Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts in English
MarissaVicario | 04 Aug 2010 | 0 comments

Posted on behalf of Dan Bleaken, Senior Malware Data Analyst, Symantec Hosted Services

Your company’s internet link is precious. Not only is it expensive and limited but it is a vital business
tool. Yet recent MessageLabs Intelligence analysis shows that companies can lose around a quarter of their internet bandwidth to employee web misuse, streaming media and spam. Imagine if you had to give up a quarter of your office space for non-work activities; it’s inconceivable. But when it comes to internet bandwidth, most companies don’t even know about the loss, let alone take steps to prevent it.

The MessageLabs Hosted Web Security Service (WSS) blocks millions of web requests every day to protect users from accessing content that is either non-compliant with company policy, or malicious.  In a typical week in 2010 the WSS performs about 107 million blocks (up from 90 million/week in 2009), on 5-10 million distinct URLs, for several...

MarissaVicario | 30 Jul 2010 | 1 comment

Posted on behalf of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services
In the past, MessageLabs Intelligence did some analysis on the words used by the major spam botnets which showed a marked difference in the type of spam each one sent. Recently we decided to have a look at the different types of emails we see going through our systems. We looked at general spam, phishing, malware, and targeted attacks, and like before, each has a distinct pattern of its own.
Spam is fairly unsurprising in its content; mostly it consists of words having to do with selling something such as product names or words like “discount”, “price”, or “sale!” The main aim of general spam is to get the recipient to buy something as quickly as possible. It tends to be designed to try and convince the recipient of a “must have” offer that can’t be found anywhere else.

Daren Lewis | 15 Jul 2010 | 1 comment

We've taken a closer look at spam on a regional/city basis in six large markets for July 2010. Just as we see differences in spam rates between countries we often see significant differences within countries:

  • There is no safe haven from the deluge of spam that hits the inboxes of business users around the world. Worldwide, 90% of spam is sent by an estimated five to six million spam-sending computers that have been compromised by cyber criminals.  These computers are organized into automated robot networks, or botnets, and send an estimated 120 billion emails each day.
  • Botnets are sometimes used to launch spam campaigns targeting particular regions, but botnet-driven attacks don’t often discriminate; the greater the number of people they can reach, the more money the cyber criminals stand to make.
  • Targeted attacks are a worldwide threat too, though the level of danger an organization may face is largely determined by what...
MarissaVicario | 15 Jul 2010 | 2 comments

Posted on behalf of Jason Zhang, Senior Software Engineer, Symantec Hosted Services

For many years, CAPTCHAs have proven very useful for many reputable, Web-based email and application service providers, including social networking sites and online auction sites, for the purpose of deterring automated registration. Nevertheless, cyber criminals have not ceased trying to defeat CAPTCHA-based protection.  

Since 2008, cyber criminals have found ways to break CAPTCHAs either automatically or by manual labour . Breaking them has unlocked the business potential of the so-called shadow economy for many criminals who stand to make a lot of money from the free email accounts they’ve been able to harvest from popular account providers through cracking the CAPTCHA system. Lust for CAPTCHA breaking stems from the desire to procure popular email or social networking accounts, which can be used to effectively distribute spam or malware. ...

MarissaVicario | 14 Jul 2010 | 0 comments

Posted on behalf of Nicholas Johnston, Senior Software Engineer, Anti-Spam Team Symantec Hosted Services

Last year, details emerged of an investigation around 50,000 US citizens suspected of hiding large sums of money in offshore bank accounts with a Swiss bank. A court document filed by the Justice Department gives a rare glimpse into the secretive world where there are color coding systems for currencies and code names like "a nut" denote $250,000 and "a swan" denotes $1 Million. The Justice Department report further alleges that the banks encouraged wealthy clients to use Swiss-based credit cards to avoid scrutiny from US authorities.

The dispute has been rumbling on since February 2009, with Switzerland's parliament recently agreeing a rare break in bank secrecy laws and allowing details of some account holders to be turned over to US authorities.

