Spam
Westveld
|
November 20th, 2009
Shows total scans, auto-protect scans and Spam scans number increasing, but Premium Anti-spam numbers are all 0.
Did all the steps in doc 2007020615531854 - it worked for 20 messages, then stopped filtering spam again.
No event log errors from Symantec.
Starting having the issue out of the blue on 6.0.4.something - upgraded to Version 6.0.9.286 in troubleshooting.
Ideas?
0 comments
Marian Merritt
|
November 20th, 2009
I had the honor recently of moderating a virtual roundtable discussion on the top Internet security trends from 2009 and what we expect to see in the security threat landscape in 2010. Funny thing about security predictions—you hope they won’t come true, but expect them to anyway. The roundtable featured expert panelists Paul Wood (Senior Analyst, MessageLabs Intelligence, Symantec) and Zulfikar Ramzan (Technical Director, Symantec Security Response). They each have unique insights into the world of cybercrime, spam, phishing attacks, and other cyberthreats that plague us all.
We want to give a big thanks to everyone who joined in to listen to our experts, and we hope you found it interesting. For those of you who couldn’t make it, please take a few minutes to listen to the podcast of the actual roundtable.
You can read more about Symantec’s top trends from 2009 and our predictions for 2010 by clicking on the following links:
Breadth of Security...
Emerging Threats, Security, Security Response, Evolution of Security, Malicious Code, Online Fraud, Security Risks, Spam, Vulnerabilities & Exploits, Endpoint Protection (AntiVirus)
0 comments
Mayur Kulkarni
|
November 19th, 2009
We are monitoring new malicious attacks that look similar to the fake "Microsoft Outlook reconfigure" spam campaign messages we have been observing for the last couple of months. That malicious campaign was followed by attacks on social networking sites, transforming from malicious code attacks into URL-based phishing attacks. These new attacks have similar traits, such as the spoofed “From” headers, which aggressively target and baffle enterprise users, and a subject line that is intended to cause panic (for obvious reasons—have a look at the example image below).
As seen in the message above, the mail attachment is a zipped file named “utility.zip” that extracts an executable detected as Trojan.Dropper by Symantec antivirus. Using HTTP, this threat contacts a known C&C server for Zeus/Zbot in Ukraine. (The Zeus/Zbot family of threats is known to distribute malware using attachments and URLs in spam campaigns.)
These attacks seem to be...
0 comments
Paul Wood
|
November 19th, 2009
This post is made on behalf of my colleague Mat Nisbet, Malware Analyst for Symantec Hosted Services.
As of November 18, we have noticed a huge jump in the number of spam e-mails that contain a link to Twitter. Normally there is a tiny fraction of a percent, but on November 18 it jumped to 4 percent of all spam. This new surge is entirely from the DonBot botnet.
The apparent aim of these e-mails is to get people to fall for “get rich by working at home” schemes where the victim is encouraged to pay an initial fee for a trial and then sit back and watch the cash come in. Though easily stopped by us, this new run of spam uses a number of techniques to attempt to get past basic filters. Firstly, the body of the e-mail is simply an image (of a fake newspaper article), to try and get past text-based signatures.
Second, the image itself is a link to a Twitter account, an attempt to get past link signatures as Twitter is a legitimate site that couldn’t be stopped...
Emerging Threats, MessageLabs Intelligence, Security, Evolution of Security, Spam, Hosted Mail Security
0 comments
NorDoc
|
November 19th, 2009
Hi
We're using Brightmail Message Filter 6.1.1.0 and we're having problems receiving mail from gmail.com. The weird thing is that 30-40% of e-mails sent from gmail.com arrives to the receiver, and the rest disappear.
As a temporary solution we have added gmail.com to the accepted senders list. This has of course resulted in a lot of spam, because a lot of spammer authenticate as gmail.com.
Any other domain works as expected as far as we're concern.
How can we troubleshoot this?
6 comments
Paul Wood
|
November 18th, 2009
This week I had the pleasure of sitting on a panel with some of the best and the brightest among my Symantec colleagues to reflect on 2009’s threat landscape and what we anticipate for the year ahead.
We concurred that what we’ve seen this year was ugly. Botnets prevailed and took over as a primary means of spamming and spreading malware and social engineering attacks became more sophisticated. But what we also know is that this year pales in comparison to what 2010 is expected to bring: fast flux botnets will dominate, IM spam will rear its head, rogue security software vendors will up their game, fraud targeted at social networking apps will grow, new CAPTCHA bypass techniques will emerge... to name a few.
