Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Mayur Kulkarni | 28 May 2009 14:07:07 GMT | 0 comments

In our earlier blog on online fraud, we explained how HTML attachments are used in phishing attacks. We also mentioned how the attached files were named in order to mislead users. For example:

Account reset form.pdf.htm
Bank-Account confirmation form.pdf.htm

These filenames may confuse the recipients and trick them into submitting sensitive banking information through the HTML file. Recently

we have come across similar messages that use the same technique, this time for harvesting email addresses. These messages mention the falling sales of a major auto company due to the economic recession. It further states that the government plans to bail them out, but the actual funds have yet to reach the auto company. So, they are offering the sale of 1,000 autos discounted to...

Mayur Kulkarni | 26 May 2009 20:34:21 GMT | 0 comments

The latest figures from the World Health Organization (WHO) say that there are at least 170 million diabetic patients worldwide, and that number will double by the year 2030. The chronic nature of diabetes means that these patients constantly need to control their blood sugar level using medicines. Along with medicines, lab tests are necessary to check on the disease that will become part of a patient’s routine life. With the ongoing financial crisis affecting all walks of life, recurring expenditures on medical care can be costly for an individual and his or her family. Obviously these patients will look for discounts or offers to help them through their situation.

Online medical suppliers provide varying discounts or offers, one being a free glucose meter to visitors placing a supply order. Spammers have also read the picture well and are providing the...

Samir_Patil | 21 May 2009 21:52:44 GMT | 0 comments

Spammers habitually exploit the reputations of brands for their benefit. As more and more people become connected through social networking sites, it is no surprise that the trust and reputation earned by these websites is misused by spammers. We are monitoring spam attacks this week that try to take advantage of the burgeoning social networking brand Twitter for two spam campaigns: make money fast (MMF) and dating spam.

In the MMF attack, a URL is provided to order a “Risk-Free Twitter Profit Software” kit. When the user clicks on the URL in the promotional email, he or she is redirected to a Web-form that asks for personal information such as name, email, and address. This is followed by another form asking for your credit card number, expiration date, and security code.

Below are some of the subject lines used in this latest MMF spam:

Subject: Twitter Guru Reveals All On Video
Subject: Use Twitter to make money...

Samir_Patil | 21 May 2009 16:39:08 GMT | 0 comments

Spammers have declared open season on Memorial Day. Observed in the United States on the last Monday of May, Memorial Day memorializes those men and women who lost their lives in American military service. This year, it will celebrated on May 25.

Memorial Day spam made its appearance early last week. These emails mainly contained health-related spam and offers selling Memorial Day flags. Health-related spam has URLs that lead users to open online pharmacy stores. Spam emails linked to Memorial Day flags claim to offer the free home delivery of discounted rate flags. A few other spam samples have injected legitimate news articles related to Memorial Day in the email body as an attempt at obfuscation.

The following are a few of the subject lines used in the Memorial Day spam promotion:

Subject: Memorial day sale, 80% off all...

Vivian Ho | 20 May 2009 19:33:56 GMT | 0 comments

In the last couple of months we’ve seen medical image spam offers resurfacing with regularity. Image spam advertising meds is easy to recognize, with a prominent med promotion image in the body. The subject lines advertise the products’ effectiveness and include noise added in the image attachment to attempt to bypass antispam filters. These are old techniques that are still common in med spam.

Spammers are also developing new tactics to attract visitors. They attempt to play mind tricks on the spam recipients, using warnings that are similar to what might be received from a system admin and personal greetings in subject lines—both attempts to lower recipients’ awareness in order to get their messages read.

We’ve recently observed a round of med spam that is sent in ordinary e-postcard form. In these messages we see that the spammers are using warning-style subject lines in order to try to dupe recipients into thinking they are violating...

Samir_Patil | 15 May 2009 14:39:28 GMT | 0 comments
Do you wish to attend finals of the 54th Eurovision Song Contest in Russia?  Why not, spammers have made it seem easy to grab those hard to get tickets for the event.
Eurovision is one of the most prestigious annual competitions held among active member countries of the European Broadcasting Union. The competition runs from May 12th-16th with the 16th being the Grand Final.
We've recently come across some Russian spam emails that attempt to sell tickets to the Grand Final. The email even claims to offer free home delivery of the tickets. There is no URL in the message to buy tickets, but instead an obfuscated phone number is provided at the bottom of the email to contact for further communication.
Below are a few of the subjects observed in the recent spam campaign:
Samir_Patil | 13 May 2009 18:18:09 GMT | 0 comments

The deadly wildfires of southern California have affected thousands of people and destroyed many homes and unfortunately is just adding fuel to the spammers’ fire. In one of the recently observed samples, recipients are informed about the wildfire in the Subject line of the email and a URL is provided that redirects users to an online pharmacy website.

In other spam samples, headlines linked with wildfire are being used either in Subject lines or in the body of the email. The difference is, there is no URL or attachment observed in these samples.

Below are some of the various headlines used in this recent spam run:

Subject: California fire burns, homes destroyed
Subject: Fierce California wildfire burns into fourth night
Subject: More than 30,000 ordered to flee Calif. wildfire
Subject: California Wildfires Roar To Life – Again
Subject: Calif. fire crews hope dry winds take...

Mayur Kulkarni | 13 May 2009 12:21:11 GMT | 0 comments

Interested in a 20-40% discount for dinner at your favorite restaurant? Obviously this sounds like a delicious offer, especially if you only have to provide your personal information and interest in a job offer. However, when we checked out these job offers, we found many similarities to the offers discussed in our earlier blog on Italian job offer scams. This time around, spammers felt the need to use a different approach. So, they are offering recipients discount coupons that they claim are valid in all of the renowned restaurants in town. In return, all they want is user information, such as:

•    Name
•    Year of birth
•    City name
•    Favorite restaurant
•    Number of visits to the restaurant
•   ...

Robert Vivas | 13 May 2009 10:31:14 GMT | 0 comments

Last week we blogged about Japanese adult dating spam. Another often-seen spam type in the Japanese language is the “make money fast” (MMF) offer. The following are some common MMF subject lines:

1.    Work at home business
2.    SOHO – Small Office Home Office
3.    Make Money Without Doing Anything

With this type of message, we have observed that spammers rely heavily on third-party mailers to distribute their email. The main reason why these spammers are using third-party mailers is to try and bypass anti-spam filtering. Spammers do so by utilizing shortened URL services to redirect end-users to their actual site. By using shortened URL sites, spammers can mask their actual URL domain in the message, thereby hoping to not be detected and/or blocked by anti-spam vendors. Below are a couple of examples:

Example 1:


Mayur Kulkarni | 12 May 2009 17:57:14 GMT | 0 comments

Get a PhD or MBA degree for free in two weeks! No exams, no classes, and no prior work experience—sound cool? Well, in the underground email economy there are a wide variety of degrees up for grabs. Degrees in criminal justice, massage therapy, nursing, and “degrees for working moms” are among the most common diplomas that are offered. There are several messages sent across by spammers to entice email users to consider such offers. During these times of recession, many professionals/students opt for higher education in an effort to enhance their skills in the gloomy job market. Perhaps it is during the recession period that spammers fancy their chances of getting more responses from email users through fake degree spam campaigns.

Emails with following subject lines are commonly seen:

Nominated for a Ph.d
Online University diploma degrees
Get your MBA degree
Consider Massage Therapy as a new...