Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Samir_Patil | 02 Oct 2009 18:55:12 GMT

In last month’s State of Spam report, Symantec discussed the early signs of holiday spam that contained messages related to Halloween and Christmas. In September, researchers at Symantec intercepted multiple attempts by spammers to hijack the subject of Halloween festivities in an attempt at grabbing personal information from email users, as well as selling online meds.

In product promo spam related to Halloween, spammers are offering free gift cards of various denominations towards the purchase of products. Various online surveys are also offered, which claim to give out gift cards with participation. Clicking on these offers takes users to a website where wide a range of their personal information—including email address, postal address, and phone number—is gathered.

Below are various subject lines used in promo messages:


Mayur Kulkarni | 02 Oct 2009 13:12:57 GMT

Online degree spam has been around for years. However, nowadays these spam campaigns aren’t just limited to passing degree certificates (super fast - within days or weeks), but they also focus on directing recipients to specific degrees. For example, it is common knowledge that there is a shortage of qualified nurses in the US—there are many media reports on the subject. When we examined these attacks over the last six months, we found that spam campaigns for nursing degrees placed in the top five degrees promoted by spammers. Similarly, the shortfall of manpower has also been noticed in the field of law enforcement and accordingly, spammers are advertising more on this career option.

The top five degrees advertised through spam are:

1.    Police Officer
2.    Federal Agent
3.    Nursing
4.    Culinary Arts
5.    Teacher

Other degree options provided...

Mayur Kulkarni | 30 Sep 2009 19:43:08 GMT

The Diwali “Festival of Lights” happens in October and is celebrated across India. During this time a large portion of the Indian population will be out shopping and looking for holiday deals. We have started noticing spam messages that offer discounts related to Diwali. Interestingly, spammers are sending the same Internet offers, but in the form of Diwali discounts.

For example, in the spam message selling a database CD of contacts (names, email addresses, ages, phone numbers), “Diwali” is inserted to make it enticing for recipients. As shown in the below sample message, recipients are offered a database CD of 57,000 Indian companies (SMEs).


We also monitored unsolicited offers that we think may ultimately lead to a compilation of opted-out email addresses for the spammers. Most of these spam messages draw email users with cash prizes or discounts...

Hon Lau | 15 Sep 2009 21:02:39 GMT

Yes folks, the Bredolab crew is at it once again. Today we saw a moderate wave of spam email, numbering a few thousand per hour. Not to be drawn to the depth of exploiting the death of Patrick Swayze to deliver their malware, the Bredolab gang is still adapting old reliable—spam email messages with promises of undelivered parcels and cash for collection. Depending on whether the delivery is for cash or for a parcel you will get a slightly different message, although the attachment names are much the same as one another, following a distinct pattern.

For parcel deliveries you might see something like the following example:

Dear customer!
Unfortunately we were not able to deliver the postal package sent on the 24th of June in time
because the recipients address is inexact.
Please print...

Mayur Kulkarni | 11 Sep 2009 00:51:05 GMT

The IRS settlement offers for U.S. taxpayers holding accounts in foreign banks end on September 23, 2009. Using these offers, one can fully disclose and pay their back taxes, interest, and penalties. In return, the IRS will go back and scrutinize only a limited number of tax years, along with lower penalties and no criminal prosecution. Legitimate FAQs on the settlement offered by the IRS can be found here, with additional information found here.

Spammers are using this deadline to expand their network, using malicious attacks and sending fake IRS email notifications to recipients. These emails do not mention the deadline, but they explicitly describe the issue as “Unreported/Underreported income.” Users might possibly panic over the subject line “Notice of Underreported income,” and download...

Dermot Harnett | 08 Sep 2009 16:50:57 GMT

Overall spam volumes averaged at 87 percent of all email messages in August 2009, which is a decrease of 2 percent since July 2009. Health spam, which decreased by 17 percent in July, also decreased again in August and averaged at 6.73 percent. It is interesting to note that over 29 percent of spam is now Internet-related spam. Internet-related spam attacks are those that specifically offer or advertise Internet- or computer-related goods and services. Examples include attacks promoting Web hosting, Web design, and spamware-related products and services.
Holiday spam campaigns have also begun taking advantage of Halloween and Christmas. This follows closely after Labor Day-related spam in a nod to what some economists predict will be a very difficult holiday season for legitimate retailers.
Click here to download the September...

Samir_Patil | 02 Sep 2009 19:41:32 GMT

In an attempt to conceal spam messages from anti-spam filters, spammers employ various tactics of ill intent. And for that purpose, spammers use obfuscation and/or spoofing techniques, the misuse of brand names, and many other tactics that make it difficult for content filtering to identify the spam message.

Recently, Symantec observed a spam attack in which homograph spoofing was used so that the spoofed domain name partially or completely resembles the reputable brand domain name. However, before discussing this trend we will first introduce you to terms that may be unfamiliar, such as IDN, Punycode, and homograph spoofing.


An internationalized domain name (IDN) is a domain name that contains one or more non-ASCII characters. Such domain names could contain characters from non-Latin scripts such as Arabic, Chinese, or Devnagari.

The domain “ё” uses “ё”, which is a...

Mayur Kulkarni | 31 Aug 2009 20:41:15 GMT

Last month we wrote about a spam campaign for mobile spying software (possible malware) that snoops on the phone calls and SMS messages of a person of interest. The most advertised service was spying on your loved one to see if they are having an affair. Of course, spying is not going to help a troubled relationship, so spammers are now providing another solution for distressed lovers. They claim to bring excellent results for solving troubles with loved ones—all without even needing to meet the spammer.

This is another ploy to entice recipients to contact the spammer, reminiscent of the examples in one of our May 2009 blog postings. In the current scenario, a clever message has been drafted to lure troubled lovers into a 419-like trap in order to extract personal information. Also, spammers may use personal...

Mayur Kulkarni | 26 Aug 2009 20:08:00 GMT

In our earlier blog posting on obfuscated URL attacks we reported on the transition of image spam attacks to URL-obfuscation attacks, and we also mentioned how resources such as domains and subject lines were being recycled. In this blog post we will be discussing another aspect of the image spam attack, that of message size. We have observed a sudden growth in message sizes during the month of August. Similar jumps in message size were reported on the Symantec Security Response Blogs in November 2008.  

After monitoring the messages during the month of August (so far), we came to the following conclusions:

•    9.3% of image spam had a message size greater than 100kb.
•    14.43 % of image spam had an average size of...

Takako Yoshida | 26 Aug 2009 19:44:39 GMT

In the past, we have seen spammers use election content in their spam campaigns. So, it comes as no surprise to see spam messages with a catchy subject relating to an upcoming political event. We have observed spammers sending out messages instructing recipients on how to “make money fast” with a subject line referring to the upcoming Lower House election in Japan, which will be held on Aug 30, 2009.

A message guides users to a website where it is said that they can obtain free information on how to make money fast with summer horse racing. However, after a recipient enters their email address for registration they will not receive profitable information but instead a message that has a link for a definitive registration to provide personal information. It is unknown whether the recipients will receive free information after providing their personal data.

Although there is no correlation between an election and summer horse racing, spammers lure people to...