Scammers based in Nigeria have long been known for using legitimate email formats for spreading infamously fraudulent 419 messages. We have already monitored e-card services, social networking invites, and various other services provided on social networking sites. Yet another example is a calendar service being abused for sending scam messages.
Sadly there is an addition to this list, where the “send link to friend” service is exploited for sending scam messages. Many news websites provide an option to send news links to another person. A text area is also provided to write personalized messages. It is a general tendency of netizens to share important news with friends by forwarding the links along with their comments on the news. In a recent spam attack we monitored a typical 419 scam message injected into the text area of a news article. With this, scammers smartly introduce a scam message in an otherwise very legitimate looking mail.
October 2009 saw spam volumes averaging at 87 percent of all email messages, which is consistent with spam volumes observed in August and September 2009, but 10.6% higher than October 2008.
A notable highlight this month is the growth of spam originating from APJ (23% increase of 6% since June 2009) and South America (22% increase of 5% since June 2009) with a corresponding decline in spam originating from EMEA (28% decrease of 6% since June 2009) and North America (20% decrease of 5% since June 2009). This change can be attributed to a number of factors, including spam levels increasing; distribution networks becoming more dynamic as additional broadband connected targets are coming online every day; botnets continuing to jockey for position; and countries such as India, Taiwan, Thailand, and Chile becoming more visible as regions of origin for spam.
With respect to spam categories, Internet spam increased by 7% and now accounts for 39% of all spam messages. This...
Recently, I've been seeing phishing attacks using Web forms attached to emails making the rounds again. This type of phishing isn't so common but is used on occasion, so I want to take this opportunity to remind everyone not to fall for this trick.
Common phishing attacks include emails purporting to be from legitimate entities like financial instituions, auction sites, and SNS sites which include links to Web sites set up by the attacker to steal user information.
In this case, however, the phishing site arrives as an email attachment rather than a link to the site included in the body of the email.
Symantec has always recommended that personal information, especially financial information such as Social Security numbers, credit card numbers, and of course your email address must not be revealed anywhere on the Internet. Many security experts also believe that disclosing an IP address to an unknown person on the Internet is equally dangerous. We also now need to be cautious of not divulging our mobile numbers or date of birth because these bytes of information are also vitally essential, and are considered part of your identity by financial institutions.
We are monitoring a new wave of phishing attacks that is attempting to extract information such as the mobile numbers and/or dates of birth of recipients by using false alerts:
A couple of the Subject lines of these alerts are:
Symantec recently reported a malicious spam campaign against Facebook, which is now accompanied by a phishing attack. These messages look like an official Facebook invite or password reset confirmation mail.
If we place the cursor over the update button in the message, we can actually see the phishing URL in the status bar. If a user clicks on the “Update” button, he or she is redirected to a Facebook look-alike phishing site. Here, users are asked to enter a password to complete the update procedure. Unfortunately, the user’s password will be stolen if they try to log in on this page.
These attacks can be identified by the subject lines listed below:
Facebook account update
New login system
Facebook Update tool
Yesterday a friend of mine sent me a copy of an email he received regarding the renewal of a domain name he owned, which was due to expire. Since the information in the email was correct, he clicked on the renewal link provided. At this point he became dubious of the email—and for good reason. As in most cases like this, at first glance you would find it difficult to spot anything out of the ordinary with this type of email and would simply presume that it was a friendly reminder from your ISP to re-register your domain name.
When the link provided in the email is clicked (in order to supposedly renew the domain) it brings you to a site where you are presented with a page like the one shown below. Again, there is nothing really out of the ordinary and all appears nice and professional:
Every day when I walk into work I’m greeted by an avalanche of data on new malware and Internet scams. The numbers in the last few years have been staggering. And when you think about the people behind the numbers it can get quite sad—people who’ve had their computers taken over, been scammed, stolen from, and just plain abused by cyberthiefs. It can get to you. A lot of days I don’t feel so good. Today I feel better. The FBI just announced they will arrest nearly 100 people involved in a phishing scheme.
The FBI calls it Operation Phish Fry. Operation Phish Fry means that someone in the FBI loves a bad pun. But the important thing is it means that a whole bunch of bad guys are going to jail. It’s not going to eliminate all phishing attacks (we detected 55,389 phishing Web site hosts in 2008 alone). But this latest move takes a lot of bad guys off the Internet and...
Overall spam volumes averaged at slightly over 86 percent of all email messages in September 2009, which is a decrease of 4 percent since July 2009. However, it is considerably greater than September 2008 when spam levels averaged at 78 percent of all email.
Notable this month is that the percentage of spam containing malware has increased, reaching up to 4.5 percent of all spam at one point. When compared to August 2009, Symantec has observed a nine-fold increase in spam containing malware during September. With respect to spam categories, the main movers were Internet spam, which increased by 3 percent again this month and averaged at 32 percent of all spam; and financial spam, which decreased 3 percent to account for 17 percent of all spam.
