Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Spam
Showing posts in English
iPad 3 Spam
Sean Butler | 24 Jan 2012 02:38:43 GMT | 0 comments

Recently, I came across a scam email that is trying to take advantage of the hype surrounding the yet-to-be-released iPad 3. The release date of the iPad 3 is still unknown but spammers are already jumping on the bandwagon in the hope of scamming people who will be eager to get their hands on one of these devices.

The scammers introduce themselves as Mark Zuckerberg, the CEO of Facebook. The email then states how Facebook have joined up with Apple for a one time promotion – to give away an iPad 3 at no cost. This is, of course, all false information but the scam attempts to entice potential victims by stating how they have been randomly selected from a Facebook database. It is possible that a user could potentially be deceived by this ruse if they receive this email to the email address they have used to register with Facebook.

The user is then asked to click on a link and fill out a survey. The goal of the scammers here is to obtain personal information from...

Read more
Phishers Celebrate Christmas with Fake Lottery Prizes and Gifts
Mathew Maniyara | 05 Jan 2012 18:41:38 GMT | 0 comments

Co-author: Avdhoot Patil

Special occasions like Christmas have been a common ground for phishers to introduce new baits in their phishing sites. Last Christmas was no different and this time they used fake lottery prizes and gifts as baits. The phishing sites were hosted on free webhosting sites.

In the first example, a phishing site spoofing a gaming brand stated they wil reward the user with a Christmas gift. The phishing site exclaimed it hoped users like the gift and wished to encourage them to playing the game. To receive the fake gift, the user is asked to enter their login credentials and also complete a simple form.

The questions asked in the form are the following:

  • Will you be playing this Christmas?
  • If you could help, which way would you help us?
  • What is your age?
  • Please select your gift.

The choice of gifts included credit points, VIP status, club membership, and a selection of badges....

Read more
Fake Offers For Mobile Airtime Haunts Indian Users
Mathew Maniyara | 20 Dec 2011 02:17:51 GMT | 0 comments

Co-Author: Avdhoot Patil

Symantec is familiar with phishing sites which promote fake offers for mobile airtime. In December, 2011, the phishing sites which utilized these fake offers as bait have returned. The phishing sites were hosted with free web hosting.

When end users enter the phishing site, they receive a pop up message stating they can obtain a free recharge of Rs. 100:

Upon closing the pop up message, users would arrive at a phishing page which spoofs the Facebook login page. The contents of the page would be altered to make it look as though the social networking site was giving away free mobile airtime. A list of 12 popular mobile phone services from India would be displayed with their brand logos. Once the page completes...

Read more
False Epidemic Alerts Spread Malicious Content
Mayur Kulkarni | 07 Dec 2011 15:36:31 GMT | 0 comments

Spammers have used scare tactics in the past, notably during the swine flu outbreak in 2009. A similar spam campaign using scare tactics was observed during the weeks leading up to April 1, 2010 as an expansion of the Conficker worm with the possibility of a major threat launch. Overall, scare attacks are meant to cause panic reactions among recipients who may, out of fear, click malicious links or download and install malicious code. Similar approaches have been observed recently, this time with a false epidemic alert. In this spam campaign trumpeting false epidemic news, spammers try to infuse fear in users and encourage them to read instructions to remain safe from infection.

Sample email subjects suggest there is an epidemic in nearly all countries in the world. However, in...

Read more
Phishers Piggyback on Indian Websites
Mathew Maniyara | 02 Dec 2011 00:48:14 GMT | 0 comments

Contributors: Avdhoot Patil, Ayub Khan, and Dinesh Singh

Have Indian websites become a safe haven for phishers? To better understand, let’s explore how phishers create a phishing site. There are several strategies phishers frequently use: hosting their phishing site on a newly registered domain name, compromising a legitimate website and placing their phishing pages in them, or hosting their phishing site using a web hosting service.

Let’s now focus on the second method which involves the use of compromised legitimate websites. From April, 2011, to October, 2011, about 0.4% of all phishing sites were hosted on compromised Indian websites. These compromised websites belonged to a wide range of categories but the most targeted was the education category which included websites of Indian schools, colleges, and other educational institutions. Symantec has previously reported on the websites of...

