Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts for January of 2011
Showing posts in English
Vivian Ho | 31 Jan 2011 18:04:52 GMT

Giving gifts for Chinese New Year is a traditional custom, not only for families but also for businesses to show their gratitude to customers. While everyone is ready to welcome the Year of the Rabbit, spammers have already provided many holiday surprises for them.

Chinese New Year is on February 3 this year, about half a month earlier than last couple of years. Spammers have also adjusted their attack schedule for the upcoming festival.

Product and business promotion spam have been observed since last December. Most attacks have customized the ‘From’ line alias and use promotional ‘Subject’ lines related to Chinese New Year.

The following two samples are medical product promotions with a customized ‘From’ line and have a subject line related to the occasion.

From:可输入多个<[Details Removed]>



From: you may enter multiple choices...

Samir_Patil | 31 Jan 2011 16:33:28 GMT

Valentine’s Day brings excitement for celebrating love and affection between dear ones. Spammers are  gearing up for  Valentine’s Day with several offers like product spam, gift cards, personalised cards, and financial spam. Symantec has been  observing Valentine’s Day-related spam since early January and we have recently seen a spike in product spam related to the event.

Below are Valentine’s day related spam samples:

Subject: An original gift for Valentine's Day

Subject: Take Her Breath Away

Subject: Super great designer watches

Subject: Personalized gifts for your Valentine

Subject: Very Hush-Hush Valentines Day Offer

Subject: The best Valentines gifts

Subject: Quick and Easy Valentine's Day Gifts

Subject: $19.99 Flowers for Valentine's Day + FREE Vase

Spammers promoting fake product offers at discounted price and the URL mentioned in the message redirects the...

Mathew Maniyara | 28 Jan 2011 14:53:35 GMT

In 2010, Symantec reported phishing sites that were spoofing a popular social networking brand. The phishing sites claimed to have a Web application with which end users could watch “Big Brother Brasil” online. This phishing attack was launched during the 10th season of the television show that was on air from January to March of 2010. On January 11, 2011, the 11th season of the show began and phishers are back again with the same bait to try their luck at harvesting user credentials. The latest phishing site was hosted on a free webhosting domain.

On certain legitimate Web sites, live video feeds of the show are available around the clock from multiple cameras in the Big Brother house. Some of these videos are suitable only for adult viewing. On the other hand, no live video...

Candid Wueest | 25 Jan 2011 02:50:23 GMT

We have frequently reported on rogue Facebook applications - these appear with such regularity that it nearly does not make sense anymore to alert you individually about every enticing message used.  New ones are popping up like mushrooms every day...actually even faster than mushrooms.

Here is a selection of some of the scam messages active right now:

Mathew Maniyara | 20 Jan 2011 23:07:36 GMT

In January 2011, floods caused severe calamity in several towns in the mountainous region of Brazil known as the Serrana region, in the state of Rio de Janeiro. Scammers, as usual, are on their toes to take advantage of the opportunity to send scam messages that request fake donations.

Scammers utilized a domain name to carry out the phishing scam. The domain name consisted of words in Brazilian Portuguese which translate to “donations for the tragedy in Friburgo”; Friburgo is a municipality located in the affected region. The Top Level Domain (TLD) of the domain name was Brazil. Though the TLD was of Brazil, the domain name was located on servers based in Dallas, USA. The content of the phishing Web page was in Brazilian Portuguese and translates to:

 “The images show districts affected by...

Samir_Patil | 20 Jan 2011 14:48:12 GMT

Many countries are going through turbulent times due to natural disasters. In fact, emotions do run high when disasters strike—people are moved and understandably want to share in helping affected victims by donating to relief funds. The most recent natural disaster that Australia, Brazil, and the Philippines are grappling with is the flash flooding and the immense loss that it has caused to life and property.

History tells us that when natural disasters such as bush fires, floods, earthquakes and other natural calamities strike, they cause untold repercussions. Rehabilitation, restructuring, and methods to curtail further losses become a formidable challenge. One method used to combat such situations is the appeal for relief funds, donations, and government compensations in cash or kind.

Spammers would never let any such opportunities pass by without preying on them. Don’t be surprised to see your inbox bombarded with heart-wrenching emails requesting you...

Brent Graveland | 20 Jan 2011 14:40:04 GMT

Antivirus companies and malicious software makers are in a continual battle. Antivirus developers attempt to identify and block malicious software, and the malicious software developers want to evade detection so their products can succeed to earn them money.

The recently released Symantec Report on Attack Toolkits and Malicious Websites discusses how malicious software is increasingly being bundled into attack kits and how those kits are being sold in the underground economy and used in a majority of online attacks. One aspect of the report discusses the various forms of obfuscation methods built into these kits to avoid detection by antivirus sensors and researchers.

A major part of this obfuscation arms race is called a “FUD cryptor.” FUD in this case does not stand for “fear, uncertainty, and doubt,” but rather for “fully undetectable” or...

Téo Adams | 18 Jan 2011 13:44:52 GMT

Search results and malicious websites

Among the many excuses I’ve heard from people who take computer security too lightly, or who brush off the likelihood of being targeted by Web attacks, are comments such as “I don’t search for anything bad,” or “I only visit sites I know.” I find this sort of attitude very frustrating, if not amusing, and I like coming across bits of information that I can use to educate these people. So, I was especially interested in the results of some related data analysis that I worked on for on the recently released Symantec Report on Attack Kits and Malicious Websites.

One of the metrics we use in the report examines Web search terms and the number of times the use of each search term resulted in a user visiting a malicious website. The range of search terms was unrestricted and consisted of both...

Harshit Nayyar | 17 Jan 2011 14:45:08 GMT

Lest we forget, malware is a software application, albeit a malicious one. And, like any other software application, it can have vulnerabilities that can be exploited.

Our analysis of Trojan.Jnanabot has revealed several serious vulnerabilities. One of the more interesting features of Jnanabot is its custom peer-to-peer (P2P) networking protocol. In other words, its bots are designed to be a part of a P2P network and use a custom-designed protocol for communicating with each other. This ensures that there is no single point of failure and that it is harder to trace the source of the infection and to take the botnet down. While the protocol was designed to provide some degree of robustness to the botnet, it has some flaws that allow anyone (provided they have the right know-how) to exploit them for fun and/or profit. At the very least, these flaws can be used to collect information...

Gavin O Gorman | 13 Jan 2011 16:44:58 GMT

Contemporary viruses are written to make money. They achieve this through extortion, information theft, and fraud. Threats that use extortion can be some of the most aggressive and, in some cases, offensive viruses encountered. These viruses are generally referred to as ransomware. This blog discusses some of the nastiest variants that have been encountered so far.

In your face!
Whilst by its nature ransomware is not subtle, certain variants are very obvious in their approach. They use a combination of shock and embarrassment in order to extort money from people. The most recent example of this is Trojan.Ransomlock.F. The Trojan.Ransomlock family is a particular type of ransomware, which locks a user’s desktop. Once the desktop has been locked, it is then no longer possible to use the computer as normal. To restore access to the desktop, one typically...