Click here to download the October 2009 State of Spam Report, which highlights the following trends:
An unfortunate side effect of any news-worthy disasters of the modern day is that a wave of malware will often follow in the virtual world after the initial event in the physical world. The large earthquake (8.3 on the Richter scale) last night recorded off the coast of Western Samoa and the subsequent tsunami that followed caused much destruction and loss of life to the islands near the epicentre of the quake. As with any large scale disasters that quickly become major news events, people want to know what happened and to know that loved ones are safe. The Web, being a major source of information to many people around the world, is one of the first places to see such information-seeking activity. For many people, search engines are the gateway to the masses of information available and because of this, it is also one of the first places to be targeted by malware creators. They waste no time in getting their malicious software and web sites set up and poisoning the Web...
Symantec has observed that most phishing URLs associated with Chinese brands attempt to trick users by stating that they are winners of a great prize. The fake websites declare that the visitors are winners for reasons such as:
1. Customers of the brand were chosen for a lucky draw and that the customer won the draw.
2. The brand wishes to thank the customer for their long time commitment by gifting them prizes.
3. The customer has triumphed in a gaming site of the brand, attaining the highest score.
The phishing site goes on to state that the customer needs to submit confidential information to receive the prize, either to prove his or her identity or for the transfer of the prize money to the customer’s bank account. The following image is an example of a Chinese phishing page for a gaming website. The page says that the customer needs to enter details to prove his or her identity so as to...
Overall spam volumes averaged at 87 percent of all email messages in August 2009, which is a decrease of 2 percent since July 2009. Health spam, which decreased by 17 percent in July, also decreased again in August and averaged at 6.73 percent. It is interesting to note that over 29 percent of spam is now Internet-related spam. Internet-related spam attacks are those that specifically offer or advertise Internet- or computer-related goods and services. Examples include attacks promoting Web hosting, Web design, and spamware-related products and services.
Holiday spam campaigns have also begun taking advantage of Halloween and Christmas. This follows closely after Labor Day-related spam in a nod to what some economists predict will be a very difficult holiday season for legitimate retailers.
Symantec has observed a sudden rise in phishing on Indian brands recently. The number of phishing URLs on Indian brands in the first two weeks of August was nearly 2% of all phishing attacks. In the past, the usual average was typically 0.5%. This means that the rise has grown four fold in just two weeks.
The geo-location of each phishing site was examined and it was observed that none were in India. But, it is likely that at least some of the phishers involved are in India since the confidential data stolen can be used for specific Indian needs. For instance, there are several websites dedicated to the purchasing of Indian goods and articles, which accept net banking payments only from a given list of Indian bank accounts. Hence, the attackers may be employing every means of masking their location by creating their website elsewhere and not on Indian servers.
There were five brands targeted that were all in the banking sector for the given time period. Among...
Recently, Twitter implemented technology to help stem the threat of malicious URLs being propagated though its service. This approach seems to be a great effort on the part of Twitter to prevent attackers from tweeting malicious links.
It appears as if the tool is filtering tweets and comparing any embedded URL to their list of known malicious sites. Trying to determine whether a URL points to a malicious website in a large-scale automated fashion, especially in today’s threat landscape, is a challenging problem. From my perspective, there are a few issues that need to be worked out. Twitter is likely in the nascent stages of addressing these types of issues and we expect they will try to overcome the associated limitations.
To date we've only seen a relatively small number of attack attempts involving malicious URLs on Twitter. URL-shortening services are often at the heart of these types of attacks as bad guys try to take advantage of the system to disguise...
The fraudsters are constantly coming up with innovative ways to deceive innocent users of the Internet. Symantec recently observed an increase in phishing attacks facilitated by spam email messages that are targeted towards a popular email client application. The spam message requests the intended victims to re-configure the email client application by clicking on the link provided in the email. The phishing spam messages previously in circulation had a malicious file attached as a setup for the bogus update.
The recent spam email messages, in an attempt to make appear legitimate, also provide a contact number for any queries regarding the update:
“If you have received this message in error, please notify us immediately by calling (310) xxx-6428 and destroy the related message.”
While overall spam volumes averaged 89 percent of all email messages in July 2009, spam volumes continue to fluctuate. During July 2009 image spam continued to have an impact, reaching 17 percent of all spam during one point in July. Health spam decreased by 17 percent, while product and 419 spam both saw increases of eight and three percent, respectively, month over month. Similar to tabloid magazines, spammers continue to have a fascination about certain celebrities such as President Obama, Michael Jackson, and Emma Watson (from the Harry Potter franchise)—they all featured in spam attacks in July 2009.
Click here to download the August 2009 State of Spam Report, which highlights the following trends:
· Spammer’s Opinion Poll: President Obama and Michael Jackson...
