Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts tagged with Email
Showing posts in English
MarissaVicario | 30 Aug 2010 | 0 comments

Posted on behalf of Nick Johnston, Senior Software Engineer, Symantec Hosted Services

MessageLabs Intelligence has recently seen an interesting variant on normal bank and other financial institution phishing. This particular phish message encourages the recipient to receive 90 dollars by completing a survey sponsored by a fast food restaurant. This scam is different than normal phishing where phishers often impersonate banks and other financial institutions, claiming that the victim's account has been temporarily disabled, requiring some kind of action to restore it. The use of a well-known, unrelated, trusted third-party fast food restaurant brand as a vector for stealing confidential information is relatively new.

It appears that this phish was aimed at users in New Zealand. Our analysis shows that most of the recipients where in Australia or New Zealand, the URL of the site included, presumably a very poor attempt by the phishers to try to fool people...

MarissaVicario | 25 Aug 2010 | 0 comments

By Yuriko Kako-Batt, Malware Analyst, Symantec Hosted Services

Dating scams are a common spam email problem.  Spam relating to sex or dating currently accounts for approximately 4 percent of global spam.  In a typical scam, a recipient (male or female) would receive an email from a stranger and the email might say something along the lines of: “I found your information on a website. I think you are my true love…write back to me soon”.  If the recipient replies to the email, the scammer would begin to write to them with stories about their family, their background and how much they love the recipient; any number of subjects are discussed, and flattering/suggestive comments are made, until at some point the attacker feels that the potential victim has been socially engineered to the point that they trust the attacker....

MarissaVicario | 25 Aug 2010 | 1 comment

Posted on behalf of Nick Johnston, Senior Software Engineer, Symantec Hosted Services

This year, people traveling by air have had to contend with disruption caused by the volcanic ash cloud from the Eyjafjallajökull eruption in Iceland, industrial action and tour operators collapsing. But while traveling ourselves, we noticed another threat: airport Internet terminals infected with malware.

Many airports have public Internet terminals for passengers without their own laptops to check email or browse the Web. In a large airport in England, we noticed one terminal with an usual "Defense Center Installer" dialog box. "Defense Center Installer" is a fake anti-virus software, also known as "scareware".

This type of malware claims that a user is infected with a virus, and encourages them to buy the full version of the software to clean the fictitious infection. It's also common for this type of malware to try to uninstall...

Daren Lewis | 23 Aug 2010 | 0 comments

In the August 2010 MessageLabs Intelligence report (available here on Tuesday) we present our analysis of the top botnets globally. An analysis of individual bot IP addresses allows mapping of the physical location of bots. This animation allows you to view the variation in geographic concentrations of bots between the top five botnets as reported in the August report:

  • Rustock
  • Grum
  • Cutwail
  • Mega-D
  • Lethic

The animation displays each botnet for two seconds. To see an interactive version vist:

Bots are widely distributed globally with greater prevalence in those areas with high levels of computer and broadband adoption. In this analysis, with the bots localized to...
MarissaVicario | 16 Aug 2010 | 0 comments

Posted on behalf of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Service

The use of images in spam is well known, and has been going on for as long as it has been possible to send images in email messages. There are many reasons for using images in email, from simply making the email more interesting, or adding a look of professionalism, to attempting to evade text based spam filters and signatures. The use of remote images in particular has been steadily increasing over the last 16 months.

In remote images, the image is not actually contained within the email itself. Instead the email uses HTML to link to a remotely hosted image, which most modern email clients will render just like a web browser. There are good reasons a spammer would want to use remotely hosted images. First, they can change the content of a spam run at any time without having to update templates or make any...

MarissaVicario | 10 Aug 2010 | 0 comments

Posted on behalf of Mathew Nisbet, Malware Data Analyst

Spammers use many tactics to add legitimacy to their emails. One technique used is the personalization of their spam, where the spammer will add text to the email that specifically mentions the recipient, a technique often used in legitimate marketing campaigns.

A legitimate marketing email from a well known company will usually include the recipient’s name. In this case the marketer will likely have access to the users’ personal information because the user has signed up to receive their newsletter or is a previous customer.

For a spammer, obtaining personal information is not so simple. An easy way for them to get a similar effect though, is to simply use the email address to which they are sending. While this is not a name, it can have the same effect by making the email appear it was sent in accordance with a legitimate mailing list, rather than spamming at random. This can be a...

MarissaVicario | 04 Aug 2010 | 0 comments

Posted on behalf of Dan Bleaken, Senior Malware Data Analyst, Symantec Hosted Services

Your company’s internet link is precious. Not only is it expensive and limited but it is a vital business
tool. Yet recent MessageLabs Intelligence analysis shows that companies can lose around a quarter of their internet bandwidth to employee web misuse, streaming media and spam. Imagine if you had to give up a quarter of your office space for non-work activities; it’s inconceivable. But when it comes to internet bandwidth, most companies don’t even know about the loss, let alone take steps to prevent it.

The MessageLabs Hosted Web Security Service (WSS) blocks millions of web requests every day to protect users from accessing content that is either non-compliant with company policy, or malicious.  In a typical week in 2010 the WSS performs about 107 million blocks (up from 90 million/week in 2009), on 5-10 million distinct URLs, for several...

MarissaVicario | 30 Jul 2010 | 1 comment

Posted on behalf of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services
In the past, MessageLabs Intelligence did some analysis on the words used by the major spam botnets which showed a marked difference in the type of spam each one sent. Recently we decided to have a look at the different types of emails we see going through our systems. We looked at general spam, phishing, malware, and targeted attacks, and like before, each has a distinct pattern of its own.
Spam is fairly unsurprising in its content; mostly it consists of words having to do with selling something such as product names or words like “discount”, “price”, or “sale!” The main aim of general spam is to get the recipient to buy something as quickly as possible. It tends to be designed to try and convince the recipient of a “must have” offer that can’t be found anywhere else.

Daren Lewis | 15 Jul 2010 | 1 comment

We've taken a closer look at spam on a regional/city basis in six large markets for July 2010. Just as we see differences in spam rates between countries we often see significant differences within countries:

  • There is no safe haven from the deluge of spam that hits the inboxes of business users around the world. Worldwide, 90% of spam is sent by an estimated five to six million spam-sending computers that have been compromised by cyber criminals.  These computers are organized into automated robot networks, or botnets, and send an estimated 120 billion emails each day.
  • Botnets are sometimes used to launch spam campaigns targeting particular regions, but botnet-driven attacks don’t often discriminate; the greater the number of people they can reach, the more money the cyber criminals stand to make.
  • Targeted attacks are a worldwide threat too, though the level of danger an organization may face is largely determined by what...
MarissaVicario | 15 Jul 2010 | 2 comments

Posted on behalf of Jason Zhang, Senior Software Engineer, Symantec Hosted Services

For many years, CAPTCHAs have proven very useful for many reputable, Web-based email and application service providers, including social networking sites and online auction sites, for the purpose of deterring automated registration. Nevertheless, cyber criminals have not ceased trying to defeat CAPTCHA-based protection.  

Since 2008, cyber criminals have found ways to break CAPTCHAs either automatically or by manual labour . Breaking them has unlocked the business potential of the so-called shadow economy for many criminals who stand to make a lot of money from the free email accounts they’ve been able to harvest from popular account providers through cracking the CAPTCHA system. Lust for CAPTCHA breaking stems from the desire to procure popular email or social networking accounts, which can be used to effectively distribute spam or malware. ...