Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Online Fraud
Showing posts in English
Fake Donations Continue to Haunt Japan
Mathew Maniyara | 07 Jun 2011 11:49:49 GMT | 0 comments

A couple of months ago, Japan was hit by an earthquake of magnitude 9.0. The earthquake and tsunamis that followed caused severe calamity to the country. Phishers soon responded with their fake donation campaign in the hopes of luring end users. Unfortunately, it seems that the phishers are continuing to use these fake donations as bait in a recent phishing attack we observed.

In a fake donation campaign, phishers spoof the websites of charitable organizations and banks and use those fake sites as bait. This time, they spoofed the German page of a popular payment gateway site with a bogus site that asked for user login credentials. The contents of the page (in German) translated to “Japan needs your help. Support the relief efforts for the earthquake victims. Please donate now.” The message was provided along with a map of Japan that highlighted two cities from the affected region....

Read more
Spear Phishing in Google’s Pond
fdesouza | 06 Jun 2011 13:47:32 GMT | 0 comments

Francis deSouza - Group President, Enterprise Products and Services, Symantec

Earlier this week, Google posted a blog stating that the personal Gmail accounts of numerous users, including senior US government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel, and journalists had been attacked. Google said a campaign to obtain passwords appears to have originated in Jinan, China and was aimed at monitoring the contents of these users' emails, with the perpetrators apparently using stolen passwords to change people's forwarding and delegation settings. Google confirmed that it detected and disrupted this campaign and has notified victims and secured their accounts. They have also notified the relevant government authorities.

These attacks appear to be an example of...

Read more
Spammers Claim Wikipedia for Pharma Fakes
Samir_Patil | 16 May 2011 12:27:17 GMT | 0 comments

Last year, phishers targeted Wikipedia with a large number of spam emails that directed unsuspecting users to a fraudulent Wikipedia website. Currently, we are observing a new spam tactic being used, which targets the Wikipedia name for the promotion of fake pharmaceutical products.

In the last couple of days, we have observed various spam email messages that use a wiki template to promote bogus online pharmacies. The “Subject” line in these attacks has a lot of randomization. The “From” header is either fake or a hijacked ISP account that gives a personalized look to the email.

Below are some subject lines that were observed in the spam samples:

Subject: wWIKIp
Subject: kWIKIx
Subject: yWIKIg
Subject: hWikiPharmacyl
Subject: oWikiPharmacyp
Subject: uWikiPharmacym
 

In the image shown...

Read more
419 Spam Goes Lingo
Samir_Patil | 12 May 2011 15:23:38 GMT | 0 comments

Have you ever received an email from an unknown person offering you an exorbitant amount of money and asking for your personal information in return? Well, that is exactly what a “419 scam” is!

419 spam, also known as Nigerian spam, is named after the Nigerian penal code, section 4-1-9. The most common forms of 419 spam are fake business proposals, fake fund transfers, and email lottery winning notifications—all of which include the spammers’ requests for personal information, such as name, account number, phone number, email address, bank details, etc.

419 spam is often seen in English, German, Spanish, and some other European languages, but spammers are now targeting Asian countries because of the increased Internet user base and widespread broadband infrastructure.

For the first time, Symantec has observed 419 spam created in Hindi using Devnagari script. This is a big paradigm shift where 419 spam is concerned. Hindi is a widely...

Read more
Love Your Mother At ALL Costs?
Eric Lin | 04 May 2011 10:09:29 GMT | 0 comments

Who was the one who held you in their arms when you let out your first cry in the world? Did you say “doctor?” Well, that may be true in some cases, but the more obvious answer is “mother.”

Dating back to ancient Greece, mankind held a festival worshiping Cybele, mother of the Greek gods. Mother’s Day is now celebrated around the world, mainly sometime in March, April, or May. The most common date is the second Sunday in May when, in most countries, mothers receive flowers and gifts in celebration of the day. How can spammers miss this special occasion when people are surfing the Internet to try and dig up a sweet surprise to express love and gratitude towards their mothers?

