Video Screencast Help
Security Response
Showing posts tagged with Spam
Showing posts in English
Mayur Kulkarni | 02 Apr 2009 11:45:23 GMT | 0 comments

Spammers have recently adopted a different strategy to lure users into viewing their messages and clicking the links inside them. Typically, spam messages attempt to lure unsuspecting users with an email using a linked phrase, such as “Click this website to know more” or “Open this website to check.” We are monitoring a new approach in attempting to draw in readers to open these links. The hyperlinked text will say something like:


Read my blog to learn how I did it
Just check out <NAME>’s Blog to find out how he did it
Read about it on my blog

It’s common for the subject line of these emails, as well as the sender line, to make reference to some blog. These instances can lure users to open the message, and further check the so-called blog by clicking the embedded URL. However, the links actually redirect to Web pages selling health-related products or...

Takako Yoshida | 31 Mar 2009 18:04:42 GMT | 0 comments

From bank accounts to credit card numbers, personal information is at high risk as spammers are very fond of gathering data that will sell on the underground economy. Therefore, users are advised to be cautious and not expose their information (i.e. don’t submit personal details to questionable sites). So, what would you say if there is a service that protects your personal identification, such as a Social Security number? Would you be interested and want to find out more details? The answer should be “NO” if this offer is from a spammer.

Symantec has recently observed a message that appears to be a direct service promotion from an identity theft protection company, claiming that they can keep Social Security numbers away from risk:





The spam...

Dermot Harnett | 31 Mar 2009 17:00:28 GMT | 0 comments

If you are a resident of the United States and haven’t already filed your tax returns, maybe you should consider reading the following blog post. The countdown to “tax day” (April 15 in the United States) is currently in full swing, with the IRS offering daily tips for filing.

The run-up to tax day in the United States has traditionally become a time when phishing directed towards the IRS becomes more prevalent. As reported in previous Symantec State of Spam reports, spammers continue to attempt to disguise themselves as the IRS, dangling tax refund offers in front of unsuspecting users.

These “offers” are aimed towards recipients who may be unaware that the IRS “does not initiate communication with taxpayers through email.” The purpose of...

Francisco Pardo | 31 Mar 2009 11:55:53 GMT | 0 comments

During hard economic times, people look for ways to save money. Spending money on necessities such as tax preparation is no exception. Recently, spammers have been offering ways to save money on tax preparation as a means to enter a user’s inbox.
Below are some examples of subject lines spammers are using to lure users into opening messages:


File Your Returns Now!
TaxAct Online Home of the Totally Free federal tax return.
Prepare Free Print Free IRS e-file FREE
Click the link below to start your tax return

These messages are not just limited to taxpayers in the United States. Since spammers are part of  international underground corporations, other countries fall victim to spammers’ tactics as well. Our technicians have monitored emails directed to the people of France using the same principle. Here is an example:


Mayur Kulkarni | 24 Mar 2009 22:04:33 GMT | 0 comments

It seems malicious attacks on job seekers were not enough. We are now seeing MMF (Make Money Fast) spam also stepping up to exploit the financial situation. Recent spam related to the recession included fake job offers as well as rejections. Some of the spam offered to help recipients out of the recession by making available financial help within 24 hours or less, without considering their credit ratings.

We will discuss MMF spam in this blog - one of the categories which targets users hit by the recession. This particular technique includes spammers sending plain text e-mails with phone numbers inside the message, enticing the recipients to call and earn easy money. This may not be a new spamming method; however it is the dire situation that spammers are cashing on. Some of the subjects related to ‘recession’ include:


Takako Yoshida | 24 Mar 2009 20:55:43 GMT | 0 comments

As the Internet community continues to pay more attention to the reputation of websites and email senders, spammers are doing their best to hide behind well-established and reputable brands. Social networking sites have for some time now been used by spammers in the spam war. As more and more people become connected through social networking sites, it is not unusual to receive notifications of status update or sharing information from your friends. Symantec has recently observed a number of spam attacks claiming to be messages from various social networking sites.

One recent sample attempted to attract the attention of the recipient by using the following tactics:
1.    Claiming to be from a social networking site
2.    Indicating in the Subject line that message was from a social networking site
3.    The message indicated that the recipient had a personal message.



Mayur Kulkarni | 23 Mar 2009 22:48:55 GMT | 0 comments

When somebody throws us a challenge, we get ready to tackle it. There is nothing wrong with taking a challenge; however it is not wise when such tests are marked with trickery, and can cause financial losses.  We have observed recent messages, where the spammer challenges the recipient to an IQ test. The challenges can be found in the following subject lines:

How smart (or dumb) are you?
Someone Thinks You Are Dumb - Take The Quiz and Prove Them Wrong!
Pick Your Brain With This Quiz

By clicking on the URL inside the message, the user is redirected to the page in the graphic below. This page informs the user of the current high IQ score and invites them to take a test. The page also describes the terms of the quiz, and that results will be provided to the user upon completion of a mobile game subscription offer. These terms are placed at the bottom of the page with a small font...

Dermot Harnett | 18 Mar 2009 16:12:44 GMT

Given the ominous subject line, “Take care about yourself!” [sic], fear mixed with excitement might propel some recipients to disregard security consequences and click on URLs that link to malware. In this recent spam example, geo-location services were used to target the recipients of the message. Depending on the relative location of the message recipient, the location of the fake terrorist attack mentioned in the text of the message differs.


In one particular location the spammer indicated that there was a “Powerful explosion burst in San Pablo this morning,” and in another they indicated that there was a “Powerful explosion burst in Pune this morning.” Then, there is a brief description of the “attack” including, “At least 12 people have been killed and more than 40 wounded in a bomb blast“ and “explosion was caused by 'dirty' bomb.” The logo of a prominent news wire service was added...

Dermot Harnett | 17 Mar 2009 12:43:04 GMT | 0 comments

Similar to the topic of the economy, everyone is talking “green” these days, and it’s not just with St. Patrick’s Day occurring today, March 17th. With the renewed attention on environmental responsibility, spammers seem to have become inspired and have decided to contribute with green spam. This recent contribution has helped to ensure that spam levels in February 2009 averaged 86% and has pushed spammers one step closer to obtaining their own “pot of gold.”
In his recent address to Congress and America, President Barack Obama struck a note of optimism, declaring that the Unites States’ best days are ahead even if, at this moment, the future looks bleak. Unfortunately, in March 2009 the economy has become one of the factors contributing to the spammers’ unique version of a stimulus plan. Some recent examples of the economic stimulus spam plan included: job seekers becoming targets of a spam attack that included...

Vivian Ho | 16 Mar 2009 22:52:28 GMT | 0 comments

Seminar spam often competes with fake invoice spam for the top position in Chinese language spam. Chinese seminar spam is sent out in a manner that is similar to a legitimate and regular business training course or seminar/presentation invitation.

Like any real seminar, Chinese seminar spam identifies the purpose, location, time, and workshop details. Application fees and contact information are required to access the “offer.” Chinese seminar spam often takes a similar pattern to Chinese language fake invoice spam as outlined in an earlier blog post. We’ve seen Chinese language seminar spam evolve from using plain text, Microsoft Word, PDFs, and graphic attachments in the last five years in varied attempts to  bypass antispam filters.