Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Online Fraud
Showing posts in English
Gromozon Is “Live” (Just in Italy)
Elia Florio | 07 Mar 2007 08:00:00 GMT | 0 comments

Windows Live is “everything you need, all in one place” and it looks like the search engine really does know what exactly it is that Italians need! Today, we came across a story that was reported by Sunbelt about a takeover of the Italian version of the Windows Live search engine. We decided to do a bit more investigating into those rumors.

At the moment, the problem is that when someone searches a combination of specific Italian keywords on the Windows Live portal, that person will always get a set of weird links in the search results. These weird links will most likely be related to the Linkoptimizer gang (aka Gromozon)—so this likely means that the Gromozon gang has managed to take over and manipulate the search results of Windows Live by getting their links to end up on the top of the search result lists.

...

Read more
Fool Me Once, Shame on You; Fool Me Twice, Shame on Me
Eric Chien | 06 Mar 2007 08:00:00 GMT | 0 comments

I recently received an email supposedly from the Anti-Scam Department of the British Secret Intelligence Service. They sent me an email because apparently my "email address signaled to our computer database today, with strong indication that you currently MIGHT be in a business transaction where you are a SCAM VICTIM unknowingly." Oh no!

In particular, they asked if I was:
• in a business transaction case that would claim millions of dollars
• told by a lottery company that I have successfully won millions
• told I had overdue contract funds
• promised to receive large sums of money in excess of millions of dollars
• promised to be awarded a contract worth millions or billions of dollars

If so, "there is a 99.99% chance that you are currently a victim of fraud/scam, run by notorious criminals known as con artists, with the sole aim of scamming and ripping you off your very hard earned funds!!" More...

Read more
Identity Threats in Next Generation Protocols
Brian Hernacki | 27 Feb 2007 08:00:00 GMT | 0 comments

Today most of the identity oriented transactions on the Internet are done via plain old HTML forms and, if we're lucky, over SSL. And once again, something that seemed sufficient at first, is showing strain as usage grows. HTML/HTTP ends up providing a pretty clumsy and inadequate way to do identity transactions. It offers a poor user experience and wasn't really designed with security in mind. This has contributed to much of the grief over fraud, phishing, etc. Our primary defense mechanism against such threats has historically been the SSL certificate, but we know users don't read those. We also know users don't look too carefully at URLs (even when they are not obsfucated). Some of the more risk prone sites have...

Read more
Where Phishing and Malware Meet
Zulfikar Ramzan | 21 Feb 2007 08:00:00 GMT | 0 comments

In this blog entry, I’ll talk about where malicious software (or malware) can find its place within the lifecycle of phishing attacks. This material accompanies a recent panel I participated in during the American Association for the Advancement of Science Annual meeting. If you attended the panel, this blog will review the points I made. If you missed the panel, then hopefully you’ll get a sense for what I covered.

Phishing: Overview and Motivation. Recall that a phishing attack is one where some illegitimate entity sends you an email posing to be a legitimate entity, like a bank or credit card company. Their goal is typically to get you to click on a link in the email, which directs you to a Web site that appears to be that of the legitimate entity. You are prompted to enter sensitive information, and from that point onward, the information is in the hands of an attacker. Not only can he or she wipe your accounts clean, but that...

Read more
Nuklus Toolkit in Action
Elia Florio | 20 Feb 2007 08:00:00 GMT | 0 comments

This morning we received reports of spammed emails with the following bodies:

John Howard survived a heart attack
Read more: http://wi[REMOVED]news.hk

Prime Minister survived a heard attack
Read more: http://in[REMOVED]help.hk

Once again, it’s the usual attack that tries to lead victims to a Web site that hosts an exploit code. In this case, attackers also added some additional social engineering fun to pursue their criminal purposes. In fact, when someone visits the hostile Web site, it will show a false “502” error and will gently suggest shutting down firewall and antivirus software to avoid the problem. (Of course! What else? Do you want my credit card number? Send money to your bank?).

...