It turns out that 419 or advance-fee fraud scammers have...

MarissaVicario | 08 Jul 2010 | 0 comments

Posted on behalf of Matt Charman, Marketing Manager

No-one can deny the phenomenal success of the World Wide Web. But its increasing prominence and importance come at a price. Quite apart from the big risks that businesses can find themselves exposed to as a result of inappropriate web use by their employees, cyber-criminals are focusing more of their resources on transforming the web into a malware minefield. Just one visit to a website infected with a virus or spyware can have serious revenue-reducing, reputation-eroding consequences for your business.

Globally, an estimated 1-1.5 billion people use the internet. Every day hundreds of millions of visits are made to websites worldwide. But as usage continues to climb upwards, some accepted truths about the web have broken down. Take ‘safe surfing’, for instance. A few years ago, common sense was all you really needed to keep your computer free from infection by the malware that...

MarissaVicario | 07 Jul 2010 | 0 comments

Posted on behalf of Mathew Nisbet, Malware Data Analyst and Jo Hurcombe, AV Operations Engineer, Symantec Hosted Services

On the June 18, MessageLabs Intelligence spotted a new malicious email attack, using PDFs as a hook. A little different to the usual PDF related e-mails, this doesn’t attempt to exploit vulnerabilities in the PDF format, or attempt to get the victim to download malware masquerading as a new PDF reader. Instead, this one is after credit card details.

The email tells you that there is a new version of their PDF reader available, and gives a bit of a sales pitch for this new software.

Clicking on the link takes the recipient to a professional-looking page made to advertise the fictitious software.

Clicking on the download link takes the victim to a different site...

MarissaVicario | 30 Jun 2010 | 1 comment

Posted on behalf of Martin Lee, Senior Malware Analyst, Symantec Hosted Services

This sophisticated attack was recently intercepted by MessageLabs Intelligence. One
particularly interesting feature was the degree of preparation undertaken
by the attacker, and the fact that it involved two separate defense contractors.

The first step in the attack was for the attacker to gain unauthorised access
to the web site of Defense Contractor A and to create a fake 'press release'
directory. Into this newly created directory, the attacker uploaded a landing
page, a page of obfuscated Javascript containing an exploit and a malicious

The second step was for the attacker to research Defense Contractor B and
identify email addresses within that organisation. To these addresses the
attacker sent a series of emails purporting to be from a webmail address
reporting the arrest of Defense Contractor B...

MarissaVicario | 29 Jun 2010 | 0 comments

Posted on behalf of Yuriko Kako-Batt, Junior Data Analyst, Symantec Hosted Services

MessageLabs Intelligence has been monitoring the activities of two pharmaceutical spam gangs: Gang1 and Gang2. These are the two biggest pharmaceutical gangs which are sending spam all over the world as mentioned in the March post, 'Pharmacy Spam; Pharmaceutical WEBSITES Fall into Two Distinct Operations' and in also in this April post, ‘New Pharmacy Spam Brand Spotted’.

Gang 1:

  • Canadian Pharmacy
  • United Pharmacy
  • European Pharmacy
  • Canadian HealthCare
  • Online Pharmacy

Gang 2:

  • Toronto Drug Store
  • Indian Pharmacy
  • Canadian...
MarissaVicario | 23 Jun 2010 | 0 comments

Posted on behalf of Dan Bleaken, Senior Malware Analyst, Symantec Hosted Services

As reported in the June MessageLabs Intelligence Report, MessageLabs Intelligence is seeing a great variety of different threats relating to the upcoming FIFA World Cup.

We’ve seen 419-style scams, including emails offering tickets to games; fake accommodation providers; offers of contracts to supply clothing and boots; offers of free mobile phones; scams looking for companies to provide additional electricity/power for the World Cup; and more.  All designed to ultimately obtain the recipient’s personal details, and/or money by means of deception and fraud.  

MessageLabs Intelligence has also seen fake World Cup tickets for sale on well known auction websites, or advertisements offering tickets, that in reality are unlikely to give the buyer access to any games.