Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Spam
Showing posts in English
Dylan Morss | 03 Feb 2009 22:40:15 GMT | 0 comments

After I posted a blog entry last week (1/28/2009) on Valentine’s Day spam subject lines, I thought it would be interesting to take a closer look at specific words related to Valentine’s Day that have been appearing in spam subject lines recently to see if there were any trends. I had previously noted an increase in the appearance of a few Valentine’s Day related words; “cupid,” “Feb 14,” and “February 14,” and I wanted to expand the search a bit. I was hoping to try and redeem the reputation of Valentine’s Day spam since my previous post put the spammer’s intentions in a less romantic light than the holiday warrants. I decided to search for traditional Valentine phrases such as the following: chocolate, cupid, Feb 14, February 14, flowers, heart, jewelry, Valentine, and Valentine...

Dylan Morss | 28 Jan 2009 22:57:35 GMT | 0 comments

What would your Valentine like this year? Perhaps a shopping spree, a watch, cash, or an assortment of E.D. or weight loss pills?
We are nearing the end of January and Valentine’s Day spam is in full swing. Spammers have been busy making sure they have the perfect gift for your loved ones this year.
The top 20 Valentine’s Day spam subject lines seem more like a laundry list of solutions for a cast of depressed porn stars than an array of truly romantic gifts. What says "Happy Valentine’s Day" quite as well as "Hi Sweetie, here are some weight loss pills for you this year, maybe you can drop a few pounds!"?

The top 20 Valentine’s Day-related subject lines for January


Increase your length, the best valentine's gift
Show off your length for valentine's
Get it before Valentine's day and watch her smile
You have been...

Mayur Kulkarni | 28 Jan 2009 17:49:49 GMT | 0 comments

During the past few days we have observed a rise in Russian spam that is offering various local trade services at cheap rates. Instead of using the old standby methods, they are spamming out telephone and ICQ numbers in their ads rather than redirecting email recipients to malicious websites, as is usually seen with spam related to pharmacy or watch replicas, for example.

The interesting concept of this spam lies in the simplicity of the localized services offered. For example, the majority of these spam emails consist of ads for everything from audio books to real estate, from personalized accounting services to the installation of auto glass. For these types of services, it may be that maintaining a dedicated website can be costly and unnecessary. Also, this may be an effort to move away from embedding URLs in emails because anti-spam filters commonly block such messages.

The primary action required for the recipients of these spam messages is to call a telephone...

Dermot Harnett | 28 Jan 2009 00:43:57 GMT | 0 comments

As the Chinese New Year (Spring Festival) continues to be celebrated around the world, a recent increase in the abuse of the .cn (China) country code top-level domain (ccTLD) has been observed in spam messages. A top-level domain (TLD) is the part of a domain name that follows the final “dot” of any domain name. A ccTLD is a top-level domain generally reserved or used by a country or dependent territory. As noted in the January 2009 Symantec State of Spam Report, approximately 90 percent of all spam messages today contain some kind of URL. In January 2009, an average of 32.5 percent of the URLs observed have had a .cn ccTLD, compared to the average of 57 percent of URLs that had a .com TLD.





Spammers often rotate domains and TLDs in their spam messages because they likely feel this tactic...

Kelly Conley | 27 Jan 2009 19:26:28 GMT | 0 comments

Macau is the only place in China where there is legalized gambling.* In order to gamble legally in China a person would need to spend money on travel and accommodations to get there. Is there a way to avoid the hassle and expenditure of traveling to Macau for those persons that are interested in gambling? Well, it seems that spammers are offering a solution to the Chinese population: gambling online, from the comfort of your home.

Symantec has recently observed what we believe to be the first instance of online casino and sports betting spam using the Chinese language. The layout of the message is very similar to what we frequently see in English-language casino spam. The message asks users to download a number of software packages and register an account. By registering an account, a user automatically becomes eligible for a random amount of free cash or bonus points. This is all a very common occurrence in English-language spam related to gambling. But,...

khaley | 20 Jan 2009 00:02:56 GMT | 0 comments

Have you booked any airline travel recently? One way or the other, you may be surprised to find some email in your inbox telling you that you have. And, that your credit card has been charged for it! Don’t let curiosity or concern get the better of you—do not open the attachment that is likely accompanying the message. If you do, you would probably end up installing malicious code on your machine.

There are spam messages circulating that are purportedly coming from several major airlines. United Airlines is the latest airline that has been mentioned, but Security Response has seen spam email falsely claiming to be from Northwest Airlines, JetBlue, Midwest Airlines, and Sun Country Airlines. Undoubtedly other airlines will be exploited as well. The email will usually name a specific dollar amount that your credit card has supposedly been charged for air travel. It even offers you a login and password for the airline’s website, but what the...

Zulfikar Ramzan | 19 Jan 2009 15:44:00 GMT | 0 comments

In previous blog postings, I talked about politically themed online malicious activity, focusing on what we observed during the recent U.S. presidential election cycle. Even though the election itself has long since been over, we are continuing to see similar political themes in today’s attacks.

As anticipation builds around President Elect Barack Obama’s upcoming inauguration ceremony, Symantec’s Threat Intelligence team analyzed a new wave of malicious spam messages with a “Presidential theme” that found their way into one of our vast number of global sensors.

The corresponding emails have subjects and bodies similar to the following:

Subject: You must look at this!
Our new president has gone

Yours truly,
Dan Harrison

Subject: Breaking news
Barack Obama refused to be the president of...

Dermot Harnett | 08 Jan 2009 13:41:28 GMT | 0 comments

Happy New Year! At this time of year, personal and professional resolutions are often made. These resolutions are often broken within a few days, but it is clear that one resolution will not be broken in 2009. Spam levels are slowly creeping back up to their pre-McColo shutdown levels and spammers have come back fighting. You may remember that on November 11, 2008, McColo-hosted systems were shut down based on abuse complaints. As a result, spam volumes dropped dramatically across the world. However, recent statistics indicate that spam volumes have slowly crept back up to 80 percent of their pre-McColo shutdown levels.
In recent days, Symantec has also observed that spammers are continuing to piggyback on legitimate newsletters and using the reputation of major social networking sites to try and deliver spam messages into recipients’ inboxes. The social networking spam messages were carefully crafted to closely mimic the legitimate notification emails often...

Amanda Grady | 07 Jan 2009 19:20:24 GMT | 0 comments

Symantec has observed at least two major social networking sites being spoofed in spam attacks this week. The spam is likely hitching a ride on the back of a recent phishing scam, as discussed on our Norton Protection Blog. The spam emails appear to be official notifications from the social networking sites, with identical subject line formats. The headers of the messages, such as message ID, received lines, and even the custom X-headers have been carefully crafted to closely mimic a legitimate email as closely as possible.

The lure of the emails is the promise of a free mobile phone. There are two different attack vectors being used. In the first variation the user is invited to click directly on a link in the email. In some cases, a free blogging site is used as an intermediary to...

Dylan Morss | 20 Dec 2008 00:26:04 GMT | 0 comments

After the shutdown of McColo, which was aiding the distribution of about half of all spam on the internet globally, spam volumes dropped. However, since mid-November, spam volumes have been slowly inching their way back up as old botnets are being brought back online and potential new botnets are being created.

At this point, spam volumes have slowly crept back up to 80 percent of their pre-McColo shutdown levels (when reviewing daily averages):



The types of spam being seen in new attacks are similar to what was being sent around the Internet prior to the shutdown. The spam messages can be categorized into the following groups:

  • Replica watches
  • Generic pharmacy
  • Erectile dysfunction drugs
  • Weight loss
  • Software

The spam is being sent from various countries...