Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Dermot Harnett | 08 May 2009 21:25:59 GMT | 0 comments

Spam volumes continue to creep back up to normal, and are currently sitting at 94 percent of their pre-McColo levels. The recent swine flu outbreak has become yet another example of how spam continues to respond to current events. The use of the swinef flu outbreak in this manner is yet another case of history repeating itself, since it follows closely on the spammer’s abuse of the Italian earthquake and the U.S. tax day.

In another example of history repeating itself, image spam has recently made an unwelcome return.  While it has not yet returned to the dizzying heights of January 2007, when it reached 52 percent of all spam messages, image spam hit an average of sixteen percent of all spam messages towards the end of April 2009.

Click here to download the May 2009 State of Spam Report, which highlights the following trends...

Amanda Grady | 05 May 2009 16:26:19 GMT | 0 comments

Spam messages with empty bodies are often associated with “directory harvest attacks,” which is a spamming technique where email servers are bombarded with thousands of emails in the hope of discovering the valid ones; or it may be that the call to action is entirely contained in the subject line (as is described here). In recent weeks Symantec has been observing a different type of blank-body spam attack.

In these attacks, when the message arrives on the end-user’s machine, the “subject,” “from” line, “to” line, and “body” are all completely blank. If the full message headers are examined, a typical pharmaceutical spam advertisement can been seen in the message headers, along with the content headers from the data stage of the SMTP conversation, as shown below.



Dermot Harnett | 29 Apr 2009 19:22:04 GMT | 0 comments

According to recent political opinion polls, U.S. President Obama’s approval rating currently stands at 65%. It is clear that when his first 100 days in office are analyzed, spammers also view him favorably. In the last few weeks there has been a noticeable boost in the number of spam messages that use his name and popularity to promote certain spam products and services.





President Obama first became a target for spammers in 2008, when Obama and his then challenger Senator John McCain had their names linked with "portable dewrinkle machine" spam, medical product spam, and get-rich-quick spam messages. When President Obama took his campaign to Europe in July 2008, Spammers duly followed up with a spam campaign that contained links to malware. Ever since President Obama was...

Mayur Kulkarni | 28 Apr 2009 10:21:17 GMT | 0 comments

The swine flu outbreak in Mexico and the United States is making news headlines all over the world, with updates coming out in real time from the Centers for Disease Control and Prevention. The scare has spawned a spamming frenzy, like sharks smelling blood in the water. Symantec has been monitoring the spam and is continuing to analyze the underlying intentions of the associated messages. In the past, such current event spam campaigns included sending malicious messages, in which the email user is lured into clicking malicious links that pretend to be a harmless link or a related video. However, this time around it is an email address that the spammers are more interested in collecting—perhaps as part of a harvest for their future campaigns.

One of the samples (shown below) simply informs recipients of the disaster, using linked news headlines from reputable news agencies. Users are asked whether they...

Mayur Kulkarni | 27 Apr 2009 20:18:26 GMT | 0 comments

In an effort to track the prevalence of Mother’s Day spam, we’ve started monitoring recent spam samples and have found that the spammers seem less enthusiastic about Mother’s Day than other events around the world, such as the resurgence of interest in the swine flu. Most of the Mother’s Day-related spam we analyzed consisted of Internet offers providing personalized gifts such as photo frames or jewelry. Others included gift cards, kitchen related products, and the ever-present weight-loss solutions.





Some of the common subject lines are listed below:


Personalized Mothers Day Gifts
Mother's Day Gifts
This is about Mother's Day next month
Microwavable pasta cooker. Mother's Day is near...

Samir_Patil | 20 Apr 2009 18:47:55 GMT | 0 comments

We’ve observed a new malicious spam threat that arrives as an email promoting a free software trial that purportedly can be used to spy on people’s SMS (Short Message Service) messages. The spammers are claiming that this software can be used to snoop around the SMS messages of your partner, or for general SMS spying, and a URL is provided for a download of a 30-day free trial of the software.

Unfortunately the URL leads a user to download an executable file that goes by different names, such as sms.exe, smstrap.exe, and freetrial.exe—all of which are nothing but pieces of malicious code. Symantec security products identify the particular malware served up in this attack as W23.Waledac.

As is common in spam, these messages target human emotions such as fear, jealousy, and suspicion to spread the malware. But, as always,...

Samir_Patil | 15 Apr 2009 19:33:33 GMT | 0 comments

Many anti-spam techniques work by searching for patterns in the header or body of the email message and creating signatures for them. To bypass these filters, the spammer intentionally introduces obfuscation by misspelling certain keywords, inserting random lines, or adding invisible words in the message.

Recently, Symantec has observed dating- and health-related spam messages where the URLs of well-known brands are used to obfuscate the message. The spammer has added URLs varying in number—from 5 to 15 in a single message. These URLs are invisible, since the font color of the URLs is the same color as the background of message. These URLs are actually the “postmaster information” Web page or a “news” Web page of reputable companies.

Some of the subject and legitimate URLs found in the samples are as follows:

Subject: Good Day To You
Subject: OMG your hot we should chat!
Subject: Hey whats up wanna chat?

<a href...

Vivian Ho | 14 Apr 2009 20:09:32 GMT | 0 comments

Happy Easter! Are you really blessed? Spammers always have favorite holidays. And while they couldn’t join your family for an egg hunt this year, they didn’t forget to send their greetings during Easter week. During the past week we observed fraudulent e-card notifications spoofing a well known Internet e-card service site.

The message contains legitimate From: and Subject: lines, along with a heart-warming Easter message to make up the body content. Spammers used a legitimate-looking pick up notification hyperlink to lure the recipient to click it. However, a PHP URL is embedded into HTML, which actually links users to another URL where malicious code may be downloaded onto their system.

This is a typical spam tactic, but recipients should still be aware of it during this post-holiday season, since the scam still exists. We urge recipients to be aware of this type of greeting to avoid vicious attacks. Most importantly, do not open emails with suspicious...

Mayur Kulkarni | 08 Apr 2009 21:46:41 GMT | 0 comments

When trying to solve difficult problems, people examine different approaches and strategies. This includes applying known techniques or variations to deliver favorable results. Though variations can be interesting, using a known method has a better chance of getting results. Spammers are no exeption– they are again trying their hand with image spam, seeking an opportunity to catch some anti-spam filters off-guard and sneak through to reach a user’s inbox.
During the last couple of weeks, we have observed an increase in use of images especially with health-related spam. As seen in the past, we also see different obfuscation techniques being used. This includes adding noise to the image to avoid detection of similar images. Along with images, random texts in the message are also observed - again an attempt to bypass the filters. Currently, we don’t see this old technique of using images interfering with anti-spam effectiveness.


Vivian Ho | 08 Apr 2009 21:33:07 GMT | 0 comments

While everyone is still in shock from Monday's 6.3-magnitude quake in Italy, spammers are unfortunately capitalizing on this event.

Not long ago, we monitored an inbox burst with a fake news headlines focusing on Hollywood celebrities, popular politicians and current events which spread malware through attachments.

Sample subject lines were:

  • “Britney Spears Overdose”
  • “Lindsay Lohan crashes brand new Lamborghini”
  • “Beijing Olympics cancelled upon the death of China's president”
  • “Obama bows out of presidential race.”

Sample headers and body text:

Sample 1

attachment filename= "never.exe"
From: <xxxxxxxxxx@xxxxxxxxx.xxxx>
Subject: URG

President Bush DEAD! Read attached file!

Sample 2