Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Mayur Kulkarni | 23 Mar 2009 22:48:55 GMT | 0 comments

When somebody throws us a challenge, we get ready to tackle it. There is nothing wrong with taking a challenge; however it is not wise when such tests are marked with trickery, and can cause financial losses.  We have observed recent messages, where the spammer challenges the recipient to an IQ test. The challenges can be found in the following subject lines:

How smart (or dumb) are you?
Someone Thinks You Are Dumb - Take The Quiz and Prove Them Wrong!
Pick Your Brain With This Quiz

By clicking on the URL inside the message, the user is redirected to the page in the graphic below. This page informs the user of the current high IQ score and invites them to take a test. The page also describes the terms of the quiz, and that results will be provided to the user upon completion of a mobile game subscription offer. These terms are placed at the bottom of the page with a small font...

Dermot Harnett | 18 Mar 2009 16:12:44 GMT

Given the ominous subject line, “Take care about yourself!” [sic], fear mixed with excitement might propel some recipients to disregard security consequences and click on URLs that link to malware. In this recent spam example, geo-location services were used to target the recipients of the message. Depending on the relative location of the message recipient, the location of the fake terrorist attack mentioned in the text of the message differs.

In one particular location the spammer indicated that there was a “Powerful explosion burst in San Pablo this morning,” and in another they indicated that there was a “Powerful explosion burst in Pune this morning.” Then, there is a brief description of the “attack” including, “At least 12 people have been killed and more than 40 wounded in a bomb blast“ and “explosion was caused by 'dirty' bomb.” The logo of a prominent news wire service was added to try and...

Dermot Harnett | 17 Mar 2009 12:43:04 GMT | 0 comments

Similar to the topic of the economy, everyone is talking “green” these days, and it’s not just with St. Patrick’s Day occurring today, March 17th. With the renewed attention on environmental responsibility, spammers seem to have become inspired and have decided to contribute with green spam. This recent contribution has helped to ensure that spam levels in February 2009 averaged 86% and has pushed spammers one step closer to obtaining their own “pot of gold.”
In his recent address to Congress and America, President Barack Obama struck a note of optimism, declaring that the Unites States’ best days are ahead even if, at this moment, the future looks bleak. Unfortunately, in March 2009 the economy has become one of the factors contributing to the spammers’ unique version of a stimulus plan. Some recent examples of the economic stimulus spam plan included: job seekers becoming targets of a spam attack that included...

Vivian Ho | 16 Mar 2009 22:52:28 GMT | 0 comments

Seminar spam often competes with fake invoice spam for the top position in Chinese language spam. Chinese seminar spam is sent out in a manner that is similar to a legitimate and regular business training course or seminar/presentation invitation.

Like any real seminar, Chinese seminar spam identifies the purpose, location, time, and workshop details. Application fees and contact information are required to access the “offer.” Chinese seminar spam often takes a similar pattern to Chinese language fake invoice spam as outlined in an earlier blog post. We’ve seen Chinese language seminar spam evolve from using plain text, Microsoft Word, PDFs, and graphic attachments in the last five years in varied attempts to  bypass antispam filters.


Dermot Harnett | 13 Mar 2009 22:25:53 GMT | 0 comments

In the legal realm, certain spammers have, from time to time, occupied the defendant’s chair. In a recent spam attack it seems that a spammer wishes to change this legal position and become the “pied piper” in some class action lawsuits.

The FDA first approved Avandia in 1999 to treat type 2 or adult onset diabetes. In February 2009, a spam message relating to this drug was reported to be making the rounds. The message comes with the following subject line: “Have You Taken AVANDIA? Important Lawsuit Information.”  The spam message indicates that “If you or someone you know has taken Avandia you or that someone or their family may be entitled to monetary damages.” A URL link is available for the recipient to click on to “Begin Your Free Review Form.”

Another vector that has recently...

Dermot Harnett | 13 Mar 2009 22:19:49 GMT | 0 comments

Everyone is talking about going green these days, and it’s not just because St. Patrick’s Day is around the corner on March 17th. The Obama administration has recently reiterated its efforts to create "21st century jobs that improve energy efficiency and utilize renewable resources." With the renewed attention on environmental responsibility, spammers seem to be inspired and have decided on contributing with green spam.

We recently observed a spam attack with a message claiming that the recipient could lower their electric bill to $0.00 per month, with the possibility of even getting a power company to pay the recipient for the use of any excess energy produced. Among the reasons provided by the spammer as to why this offer should be accepted was: “You will be able to protect your pocket book during these recession times and spend money on more important things...”

The green spam “offer” included the following testimonials...

Dermot Harnett | 11 Mar 2009 20:09:07 GMT | 0 comments

From Martha Stewart to Anna Kournikova—even the White House has one—blogs and microblogs are all the rage, with the ability to self-publish one’s thoughts and experiences for the world to read. The Symantec Security Response spam blog has recently published a myriad of posts documenting the ever-changing spam landscape. Symantec’s antispam team has blogged about recent spam attacks, such as Russian bride spam, spam attacks targeting job seekers, and even Turkish-language spam; so, it is fitting that a recent spam message observed by Symantec related to getting “paid” to write blogs should be discussed here.

The spam message claimed things like “freelance writers are needed” and “post in blogs”—all packaged together nicely with an offer to get paid anything...

Mayur Kulkarni | 11 Mar 2009 19:16:13 GMT | 0 comments

Phishing emails are sometimes known to elicit emotions such as fear, uncertainty, and in some cases panic. One particular type of phishing message will normally contain a warning that attempts to convince users to click on fraudulent links. Often, these warnings are in the form of fake “Account Update” or “Account Restriction” notifications, and contain a variety of features designed to trick the recipients into thinking that the email is genuine.

We recently came across an interesting Russian sample, which displays yet another method used to deliver the “fear factor.” The fraudster introduces him/herself as a thief who has stolen money from the recipient of the message, and states that the money will not be returned. The obvious attempt here is to trick the recipient into reacting with panic. The scammer will be hoping that panic will lead the user to try and check out whatever information is available in the message, and in this case the...

Mayur Kulkarni | 11 Mar 2009 17:24:45 GMT | 0 comments

In our earlier blog post on Italian spam, we reported seeing spammers testing their spam in local languages, perhaps for better acceptability in that respective region. Spammers are trying to understand the requirements and psychology of the local population, and therefore are working on their messages to gain as much attention and profit as possible. This work mainly includes the use of a local language in the message to give it an authentic look-and-feel.

Spam content in such emails may have been translated from an English version, perhaps using free language translation tools on the Internet. Another option is to have the desired text translated to native languages by a professional translator and then use it for spamming.

In the Turkish spam sample below, spammers are offering recipients the chance to learn and enhance their English know-...

Dermot Harnett | 07 Mar 2009 00:50:31 GMT | 0 comments

Following closely on the heels of Valentine’s Day spam, a new wave of Russian bride spam has emerged. During the final analysis on Valentine’s Day-related spam, it became apparent that as the holiday approached there was a 700 percent increase in spam messages with a Valentine’s Day theme. The biggest increases by percentage were seen in the phrases “February 14,” with a 200 percent increase; “Valentine’s Day,” with a 500 percent increase; and last, but certainly not least, the term “Valentine” experienced a 9,000 percent increase as Valentine’s Day came and went for another year.

Russian bride spam has been around for a number of years now. With previous Russian bride spam examples, the recipient was encouraged to communicate over email with a prospective bride. However, the problem with...