Read more
Chinese Phish Tastes Bitter With Prizes
Mathew Maniyara | 30 Nov 2011 18:07:31 GMT | 0 comments

Co-Author: Avdhoot Patil

Symantec is familiar with baits commonly used in Chinese phishing sites. A grand prize, for instance, is often used as phishing bait. This November, 2011, phishers continue with the same strategy by including a brand new iPad 2 for a prize. The phishing sites were hosted on a free webhosting site.

The phishing page spoofs the Chinese version of a social networking gaming application. What is most interesting about the phishing page is that it displays a warning for an incorrect password (in red) even before any user credentials are entered. The phishing site announces to users that all fields are required to be filled before proceeding to the lucky draw. Users are prompted to enter their email address, password, email password, and birth date. The phishing site then states the winning email addresses will be drawn and winners would receive an iPad 2 and...

Read more
Evolution of Russian Phone Number Spam
Emily Liu | 28 Nov 2011 19:27:40 GMT | 0 comments

Article contributed by Emily Liu, Symantec Security Response Technician

Most of the Russian spam emails we usually encounter are about online advertising, product promotion, and training workshops. These spam emails typically are sent out unsolicited from free or hijacked personal email accounts, without opt-out, and have randomized subjects to avoid being caught in spam filters. Despite the use of random subjects, we continue to observe spammers who like to list phone numbers in the email as the only available means of contact instead of direct URL links.

Here is an example of a recent Russian event promotion spam:

Here is the English translation:

Figure 1. Russian-language spam promotion...

Read more
Beware of Your Holiday Travel E-Ticket Confirmation
Sammy Chu | 22 Nov 2011 00:17:22 GMT | 0 comments

How does Symantec know it's the week of Thanksgiving? Because as the busiest travel day of the year day quickly approaches, the day just before Thanksgiving , there is a surge in fake email ticket confirmations that lead to viruses.

Here is what a fake airline message looks like:

If you inspect the HTML coding for this message carefully, you will notice a malicious link in the anchor tag:

This link redirects to a known malware-hosting site in Russia which previously hosted Trojan.Maljava. Trojan.Maljava is a detection name used by Symantec to identify malicious Java files that...

Read more
Fake Social Networking Application Promotes Maldives
Mathew Maniyara | 12 Nov 2011 00:21:01 GMT | 0 comments

Co-Author: Avdhoot Patil

When phishing through social media, fake applications are a key technique used by phishers to introduce new kinds of baits. In October, 2011, phishers launched a new fake application named "Maldivian App". The phishing site was hosted on a free webhosting domain. It should be noted the legitimate site does not provide such an application.

Phishers put in more creative thought and time than usual in designing this phishing page. The phishing site contained an image with details about the application and included a form for Web users to enter login credentials. The image presents a ribbon in the tricolors of the Maldivian flag accentuated with the logo of a social networking brand and a Maldivian flag T-shirt. A prominent description of the application boasts that, after logging in, users would receive "cool news" about the Maldives.

For those interested in learning more about Maldives, wouldn’t it be...

Read more
Perfect Pit Where You Don’t Want to Stop
Samir_Patil | 10 Nov 2011 17:04:30 GMT | 0 comments

Sporting events are always popular among the spammers. Formula 1, a game of speed, thrill, and action, is no exception. In the past we have seen spam messages ranging from cheap and/or fake game tickets to phishing  around almost all major sporting events.

We are observing spam targeting the upcoming F1 Grand Prix which is being held November 11-13, 2011 in Abu Dhabi. Although the winner of the 2011 World Championship has already been decided by the last few races, this event is import because it is near the end of the 2011 season and the drivers will be scoring vital points to retain their positions.

Here is an example spam message:

The spam message invites users to attend the race in Abu Dhabi, UAE. Spammers offer a private table, champagne, canapé reception, open bar at the venue, and many more luxurious items. The attractive deal with “limited availability for...

Read more