you noticed a decline in adult-oriented email lately? So have we. Once consistently in the top categories of...

Kelly Conley | 08 Feb 2007 08:00:00 GMT | 0 comments

I just received a legitimate e-newsletter from a science gadget company. I'm reading along about robotic arms and hands and the use of these objects in operating rooms. I'm immersed in this email. It's pretty interesting stuff. To imagine the steps that we've made with science and technology in the past 50 years or less, is truly mind boggling. Then I get to the end. Or not.

There it is. A URL. Why is it there and where does it lead? It must have something to do with scientific gadgets. Does it take me back to the main Web site? Does it take me to another reference of robotic use in operating rooms? It isn’t the opt-out, because that URL is just above this one.

I click and it doesn't take me anywhere that I would have guessed. In fact, it is not related to science or technology at all. The URL takes me to an adult-related meds site. What is the correlation? Is there supposed to be one between readers of science newsletters and viagra? I have no idea what the...

Kelly Conley | 26 Jan 2007 08:00:00 GMT | 0 comments

The Symantec Messaging and Web Security team started off 2007 with the release of a new monthly report geared towards the media. This report, entitled The State of Spam: A Monthly Report was released last week, covers December 2006, and can be found here.

Do you want to know what the top spam type for last month was? Or how about what new techniques spammers are currently using? Did you see some unusual spam in your Inbox? Check out our report and see if it's a new trend. People interested in what’s going on in the ever-changing world of spam will want to get their hands on a copy of this report for the metrics, latest trends, new spam examples, and data points of interest.

Have you noticed more spam? You're not going crazy. Symantec AntiSpam tracking has shown an increase in spam by over 15 percent from the month of October to mid-December. In...

Dave Cole | 25 Jan 2007 08:00:00 GMT | 0 comments

We’re happy to report that so far today, Peacomm and Mixor.Q activity is lighter than the maelstrom of activity we’ve seen in previous days. We’ve noted no new spam runs today, with the malware submissions and activity levels tapering off a bit as well. Phew! Our Security Response team in Pune, India, has pulled together a slick Flash-based run through of the attack, which can be viewed using the following URL:

Just a little more info on this threat you may have not heard before—it is communicating over peer-to-peer using the Overnet protocol and network (of eDonkey fame). After connecting to the network, the threat then searches for some particular hashes (searches are done by hash, not by specific filename) and eventually it receives a reply that includes some 'meta tag' information...

Symantec Security Response | 23 Jan 2007 08:00:00 GMT | 0 comments

While we often report on the number of infections we’re seeing for a threat and what our honeynets are catching, we haven’t often shared the numbers on the amount of malicious code we’re seeing via Symantec’s antispam solutions. With Trojan.Peacomm still very much on the prowl and repeatedly blasting spam in short bursts of five to ten minutes, we thought we’d share some of our statistics on the malware we see being spammed around the globe. All of the numbers below are from December 22, 2006 to January 22, 2007.


Amado Hidalgo | 22 Jan 2007 08:00:00 GMT | 0 comments

Since I posted my blog last Friday, the Trojan.Peacomm threat has (not surprisingly) evolved. The attachments have new filenames, some dropped files have changed, and the subject lines of the spam email are also changing. Please have a look at the full details in our updated write-up here.

The bot machines are now communicating over UDP port 7871, instead of port 4000. Symantec’s Threat Management System confirms this change:

Figure 1. IPs originating activity - UDP port 7871

More interestingly, the new version of the threat has...

Amado Hidalgo | 19 Jan 2007 08:00:00 GMT | 0 comments

Symantec Security Response has seen some moderate spamming of a new Trojan horse. The threat arrived in an email with an empty body and a variety of subjects such as:

A killer at 11, he's free at 21 and kill again!
U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
British Muslims Genocide
Naked teens attack home director.
230 dead as storm batters Europe.
Re: Your text

The attachments may have any of the following filenames:
Full Story.exe
Read More.exe

The attachment is not a video clip, but a Trojan horse program, which Symantec heuristic technology already detected as...