Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts in English
MarissaVicario | 10 May 2010 | 0 comments

By Yuriko Kako-Batt, Malware Data Analyst, Symantec Hosted Services

Pharmaceutical spam is the biggest group in all spam categories and is growing exponentially. In October 2009, MessageLabs Intelligence reported pharmaceutical spam at 65.3% of all spam. By  May 2010, it accounted for 85% of all spam.

In a March blog post, MessageLabs Intelligence explored the various types of pharmacy spam.  In this analysis we found that pharmacy gangs seem to fall into two distinct operations, with very similar websites.  These are:

Gang 1:

  • Canadian Pharmacy
  • United Pharmacy
  • European Pharmacy
  • Canadian HealthCare
  • Online Pharmacy

Gang 2:

  • Toronto Drug Store
  • Indian Pharmacy
  • Canadian HealthCare Mall
  • Canadian Pharmacy...
MarissaVicario | 06 May 2010 | 1 comment

By Mat Nisbet, Malware Data Analyst, Symantec Hosted Services

In the April MessageLabs Intelligence Report we looked at the operating systems that were being used to send spam mails. To do this, we used a passive fingerprinting (PF) technique that looks at the network packets that are received when a remote machine attempts to make a connection, and used this to identify several characteristics of the remote machine, including the operating system it is using. After finding that the amount of spam originating from Linux was disproportionate to the number of Linux machines in the world, we decided to have a closer look at the spam and see if there is anything that differentiates it when compared to spam in general.

The first thing we noticed is that there is far less botnet spam from Linux than there is in general spam. In the seven day period examined, 87% of the spam...

Paul Wood | 30 Apr 2010 | 0 comments

Small-to-Medium-sized Businesses (SMBs) often encounter problems with IT security, but it’s not that they don’t care about being secure or that it doesn’t show up as an issue on their company radar. The problem stems from not knowing what it is that they really need to do as a priority. They know that there are lots of things they could be doing, but security can be such a complex subject and with so many options, the end result is that they don’t really know what to focus on first. In essence, what measures would actually make a real difference to their level of security rather than be purely cosmetic or give them only a minimal return?

If you strip away all the complexity, then these security questions can be answered. Most SMBs do not have the same breadth of IT security needs that larger enterprises have and do not need their security to be as comprehensive. Security can be stripped down to the essentials. And, if we do that, then we find that...

MarissaVicario | 28 Apr 2010 | 0 comments

May 4, 2000 is a date that has gone down in history for Symantec Hosted Services, then MessageLabs. On that day the MessageLabs Intelligence team was the first to stop and name the LoveBug virus, a mass-mailing worm that affected 45 million computer users when virus levels surged overnight from 1 in every 1000 emails to 1 in 28. Most of the insight into the sentiment of that day is in the accounts from those who were on the front lines of detection as told in the April 2010 MessageLabs Intelligence Report. Similarly, the only essence of the virus itself is left in its pictorial image which Symantec Hosted Services has captured using LoveBug’s actual virus code.  

Image generated by Alex Dragulescu using actual LoveBug virus code

This unique representation of the LoveBug virus was featured this week...

Daren Lewis | 13 Apr 2010 | 0 comments

For the past three years, the Symantec Hosted Services (formerly MessageLabs) Cyber Threat Gallery has traveled far and wide displaying at events from London to San Francisco. This week, the collection is on display at Symantec’s Vision 2010 Conference. Attendees can see many pieces from the collection, comprised of 25 images in its entirety and created by digital artists Alex Dragulescu and Julian Hodgson, at the Vision Welcome Reception on Tuesday, April 13 in the main expo hall of the MGM Grand. The artwork will remain displayed on the first and second floors of the hotel conference center for the duration of Vision 2010.

This week at Vision 2010, Conficker will debut along with Lovebug and Rustock, two of the newest additions to the collection. A dropper discovered by Symantec in November 2008, Conficker infected more than six million computers worldwide becoming one of the most dangerous threats of the year. Having remained relatively quiet since, it is now a...

MarissaVicario | 06 Apr 2010 | 0 comments

By Martin Lee, Senior Software Engineer, Symantec Hosted Services

A common tactic of scammers is to exploit the desire of individuals to do good while doing well – to associate themselves with good works while making a little money. In the process these individuals become money mules, unwitting participants in the shadow economy.

One recent scam email purports to be from the Red Cross in Norway looking to recruit volunteers in India to process payments. Volunteers are offered a commission of 7% from the sums of money that they process and are offered up to $500/month. In reality, the email is from organised cyber criminals looking to recruit people to launder money stolen from attacks on bank accounts or from scams.

Criminals need to recruit networks of money mules who unknowingly accept transfers of stolen money into their bank accounts then transfer the money on to bank accounts controlled by the criminals. Often the money transfers are cross border,...

MarissaVicario | 01 Apr 2010 | 0 comments

Posted on behalf of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services

It comes as no surprise that as Easter approaches, spammers are taking advantage of the holiday. Though there hasn’t been any noticeable increase in traffic, there have been a few subtle changes to the websites that spammers link to, such as the one below.

This is a common tactic for the people who create these websites, and the spam runs that are developed to send victims there. The main site itself will stay the same, but a key banner in a central location gets updated with a seasonal or topical theme. Below is an example of a banner taken from the same site as the one above, at a time when there were no upcoming seasonal holidays. The below banner is a “standard” offer, rather than a seasonal special, but in reality it is the same offer as the one above, for the same price. All that has...

MarissaVicario | 30 Mar 2010 | 0 comments

by Tony Millington, Associate Software Engineer, and Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

A few days ago Symantec Hosted Services released its March Messagelabs Intelligence Report, which was picked up by a number of other technology news sites. We were quite surprised that they seemed to pick up on the information we published about the location of the sender. This is nothing new, really. We've used this information for a long time in various facets of our detection to facilitate more accurate judgments on the nature of a potentially harmful email.

The data published in the Messagelabs Intelligence report (http://www.messagelabs.com/mlireport/MLI_2010_03_M...) in regards to the source of the targeted attacks we intercept, is in a good proportion of all the targeted...

MarissaVicario | 29 Mar 2010 | 0 comments

By Mathew Nisbet, Malware Data Analyst

‘Phishing’ has been around since 1996, and refers to the attempted theft of sensitive information such as usernames, passwords, or credit card details by impersonating a trustworthy source such as a bank.

Below is a typical example that MessageLabs Intelligence sees on an almost daily basis. It is impersonating the HMRC (“her majesty’s revenue and customs,” the UK tax office).

As you can see, the scammers are quite good at making an e-mail look legitimate. Someone who has never received an official e-mail from the tax office would have no reason to suspect this was not genuine on first glance. The logo is correct, and the links in blue along the bottom go to the genuine HMRC website. However, the link in green in the message itself does not go to an official page. It goes to a fake page where any...

MarissaVicario | 26 Mar 2010 | 0 comments

By Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

MessageLabs Intelligence analysts found a 419 scam today that is a little different from the majority of 419s.

The basic premise of a 419 scam (also commonly referred to as an advance fee fraud scam) is that the recipient is entitled to, or has won a large sum of money, and in order to get the money, they need to contact someone (usually a webmail address but sometimes a phone number), or email personal details to a webmail address.  

As well as it being highly likely that the recipient’s email address would then be added to the  scammers’ list of targets (lining up the recipient for many more scam emails in future), the next stage would almost certainly be for the scammers to phone or email back, to get the victim to send an advance fee, in order to release the supposed money.  As is so often the case with advance fee fraud scams or 419s, the initial email is just the...