Video Screencast Help

Security Response

Showing posts tagged with phishing
Showing posts in English
Samir_Patil | 16 May 2011 12:27:17 GMT

Last year, phishers targeted Wikipedia with a large number of spam emails that directed unsuspecting users to a fraudulent Wikipedia website. Currently, we are observing a new spam tactic being used, which targets the Wikipedia name for the promotion of fake pharmaceutical products.

In the last couple of days, we have observed various spam email messages that use a wiki template to promote bogus online pharmacies. The “Subject” line in these attacks has a lot of randomization. The “From” header is either fake or a hijacked ISP account that gives a personalized look to the email.

Below are some subject lines that were observed in the spam samples:

Subject: wWIKIp
Subject: kWIKIx
Subject: yWIKIg
Subject: hWikiPharmacyl
Subject: oWikiPharmacyp
Subject: uWikiPharmacym

 

In the image shown...

Mathew Maniyara | 09 May 2011 21:05:55 GMT

Gone are the days when phishing targeted financial brands alone. Phishers today are eyeing several other sectors to steal users’ confidential information. For the past few months, the gaming sector has increasingly been a target for phishers. Symantec is actively keeping track of these phishing sites that spoof gaming brands.

So what’s so lucrative about phishing for gaming site credentials? Gaming sites are popular with young generations who are passionate about playing and winning more and more games. Many of these gaming sites have a section for paid members that contain members’ exclusive games and added features. The primary motive of phishers is to lure users with the hopes of stealing their credentials to gain access to the members’ section. Since these credentials are in high demand, phishers also intend to sell stolen usernames and passwords on the Internet.

The following are some noteworthy statistics of phishing on gaming sites for...

Eric Lin | 04 May 2011 10:09:29 GMT

Who was the one who held you in their arms when you let out your first cry in the world? Did you say “doctor?” Well, that may be true in some cases, but the more obvious answer is “mother.”

Dating back to ancient Greece, mankind held a festival worshiping Cybele, mother of the Greek gods. Mother’s Day is now celebrated around the world, mainly sometime in March, April, or May. The most common date is the second Sunday in May when, in most countries, mothers receive flowers and gifts in celebration of the day. How can spammers miss this special occasion when people are surfing the Internet to try and dig up a sweet surprise to express love and gratitude towards their mothers?

The following are Mother’s Day spam samples that Symantec has recently observed. There is a range of product spam, including flowers, watches, gift cards, and diet products. This latest spam campaign involved both dictionary and domain attack techniques,...

Samir_Patil | 03 May 2011 12:17:05 GMT

The first spam using the news of Osama Bin Laden’s death was seen in the wild within three hours of the event—Symantec reported this spam activity along with other spam samples in a blog entitled “Osama Dead” is No Longer a Hoax. As anticipated, we started observing a rise in malicious and phishing attacks.

Phishing attacks usually target big brands. In one such phishing attack capitalizing on Bin Laden news, spammers targeted CNN Mexico. The spam email contains a link to bogus “photos and uncensored videos” and redirects users to a phishing site:

The phishing site shows an auto-running Bin Laden related video in an iframe and asks the user to click on a link to download a “complete” video. Clicking on that link forces the download of an ....

Suyog Sainkar | 28 Apr 2011 08:30:17 GMT

As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software through black hat search engine optimization (SEO) techniques.
 

Spam campaigns

We have blogged previously about “snowshoe” spammers targeting the upcoming British Royal Wedding of Prince William and Kate Middleton. Spam email messages advertising a replica of Princess Diana’s engagement ring that were observed in February are still making the rounds on the Internet, and the eve of the royal wedding is now upon us. Furthermore, as we had anticipated, we have recently observed additional spam campaigns making use of this significant event to promote various products.

In one such recent spam campaign, email promoting a "...

Samir_Patil | 18 Apr 2011 22:14:14 GMT

Easter is a Christian holiday centered on the death of Jesus Christ and his subsequent resurrection several days later. Hence Easter is an important holiday for Christians. But what gets associated with Easter is beautifully decorated Easter eggs found on every decorated shop window this season, and of course the Easter Bunny! To celebrate Easter, people exchange Easter eggs and, with the evolution of time, today we have personalized e-cards and personalized gifts. Spammers have begun to exploit the season by sending personalized e-cards, gift cards, and replica-spam emails.

Here is a screenshot of a personalized Easter e-card:

Here are some of the headers used in Easter e-card spam:

Subject: Give your child the gift of amazement A Package from The Easter Bunny.

Subject: The Most Popular Gift for Kids this Easter 2011

Subject: Send A Personalized Easter Bunny Letter...

Dylan Morss | 12 Apr 2011 21:05:25 GMT

As I recently have sent off my tax forms in preparation for the US Federal tax deadline on April 18 this year, a recent phishing scam piqued my interest. This attack is taking advantage of the new tax year beginning for folks in the UK on April 6, 2011.

The message in question was being sent in the name of the HMRC, Her Majesty’s Revenue and Customs, in an attempt to lure users into divulging bank account information with the lure of unclaimed tax overpayment money.

The path of the message had an international flavor, beginning at what looks like a computer at a hotel business center based in the US, then going through servers in New Zealand, then back to the US through the mail servers of a large free email service, and then presumably into the inbox of a user based in the UK.

The URLs in the message also contributed to this internationalized scam by utilizing a domain based in Serbia which would redirect users when they unsuspectingly clicked on the...

Hardik Shah | 07 Apr 2011 08:45:19 GMT

Recently, we came across an application that displays the message “Tornado Randomly Appears During Soccer Game” on Facebook:

Clicking on the message forces the download of a script from http://<IP Removed>/fb2.js, which displays a Facebook login message. If the user is logged in to Facebook, the malicious app will log the user out and ask him/her to log in again:

When the user clicks on the “Login” button, it will show the login form:


 
When the user enters login details and clicks on the Login button, the fake application sends two POST requests: one to Facebook.com, and the other to the malicious server. The request sent to the malicious server has the...

Mathew Maniyara | 06 Apr 2011 16:56:18 GMT

In the past couple of months, Symantec observed phishing sites that spoofed online FIFA games. The legitimate game is played by forming a team of footballers purchased with coins. The more games you win with your team, the more coins you gain. The popular and more skilled footballers demand a higher number of coins.

The phishing campaign was launched with fake offers of free coins to lure online FIFA players. One of the phishing sites was purportedly from a player who sympathized with end users who struggle with the game. The phishing site contained a message from this fictitious player which expressed the embarrassment one goes through for having a team of low profile footballers. The message explained that the site would help players generate free coins so that they could form a more expensive team of footballers. The phishing site prompted users to login with their email address and password to gain up to 10,000 free coins per day. The phishing pages featured popular...

Vivian Ho | 30 Mar 2011 12:46:48 GMT

In the past couple of days, Symantec has observed a spike of email attacks that are designed to distribute malicious threats. All of the observed samples are spoofed to appear as if they are legitimate delivery warnings or notifications from UPS or Post Express. The message text asks recipients to open the zipped executable file for further details or actions necessary to take delivery of the item.

Below are the sample headers observed in this spam attack:

From: "United Parcel Service" <info***3@ups.com>
From: "UPS� Customer Services"<***@secureserver.net>
From: "United Parcel Service" <***@dhl.com>
From: "Neil Molina" United Parcel Service  <[Details Removed]@ [Details Removed]>
From: "Kimberley Miner" United Parcel Service  <[Details Removed]@ [Details Removed]>...