Spam

I saw something quite funny when checking out the spam feeds the other day. An attachment kept appearing, once in a while, with a name of Christmas Card.zip. It was making sporadic appearances in the feeds (and the number of spam email messages was quite low), but there were a couple of these odd messages at equally odd hours of the day: The email message itself was a run-of-the-mill electronic greeting card with an HTML body containing a nice Flash animation—the Flash animation actually comes from a legitimate source (123greetings.com). The email body contains a message asking the user to open the attachment to see who sent the email. Of course, opening the attachment yields a malicious file. The name of the file inside is _**Christmas Card.htm[MANY SPACES].exe **_and it is already detected by Symantec as W32.Ackantta.G@mm. ...

In the last two days our lab has detected a flood of email messages that seem to have been sent by the Facebook team urging users to submit a new account agreement. We’ve seen around 16,000 since yesterday. The subject of the message is UPDATED ACCOUNT AGREEMENT and the attached file is called AGREEMENT.ZIP. The message is like the following: Users are required to submit a new account agreement before a certain date. If not, their Facebook account will be restricted. The message also contains detailed instructions on how to do it. ...

The Zeus crimeware family has moved into new territory with its latest spam campaign – purporting to be a warning about targeted phishing attacks on “.gov” and “.mil” domains, by Zeus Trojans no less! In fact, one of the latest spam samples we’ve seen, duplicates the title and first three paragraphs of a blog entry by well-known security expert Brian Krebs, which discusses a previous iteration of this Zeus attack. As seen below, the spam sample starts off with the same three lines of the blog post, before starting into the phony KB content and links that lead to Zeus malware. ...

Bruce Schneier, in his blog Schneier on Security http://www.schneier.com/ drew attention to this great interview with an ex-Nigerian-419 scammer on the Scam-Detective site. It’s a fairly long piece and gives a pretty good view of the Nigerian scam industry run by organized crime, how it sucks in young people who have good computer and English skills and pays them a huge amount of money ($75,000 per year in this case) to scam victims they view as white, greedy and rich. ...

Planning a romantic Valentine’s Day for your loved one? Is there is no end to all that you can do to add even more sparkle this dreamy day? Perhaps a bottle of wine, flowers, or a lovely gift to impress him/her—and if you aren’t with anyone, there are even dating services available that provide you with options to meet a date. As Dermot Harnett mentioned in A Brilliant Proposal: Stay Away from Valentine’s Day Spam!, for spammers, Valentine’s Day is a great target. We’ve observed several spam email message styles related to this upcoming event. Gift options, flower delivery, dating service, med spam to spice up your relationship, and much more. Here are some common header lines that Symantec has tracked relating to Valentine’s Day: ...

New, shiny products always tend to catch people’s attention, and spammers are continually looking for ways to do exactly that. So it’s not surprising to see spam tempting people with the promise of a new iPad, and a FREE one at that: The image they’ve used is very sketchy too, patched together from other existing Apple products and bearing little resemblance to the pictures released so far. However much you might want an iPad, don’t get lured in by spam like this. ...

The U.S. Federal Trade Commission today announced that next Tuesday they will hold a news conference to make public details of “a law enforcement sweep cracking down on job and work-at-home fraud fueled by the economic downturn.” The media advisory said that the news conference would feature the director of the FTC’s bureau of Consumer Protection David C. Vladeck, an assistant attorney general and the Ohio Attorney General. The advisory listed as “also attending” representatives of the U.S. Postal Inspection Service, Monster.com and Microsoft. ...

Today we received some job hiring emails that looked like this: It has been formatted nicely and appears to have come from a large job search website. The message reads as follows: Dear Job Seeker, Upon reviewing your resume on Careerbuilder.com we have decided to offer you a job opportunity with our company. The job position is for a Payment Manager/Payments Processor in your area with no obligation to relocate. ...

Wired magazine has run a story on a phishing scam in Europe, New Zealand and Japan that resulted in the loss of 250,000 carbon credit permits worth $4 million from six companies. The phishing emails spoofed the German Emissions Trading Authority and said that the victim companies needed to re-register their accounts with the authority. When victims entered their information on a fraudulent web page from the link in the phishing emails the scammers accessed their accounts, transferred emissions credits to accounts they controlled then sold them. The amount the scammers made hasn’t been disclosed. ...

This is really bad for so many reasons. It certainly doesn’t help their security. And yes, it’s completely legitimate.