Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts for October of 2009
Showing posts in English
Mayur Kulkarni | 08 Oct 2009 19:15:04 GMT

Last week we observed a new Russian spam trend dealing with phone numbers. We have been monitoring spam samples containing phone numbers in the message body—with or without obfuscation. In one of our March ’09 blog posts, we mentioned the use of phone numbers in the headers as well. The phone numbers in those spam samples weren't obfuscated, but recently we have seen spammers introducing special symbols [+*^] between the numbers found in the headers, as shown in the examples below:


Subject: highest response rate from Updated databases 7916…
Alert - Newest Databases
Highest response rate

As a routine check for complete Russian spam analysis, we examined the volume of Russian spam for any unusual...

khaley | 07 Oct 2009 22:05:29 GMT

Every day when I walk into work I’m greeted by an avalanche of data on new malware and Internet scams. The numbers in the last few years have been staggering. And when you think about the people behind the numbers it can get quite sad—people who’ve had their computers taken over, been scammed, stolen from, and just plain abused by cyberthiefs. It can get to you. A lot of days I don’t feel so good. Today I feel better. The FBI just announced they will arrest nearly 100 people involved in a phishing scheme.

The FBI calls it Operation Phish Fry. Operation Phish Fry means that someone in the FBI loves a bad pun. But the important thing is it means that a whole bunch of bad guys are going to jail. It’s not going to eliminate all phishing attacks (we detected 55,389 phishing Web site hosts in 2008 alone). But this latest move takes a lot of bad guys off the Internet and...

Dermot Harnett | 07 Oct 2009 21:27:55 GMT

Overall spam volumes averaged at slightly over 86 percent of all email messages in September 2009, which is a decrease of 4 percent since July 2009. However, it is considerably greater than September 2008 when spam levels averaged at 78 percent of all email.

Notable this month is that the percentage of spam containing malware has increased, reaching up to 4.5 percent of all spam at one point. When compared to August 2009, Symantec has observed a nine-fold increase in spam containing malware during September. With respect to spam categories, the main movers were Internet spam, which increased  by 3 percent again this month and averaged at 32 percent of all spam; and financial spam, which decreased 3 percent to account for 17 percent of all spam.

Click here to download the October 2009 State of Spam Report, which highlights the following trends:

Peter Coogan | 07 Oct 2009 21:00:54 GMT

We thought it might be interesting to provide some additional information on the Butterfly bot kit, following our blog published last week entitled The Mariposa Butterfly. We posted that blog in response to a report that half of the Fortune 100 companies have been compromised by a botnet dubbed Mariposa (Spanish for "butterfly"). The Butterfly bot kit's creator, known as Iserdo, markets the following features of the bot kit in the user manual supplied with the kit (the below snippet is taken directly from the user manual):

a) Features of bot base

1. Polymorphic code and strings
    code related to bot functionality is encoded
    everytime with different key, same goes for
2. Installation into hidden location
    installs into location where it is impossible
    to access with...
Nicolas Falliere | 06 Oct 2009 15:45:37 GMT

Trojan.Clampi is one of the hottest malware around, and as such, received a fair amount of media coverage, as well as technical reports describing some of its functionalities. As part of our ongoing blog series, we will be discussing interesting and rarely presented aspects of Clampi. Today, we’ll introduce an important aspect of Clampi: the network communication.

First of all, if you’re not familiar with this malware already, Clampi is a Trojan horse whose main purpose is to steal private information: user passwords, login credentials, software licenses, credit card numbers, bank account information, etc. Note that Clampi’s operations are performed by helper modules, downloaded by the main executable, and stored in the Windows registry.

Once the threat is installed on a computer, it connects to one of the gateway servers listed in the registry value “GatesList...

Samir_Patil | 02 Oct 2009 18:55:12 GMT

In last month’s State of Spam report, Symantec discussed the early signs of holiday spam that contained messages related to Halloween and Christmas. In September, researchers at Symantec intercepted multiple attempts by spammers to hijack the subject of Halloween festivities in an attempt at grabbing personal information from email users, as well as selling online meds.

In product promo spam related to Halloween, spammers are offering free gift cards of various denominations towards the purchase of products. Various online surveys are also offered, which claim to give out gift cards with participation. Clicking on these offers takes users to a website where wide a range of their personal information—including email address, postal address, and phone number—is gathered.

Below are various subject lines used in promo messages:


Mayur Kulkarni | 02 Oct 2009 13:12:57 GMT

Online degree spam has been around for years. However, nowadays these spam campaigns aren’t just limited to passing degree certificates (super fast - within days or weeks), but they also focus on directing recipients to specific degrees. For example, it is common knowledge that there is a shortage of qualified nurses in the US—there are many media reports on the subject. When we examined these attacks over the last six months, we found that spam campaigns for nursing degrees placed in the top five degrees promoted by spammers. Similarly, the shortfall of manpower has also been noticed in the field of law enforcement and accordingly, spammers are advertising more on this career option.

The top five degrees advertised through spam are:

1.    Police Officer
2.    Federal Agent
3.    Nursing
4.    Culinary Arts
5.    Teacher

Other degree options provided...

John McDonald | 01 Oct 2009 14:12:07 GMT

There has been a flurry of news articles over the past few days on what the media appears to have labeled the Mariposa botnet, after the name a Canadian information security firm used for this particular threat. The ‘butterfly’ in the title of this article refers to the fact that the threat is believed to stem from the Butterfly bot kit, which is no longer for sale.

Several security vendors have commented that this threat isn't new, and indeed Symantec has been detecting variants of it since as early as January this year. We currently have various detection names for these samples, the majority of which are one variant or another of W32.SillyFDC, Trojan Horse or more recently Packed....