Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Kelly Conley | 18 Sep 2006 07:00:00 GMT | 0 comments

Diet pills? Ambien? HGH? If any of these are up your alley, you were in luck this past month. Online pharmacy spam represented a significant number of spam attacks that were seen by the Symantec Brightmail antispam probe network. In fact, this spam type was one of the top categories of spam sent out in August and has been around for a long, long time. The Internet is a gold mine of “cheap prescription drugs” that “don’t require a prescription!”

How can you recognize this spam type? For starters, it is often text-based and includes a “non-clickable” URL. A non-clickable URL requires a person to copy and paste the URL into a browser window to navigate to the Web site. You may wonder “Who would manually copy and paste these URLs into a Web browser?”, but someone must. In fact, many people must do this because it is a popular component to the success of online pharmacy spam. Spammers wouldn’t do it if end users weren’t so gullible and it didn’t work as well as it does....

Kelly Conley | 28 Aug 2006 07:00:00 GMT | 0 comments

You are not alone. Practically everyone with an email account has encountered this problem. Image spam is everywhere these days and for the recipients it is a headache of fake Rolex, Chialis, and stock recommendations, to name only a few of the favorites. While antispam vendors mobilize to keep up with this new trend, the spammers infiltrate your Inbox.

The most frustrating thing is that these messages all look pretty much the same when reading them in your email. However, they are very different in the raw, which is why it makes the creation of effective filters much more difficult. Some of the techniques being employed by spammers to get these image-based ads into your Inbox are so subtle they are virtually imperceptible to the naked eye. These include, but are in no way limited to slight changes in text size and color, as well as image placement from one message to the next. The spammers keep utilizing more and more elaborate avoidance techniques to get their ads to...

Ollie Whitehouse | 14 Jul 2006 07:00:00 GMT | 0 comments

I've always wondered why SMS/MMS isn't used more often for spam or other malicious activities (CommWarrior being one notable exception). After talking to people in the industry about this, (that is, the security industry with a cellular or mobile flavor) it became apparent that we all have numerous hypotheses that try to explain the lack of SMS/MMS spam or phishing attacks. Some of the ideas that I've heard over the years include:
a) It costs money to send SMS/MMS messages, whereas to send e-mail it, for all intents and purposes, is free.
b) Any spam originating from a single operator or third party SMS/MMS originator can easily be shut down.
c) There is no need to complicate things as people still fall for e-mail phishing.

These opinions are certainly valid, but I think the tide may be turning, albeit on a very small scale. SMS is starting to be used...

Candid Wueest | 07 Jul 2006 07:00:00 GMT | 0 comments

The amount of email I have received lately regarding "making easy money from home" has increased tremendously. These “job offers” all have two things in common; you are required to have an online bank account and you must be able to check email frequently. In return for these requirements there are promises that large amounts of money can be made, usually five to ten percent in commission for every payment forwarded to the company headquarters.

To make it even more convincing, fake companies are created and complete Web sites with job offers and background information are generated. Interested parties receive convincing job offers with social benefits and health care plans. So, what's behind it? As you have probably guessed by now, these are recruitment emails from phishers. They are constantly searching for "money mules" that will receive payments from stolen accounts and then transfer the cash back to the real attacker. Many phishers are swimming in...

Marc Fossi | 21 Jun 2006 07:00:00 GMT | 0 comments

Almost everyone is aware of the nuisance caused by spam email. When we get to work in the morning we have to delete a bunch of useless messages from our Inbox before we can start the day. When we get home we have to do the same thing before getting around to reading messages from friends and family. Do you ever wonder how these spammers came by our email addresses in the first place?

There are several ways for spammers to gather email addresses to send their messages to. One of the oldest techniques involves sending a “bot” to crawl around on different Web sites, Usenet groups, and other similar Internet resources searching for email addresses. While this method works, it is time-consuming and prone to gathering addresses that are outdated and no longer in use. Another popular method involves generating email addresses using a technique called brute forcing. This method tries sending spam to addresses composed of every possible combination of letters and numbers (for...

Eric Chien | 09 Jun 2006 07:00:00 GMT | 0 comments

I have received reports recently from people who are getting odd spam messages delivered to them that don't actually try to sell them prescription drugs, visas to the US, methods of enlarging his or her body parts, or cheap loans so they can refinance his or her home. Instead of these commonly known scams, the spam messages in question use a recipient's own email address as the return address, and have a subject line and message body containing random numbers. No exploit inside, no malicious code, no links.

Initially, a lot of theories were put forth; from spam software gone wrong, to spammers trying to poison Bayesian spam filters. It turns out the reason for these odd spam messages is nothing other than a familiar mass mailing worm, Beagle. W32.Beagle.FC is another variant of the Beagle family. Beagle is split into many components: one component may just try to...

Symantec Security Response | 08 May 2006 07:00:00 GMT | 0 comments

“Ladies and Gentlemen, step right up and feast your eyes on this!” The special today is a cure for a little ailment called “spam.” Well, not all spam. Just spam with certain polka-dots on them. Call it a flavor if you will, and why not? I mean, you’ve got Heinz touting 57 varieties (in reality, there’s much, much more), so why not different flavors of spam? Dr. Seuss might even serve it up with some green eggs if you let him.

I digress. The spam du jour is of the self-inflicted kind. No, not the kind that you get after you sign up for a random online sweepstake. No, not even the kind you randomly pick up just for having an email account. The spam we are talking about is the kind that you get because your email appears on a Web site that you might maintain.

Imagine if you will, that one day you decided that you wanted to put up a Web site. What goes on this site? Well, first there are the usual pictures and maybe some prose. Then sprinkle in a blog if...