Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Mayur Kulkarni | 26 Oct 2009 23:22:09 GMT

This has been a season of malicious attacks, starting last month when we informed users about an increase in spam containing malware. Coincidentally, we are seeing different methods of luring or scaring recipients to download malicious programs. In the past few weeks we reported spam attacks with malicious links that included MJ’s leaked song spam attack and the hunting the airplane game. In this recently monitored attack, we observed a typical phishing email that encourages users to click and download executable files.

Sample image of the message:


As shown in the above image, a fake FDIC alert warns users of a bank failure. This...

Mayur Kulkarni | 23 Oct 2009 16:55:34 GMT

People are always curious about different theories on tragedy, especially those involving airplanes or ship accidents. In fact, even after the Titanic sank decades back, hundreds of books were published and movies developed based on expert views. Malicious software authors use information related to similar tragedies to entice recipients into clicking on virus-laden links. We mentioned one such example of this in our blog last year after the earthquake in China in June 2008.

In a new spam campaign, recipients are lured by contradicting information published by a news agency regarding 9/11 Pentagon damage. Users are encouraged to spot a plane in the pictures, which are included in the email. They are also supplied with a URL link to access more information. This link redirects users to a hijacked website that will point to an HTA file (a program that can be run from an HTML document). When users...

Hon Lau | 14 Oct 2009 19:43:52 GMT

Over the past few days a sustained email spam campaign has been running to distribute new Zeusbot variants. Initially the campaign kicked off with a story from “your administrator” about some server upgrade that requires you to download and execute a patch to ensure that your computer continues to work properly:
Subject: Important - Read Carefully
Email Body:

On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.

This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file
and then to run it from your computer...

Mayur Kulkarni | 08 Oct 2009 19:15:04 GMT

Last week we observed a new Russian spam trend dealing with phone numbers. We have been monitoring spam samples containing phone numbers in the message body—with or without obfuscation. In one of our March ’09 blog posts, we mentioned the use of phone numbers in the headers as well. The phone numbers in those spam samples weren't obfuscated, but recently we have seen spammers introducing special symbols [+*^] between the numbers found in the headers, as shown in the examples below:


Subject: highest response rate from Updated databases 7916…
Alert - Newest Databases
Highest response rate

As a routine check for complete Russian spam analysis, we examined the volume of Russian spam for any unusual...

Dermot Harnett | 07 Oct 2009 21:27:55 GMT

Overall spam volumes averaged at slightly over 86 percent of all email messages in September 2009, which is a decrease of 4 percent since July 2009. However, it is considerably greater than September 2008 when spam levels averaged at 78 percent of all email.

Notable this month is that the percentage of spam containing malware has increased, reaching up to 4.5 percent of all spam at one point. When compared to August 2009, Symantec has observed a nine-fold increase in spam containing malware during September. With respect to spam categories, the main movers were Internet spam, which increased  by 3 percent again this month and averaged at 32 percent of all spam; and financial spam, which decreased 3 percent to account for 17 percent of all spam.

Click here to download the October 2009 State of Spam Report, which highlights the following trends:

Samir_Patil | 02 Oct 2009 18:55:12 GMT

In last month’s State of Spam report, Symantec discussed the early signs of holiday spam that contained messages related to Halloween and Christmas. In September, researchers at Symantec intercepted multiple attempts by spammers to hijack the subject of Halloween festivities in an attempt at grabbing personal information from email users, as well as selling online meds.

In product promo spam related to Halloween, spammers are offering free gift cards of various denominations towards the purchase of products. Various online surveys are also offered, which claim to give out gift cards with participation. Clicking on these offers takes users to a website where wide a range of their personal information—including email address, postal address, and phone number—is gathered.

Below are various subject lines used in promo messages:


Mayur Kulkarni | 02 Oct 2009 13:12:57 GMT

Online degree spam has been around for years. However, nowadays these spam campaigns aren’t just limited to passing degree certificates (super fast - within days or weeks), but they also focus on directing recipients to specific degrees. For example, it is common knowledge that there is a shortage of qualified nurses in the US—there are many media reports on the subject. When we examined these attacks over the last six months, we found that spam campaigns for nursing degrees placed in the top five degrees promoted by spammers. Similarly, the shortfall of manpower has also been noticed in the field of law enforcement and accordingly, spammers are advertising more on this career option.

The top five degrees advertised through spam are:

1.    Police Officer
2.    Federal Agent
3.    Nursing
4.    Culinary Arts
5.    Teacher

Other degree options provided...

Mayur Kulkarni | 30 Sep 2009 19:43:08 GMT

The Diwali “Festival of Lights” happens in October and is celebrated across India. During this time a large portion of the Indian population will be out shopping and looking for holiday deals. We have started noticing spam messages that offer discounts related to Diwali. Interestingly, spammers are sending the same Internet offers, but in the form of Diwali discounts.

For example, in the spam message selling a database CD of contacts (names, email addresses, ages, phone numbers), “Diwali” is inserted to make it enticing for recipients. As shown in the below sample message, recipients are offered a database CD of 57,000 Indian companies (SMEs).


We also monitored unsolicited offers that we think may ultimately lead to a compilation of opted-out email addresses for the spammers. Most of these spam messages draw email users with cash prizes or discounts...

Hon Lau | 15 Sep 2009 21:02:39 GMT

Yes folks, the Bredolab crew is at it once again. Today we saw a moderate wave of spam email, numbering a few thousand per hour. Not to be drawn to the depth of exploiting the death of Patrick Swayze to deliver their malware, the Bredolab gang is still adapting old reliable—spam email messages with promises of undelivered parcels and cash for collection. Depending on whether the delivery is for cash or for a parcel you will get a slightly different message, although the attachment names are much the same as one another, following a distinct pattern.

For parcel deliveries you might see something like the following example:

Dear customer!
Unfortunately we were not able to deliver the postal package sent on the 24th of June in time
because the recipients address is inexact.
Please print...

Mayur Kulkarni | 11 Sep 2009 00:51:05 GMT

The IRS settlement offers for U.S. taxpayers holding accounts in foreign banks end on September 23, 2009. Using these offers, one can fully disclose and pay their back taxes, interest, and penalties. In return, the IRS will go back and scrutinize only a limited number of tax years, along with lower penalties and no criminal prosecution. Legitimate FAQs on the settlement offered by the IRS can be found here, with additional information found here.

Spammers are using this deadline to expand their network, using malicious attacks and sending fake IRS email notifications to recipients. These emails do not mention the deadline, but they explicitly describe the issue as “Unreported/Underreported income.” Users might possibly panic over the subject line “Notice of Underreported income,” and download...