Read more
Money Can’t Buy You Love
Candid Wueest | 16 Feb 2007 08:00:00 GMT | 0 comments

Another Valentine’s Day has passed and everyone knows that there are certain guidelines that should be followed on this day of love. Over the years, I've developed a top three list of recommendations:
• Don’t forget Valentine’s Day.
• Don’t forget to get in touch with your loved ones.
• Don’t open any strange email attachments, not even if they seem to come from a secret admirer and have a special greeting card attached.

But after the stories I heard this year around Valentine’s Day, it appears I'll need to add new advice to my top three list. Apparently many people received a suspicious text message on their mobile phone this Valentine’s Day. The text message came from an online love message service, which lets you record a message onto a central voice recording machine that can be dialed into. The service then sends a timed SMS to your friend, who can collect the recorded message by calling a number. Of course you have to pay around US$ 4 per minute for...

Read more
Castlecops Celebrates Five Years of "Phighting" Phish
Zulfikar Ramzan | 06 Feb 2007 08:00:00 GMT | 0 comments

Castlecops, a volunteer-run organization that has made tremendous waves in fighting phishing, announced a sweepstakes to celebrate their five-year anniversary. A number of security vendors, including Symantec, have contributed prizes to the contest. In addition, Castlecops receives a list of verified phishing sites from Symantec through the Phish Report Network.

For those who don’t know, Castlecops runs the Phish Incident Reporting and Termination (PIRT) task force. If you find a legitimate phishing site and report it to them, Castlecops does the leg work to help take the site down before it does additional damage. In addition, they collect information to work with law enforcement. If the phisher has stored stolen credentials (e.g., passwords, credit card numbers, bank account numbers, social security numbers, etc.) directly on the Web server that he or she compromised,...

Read more
Brazil in the Firing Line
Liam O Murchu | 11 Jan 2007 08:00:00 GMT | 0 comments

We regularly see Brazilian Bancos samples that try to steal the credentials of Brazilian bank users. These are generally delivered via spam or drive-by downloads. However, recently a different form of threat was spotted that specifically targets Brazilian users.

W32.Selfish is a file infector that checks what your default language pack is and only proceeds to execute its payload if you are using the Brazilian Portuguese Language pack. If you are using a different language pack, W32.Selfish will simply execute the infected host file and exit.

When W32.Selfish is executed on a Brazilian machine, it tries to download a file from the internet and execute it. At the time of writing, this file is not accessible, so it is uncertain whether it will download a Brazilian bank password stealer. However, the emergence of this threat does show that Brazil is being specifically targeted by online criminals. Not only does this show that criminals are targeting Brazil, but it...

Read more
"Phlash" Phishing Revisited
Zulfikar Ramzan | 04 Jan 2007 08:00:00 GMT | 0 comments

Back in July, I wrote a blog entry about examples we had seen of phishing Web sites that worked entirely using Macromedia Flash. What makes these sites scary is that they cannot be analyzed in the same way as traditional HTML- or Javascript-based phishing pages.

When we first mentioned these attacks, the observations didn’t receive much external attention. Perhaps this was due to other, more pressing, issues related to the growth of phishing or, more likely, perhaps folks were in the post-Independence Day doldrums. Now, there has been a resurgence of interest in this topic as seen in some recent articles. With this resurgence, I thought it would make sense to point readers back to my original article on the subject of...

Read more
2006 in Review
Vincent Weafer | 27 Dec 2006 08:00:00 GMT | 0 comments

The countdown to December 31 has begun. As 2006 comes to a close, it’s important to review the significant trends and issues observed by Symantec Security Response over the past year. Some of these may relate to what we can expect to see in the New Year.

First and foremost, throughout 2006 we identified that online fraud has steadily increased and become even more sophisticated. Much of the online fraud activity we’ve seen has been in the form of phishing – approximately seven million total phishing attempts each day. That’s a lot of cybercriminals on the hunt for your personal information! We have also witnessed phishers innovating beyond the traditional online scam where they may distribute tens of thousands of emails hoping to trick one of you lucky individuals. Today, we are seeing fraudsters embrace new techniques such as vishing and SMishing to solicit and obtain your confidential information. See Zulfikar Ramzan’s blog...

Read more