That’s the bad news. The good news is that with a bit of preparation and the right security solutions in place, we can continue to outsmart the bad guys. So without further ado, I present to you Symantec’s 2010 Security Predictions.
2010 Security...
Emerging Threats, MessageLabs Intelligence, Security, Evolution of Security, Security Risks, Spam, Hosted Mail Security
1 comments
brhode
|
November 17th, 2009
Many spam messages contain a characteristic in which the sender and the recipient are the same. Currently there is no way to configure a compliance policy to react to this. It would be nice to have the ability to toggle an advanced setting in which sender=recipient.
0 comments
Kevin Haley
|
November 17th, 2009
Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need. I expect it to show up in a revision of Maslow’s Hierarchy of Human Needs any day now—behind love, but certainly ahead of safety.
I do have a point to all this. Two actually. As we compiled the Security Trends to Watch in 2010, what occurred to me is that the people who most needed to read this information never will. At least not without some social engineering on my part. And since social engineering plays such a prominent role in future trends, it seemed appropriate. So I’ve decided to use this little trick to get people to read the list of trends below. So…
Don’t read this if you think antivirus technology...
11.x, Security, Security Response, 10.x, Evolution of Security, 9.x and Earlier, IT Risk Management, Malicious Code, Online Fraud, Security Risks, Spam, Vulnerabilities & Exploits, Endpoint Protection (AntiVirus)
0 comments
Kevin Haley
|
November 17th, 2009
The Security Response team has compiled the top security trends of 2009. We pulled data from the Global Intelligence Network and the experiences of the thousands of analysts and security experts at Symantec to come up with the top trends for the year. While none of these trends will be a surprise to anyone even casually following the threat landscape, when compiled and summarized, it is clear that the breadth of security problems in the past year was pretty stunning.
For example:
• Toolkits and threat recycling have made malware easier to create than ever
• Polymorphic technology is being applied to make threats harder to catch
• Botnets, large and small, are used as the foundation of attacks making most attacks complex
• All major news events are used for social engineering
• Major brands are being appropriated by cybercriminals to lure online victims
But, it’s the...
Security, Security Response, Evolution of Security, IT Risk Management, Malicious Code, Online Fraud, Security Risks, Spam, Vulnerabilities & Exploits, Endpoint Protection (AntiVirus)
0 comments
MarissaVicario
|
November 17th, 2009
Posted on behalf of Paul Wood
This week I had the pleasure of sitting on a panel with some of the best and the brightest among my Symantec colleagues to reflect on 2009’s threat landscape and what we anticipate for the year ahead.
We concur that what we’ve seen this year was ugly. Botnets prevailed and took over as a primary means of spamming and spreading malware and social engineering attacks became more sophisticated. But what we also know is that this year pales in comparison to what 2010 is expected to bring: fast flux botnets will dominate, IM spam will rear its head, rogue security software vendors will up their game, fraud targeted at social networking apps will grow, new CAPTCHA bypass techniques will emerge... to name a few.
That’s the bad news. The good news is that with a bit of preparation and the right security solutions in place, we can continue to outsmart the bad guys.
So without further ado, I present to you Symantec’s 2010 Security...
0 comments
Liam O Murchu
|
November 16th, 2009
Finally, some help with explaining Internet security to my non-geek friends! The Guide to Scary Internet Stuff video series will hopefully make my life a little easier. Explaining the intricacies of Internet security is a challenging task. I often have difficulty explaining to my non-technical friends and relatives why they need to know about risks on the Internet. On top of that, I sometimes discover that my advice has fallen on deaf ears as I inevitably fix their computers after a click on a spam or phishing link, or after they have not run Windows Update or updated their antivirus software in a while.
Although this is not the normal technical type of material that we post here on the Security Response blog, when Dominic Cook from our UK PR team showed me these, I immediately thought they were worth a post. The animations are fun, but most of all I think my friends will understand them, remember some of the advice, and hopefully be safer online after watching them—although...
Security, Security Response, Malicious Code, Online Fraud, Security Risks, Spam, Endpoint Protection (AntiVirus)
0 comments
infotipp
|
November 15th, 2009
We have unwanted messages - approx. 1000 by day - we cannot catch them. These spams have tipically the following characteristics:
RDNS fails
the body contains only HTML tags (img src, href)
tipically Chinese pharma spams
no plain text content
IP of the sender is changing - probably DNS pool
sender address: xyz@hotmail.com, xyz@yahoo.com - where xyz is random generated string
contains only remote image with link
Step by step description needed... General theoretical solutions do not help me.
