Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Spam
Showing posts in English
Miracle Battery-Saver App Harvests Email Addresses for Spamming
Joji Hamada | 23 Jul 2012 22:19:40 GMT | 0 comments

An issue that many smartphone users have with their phones is that their device battery just does not last long enough; it needs to be recharged. While the battery may last a whole day for some, power users who use their phone more often have to come up with various tricks to get their battery to last a full day. There are many ways to reduce battery use and, of course, there are many apps to help maximize battery performance. These do help—but for many it does not solve the issue.

So what if, one day, you find out about a special app that can reduce battery use by half? Exactly. This is the strategy being used to deceive innocent Android users into installing an app that is supposed to reduce battery use, but in reality does nothing but steal the user's contacts data stored on the device.

Recently, Japanese spam email has been circulating attempting to lure users into clicking on a link which downloads and installs a malicious app. The app can exfiltrate...

Read more
Increase of Hit and Run Language Attacks with .eu Domains
Pavlo Prodanchuk | 23 Jul 2012 16:03:01 GMT | 0 comments

Recently, Symantec has observed an increase in .eu domains contained within pharmacy and dating spam messages. The spam emails observed so far are predominantly in the German language. The specific patterns and characteristics demonstrate that the attacks employ a "hit-and-run" technique.

In "hit-and-run" attacks, spammers quickly rotate through the IP addresses and domains that are being used. Unlike 80% of spam attacks, these messages are not sent from botnets of compromised computers, but from mail server IP addresses with a previously unknown reputation.

Recent data obtained from the Symantec Global Intelligence network shows that the number of spam emails that contain .eu domains increased slightly in the first and third week of June. Furthermore, the number of spam emails containing .eu domains written in the German language increased considerably in the last week of June.
 

...

Read more
Botnet Owners Feeling “Grum” After Takedown
Ben Nahorney | 20 Jul 2012 19:31:45 GMT | 0 comments

Contributor: Andrew Watson

A coordinated effort lead by security researchers at FireEye and Spamhaus has resulted in the takedown of one of the largest spam botnets in the threat landscape. The botnet, known as Grum, was reportedly responsible for close to a third of the world’s spam email traffic.

We’ve been watching the developments carefully here at Symantec and have noticed a decided drop in spam traffic coming from the Grum botnet. Around 5:00 p.m. on July 17, the botnet sent a batch of around 40,000 spam emails. The next hour that number dropped to around 30,000. The next hour 16,000, followed by 11,000. The numbers continued to decline to the point where, yesterday afternoon, the botnet sent only a handful of spam messages.

...

Read more
Android Apps Get Hit with the Evil Twin Routine Part 2: Play It Again Spam
Irfan Asrar | 10 Jul 2012 21:27:55 GMT | 0 comments

If you have not heard of this term yet, I guarantee you will in the months to come. The term is market spam. This is not a new term or an issue that affects one or two app stores; this is a systemic problem that impacts app stores at large, where spammers focus on getting around rules and screening processes of the app stores with the goal of making a quick buck. The goal of most market spam is to get to a mass audience in the shortest time possible and to prolong its presence on a device. Regardless of how it is done, the long term effect is monetary gains for the rogue publisher at some cost to the end user.

To increase the revenue earning potential, the app developer has to maximize the length of time that they have access to a user device....

Read more
Spamdroid: Stock, Financial, and Pharmaceutical Spam Appears to Come from Android Devices
Stephen Doherty | 06 Jul 2012 01:14:49 GMT | 0 comments

Co-contributor: Paul Thomas

Over the last few days, we have seen reports of an Android botnet hijacking mail clients on Android devices and sending spam promoting stocks, finance, and pharmaceuticals. While an Android botnet is a possible culprit, other scenarios are more likely—such as spam originating from compromised computers.

