Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts tagged with Email
Showing posts in English
MarissaVicario | 02 Jun 2010 | 0 comments

Posted on behalf of Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

Targeted attacks are arguably the most damaging type of internet threat.  They take place via email, and are designed to target a specific individual or organisation.  The aim is to extract sensitive or valuable information, which could then be used to gain competitive advantage, blackmail, harm reputation, gather intelligence, spy, steal secrets/designs/ideas, and so on.  MessageLabs Intelligence experts are skilled at differentiating targeted attacks from other (bulk-mailed or spammed) malicious emails that are blocked by MessageLabs Skeptic anti-malware technology.  

The approach attackers often use is to use legitimate details in the email but urge recipients to open a malicious attachment, and therefore have their PC or network compromised in some way.  After all, this is the ultimate goal of the attacker.  Two thirds of attacks are directed at the very...

Daren Lewis | 27 May 2010 | 0 comments

Posted on behalf of Yuriko Kako-Batt, Malware Data Analyst

People receive various spam emails everyday from dating scams to those attempting to phish bank account information, loan offers and those featuring porn sites, pharmaceuticals and replica watches. While the categories differ, many of them have similarities. In most cases the spammer’s aim is to make money, often by luring the victim into “online-shopping”

Criminal gangs make their own branded websites, selling counterfeit or illegally obtained products, and they, or some hired spammers, send spam emails with various subjects and different URLs connecting to those websites. Recipients access the websites from the URL in the spam emails, and may choose to buy products there. Pharmaceutical spam, replica watches, pirated DVDs and cheap software spam are applicable, although their products are different.

Usually these fake products are cheaper than the...

Daren Lewis | 20 May 2010 | 0 comments

By Dan Bleaken, Senior Malware Data Analyst, Symantec Hosted Services


Yesterday the U.S. Federal Trade Commission (FTC) shut down California-based ISP Pricewert LLC (also known as 3FN and APS Telecom), a notorious rogue internet service provider (ISP) that specialised in the deployment of botnets and the distribution of illegal, malicious and harmful content such as spam and child exploitation images. (

One of the largest and most active botnets responsible for spam activity, the Cutwail botnet, experienced several hours of downtime on the morning of June 5, 2009, following a preliminary injunction by the FTC earlier that week. Malware from the Cutwail botnet, also known as Pandex, was first identified in January 2007.

With between 1.5 and 2 million active bots, Cutwail was perhaps the largest...

MarissaVicario | 20 May 2010 | 1 comment

Posted on behalf of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services

Recently, the infamous Storm worm has reappeared in the wild. MessageLabs Intelligence first saw this new variant of the botnet start spamming on 30 April. Since then, output has come in bursts reaching a peak of 1.4 percent of spam on 8 May.

The actual spam that we have been seeing is all fairly standard pharmaceutical spam, containing links to web pages hosting the well known Canadian Pharmacy site, with subjects like these:

Get all the medications you want online!
Disappointed with your bad performance in bed?
great offers to spice it up in bed..
need some help in the bed?
its time to spice up the bed
Safest and approved method of male enhancing have a easier time making her...
Have long strong night in BED!
Get your favorite rxmedications here!

MarissaVicario | 17 May 2010 | 0 comments

Posted on behalf of Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

Cybercriminals frequently send phishing attacks disguised as emails that claim to be from an organisation, especially financial organisations, asking for personal details, especially passwords.  Once gathered, this information enables the attackers to access the victim’s account, and very often help themselves to their money.

In 2009, Symantec Hosted Services blocked phishing attacks impersonating or relating to 1079 different organisations. Generally, a relatively small number of organisations are impersonated.   In 2009, just eight impersonated organisations made up 50 percent of blocked phishing attacks and 83 impersonated organisations made up 95 percent of blocked phishing attacks. The impersonated organizations were largely banks.  

While most banks are impersonated in phishing attacks at some time, any organisation that offers an online...

MarissaVicario | 14 May 2010 | 0 comments

Posted on behalf of Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

At the end of March, MessageLabs Intelligence reported on a wave of targeted attacks that used the upcoming FIFA World Cup as a hook.

Around the same time, March 20 to be precise, a volcanic eruption beneath Iceland's Eyjafjallajokull glacier, later created an ash cloud that forced complete airspace closures across northern Europe in mid-April.  Disruption to air travel continued through the end of April and more recently there has been major disruption to transatlantic flights as the ash cloud drifts south over Western Europe (Spanish/Italian airspace).

UK airspace was shut down for 6 days, for the period between April 15-20.  One day after UK airspace re-opened, much to the relief of travellers all over the world, MessageLabs Intelligence intercepted a...

MarissaVicario | 12 May 2010 | 0 comments

Posted on behalf of Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services

As the global workforce becomes more mobile and security threats more complex, IT managers in small-to-medium sized businesses (SMBs) are in search of security solutions that are easy to deploy and manage.

The endpoint can be the last line of defense for any organization, and for some it may be the only one. Thus the challenges of managing endpoint security demand a consistent approach in deploying continual updates and being able to safeguard employees both inside and outside the corporate network.

Security threats to corporate endpoints like desktops, laptops and file servers are growing in number and sophistication and can now evade traditional security measures.
In 2009 Symantec created 2.9 million new malicious code signatures to address threats to our customers, a 71% increase over 2008.  The majority of these signatures were developed as the...

MarissaVicario | 10 May 2010 | 0 comments

By Yuriko Kako-Batt, Malware Data Analyst, Symantec Hosted Services

Pharmaceutical spam is the biggest group in all spam categories and is growing exponentially. In October 2009, MessageLabs Intelligence reported pharmaceutical spam at 65.3% of all spam. By  May 2010, it accounted for 85% of all spam.

In a March blog post, MessageLabs Intelligence explored the various types of pharmacy spam.  In this analysis we found that pharmacy gangs seem to fall into two distinct operations, with very similar websites.  These are:

Gang 1:

  • Canadian Pharmacy
  • United Pharmacy
  • European Pharmacy
  • Canadian HealthCare
  • Online Pharmacy

Gang 2:

  • Toronto Drug Store
  • Indian Pharmacy
  • Canadian HealthCare Mall
  • Canadian Pharmacy...
MarissaVicario | 06 May 2010 | 1 comment

By Mat Nisbet, Malware Data Analyst, Symantec Hosted Services

In the April MessageLabs Intelligence Report we looked at the operating systems that were being used to send spam mails. To do this, we used a passive fingerprinting (PF) technique that looks at the network packets that are received when a remote machine attempts to make a connection, and used this to identify several characteristics of the remote machine, including the operating system it is using. After finding that the amount of spam originating from Linux was disproportionate to the number of Linux machines in the world, we decided to have a closer look at the spam and see if there is anything that differentiates it when compared to spam in general.

The first thing we noticed is that there is far less botnet spam from Linux than there is in general spam. In the seven day period examined, 87% of the spam...

Paul Wood | 30 Apr 2010 | 0 comments

Small-to-Medium-sized Businesses (SMBs) often encounter problems with IT security, but it’s not that they don’t care about being secure or that it doesn’t show up as an issue on their company radar. The problem stems from not knowing what it is that they really need to do as a priority. They know that there are lots of things they could be doing, but security can be such a complex subject and with so many options, the end result is that they don’t really know what to focus on first. In essence, what measures would actually make a real difference to their level of security rather than be purely cosmetic or give them only a minimal return?

If you strip away all the complexity, then these security questions can be answered. Most SMBs do not have the same breadth of IT security needs that larger enterprises have and do not need their security to be as comprehensive. Security can be stripped down to the essentials. And, if we do that, then we find that...