With the soaring popularity of social networking sites, it is no surprise that spammers try to take advantage of them. In the past, spammers would register their own accounts and then send unsolicited messages through the social networking site. By default, the site generated automated email to let the user know that there is a new message. While such notifications are technically legitimate, the user would have most likely considered the messages as spam, due to the unsolicited content. For spammers, this technique had a shortcoming—the message sent to the user was from an unknown person/entity.
Recently, Symantec has observed a rise in a newer technique of social networking site abuse. The below example is a legitimate notification from Facebook that informs the user of a new private message:
As noted above, the message itself is not spam because...
Spammers are always searching for ways to bypass anti-spam filters. While the “text with tables” technique is not new, it is worth noting because it demonstrates spammers’ creativity, as well as their utilization of existing techniques.
When spammers first used table HTML codes, it began as a simple table with various cells filled in with different colors to render what looked like regular text. This basic technique has since evolved into something more complex—spammers are using a table within a table.
In the example below, the spammer first defines an outer table (137 x 43). Then, each row of the outer table itself is defined as a table. These inner tables feature a unique cell length (defined by COLSPAN) and background colors.
Carefully crafted, the above HTML shows this when rendered:
A typical phishing email message tries to represent (falsely) a single institution. For example, a spammer sends a phishing message, forging the email to appear as if it’s from a financial institution. The recipient is then asked to enter personal information for some fictional reason (for example, “verify your identity”). In an effort to obtain as much information as possible about the unsuspecting user, the spammer usually asks for more information than what is asked at a legitimate website. While a legitimate site may only ask for username and password, a phishing site usually seeks additional information such as a credit card or pin number, mother’s maiden name, and/or a social security number. Once the user hits the “submit” button, the private information is sent into the hands of criminals.
Symantec has recently observed a spam message that is pretending to be from HM Revenue & Customs in the United Kingdom. The message is very...
With more people using the Internet now than ever before, free homepage hosting providers are increasing in popularity. These sites offer users free Web space so that they can make their own homepage, publish it, and share with friends and family. When the popularity of this type of service was near its peak, spammers began to use these websites as part of their spamming efforts. This was accomplished through the creation of many free websites, often using automation, and sending spam with a newly created webpage URL. The randomization of such URLs hindered typical anti-spam efforts. When an unsuspecting user clicked on one of these newly created URLs, more often than not they were taken to a page similar to the one shown here:
While this spam material (online pharmacy spam) is...
