Video Screencast Help
Security Response
Showing posts tagged with phishing
Showing posts in English
RyanWhite | 15 Jul 2011 15:20:57 GMT

Surveys are a great window into people’s minds, especially when they can illuminate contrasting, and even contradictory, behaviors in the same group. Results from the Symantec Online Internet Safety Survey have done just that. The most compelling finding—that respondents frequently proceed with online transactions they know might be insecure—inspired me to ask not just, “What are they thinking?” but “What are they thinking?!?”

The survey’s focus must be on many people’s minds, as we’ve had an extraordinary response: 301 people in just a few days! My initial impressions of the results are below. Feel free to share your comments and questions on the original edition of this post.
 

Findings

Risky behavior remains common despite respondents knowing better

...

Shunichi Imano | 15 Jul 2011 10:31:25 GMT

The number of targeted attacks has increased dramatically in recent years. Major companies, government agencies, and political organizations alike have reported being the target of attacks. The rule of the thumb is, the more sensitive the information that an organization handles, the higher the possibility of becoming a victim of such an attack.

Here, we’ll attempt to provide insight on a number of key questions related to targeted attacks, such as where did the malicious email come from, which particular organizations are being targeted, which domains (spoofed or not) sent the email, what kinds of malicious attachments did the emails contain, etc. Our analysis of the data showed that, on average, targeted email attacks are on the rise:

Figure 1. Targeted attacks trend

Origin

For this analysis, we first looked at the origin of the email...

Mathew Maniyara | 14 Jul 2011 10:10:36 GMT

Apple's MobileMe is a collection of online services and software. Among its various services is a file-hosting service called iDisk. Recently, Symantec has recorded phishing sites that spoofed iDisk’s Web page. The phishing sites were hosted on a free Web-hosting site.

So, what’s in this service that interests phishers? The service is based on a paid subscription, with which files of up to 20 GB can be uploaded and shared. Phishers are looking to gain access to this service for free. This is an example of a phishing attack targeting user information for reasons other than financial gain.

The phishing site prompts the user to enter their password for logging in. (In this case, the user ID was already populated on the phishing page.) After the password is entered, the page redirects to the legitimate Web page of Apple MobileMe with an error message for an invalid...

Mathew Maniyara | 06 Jul 2011 18:21:50 GMT

Technologies in cell phones are advancing day after day, and so phishers are also seeking various means to exploit vulnerable cell phone users. The two key areas in which we can see this trend are, firstly, the increase in phishing against wireless application protocol (WAP) pages, and secondly, the use of compromised domain names that have been registered for mobile devices.

Many legitimate brands have designed their websites for cell phones or WAP pages. The difference between a WAP page and a regular Web page is that the WAP page uses reduced file sizes and minimal graphics. This is done for cell phone compatibility and also to achieve higher browsing speeds while the user is on the move. Symantec has recorded phishing sites spoofing such Web pages and has monitored the trend. In June, social networking and information services brands were observed in these phishing sites. In the example shown below, the phishing page consists of nothing more than a form asking for users...

Samir_Patil | 06 Jul 2011 12:26:09 GMT

We have recently observed a run of spam that is trying to capitalize on the new social networking platform provided by Google, named Google+. The spam samples are similar to other social network spam messages, which are discussed in one of our previous blogs. Currently, Google is trialing their new venture with limited users; therefore, participation is by invitation only. Hence, it is expected that we’ll see bogus Google+ invites distributed as spam in the wild.

The message in this latest spam campaign looks like a legitimate invite from an already registered user, and it provides an invitation link. However, if one takes even a cursory glance at the URL in the status bar, it shows that the link doesn’t relate to Google in any way.
The headers in the spam samples are as follows:

Subject: Welcome to the Google+ project
From: [removed] (Google+) <[removed...

Samir_Patil | 05 Jul 2011 12:29:52 GMT

He was seen several years ago. Now, he is back with the name “Don Gunshot”!

Luring people with promises of huge sums of money in return for bogus favors is the classic method adopted by the Nigerian/419 type of spammers. It is one of the oldest forms of spamming; very rudimentary, yet creatively lethal. This revisited scam tactic uses coercion to force people to pay up or else they will (apparently) face dire consequences. From a lighter point of view, however, it is a bit more humorous than scary.


 
The above email is indeed a perfect example of a scammer trying to blackmail someone they don’t know from Adam. The spammer does not know you, but he pretends to have received blood money to kill you. He blackmails you with threats of dire consequences if you even try to whisper the secrets explained in the mail. Forget the police, and if you dare to try and tell...

Suyog Sainkar | 30 Jun 2011 17:31:45 GMT

As most all of us will know, the United States’ Independence Day is on the fourth of July, which is only a few days away. Independence Day is commonly associated with fireworks, parades, barbecues, fairs, ceremonies, get togethers, and various other public and private events celebrating the national holiday. Many people also utilize this time for vacation trips, especially if it’s a long July 4th weekend. However, not everyone goes out of town or participates in special events. Some people actually take advantage of the nice holiday weekend to stay at home and catch up on other activities, which may include shopping. Since sales levels are usually lower during holiday weekends, stores and online shopping sites offer lots of exciting deals. In any case, today’s technology makes it possible to shop online from anywhere—even while on a beach vacation, say!

The spammers, as always, have exploited this likelihood and are distributing spam messages...

Sammy Chu | 29 Jun 2011 20:36:34 GMT

With our globalized economy, non-English email between international organizations has become the norm for business communication. However, at the same time, non-English spam is also becoming more and more of a problem for national and international enterprises.

For the past several months, Symantec has noticed an increase for Chinese language spam, as shown in the graphic below:


 
What’s interesting about this increase is the resurfacing of a body-obfuscation technique that is being used by Chinese spammers—the technique is called “invisible text.” What is “invisible text,” exactly? Invisible text is the body text that’s the same color as the background; therefore, it is invisible to the human eye.

Below are some samples that Symantec has observed. The first sample is a typical Chinese seminar (training course) promotion spam...

Samir_Patil | 29 Jun 2011 20:03:55 GMT

Yes, of course! This is what the email is all about! Or, is it?

The 2011 Wimbledon Championship has begun in full gusto and like any other major sporting event, we have been observing spam flowing in the wild that targets Wimbledon 2011. Spammers are exploiting the event by sending online betting, casino, and even online pharmacy spam through email.
The Italian spam sample given below mimics a legitimate betting website (the name of the betting site is deliberately omitted). The email headers are spoofed in an effort to bolster the legitimacy of the email; but the Sender domain has been registered only recently and shows hit-and-run spam characteristics. The spammer says, “Bet risk free! Even if you lose the bet, 20 Euros will be reimbursed.”

The spam sample given below explains the steps that users would supposedly need to take to acquire the “bonus”:

1. Sign up and make a deposit into your account.
2. Place your first...

Samir_Patil | 29 Jun 2011 19:17:08 GMT

Exploiting the popularity of social networks for the purposes of distributing spam, malware, and phishing attacks is quite a common technique these days. Spam attacks via social networks grew dramatically between April and June 2011. Over this period, we monitored and analyzed social network spam attacks that used three popular social networking sites—Facebook, Twitter, and YouTube.

The Trend

The graph below demonstrates the volume spikes for social network spam from April 1 to June 15:

One of the obvious patterns seen in the graph above is the rise in the number of attacks on one social networking site, then an abrupt fall, and then a shift to the next social site, as if following a cyclical pattern. We observed a sudden surge in the number of attacks on Facebook, then a peak, and then a drastic decline. While the attacks on Facebook declined, we...