Video Screencast Help
Search Video Help Close Back
to help

Symantec Intelligence

Showing posts in English
New 419 Scams Use Current Events to Draw Interest
MarissaVicario | 14 Jul 2010 | 0 comments

Posted on behalf of Nicholas Johnston, Senior Software Engineer, Anti-Spam Team Symantec Hosted Services

Last year, details emerged of an investigation around 50,000 US citizens suspected of hiding large sums of money in offshore bank accounts with a Swiss bank. A court document filed by the Justice Department gives a rare glimpse into the secretive world where there are color coding systems for currencies and code names like "a nut" denote $250,000 and "a swan" denotes $1 Million. The Justice Department report further alleges that the banks encouraged wealthy clients to use Swiss-based credit cards to avoid scrutiny from US authorities.

The dispute has been rumbling on since February 2009, with Switzerland's parliament recently agreeing a rare break in bank secrecy laws and allowing details of some account holders to be turned over to US authorities.

It turns out that 419 or advance-fee fraud scammers have...

Read more
Risks from web threats mount up in 2010
MarissaVicario | 27 Jul 2010 | 0 comments

Posted on behalf of Matt Charman, Marketing Manager

No-one can deny the phenomenal success of the World Wide Web. But its increasing prominence and importance come at a price. Quite apart from the big risks that businesses can find themselves exposed to as a result of inappropriate web use by their employees, cyber-criminals are focusing more of their resources on transforming the web into a malware minefield. Just one visit to a website infected with a virus or spyware can have serious revenue-reducing, reputation-eroding consequences for your business.

Globally, an estimated 1-1.5 billion people use the internet. Every day hundreds of millions of visits are made to websites worldwide. But as usage continues to climb upwards, some accepted truths about the web have broken down. Take ‘safe surfing’, for instance. A few years ago, common sense was all you really needed to keep your computer free from infection by the malware that...

Read more
New Phishing Attack Guised as Fake PDF Reader Update
MarissaVicario | 07 Jul 2010 | 0 comments

Posted on behalf of Mathew Nisbet, Malware Data Analyst and Jo Hurcombe, AV Operations Engineer, Symantec Hosted Services

On the June 18, MessageLabs Intelligence spotted a new malicious email attack, using PDFs as a hook. A little different to the usual PDF related e-mails, this doesn’t attempt to exploit vulnerabilities in the PDF format, or attempt to get the victim to download malware masquerading as a new PDF reader. Instead, this one is after credit card details.

The email tells you that there is a new version of their PDF reader available, and gives a bit of a sales pitch for this new software.

Clicking on the link takes the recipient to a professional-looking page made to advertise the fictitious software.

Clicking on the download link takes the victim to a different site...

Read more
Multi-Step Targeted Attack
MarissaVicario | 30 Jun 2010 | 1 comment

Posted on behalf of Martin Lee, Senior Malware Analyst, Symantec Hosted Services

This sophisticated attack was recently intercepted by MessageLabs Intelligence. One
particularly interesting feature was the degree of preparation undertaken
by the attacker, and the fact that it involved two separate defense contractors.

The first step in the attack was for the attacker to gain unauthorised access
to the web site of Defense Contractor A and to create a fake 'press release'
directory. Into this newly created directory, the attacker uploaded a landing
page, a page of obfuscated Javascript containing an exploit and a malicious
binary.

The second step was for the attacker to research Defense Contractor B and
identify email addresses within that organisation. To these addresses the
attacker sent a series of emails purporting to be from a webmail address
reporting the arrest of Defense Contractor B...

Read more
Long lost pharmacy brands return, and a new one appears
MarissaVicario | 30 Jun 2010 | 0 comments

Posted on behalf of Yuriko Kako-Batt, Junior Data Analyst, Symantec Hosted Services

MessageLabs Intelligence has been monitoring the activities of two pharmaceutical spam gangs: Gang1 and Gang2. These are the two biggest pharmaceutical gangs which are sending spam all over the world as mentioned in the March post, 'Pharmacy Spam; Pharmaceutical WEBSITES Fall into Two Distinct Operations' and in also in this April post, ‘New Pharmacy Spam Brand Spotted’.