To begin, here is a sample of a spam email sent on July 3:

 

 

Sample subject lines may appear as:

  • Wall Street SHOCK ahead!
  • Leading Edge Market Analysis
  • RE RE: Controlled Prescriptions
  • Special Situation Report
  • Fwd: Ground Breaking News Report

Two indicators suggest these spam messages originate from a hijacked Android mail client:

  • Message includes the string "androidMobile" in...
Read more
Think About Your Career and the Outcome!
Samir_Patil | 26 Jun 2012 23:04:58 GMT | 0 comments

Last week I was jolted with a mail that says:
 


 

My first reaction was: "Did I ever interview or converse with any such person? Then why am I receiving this email?". I immediately began analyzing the email and found that it is nothing but a variant of a Hitman spam which tries to threaten the user after initiating a conversation and then extorts money in the bargain.

The discussed spam mail is a reply to an email thread which was never received or replied to before. (Although the spam message says that the recipient was part of the email communication sent a few months back.) The email comes with an attachment containing the candidate’s resume. Suprisingly, the attachment has no...

Read more
Scammers Set to Kick off UEFA EURO 2012
Samir_Patil | 05 Jun 2012 06:46:13 GMT | 0 comments

Contributor: Anand Muralidharan

The 14th edition of the UEFA European Championship is set to begin from June 8th and will be hosted in Poland and Ukraine. Symantec has intercepted a 419 spam attack targeting EURO 2012. Below is a screenshot of the spam mail.

The scam message is attached as a PDF file called UEFA.pdf. This is a typical 419 scam message that says that the reader has won a EURO 2012 Cup promotion lottery. In the rest of the message, the spammers explain in detail how the recipient’s email address reached them and how it was selected as a winner out of huge number of other participants.

Finally, the recipient is asked to send the winning identification numbers by filling in the UEFA EURO 2012 online documentation form, which asks for personal details such as name, address, age, occupation, and phone...

Read more
Deceitful Charity Lottery
Mathew Maniyara | 31 May 2012 22:32:49 GMT | 0 comments

Co-Author: Avdhoot Patil

Lottery scams are not new to the world of phishing, so phishers are always seeking new fake lottery strategies. Phishers gained interest in schemes that involved donating to charity using lottery prizes. They utilized the idea in a phishing site which claimed that a popular bank was organizing a lottery for its customers and that a portion of the prize money would be donated to charity. Phishers believed that customers would be duped by the twin advantages: winning prizes and donating to charity. The phishing site was hosted on servers based in Iowa Park, USA.

A link to login was provided on the phishing site urging customers to enter their credentials. The link lead the customers to a phishing page that prompted the customer for their name, ticket number, and email address:
 

...

Read more
Not Allowing Spammers the Slightest Space
Paresh Joshi | 21 May 2012 11:52:55 GMT | 0 comments

For anti-spam software, it is quite easy to prevent spam by using content-based filters. So spammers come up with different obfuscation techniques to bypass URL-based filters such as inserting “shy characters”, as we have discussed previously. Recently, spammers have been trying to cash-in on the smallest of gaps that they could find in conventional anti-spam technologies. Spammers are now attempting to obfuscate the URLs in spam messages, either by inserting white space characters of varying sizes or by replacing the conventional “.” (dot) character by “。” (An ideographic full-stop, mostly used in Asian languages)

How did they do it? Let’s take a look at both of these techniques.

Using different size white space characters is allowed in HTML. All languages use spaces to separate words. However, the size of the white space characters...

Read more
Phishers Eye Korean Customers
Mathew Maniyara | 17 May 2012 04:10:48 GMT | 0 comments

Co-author: Avdhoot Patil

Phishers have enveloped the globe mimicking brands across a variety of industries and using many languages. From April 2012, phishing attacks in Korean gained momentum, comprising of 0.5 percent of all non-English phishing sites. The increase was in particular targeting banks based in South Korea. The primary motive in these attacks is financial gain, as it is in most phishing attacks. Let’s explore some of the phishing sites we have observed.

In the first example, the phishing site asked for the customer’s name, social security number, cell phone number, account number, account password, and transfer password. After the information was entered, the customer was redirected to a page that asked for the security card serial number. The phishing site then redirected back to the legitimate site.

...

Read more