Thanks,
Ferenc
4 comments
infotipp
|
November 13th, 2009
1. I have an SBG 8.0.3 and an SMS for SMTP 5.01 gateway installed. Most of RDNS failed sender e-mails are going through the gateways. I would like to set up the gateway to filtering out and move to quarantine the RDNS failed e-mail. How to set it up?
2. If the mail HTML formatted and contains only an img src and a href, the dictionary filtering does not working. - Tipically Chinese pharma spams... - Why?
Add. info:
these emails senders are usually xxx@hotmail.com, or xxx@yahoo.com - I don't want to block all of yahoo mails;
the sender IP resolvable but RDNS fails, the IP's are tipically changing - probably from DSL pool;
the body does not contain plain text, only remote images with links;
standard built-in filtering rules are not filtering out these mails
3. How can I find out a "scanned and quarantined" and "filtered out" message's spam score? The header does not contain this info in the quarantine...
Many thanks
Ferenc
2 comments
shp
|
November 12th, 2009
I would like to add an idea about online status of the users in Symantec connect.
It will be good to see a status icon(small bubble) beside user virtual face(avatar) like Green for online orange for inactive etc....
It will be easy for us to know the person availability and do PM.
11.x, Emerging Threats, Security, 10.x, Evolution of Security, 9.x and Earlier, Basics, IT Risk Management, Best Practice, Malicious Code, Security Risks, Configuring, Spam, Features, Installing, Performance, Reporting, Endpoint Protection (AntiVirus), Tip/How to, Upgrade
2 comments
georgepr
|
November 12th, 2009
Hi,
We have certain domains that only receive email from certain geographic regions, is there a way to either exclude or include entire regions?
We would be interested in simply blocking all traffic from Russia, China, Africa, etc...
Thanks
3 comments
georgepr
|
November 12th, 2009
We are inondated with Viagra emails and they ARE spam, many of them come from China.
We have attempted to configure the settings to stop them to no avail. The from's are often setup like this:
VIAGRA ® Reseller [username@domain.com] where username and domain are our INTERNAL username and domains...
The content is something like this in the body:
Can't see everything? Visit online version here. <http://fe454.mimihxc.cn/>
We want to block this content and have tried everything to stop it but cant, how do we stop it?
Forwarding hundredes if not thousands of these emails to gsubmit has been USELESS!
Please advise and thanks
3 comments
Samir Patil
|
November 12th, 2009
Phishing attacks jeopardize users’ personal information, including banking credentials. The huge gain that Internet miscreants receive from these attacks drives them to think of newer and more effective bait to phish users’ personal data. To carry out their plans, spammers most commonly abuse new security services/features provided by legitimate companies.
Many financial institutions have already started providing a pin/password generator device (also known as “secret reader”) for their customers to conduct secure online transactions. The device generates random pin codes after a specified interval of time. In a recent phishing attack the fraudsters promoted a similar secret reader.
This fake message claims that a bank has developed a secret reader that generates a password of 10 alphanumeric characters. The message also targets existing customers who are already using this device provided by the bank, and informs them that existing device will no longer be...
0 comments
Daren Lewis
|
November 11th, 2009
This post is made on behalf of my colleague Mathew Nisbet, Malware Data Analyst
Researchers at the Fireeye intelligence lab recently decided to attempt to take down the Mega-D botnet after doing detailed analysis of its inner workings. It seems their actions have been very successful indeed, as our monitoring shows a huge decline in this previously prolific botnet’s activity.
Mega-D was the botnet that took the biggest advantage of the takedown of the McColo ISP in November 2008, becoming the biggest of all the spam botnets. Since then, others (such as Rustock, Bagle, Grum, and Cutwail) have gained strength, but Mega-D has consistently been in the top 10 spam bots. Or at least it was, until the 4th of November, when it was hit, and hit hard.
This shows the number of unique IP’s seen on our systems on a daily basis for the Mega-D botnet. Normally between 600 and 1600 IP’s are seen each day, but you can see quite clearly that after the 4th that it plummeted down to...
0 comments
Bijay.Swain
|
November 10th, 2009
Who has done a migration from Kaspesky/Trend Micro/McAfee to SEP
Need this Information along with companyinfo.
Security, IT Risk Management, Best Practice, Malicious Code, Security Risks, Configuring, Spam, Features, Installing, Performance, Reporting, Endpoint Protection (AntiVirus), Tip/How to, Upgrade
16 comments
RSConsulting
|
November 8th, 2009
Have a new SBS 2008 installation, with Multi-Tier Small Business Edition - licensed for Premium Anti-Spam.
