Security Response: Showing posts by Vivian Ho

How many social network accounts do you have? How much time do you spend on your network content and application updates? How many discussion boards or blogs or pictures or games do you need to maintain in each network service?

Besides email and instant messenger programs, social network services have become important media for people to maintain their relationships or business exposure. There are, of course, myriad risks associated with exposing your personal details online when you are not aware of setting proper privacy rules, such as those suggested by the social network services.

Spammers have yet another channel available to send their “love” to you.

Have you had the pleasure of your newly registered social network account sending you tons of friendship invitations on a daily basis? Or, in addition, that same account sends out numerous friendship invitations to your contacts without your consent? Or, have you started receiving lots of junk...

Planning a romantic Valentine’s Day for your loved one? There is seemingly no end to what you can do to add even more sparkle to this "dreamy" day. Perhaps a bottle of wine, flowers, or a lovely gift to impress him/her—and if you aren’t with anyone, there are even dating services available that provide you with options to meet a date!

As Dermot Harnett mentioned in A Brilliant Proposal: Stay Away from Valentine’s Day Spam!, for spammers, Valentine’s Day is a great target. We’ve observed several spam email message styles related to this upcoming event. Gift options, flower delivery, dating service, med spam to spice up your relationship, and much more.

Here are some common header lines that Symantec has tracked relating to Valentine’s Day:

From: ValentineGift<contact@ Details Removed>
From:...

Didn’t shop enough on Black Friday? Still looking for Christmas Gifts? Need to send holiday greetings? Spammers will send them all at your convenience! We started seeing Christmas-related spam just after the Thanksgiving holiday—spammers are just as busy as the rest of us are this holiday season.

We have recently observed many different types of Christmas-related spam, such as medical/replica/gift shopping offers, loan offers, lotto scams, fraud and viruses, etc. Many of them have Christmas themed key words in the header to lure users to open emails. We saw some last year and have already observed the familiar “festive” headers.

The following are some sample headers:

From: "Shop Smart this Christmas" <Details Removed>
From: "X-mas Loan Offer" <Details Removed>
From: "Christmas Gift Ideas" <Details Removed>
From: "Christmas" <Details Removed>  ...

The Chinese Mid-Autumn Festival, also know as the Moon Festival, is one of the major holidays celebrated in Chinese society. It happens on August 15 in the Chinese lunar calendar, which is October 3 on the western calendar this year. Most families will get together to admire the bright full moon and eat mooncakes on this holiday. It is a cultural tradition for friends and family members to send mooncakes and reunite for the holiday.

As we expected, Chinese spammers are capitalizing on this holiday and we have monitored spammers sending out mooncake and gift promotions to mark the day in the past couple of weeks. In the examples below, we observed randomized From lines with a mid-autumn festival related subject line. We anticipate more to come before the holiday.

Sample 1:

From: Randomized email alias
Subject: 中秋礼品解决方案

Translation:

Subject: Moon Festival Gift Solution

Body Translation...

The traditional Chinese Father’s Day is set on August 8—coming from “8/8”, which is pronounced “Pa-Pa” in Chinese. Spammers are offering us a wide array of gift selections, including high tech products, luxury wallets and watches for our hard working dads.

Spammers have a detailed catalog of items and are giving potential buyers a one-year warranty on replica products. They are also offering a special promotion, giving a first time buyer discount on a mass-mailing service.

In the sample below, the spammer claims they are a legitimate shopping site for luxury items:

From: "xxxxxxxx代購網" <xxxxxxxxxxxxx@xxxxxxxxxxxxxx.xxxxx>

Subject:為辛苦的父親選一件父親禮物吧

Translation:
 

From: "xxxxxxxxshopping network" <xxxxxxxxxxxxx@xxxxxxxxxxxxxx.xxxxx>

Subject: Pick up a nice gift for your hard working dad.

...

We’ve observed spam disguised as a legitimate Taiwanese commercial bank sending out credit card promotion email messages that are embedded with an .swf virus link. In this particular attack, recipients are able to see the bank’s image at the top of the email message and promotion notes at the bottom. There is also a large blank space within the promotion message that is designed to make you believe that the credit card promotion content has been lost in transit. Recipients are then instructed to click on the link in case of page display error issues.

This attack is found to be a dictionary/domain attack. Symantec detects the “blog.html” link in the spam email as Trojan.Malscript!html. The blog.html link contains shellcode in the form of a file named sploit.swf, which exploits Adobe AVM2 Scope Stack Corruption Vulnerability (...

The Internet has gone wild since Michael Jackson, the “King of Pop,” was reported dead on June 25. Symantec Security Response has already blogged about how we observed spammers trying to capitalize on this event in many ways, both with messages including malware, and scams tied to this talented celebrity’s death. We expect that spam and malware will keep coming in, given Michael Jackson’s popularity and following. Recipients should be extra cautious about messages that appear to be related to Jackson’s death, especially any email that comes from an unknown or unexpected source.

The following are some examples of what we have seen circulating:

Sample 1.1

Spammers hide behind a spoofed message, which appears as a rip-off of a familiar social network notification, in an attempt to try to trick recipients to...