The following are Mother’s Day spam samples that Symantec has recently observed. There is a range of product spam, including flowers, watches, gift cards, and diet products. This latest spam campaign involved both dictionary and domain attack techniques,...

Read more
Malware and Phishing Attacks Flourish Following News of Osama’s Death
Samir_Patil | 03 May 2011 12:17:05 GMT | 0 comments

The first spam using the news of Osama Bin Laden’s death was seen in the wild within three hours of the event—Symantec reported this spam activity along with other spam samples in a blog entitled “Osama Dead” is No Longer a Hoax. As anticipated, we started observing a rise in malicious and phishing attacks.

Phishing attacks usually target big brands. In one such phishing attack capitalizing on Bin Laden news, spammers targeted CNN Mexico. The spam email contains a link to bogus “photos and uncensored videos” and redirects users to a phishing site:

The phishing site shows an auto-running Bin Laden related video in an iframe and asks the user to click on a link to download a “complete” video. Clicking on that link forces the download of an ....

Read more
Cyber Crooks All Set to Crash the British Royal Wedding
Suyog Sainkar | 28 Apr 2011 08:30:17 GMT | 0 comments

As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software through black hat search engine optimization (SEO) techniques.
 

Spam campaigns

We have blogged previously about “snowshoe” spammers targeting the upcoming British Royal Wedding of Prince William and Kate Middleton. Spam email messages advertising a replica of Princess Diana’s engagement ring that were observed in February are still making the rounds on the Internet, and the eve of the royal wedding is now upon us. Furthermore, as we had anticipated, we have recently observed additional spam campaigns making use of this significant event to promote various products.

In one such recent spam campaign, email promoting a "...

Read more
Spammers Continue to Exploit the Disaster in Japan
Suyog Sainkar | 07 Apr 2011 16:43:21 GMT | 0 comments

Symantec has blogged previously about spammers exploiting the recent catastrophic situation in Japan. Since then, Symantec has observed additional variations in spam attacks in which the spammers are continuing to exploit the tragedy, even as the earthquake and tsunami relief efforts are in progress. Similar to what we have seen in the past, virus attacks in the form of messages containing links to images in the message body were observed in the third week of March. Such attacks, along with scam emails, are usually prevalent after such disasters have occurred. The subject line and screenshot of a sample message body of the virus attack can be seen below.

Subject: Novo tsunami atinge Sendai e Japao declara estado de emergencia em usina nuclear
[Subject: New tsunami hits Japan Sendai and declares state of emergency in nuclear plant]

...

Read more
Another Fake Facebook App is Here to Steal your Passwords
Hardik Shah | 07 Apr 2011 08:45:19 GMT | 0 comments

Recently, we came across an application that displays the message “Tornado Randomly Appears During Soccer Game” on Facebook:

Clicking on the message forces the download of a script from http://<IP Removed>/fb2.js, which displays a Facebook login message. If the user is logged in to Facebook, the malicious app will log the user out and ask him/her to log in again:

When the user clicks on the “Login” button, it will show the login form:


 
When the user enters login details and clicks on the Login button, the fake application sends two POST requests: one to Facebook.com, and the other to the malicious server. The request sent to the malicious server has the...

Read more
Taking the Shortcut to Malicious Attacks
M.K. Low | 07 Apr 2011 03:47:54 GMT | 0 comments

Taking the Shortcut to Malicious Attacks 

Shortened URLs have become popular in recent years as a means of conserving space in character-limited text fields, such as those used for micro-blogging. Some URLs consist of a substantial number of characters that can eat up character limits, break the flow of text, or cause distortions in how Web pages are rendered for users. URL shortening services allow people to submit a URL and receive a second, specially coded shortened URL that redirects to the original URL. When a user clicks on the shortened URL, the service will redirect the person to the submitted Web page.

Attackers are taking advantage of this type of service because it helps to hide the actual destination URL. Attackers use the shortened links, which may or may not be legitimate, to lead unwitting users to malicious websites that are designed to attack any system using a vulnerable browser. 

Social networks are a security concern for...

Read more