Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Hon Lau | 14 Oct 2009 19:43:52 GMT

Over the past few days a sustained email spam campaign has been running to distribute new Zeusbot variants. Initially the campaign kicked off with a story from “your administrator” about some server upgrade that requires you to download and execute a patch to ensure that your computer continues to work properly:
 
Subject: Important - Read Carefully
Email Body:
Attention!

On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.

This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file
and then to run it from your computer...

Mayur Kulkarni | 08 Oct 2009 19:15:04 GMT

Last week we observed a new Russian spam trend dealing with phone numbers. We have been monitoring spam samples containing phone numbers in the message body—with or without obfuscation. In one of our March ’09 blog posts, we mentioned the use of phone numbers in the headers as well. The phone numbers in those spam samples weren't obfuscated, but recently we have seen spammers introducing special symbols [+*^] between the numbers found in the headers, as shown in the examples below:

russian_spam.jpg
 
Translation:

Subject: highest response rate from Updated databases 7916…
Alert - Newest Databases
Highest response rate

As a routine check for complete Russian spam analysis, we examined the volume of Russian spam for any unusual...

Dermot Harnett | 07 Oct 2009 21:27:55 GMT

Overall spam volumes averaged at slightly over 86 percent of all email messages in September 2009, which is a decrease of 4 percent since July 2009. However, it is considerably greater than September 2008 when spam levels averaged at 78 percent of all email.

Notable this month is that the percentage of spam containing malware has increased, reaching up to 4.5 percent of all spam at one point. When compared to August 2009, Symantec has observed a nine-fold increase in spam containing malware during September. With respect to spam categories, the main movers were Internet spam, which increased  by 3 percent again this month and averaged at 32 percent of all spam; and financial spam, which decreased 3 percent to account for 17 percent of all spam.

Click here to download the October 2009 State of Spam Report, which highlights the following trends:

...
Samir_Patil | 02 Oct 2009 18:55:12 GMT

In last month’s State of Spam report, Symantec discussed the early signs of holiday spam that contained messages related to Halloween and Christmas. In September, researchers at Symantec intercepted multiple attempts by spammers to hijack the subject of Halloween festivities in an attempt at grabbing personal information from email users, as well as selling online meds.

In product promo spam related to Halloween, spammers are offering free gift cards of various denominations towards the purchase of products. Various online surveys are also offered, which claim to give out gift cards with participation. Clicking on these offers takes users to a website where wide a range of their personal information—including email address, postal address, and phone number—is gathered.

Below are various subject lines used in promo messages:

...

Mayur Kulkarni | 02 Oct 2009 13:12:57 GMT

Online degree spam has been around for years. However, nowadays these spam campaigns aren’t just limited to passing degree certificates (super fast - within days or weeks), but they also focus on directing recipients to specific degrees. For example, it is common knowledge that there is a shortage of qualified nurses in the US—there are many media reports on the subject. When we examined these attacks over the last six months, we found that spam campaigns for nursing degrees placed in the top five degrees promoted by spammers. Similarly, the shortfall of manpower has also been noticed in the field of law enforcement and accordingly, spammers are advertising more on this career option.

The top five degrees advertised through spam are:

1.    Police Officer
2.    Federal Agent
3.    Nursing
4.    Culinary Arts
5.    Teacher

Other degree options provided...

Mayur Kulkarni | 30 Sep 2009 19:43:08 GMT

The Diwali “Festival of Lights” happens in October and is celebrated across India. During this time a large portion of the Indian population will be out shopping and looking for holiday deals. We have started noticing spam messages that offer discounts related to Diwali. Interestingly, spammers are sending the same Internet offers, but in the form of Diwali discounts.

For example, in the spam message selling a database CD of contacts (names, email addresses, ages, phone numbers), “Diwali” is inserted to make it enticing for recipients. As shown in the below sample message, recipients are offered a database CD of 57,000 Indian companies (SMEs).

diwali1.jpg 

We also monitored unsolicited offers that we think may ultimately lead to a compilation of opted-out email addresses for the spammers. Most of these spam messages draw email users with cash prizes or discounts...

Hon Lau | 15 Sep 2009 21:02:39 GMT

Yes folks, the Bredolab crew is at it once again. Today we saw a moderate wave of spam email, numbering a few thousand per hour. Not to be drawn to the depth of exploiting the death of Patrick Swayze to deliver their malware, the Bredolab gang is still adapting old reliable—spam email messages with promises of undelivered parcels and cash for collection. Depending on whether the delivery is for cash or for a parcel you will get a slightly different message, although the attachment names are much the same as one another, following a distinct pattern.

For parcel deliveries you might see something like the following example:
 

Subject:
= ?koi8-r?B?REhMIERlbGl2ZXJ5IHByb2JsZW0guT[UP TO 6 RANDOM CHARACTERS]?=
 
Body:
Dear customer!
 
Unfortunately we were not able to deliver the postal package sent on the 24th of June in time
because the recipients address is inexact.
Please print...

Mayur Kulkarni | 11 Sep 2009 00:51:05 GMT

The IRS settlement offers for U.S. taxpayers holding accounts in foreign banks end on September 23, 2009. Using these offers, one can fully disclose and pay their back taxes, interest, and penalties. In return, the IRS will go back and scrutinize only a limited number of tax years, along with lower penalties and no criminal prosecution. Legitimate FAQs on the settlement offered by the IRS can be found here, with additional information found here.

Spammers are using this deadline to expand their network, using malicious attacks and sending fake IRS email notifications to recipients. These emails do not mention the deadline, but they explicitly describe the issue as “Unreported/Underreported income.” Users might possibly panic over the subject line “Notice of Underreported income,” and download...

Dermot Harnett | 08 Sep 2009 16:50:57 GMT

Overall spam volumes averaged at 87 percent of all email messages in August 2009, which is a decrease of 2 percent since July 2009. Health spam, which decreased by 17 percent in July, also decreased again in August and averaged at 6.73 percent. It is interesting to note that over 29 percent of spam is now Internet-related spam. Internet-related spam attacks are those that specifically offer or advertise Internet- or computer-related goods and services. Examples include attacks promoting Web hosting, Web design, and spamware-related products and services.
 
Holiday spam campaigns have also begun taking advantage of Halloween and Christmas. This follows closely after Labor Day-related spam in a nod to what some economists predict will be a very difficult holiday season for legitimate retailers.
 
Click here to download the September...

Samir_Patil | 02 Sep 2009 19:41:32 GMT

In an attempt to conceal spam messages from anti-spam filters, spammers employ various tactics of ill intent. And for that purpose, spammers use obfuscation and/or spoofing techniques, the misuse of brand names, and many other tactics that make it difficult for content filtering to identify the spam message.

Recently, Symantec observed a spam attack in which homograph spoofing was used so that the spoofed domain name partially or completely resembles the reputable brand domain name. However, before discussing this trend we will first introduce you to terms that may be unfamiliar, such as IDN, Punycode, and homograph spoofing.

IDN

An internationalized domain name (IDN) is a domain name that contains one or more non-ASCII characters. Such domain names could contain characters from non-Latin scripts such as Arabic, Chinese, or Devnagari.

Example:
The domain “ёxample.com” uses “ё”, which is a...