Security Response Blog

Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.

Follow Us on Twitter
  • 0
    Created: Satnam Narang 30 Jan 2014 18:29:16 GMT

    Twitter Spam Bots Target NFL and Miley Cyrus Fans

    This week, fans of the Denver Broncos and Seattle Seahawks have been tweeting in anticipation of Super Bowl XLVIII, but many have been subjected to a torrent of spam from Twitter bots. Fans of pop star Miley Cyrus have also been plagued with an identical spam campaign using targeted keywords. Last summer, we published a blog about a similar campaign that focused on the BET Awards and fans of Justin Bieber, One Direction, and Rihanna. The latest campaign follows the same blueprint with improvements. The scam starts with Twitter users tweeting specific keywords which are monitored by spam bots on the service. The keywords could be about the Super Bowl, the Broncos, Seahawks, or individual players on the team, such as Denver Broncos quarterback Peyton Manning or Seattle Seahawks cornerback Richard Sherman. In the case of Miley Cyrus, mentions of her full name or her first...
  • 0
    Created: Binny Kuriakose 30 Jan 2014 09:39:42 GMT

    ‘Xin Nian Kuai Le’: Spammers Say Happy New Year

    China is gearing up to usher in the Year of the Horse, which begins with the new moon on January 31 this year. With more than a billion people worldwide preparing to celebrate the new year for the lunar calendar, the celebration this year promises more color than ever before.   Chinese New Year, also known as the spring festival, is a day for reunion and thanksgiving, where exchanging gifts is at the heart of the celebration. Friends, family, colleagues and even businesses exchange gifts to show love, respect and loyalty. Business owners often send gifts to their customers and shops offer gifts and discounts to show their gratitude. However, spammers are all too aware of this practice.   The spammers and fraudsters are known to capitalize on special occasions and exploit the noble gesture of giving gifts in order to send out spam. They are known to pose as friends and business owners and send emails promising gifts and...
  • 0
    Created: Joji Hamada 29 Jan 2014 03:23:01 GMT

    Ancient Japanese Click Fraud Still Healthy and Alive

    In 2013, scammers published thousands of apps on Google Play that led to fraudulent sites. This form of scam is typically called “one-click fraud” in Japan.  The very first variant appeared in January and while only a handful of these fraudulent apps survive for a few days at most, we confirmed that, in total, more than 3,000 apps were published on the market in 2013. By October, scammers for the most part have stopped publishing new variants of the fraudulent apps on Google Play for unknown reasons. Figure 1. Total number of apps leading to one-click fraud sites published on Google Play throughout 2013 While apps that lure victims to fraudulent sites may no longer be available on Google Play, there are currently other vehicles leading victims to these sites, such as spam.  This scam typically begins with spam...
  • 0
    Created: Paul_Thomas 23 Jan 2014 22:30:13 GMT

    Despite the News, Your Refrigerator is Not Yet Sending Spam

    You may have seen media reports based on research by Proofpoint that hundreds of home devices such as entertainment systems and even a refrigerator had been sending spam. We refer to this collection of networked devices as the Internet of Things (IoT). Originally, the reports didn’t provide any evidence so we were unable to validate the claim. However, additional details have now been made available and we can confirm that your IoT devices, including your refrigerator, are not the source of this recent spam run. From the information that was publicly provided, we have been able to determine that this specific spam run is being sent by a typical botnet resulting from a Windows computer infection. Symantec receives telemetry from a wide variety of sources including our endpoint security products, spam receiving honeypots, and botnet honeypots that await spam-initiating...
  • 0
    Created: Flora Liu 23 Jan 2014 07:14:03 GMT

    Windows Malware Attempts to Infect Android Devices

    We’ve seen Android malware that attempts to infect Windows systems before. Android.Claco, for instance, downloads a malicious PE file along with an autorun.inf file and places them in the root directory of the SD card. When the compromised mobile device is connected to a computer in USB mode, and if the AutoRun feature is enabled on the computer, Windows will automatically execute the malicious PE file. Interestingly, we recently came across something that works the other way round: a Windows threat that attempts to infect Android devices. The infection starts with a Trojan named Trojan.Droidpak. It drops a malicious DLL (also detected as Trojan.Droidpak) and registers it as a system service. This DLL then downloads a configuration file from the following remote server: ...
  • 0
    Created: Dick O'Brien 21 Jan 2014 00:51:42 GMT

