Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response
Showing posts tagged with Spam
Showing posts in English
Mathew Maniyara | 10 Aug 2012 16:56:45 GMT

Co-Author: Avdhoot Patil

Lucky draw prizes are commonly used as bait in phishing schemes. The fake lottery prizes observed last Christmas and the charity lottery are examples. In July 2012, phishers offered a smart phone as a lucky draw prize. The phishing site spoofed a telecommunications company based in France and was hosted on servers based in Fulshear, USA.

The phishing site was in French and the title translates to “Congratulations”. A message on the phishing site stated that a lucky draw takes place every day and that the user won the draw for the current day. In this case, the lucky draw prize mentioned was a smart phone. To attain the prize, the user was required to enter personal information, including their:

  • User name
  • Surname...
Joji Hamada | 08 Aug 2012 22:53:50 GMT

Back in April, Android.Dougalek (a.k.a. "the Movie" malware) made national headlines in Japan when a large group of malicious apps was discovered that steal users' contacts data. Obviously scammers were listening to the news as well. The idea of stealing information using Android apps caught on like a brush fire and, since this discovery of the "Movie" malware, Symantec has come across a handful of copy-cat apps using the same payload. They include malware such as Android.Uranico, Android.Ackposts, and...

Mathew Maniyara | 03 Aug 2012 17:36:42 GMT

Co-Author: Avdhoot Patil

Phishers continue to target Indonesian celebrities with adult scams. Phishing attacks on rock star Ahmad Dhani have already been seen. In July 2012, Symantec observed a phishing site that claimed to have an adult video of Indonesian actress and singer Aura Kasih. The phishing site spoofed a social networking brand and was hosted on a free Web hosting site.

The adult scam came in light of a recent scandal surrounding the singer. An adult video, allegedly of Aura Kasih and pop star Nazril Irham, has been circulating recently in Indonesia over the internet and mobile phones. It is rumored that the video started appearing after Nazril Irham’s laptop was stolen.

Phishers created the phishing site with an image of a video link of Aura Kasih. A message in Indonesian on the image prompted users to login to view the video. The message also...

Mathew Maniyara | 25 Jul 2012 21:25:45 GMT

Co-author: Avdhoot Patil

Phishing sites using celebrities as bait are on a rampage. In July 2012, Honey Singh, also known as Yo Yo Honey Singh, a popular Indian rapper, singer, music producer, and actor was featured on phishing sites. Symantec observed several phishing sites that spoofed a social networking brand that claimed to have an application for Honey Singh. The phishing sites were hosted by a free web hosting service.

The phishing sites promoted Honey Singh’s 2011 album, International Villager. A poster of the album's artwork was displayed on the left side of the phishing page and the login form was displayed on the right side. The phishing sites claimed to have an application that enabled users to listen to the Punjabi star's latest songs and videos. As with most applications on social networking sites, the application made a request to the user before allowing access. After a user's login credentials were entered into the phishing...

Joji Hamada | 23 Jul 2012 22:19:40 GMT

An issue that many smartphone users have with their phones is that their device battery just does not last long enough; it needs to be recharged. While the battery may last a whole day for some, power users who use their phone more often have to come up with various tricks to get their battery to last a full day. There are many ways to reduce battery use and, of course, there are many apps to help maximize battery performance. These do help—but for many it does not solve the issue.

So what if, one day, you find out about a special app that can reduce battery use by half? Exactly. This is the strategy being used to deceive innocent Android users into installing an app that is supposed to reduce battery use, but in reality does nothing but steal the user's contacts data stored on the device.

Recently, Japanese spam email has been circulating attempting to lure users into clicking on a link which downloads and installs a malicious app. The app can exfiltrate...

Pavlo Prodanchuk | 23 Jul 2012 16:03:01 GMT

Recently, Symantec has observed an increase in .eu domains contained within pharmacy and dating spam messages. The spam emails observed so far are predominantly in the German language. The specific patterns and characteristics demonstrate that the attacks employ a "hit-and-run" technique.

In "hit-and-run" attacks, spammers quickly rotate through the IP addresses and domains that are being used. Unlike 80% of spam attacks, these messages are not sent from botnets of compromised computers, but from mail server IP addresses with a previously unknown reputation.

Recent data obtained from the Symantec Global Intelligence network shows that the number of spam emails that contain .eu domains increased slightly in the first and third week of June. Furthermore, the number of spam emails containing .eu domains written in the German language increased considerably in the last week of June.


Ben Nahorney | 20 Jul 2012 19:31:45 GMT

Contributor: Andrew Watson

A coordinated effort lead by security researchers at FireEye and Spamhaus has resulted in the takedown of one of the largest spam botnets in the threat landscape. The botnet, known as Grum, was reportedly responsible for close to a third of the world’s spam email traffic.

We’ve been watching the developments carefully here at Symantec and have noticed a decided drop in spam traffic coming from the Grum botnet. Around 5:00 p.m. on July 17, the botnet sent a batch of around 40,000 spam emails. The next hour that number dropped to around 30,000. The next hour 16,000, followed by 11,000. The numbers continued to decline to the point where, yesterday afternoon, the botnet sent only a handful of spam messages.


Irfan Asrar | 10 Jul 2012 21:27:55 GMT

If you have not heard of this term yet, I guarantee you will in the months to come. The term is market spam. This is not a new term or an issue that affects one or two app stores; this is a systemic problem that impacts app stores at large, where spammers focus on getting around rules and screening processes of the app stores with the goal of making a quick buck. The goal of most market spam is to get to a mass audience in the shortest time possible and to prolong its presence on a device. Regardless of how it is done, the long term effect is monetary gains for the rogue publisher at some cost to the end user.

To increase the revenue earning potential, the app developer has to maximize the length of time that they have access to a user device....

Stephen Doherty | 06 Jul 2012 01:14:49 GMT

Co-contributor: Paul Thomas

Over the last few days, we have seen reports of an Android botnet hijacking mail clients on Android devices and sending spam promoting stocks, finance, and pharmaceuticals. While an Android botnet is a possible culprit, other scenarios are more likely—such as spam originating from compromised computers.

To begin, here is a sample of a spam email sent on July 3:



Sample subject lines may appear as:

  • Wall Street SHOCK ahead!
  • Leading Edge Market Analysis
  • RE RE: Controlled Prescriptions
  • Special Situation Report
  • Fwd: Ground Breaking News Report

Two indicators suggest these spam messages originate from a hijacked Android mail client:

  • Message includes the string "androidMobile" in the Message-ID field
  • Message uses the "Sent...
Samir_Patil | 26 Jun 2012 23:04:58 GMT

Last week I was jolted with a mail that says:


My first reaction was: "Did I ever interview or converse with any such person? Then why am I receiving this email?". I immediately began analyzing the email and found that it is nothing but a variant of a Hitman spam which tries to threaten the user after initiating a conversation and then extorts money in the bargain.

The discussed spam mail is a reply to an email thread which was never received or replied to before. (Although the spam message says that the recipient was part of the email communication sent a few months back.) The email comes with an attachment containing the candidate’s resume. Suprisingly, the attachment has no...