Client was previously using GFI Mail Essentials, which was configurable to dump junk/suspected into the users Junk Mail folder in Exchange. They would like to use the Symantec Product and not have to pay to renew the GFI.
Searched the KBase, for the life of me, I can't find a walkthough on how to configure SMSE to put junk in the folder (versus just adding SPAM to the header and creating a filter in Outlook - which is DO-ABLE, albeit somewhat time consuming on a 60 user site)...
Regards,
Rick Stern
Richard Stern Consulting, Inc.
6 comments
Samir Patil
|
November 6th, 2009
When we analyzed spam data from the past few years, we observed that holiday seasons spirit up malware spam campaigns using e-cards, video player downloads or ActiveX download attacks. We have found that greeting card or e-card spam are the most common. Due to this reason spammers are employing this technique in other spam campaigns.
When analyzing spam messages from the Symantec Probe Network, we came across an interesting phishing attack where spammers are misrepresenting e-card services.
In this unique phishing attack, a URL for the animated e-card is provided in the message. When the user clicks on this link, an animated video is played in a flash player. Surprisingly, the personal message section is invaded by a typical phishing message.
The greeting card message is shown in the image below:
Message translation:
Subject: Acknowledgment of e-card.
URGENT ... [removed] Hello,
The card you selected has been sent to [Message Details Removed] on November 1, 2009
To see the card you...
1 comments
Samir Patil
|
November 6th, 2009
Scammers based in Nigeria have long been known for using legitimate email formats for spreading infamously fraudulent 419 messages. We have already monitored e-card services, social networking invites, and various other services provided on social networking sites. Yet another example is a calendar service being abused for sending scam messages.
Sadly there is an addition to this list, where the “send link to friend” service is exploited for sending scam messages. Many news websites provide an option to send news links to another person. A text area is also provided to write personalized messages. It is a general tendency of netizens to share important news with friends by forwarding the links along with their comments on the news. In a recent spam attack we monitored a typical 419 scam message injected into the text area of a news article. With this, scammers smartly introduce a scam message in an otherwise very legitimate looking mail.
The “Subject” line of...
0 comments
Bijay.Swain
|
November 6th, 2009
Is scanning speed in SEP11RU5 faster then sep11mr4mp2 ?
Scanning of 8GB of data takes more than 90 minutes in sep11mr4mp2 .
Security, Basics, IT Risk Management, Best Practice, Configuring, Spam, Features, Installing, Reporting, Endpoint Protection (AntiVirus), Tip/How to
1 comments
Daren Lewis
|
November 5th, 2009
Posted on behalf of Dan Bleaken, Malware Data Analyst
MessageLabs Intelligence has been tracking a new botnet, ‘Festi’ since the beginning of August.
Gradually, Festi has steadily increased its output of spam from virtually insignificant volumes up to 3-6% of daily spam. In terms of spam volumes, 3-6% is estimated at a massive 1.5-3 billion spams per day globally. This increase in output has been achieved both by gradually increasing the amount of spam sent from each Festi bot, and by recruiting new bots to the botnet.
At the moment it is spewing out 2 variants of spam.
The first variant, is ‘male enhancement‘ type mails containing .cn domains, leading to a Canadian Pharmacy Website
Typical subjects such as:
Paradise in your bed
Very-very Magic Stick
Strong stick
Magic stick
Hard stick tonight
All night long
Website:
The other variant is geared more towards the Christmas product spamming season, it’s watch spam...
0 comments
Dermot Harnett
|
November 5th, 2009
October 2009 saw spam volumes averaging at 87 percent of all email messages, which is consistent with spam volumes observed in August and September 2009, but 10.6% higher than October 2008.
A notable highlight this month is the growth of spam originating from APJ (23% increase of 6% since June 2009) and South America (22% increase of 5% since June 2009) with a corresponding decline in spam originating from EMEA (28% decrease of 6% since June 2009) and North America (20% decrease of 5% since June 2009). This change can be attributed to a number of factors, including spam levels increasing; distribution networks becoming more dynamic as additional broadband connected targets are coming online every day; botnets continuing to jockey for position; and countries such as India, Taiwan, Thailand, and Chile becoming more visible as regions of origin for spam.
With respect to spam categories, Internet spam increased by 7% and now accounts for 39% of all spam messages. This category includes...
0 comments