We've noticed a tricky new spam tactic occurring recently and thought we'd share it with you. It’s always exciting when a new spamming technique comes along and it’s even more exciting when our filtering capabilities are successful against it. Most users running our product will not have seen this. Spam filtering can still protect you from this “new spam technique,” but, even if you have seen it or even opened it, you probably gave it a one-two glance and wondered “Eh? This isn't what I thought it was.”

The headers are legit – coming from a newsletter or ad that you have signed up for. You should be receiving this mail, right? Nope, it's a spam email. Look closer. There at the top of the page. It's an ad for something entirely different than what you thought was going to be in that email.

It's an online pharmacy ad within a legitimate NFL newsletter. That is really sneaky. It looks legitimate from your Inbox. You did sign up for that NFL...

As mentioned in one of my previous blog entries, I’ve been looking at some of the phishing data Symantec collects. As part of this effort, I looked at data associated with a recent Symantec offering called Norton Confidential (this product, which is geared towards providing transaction security, can detect phishing sites, among other things). The Norton Confidential back-end servers collect a tremendous amount of data associated with existing phishing sites.

Within these phishing sites, I decided to look a little more carefully at the distribution of spoofed brands that represent local US banks (for example, credit unions that are local to a specific state). For this purpose I considered a brand to be local if all the branch locations were in a specific state (or in states that directly bordered that state). I...

December 9, 2006, marks the day when long standing contributor to the PHP Security Response Team, Stefan Esser, retired. He has stated a few reasons for this latest move, primarily focusing on (in his opinion) the lack of response from his fellow colleagues and an extended delay in the patching of known vulnerabilities. Possibly another example of how some individuals or groups may choose to view “responsible disclosure.”

Over the years, SecurityFocus has reported on multiple vulnerabilities affecting PHP, such as BIDs 20879 (PHP HTMLEntities HTMLSpecialChars Buffer Overflow Vulnerabilities), 19582 (PHP Multiple Input Validation Vulnerabilities ),...

A new worm has been discovered that targets Skype, the voice-over-IP (VoIP) telephone application. The worm uses the Skype Control API to send text chat messages containing a malicious link to other Skype users. We highlighted the possibility of the Skype API being used as infection vector for malicious code in a blog article in May of this year: http://www.symantec.com/enterprise/security_response/weblog/2006/05/vulnerabilities_of_the_skype_a.html

However, in this case the security measures implemented by Skype have not been bypassed programmatically. Instead, the worm pleads with the user via a pop-up message box to "Allow this program in skype."

On a live...