Gang 1:


  • Canadian Pharmacy
  • United Pharmacy
  • European Pharmacy
  • Canadian HealthCare
  • Online Pharmacy

Gang 2:


  • Toronto Drug Store
  • Indian Pharmacy
  • Canadian...
Read more
FIFA World Cup Scams Continue to Circulate
MarissaVicario | 23 Jun 2010 | 0 comments

Posted on behalf of Dan Bleaken, Senior Malware Analyst, Symantec Hosted Services

As reported in the June MessageLabs Intelligence Report, MessageLabs Intelligence is seeing a great variety of different threats relating to the upcoming FIFA World Cup.

We’ve seen 419-style scams, including emails offering tickets to games; fake accommodation providers; offers of contracts to supply clothing and boots; offers of free mobile phones; scams looking for companies to provide additional electricity/power for the World Cup; and more.  All designed to ultimately obtain the recipient’s personal details, and/or money by means of deception and fraud.  

MessageLabs Intelligence has also seen fake World Cup tickets for sale on well known auction websites, or advertisements offering tickets, that in reality are unlikely to give the buyer access to any games.  

Moreover, we...

Read more
Use of legitimate sites in malicious web attacks
MarissaVicario | 17 Jun 2010 | 0 comments

Posted on behalf of Dan Bleaken, Senior Malware Data Analyst, Symantec Hosted Services

The MessageLabs Hosted Web Security Service (WSS) blocks millions of web requests every day to protect users from content that is either malicious or has been determined to be off limits based on company policy.  In a typical week in 2010 Symantec Hosted Services performs about 107 million blocks (up from 90 million per week in 2009), on 5-10 million distinct URLs, for several thousand clients.  That’s tens of thousands of blocks per client per week on average.   

Of these blocked URLs, 99.96% are policy based blocks the biggest proportion of which is for advertising, mostly pop-up ads or auto-forwarding to ads.  Also, Symantec Hosted Services blocks web sites related to Adult/Sexually Explicit material, Violence, Tasteless & Offensive material, Weapons, Criminal Activity, Gambling and Illegal Drugs to name a few.  Clients have full control...

Read more
World Cup spam with obfuscated JavaScript attachment
MarissaVicario | 15 Jun 2010 | 0 comments

Posted on behalf of Nick Johnston, Senior Software Engineer, Symantec Hosted Services

The FIFA World Cup, which officially started in South Africa last Friday, has been the subject of intense public interest for the past months. This interest in football has been noticed by scammers and malware authors, who are skilled at using high profile events to try to entice unsuspecting users into opening their malicious messages.

MessageLabs Intelligence recently saw some spam for a pharmaceutical site using the World Cup to try to entice users to open the message. The subject of these messages was:

Subject: FIFA World Cup South Africa... bad news

The exact motives of the spammer are unclear, but it's likely that they hope that recipients will read this subject and think that perhaps the tournament has been disrupted somehow (perhaps like the Africa Cup of Nations earlier this year), and then quickly open the message. The body of the message contains more...

Read more
Advance-fee Fraud “419” Scammers Abusing Free Online Productivity Suites
Daren Lewis | 11 Jun 2010 | 0 comments

By Nicholas Johnston, Senior Software Engineer, Anti-Spam Team Symantec Hosted Services About “419” scams

With advance-fee fraud scams, or “419s” as they are often known, there is almost always a real person behind each scam, unlike the majority of spam emails that are sent in large volumes by robot networks (or “botnets”). 419 fraud emails tend to be low in number when compared with a typical spam run; they are often sent out manually with a real person ready to engage any potential victims in a dialogue, should anyone respond.

These 419 scams typically promise large amounts of money or even gold in return for an initial payment made by the recipient – perhaps this is to pay for various up-front (advance) fees and charges, and can become a major problem. The people sending these messages, referred to as “419-ers,” are known to frequently abuse free webmail services, and “tell...

Read more
Brazilian World Cup Related Targeted Attack
Daren Lewis | 10 Jun 2010 | 0 comments
On behalf of Tony Millington, Malware Operations Engineer, Symantec Hosted Services

Beginning on 02 June 2010 MessageLabs Intelligence identified a run of 45 targeted malware emails intercepted in route to a number of Brazilian companies, including chemical, manufacturing, and finance firms. This social engineering attack exploits the excitement surrounding the 2010 World Cup in South Africa to prompt the recipients to take actions which may compromise their systems and corporate information.

One particularly interesting element of this targeted attack is the use of two attack modes, a PDF attachment and a malicious link.
 
The email was spoofed from a well-known sportswear manufacturer, using the manufacturer’s .com.br domain and was sent from a server hosting company in Brazil. The manufacturer being spoofed is a sponsor of the FIFA World Cup which adds validity to the...
Read more