Article contributed by Emily Liu, Symantec Security Response Technician

Most of the Russian spam emails we usually encounter are about online advertising, product promotion, and training workshops. These spam emails typically are sent out unsolicited from free or hijacked personal email accounts, without opt-out, and have randomized subjects to avoid being caught in spam filters. Despite the use of random subjects, we continue to observe spammers who like to list phone numbers in the email as the only available means of contact instead of direct URL links.

Here is an example of a recent Russian event promotion spam:

Here is the English translation:

Figure 1. Russian-language spam promotion...

Co-Author: Avdhoot Patil

When phishing through social media, fake applications are a key technique used by phishers to introduce new kinds of baits. In October, 2011, phishers launched a new fake application named "Maldivian App". The phishing site was hosted on a free webhosting domain. It should be noted the legitimate site does not provide such an application.

Phishers put in more creative thought and time than usual in designing this phishing page. The phishing site contained an image with details about the application and included a form for Web users to enter login credentials. The image presents a ribbon in the tricolors of the Maldivian flag accentuated with the logo of a social networking brand and a Maldivian flag T-shirt. A prominent description of the application boasts that, after logging in, users would receive "cool news" about the Maldives.

For those interested in learning more about Maldives, wouldn’t it be...

Over the last few months we have been trying to look deeper into how Web-based malware gets distributed. A lot has been written about the underground economy and how one can buy exploit kits, such as Blackhole, from underground websites. But once the attacker has bought the exploit kit, how do they infect computers? This blog focuses on a distribution channel that makes use of Traffic Distribution Systems or TDS for short.

How does a TDS work? In a nutshell a TDS vendor buys and sells Web traffic. While this is a very old concept, it has become really popular for exploit delivery over the last few years.

Let’s say you own a website and you want to make money from it. One way you could do that is by having various interesting and contextual links on your page. When a visitor clicks one of these links, the click is redirected to a TDS vendor. Essentially you are selling the click on your website to this TDS vendor, who in turn sells this click or traffic to the...

Thanks to the co-author of this blog, Avdhoot Patil.

In the month of January 2011 Symantec reported adult scams that targeted Indonesian Facebook users. These scams claimed to have an application in which users could view adult videos of Indonesian celebrities, taken from hidden cameras.

It seems that phishers are now using specific celebrities as bait for their phishing sites. This is unlike the previous Indonesian adult scams whose phishing pages gave the impression that the adult video would be of a random celebrity. In October 2011 phishers continued their adult scams on Facebook, but this time they chose the Indonesian rock star Ahmad Dhani in particular. Dhani is the frontman of the rock bands “Dewa 19” and “Ahmad Band”. The phishing site contained a photograph of Ahmad Dhani and Indonesian singer Dewi Persik. The Indonesian caption of...