    The Internet of Things: New Threats Emerge in a Connected World

    Could your baby monitor be used to spy on you? Is your television keeping tabs on your viewing habits? Is it possible for your car to be hacked by malicious attackers? Or could a perfectly innocent looking device like a set-top box or Internet router be used as the gateway to gain access to your home computer? A growing number of devices are becoming the focus of security threats as the Internet of Things (IoT) becomes a reality. What is the Internet of Things? Essentially, we are moving into an era when it isn’t just computers that are connected to the Internet. Household appliances, security systems, home heating and lighting, and even cars are all becoming Internet-enabled. The grand vision is of a world where almost anything can be connected—hence the Internet of Things. Exciting new...
  • 0
    Created: Eric Park 20 Jan 2014 18:44:19 GMT

    Case Study from the Spammer's Perspective: Crafting Spam Content to Increase Success

    Spammer success is dependent on two factors: Evading spam filters so the spam message arrives in the recipient inbox Crafting messages so that the recipient is enticed to open and perform desired call-to-actions (click on the link, open attachment, etc.) Spammers walk a fine line to balance these two aspects; relying heavily on one factor and ignoring the other will make the spam campaign fail. For example, spammers can evade spam filters by randomizing the subject and body of the message, however such randomization is likely to be ignored by even the most unsophisticated user as obvious spam. Similarly, crafting stand-out enticing messages to increase the email open rate often results in spam filters blocking the message. Spammers have a tough challenge. Rising up to meet this challenge, spammers are now hiding the true content from the user more than ever before. While there are still spam campaigns with links to online pharmacies with...
  • 0
    Created: Satnam Narang 15 Jan 2014 22:13:49 GMT

    Snapchat Spam: Sexy Photos Lead to Compromised Branded Short Domains

    A few weeks after our blog post about porn and secret admirer spam targeting Snapchat users, a new spam campaign using sexually suggestive photos and compromised custom URLs is circulating on the photo messaging app.   Figure 1. Snapchat spam   Each of these spam messages includes a request to “Add my kik”, along with a specially crafted user name on the Kik instant messaging application for mobile devices.   Figure 2...
  • 0
    Created: Eric Park 15 Jan 2014 09:29:01 GMT

    .Zip Attachment Spam Makes a Grand Return

    After a long hiatus, spammers are once again using an old trick, where they attach a .zip file to trick the user into executing the compressed malware. The chart below shows the number of spam messages with .zip attachments over the last 90 days in Symantec’s Global Intelligence Network (GIN).   Figure 1. Spam messages with .zip attachments over the last 90 days   On January 7, 99.81 percent of the .zip attachment spam that came into Symantec’s GIN had the file name “BankDocs-”  followed by 10 hexadecimal characters.   Figure 2. Email with “BankDocs-” .zip attachment   On January 8, 99.34 percent of the .zip...
  • 0
    Created: Christopher Mendes 15 Jan 2014 07:35:27 GMT

    Scammers Exploit Vacation Hangover with Malware Attacks

    It’s not surprising to see scammers exploiting the laxity of Internet users. Symantec has observed another malware wave over the past few days following the holiday season. Many users check their utility and other official emails post-vacation to see if they missed out important messages. This is where spammers take a chance and hope that users will click on malicious links in their emails. In this latest wave of attacks, spammers are taking advantage of users’ desire to open and respond to urgent emails right away. When this happens, the malware infects users’ computers and extracts confidential data. Last week, I too, received some of these scam emails posing as delivery failure notifications from well-known stores with an online presence, stating that I missed the delivery of a couple of parcels while I was away on vacation. At first, I wondered how this was possible since I hadn’t placed any orders, and wondered if they might be surprise gifts....