Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Anand Muralidharan | 15 Nov 2012 13:22:37 GMT

Some events familiar among people in the United States are commencing this month, including: Thanksgiving—a great occasion to thank dear friends and family for their kindness; and Black Friday—a day after Thanksgiving, usually the busiest retail shopping day of the year. Spam messages related to these events have begun flowing into the Symantec Probe Network. Many of the spam samples observed are encouraging users to take advantage of e-cards, clearance sales of cars and trucks, products bidding to get the best deals, replica watches. Clicking the URL will automatically redirect the user to a fake offer website.
 

Figure 1: An e-card for Thanksgiving day
 

...
Ben Nahorney | 14 Nov 2012 16:04:40 GMT

Spammers have long been leveraging social networking sites to pull off scams. Generally speaking, as the popularity of a service increases, so too do the illicit activities of scammers. It seems that the popular photo-sharing service Instagram is the latest social networking site to catch the attention of these scammers.

I discovered this first-hand when I received an Instagram photo comment, from an unfamiliar account, which had nothing to do with the photo:

"Hi there, Get a FREE Game in my Profile, OPEN it up, Get 85.90$ :-) xx"

I went to check out the user, who appeared to be a rather attractive woman with followers in the thousands, but surprisingly for a photo-sharing service, not a single photo.

Figure 1. Scammer’s Instagram profile

Who was this mysterious lady? Her profile bio said largely the...

Candid Wueest | 13 Nov 2012 21:39:34 GMT

Even with mobile phones now being an essential part of our lives, I am still not used to receiving text message spam. Hence, I was kind of excited when I recently received one on my private number. The claim was that I had won something from Apple. The spam was sent from a number in Virginia, +1 540 514 [REMOVED], and it looks like the scam is currently run in a few different countries.
 

Figure 1. Swiss German version of scam text message
 

If you click on the link, which you obviously should not do, you will end up at a site that tells you that your gift is a brand new iPhone 5. All you have to do is enter the winning code that you received in the text message. The text is badly written with several spelling errors, just like in the old...

Anand Muralidharan | 08 Nov 2012 23:03:41 GMT

It is more than a month until Christmas, but spammers are all set to spam the vacation season. We have observed Christmas related spam messages flowing into the Symantec Probe Network.

For greeting card spam, spammers used a legitimate look and feel in the email with headers (Subject & From) and flash animations that included a message to open the "Christmas Card.zip" attachment. After opening the attachment, the malicious code is downloaded on to the user's system. Symantec detects the attachment as W32/AutoRun.BBC!worm.
 

Figure 1. Christmas card example
 

As expected, spammers are promoting fake offers by targeting specific categories, including:

  • Products
  • Health
  • Internet
  • Finances
  • Replicas

Most of these spam messages encourage users to buy the...

Samir_Patil | 31 Oct 2012 14:30:39 GMT

Hurricane Sandy, one of the most devastating Superstorms in decades, hit the US East coast. Causing the loss of lives and businesses and leaving countless people without electricity, Sandy has now added spam to its list of misery. We are observing spam messages related to the hurricane flowing into Symantec Probe Networks. The top word combinations in message headlines are "hurricane – sandy", "coast – sandy", "sandy – storm", and "sandy – superstorm."

Figure 1. Message volume over a two-day period

Typical spam attacks like "Gift card offer" and "Money making & Financial" spam are currently targeting the disaster. Below are the screenshots of some spam samples.

...

Samir_Patil | 30 Oct 2012 11:16:13 GMT

In a couple of days we will be celebrating Halloween. Some of us will be booking family trips, others will be preparing for themed parties with interesting costumes and fun games. To make it easy for their customers, various online companies offer goodies along with Halloween necessities. You might even receive emails from them regarding discounts and freebies. However, in a frenzy to get ready for this long awaited event, do not get carried away if suddenly you see an out of this world offer like the ones listed below.

While some organizations will offer reasonable discounts, others offer the sun and the moon in lieu of your purse or your personal details. Spammers have laid snares for unsuspecting Internet users ready to fall for these offers.

For example, you might decide to shop around for a new car this Halloween or you might want to do some last minute online purchases for your child. Spammers, keeping these needs in mind have already prepared an array of...

Eric Park | 19 Oct 2012 17:01:26 GMT

Symantec is observing an increase in spam messages containing .gov URLs. A screenshot of a sample message is below:
 


 

Traditionally, .gov URLs have been restricted to government entities. This brings up the question of how spammers are using .gov URLs in spam messages.

The answer is on this webpage:

1.USA.gov is the result of a collaboration between USA.gov and bitly.com, the popular URL shortening service. Now, whenever anyone uses bitly to shorten a URL that ends in .gov or .mil, they will receive a short, trustworthy 1.usa.gov URL in return.

While this feature has legitimate uses for government agencies and employees, it has also opened a door for...

Mathew Maniyara | 28 Sep 2012 14:48:20 GMT

Contributor: Avdhoot Patil

Phishers have recently gained a lot of interest in football. After the scam on the 2014 FIFA World Cup, they have set their eyes on footballer Lionel Messi. In September 2012, Symantec observed the use of various social-networking themes in phishing. A number of these themes featured Lionel Messi. The phishing sites were hosted on free web-hosting sites.

In the first example, the background image of the phishing site was of Lionel Messi and the theme promoted football club Barcelona FC. On the other hand, the legitimate social-networking site in question does not provide users with any theme. End users were prompted to login in order to gain access to Messi’s social networking page. Of course, this is only a ploy and there is no gain for users from a phishing site. After the login credentials are entered, the phishing site redirected to the...

Mathew Maniyara | 13 Sep 2012 20:09:55 GMT

Co-Author: Ashish Diwakar

The next FIFA World Cup is scheduled to take place in June 2014 in Brazil and phishers have already taken the opportunity to promote the event. World Cups are a favorite of phishers, as observed in the phishing sites focused on the 2010 FIFA World Cup and the 2011 Cricket World Cup. In September 2012, phishing sites spoofed a popular Brazilian credit and debit card company using the 2014 FIFA World Cup as bait.
 


 

The phishing sites were in Brazilian Portuguese. A number of the phishing sites featured Brazilian footballer Neymar da...

Anand Muralidharan | 29 Aug 2012 16:10:25 GMT

Since mid-August, Symantec have been observing spam samples containing links with file extensions in the URLs. If these links are clicked they do not open any files, instead they redirect the user to an online pharmacy website.  The following file extensions are used in the URLs:

  • .asp
  • .doc
  • .htm
  • .html
  • .mp3
  • .mpeg
  • .pdf
  • .php
  • .txt

The following URLs were seen in spam samples examined by Symantec:            

  • http:// [REMOVED].be/HOOK2_txt
  • http:// [REMOVED].com.br/897110_doc
  • http:// [REMOVED].com/677115_php
  • http:// [REMOVED].com/686112_asp
  • http:// [REMOVED].ru/706060_mp3
  • http:// [REMOVED].ru/HOOK2_htm
  • http:// [REMOVED].ru/vern_html
  • http://[REMOVED].org/521862_pdf
  • http:// [REMOVED].com/139097_mpeg

Spam email examples:

...