Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts for February of 2010
Showing posts in English
Hon Lau | 27 Feb 2010 17:31:20 GMT

A massive earthquake struck near the Chilean city of Concepcion in the early hours of the morning of February 27th, 2010. The quake measuring 8.8 on the Richter scale was considerably stronger than the one that recently caused widespread destruction on the island of Haiti. Fortunately, despite the size of this latest quake, so far there has been few reported casualties. The quake occurred near the coast and tsumani warnings were issued for many countries bordering on the Pacific ocean. Unfortunately as with any major news event, miscreants are not slow to pounce when such opportunities arise to further their aims.

Search engine results returned for terms such as “Chile Earthquake...

Pavlo Prodanchuk | 26 Feb 2010 22:34:43 GMT

In February, Russia celebrates one of the most important “man” holidays of the whole year: "The Day of the Defender of the Motherland." On this day, all Russian men and boys are congratulated. The holiday refers to the heroes of the Red Army and plays a tremendous role in patriotism amongst younger generations.

Weeks before this holiday, computer users will often receive numerous spam email messages with offers for this day. In Russian spam we constantly see different product spam, and often gift spam for the 23rd of February. But, this year—as seems to be the case every year—some extreme propositions came up. Hunting is a very popular hobby in Russia, so it comes as no surprise that before the 23rd of February, spammers started sending offers such as the following:

Screen shot 2010-02-26 at 9.54.07 PM.png


Bear hunting in spring and...

khaley | 26 Feb 2010 16:02:56 GMT

It’s been ten years already; can you believe it? I’m talking about the U.S. Census. It’s been ten years since the last one. Time to do it again. No, it wasn’t on my calendar either. To remind all of us and to encourage us to participate, the U.S. Census Bureau is spending $340 million to get the word out. There was even a Super Bowl ad.  
The Census Bureau will not be the only ones trying to get our attention and encouraging us to help them collect data. Cybercriminals will be doing the same thing. But they’ll be trying to fool us into thinking they are the Census Bureau. And the data they’ll be collecting will be a little different. It will be personal information they can use to rip us off.
How do I know this? First, the census is a perfect dodge for cybercriminals. After all, people are already expecting to have to reveal personal information about themselves, and with a little bit of social...

Henry Bell | 26 Feb 2010 09:35:40 GMT

Imagine that you’re sitting at home catching up on your email backlog. In comes an email from your ISP, FooBarBazCo (some creativity required here, I know). The email seems to be from Technical Support  – ‘From: Team’ – and states that you need to update your email settings as a result of a recent security upgrade. Can you trust it?

Today we observed an increase in spam messages containing links to a particular malicious URL. The messages masquerade as having come from mail administrators, with the ‘from’ address spoofed so that they appear to have come from the same network domain as the address to which the mails are sent (the ‘from’ and ‘to’ addresses are actually identical, although this will not be visible in most email programs).

The received messages state that mailbox 'settings were changed' and urge users to 'apply the new set of settings' by clicking a...

Vivian Ho | 26 Feb 2010 00:04:00 GMT

How many social network accounts do you have? How much time do you spend on your network content and application updates? How many discussion boards or blogs or pictures or games do you need to maintain in each network service?

Besides email and instant messenger programs, social network services have become important media for people to maintain their relationships or business exposure. There are, of course, myriad risks associated with exposing your personal details online when you are not aware of setting proper privacy rules, such as those suggested by the social network services.

Spammers have yet another channel available to send their “love” to you.

Have you had the pleasure of your newly registered social network account sending you tons of friendship invitations on a daily basis? Or, in addition, that same account sends out numerous friendship invitations to your contacts without your consent? Or, have you started receiving lots of junk...

Irfan Asrar | 25 Feb 2010 17:33:52 GMT

The creators of the SymbOS.Exy family of threats are at it again. They have resurfaced with yet another signed Symbian threat: SymbOS.Exy.E.

New Certificate
image2.png image3.png image4.png    
Previous ones used with SymbOS.Exy.A, SymbOS.Exy.B, and ...

Takako Yoshida | 23 Feb 2010 21:47:32 GMT

One of the world's biggest automakers has recently been in the headlines because of necessary recalls. Not only the affected vehicle owners, but people in general across the globe are curious and concerned about this issue. And of course, the spammers also seem to be keeping a close eye on the developments surrounding this issue and are working overtime to send out spam messages relating to the incident.

Right after the automaker made an announcement for recalls, Symantec observed a scam message using this event as a lure. This message appears to be targeting people who own vehicles involved in the recent recalls, and links to a site that claims to review the situation and assist in possible financial compensation. The recipients are directed to submit a report regarding his/her vehicle and also give personal information such as name, phone number, and email address.


Mayur Kulkarni | 23 Feb 2010 20:39:05 GMT

Symantec has been observing a novel image spam campaign for a while now. So, what’s out of the ordinary in this spam attack? Well, these image spam messages do not have any content—not a single word, not even in the subject line! These messages only display images that promote medicinal pills or cheap software. You may find some exceptions though, such as in Russian dating spam, where message content and images go hand in hand.

The subject lines in the image spam attacks that have consistently dominated the last 30 days (in descending order of the number of messages) are as follows:

Meds Image Spam  

1.    Blank Subject lines – 51  % of overall image spam messages

Cheap Software Spam

2.    Fw: - 18 %
3.    Fwd:  11 %
(A combined 29 % of overall image spam messages.)

In the case of other headers such as Message...

Samir_Patil | 19 Feb 2010 22:44:54 GMT

In the month of January, Symantec reported a drop in .cn spam. This was due to changes in the domain registration process introduced by CNNIC. In the first week of February, the .cn spam volume fell further and fluctuated between 0 and 4 percent of total URL spam.

Another interesting trend was observed during this period. On January 21 the volume of spam containing the .ru top-level domain (TLD) spiked up to 9 percent, and rose further up to close to 40 percent on February 8. Upon closer analysis, it was observed that the .cn domains used in the health spam attacks had been replaced with .ru domains.

Screen shot 2010-02-19 at 10.38.25 PM.png

Various subject lines observed in the .ru version of health spam are as follows:

Subject: Dear xxxx Extreme 83% discounts
Subject: Your Future Order with 79% off retail

Mathew Maniyara | 19 Feb 2010 22:12:15 GMT

The popularity of online auctions paves way for the development of online auction marketing tools. These tools are software applications that are intended to facilitate the sellers’ side of popular online auction websites. Some of the tools that help sellers in auctions are: image hosting to display galleries of their products, listing of best bidders in a single template, automatic inventory systems to notify sellers during low stocks, etc. With the help of these tools, online auctions are easier and time saving.

Phishing attacks targeting the brands of online auction and shopping websites are common. For better success rates, phishers are now trying alternate means to obtain the credentials of online auction customers by attacking legitimate brands providing auction-marketing tools.

Below is a phishing site that spoofs the branding of a leading auction marketing tools website: