Easter Sunday is one of the most important festivals in the Christian calendar and it is observed anywhere between March 22 and April 25 each year; this year it falls on March 31. Spam messages related to Easter have begun flowing into the Symantec Probe Network. As expected, most of the spam samples are encouraging users to take advantage of products offers, personalized letters, e-cards, as well as clearance sales of cars and replica watches. Clicking the URL will automatically redirect the user to a website containing some bogus offer.
Figure 1. Spam product offer related to Easter
Spammers are also exploiting the event by sending casino spam email using the name “Easter bonnet”. The Easter bonnet represents the tail-end of a tradition of wearing new clothes at an Easter festival.
The following spam sample provides instructions for ways that users can acquire a “bonus”.
“Three different bonuses can produce some extra winnings.”
“Make your deposit and get free spins.”
“Free welcome package up to $500.”
Figure 2. Casino spam targeting the Easter bonnet
In the next spam sample, users are encouraged to take advantage of the bogus offers for purchasing a product. By clicking the URL it directs the user to a fake pharmaceuticals website.
Figure 4. Personalized letter targeting the Easter festival
Some of the headers observed for Easter related spam can easily be recognized:
Subject: XXX, Get your Easter savings on all vehicles
Subject: Shop Easter toys, baskets, plush and more
Subject: HappyEasterInAdvance,
Subject: Fun and Unique Easter Gifts
Subject: Celebrate Easter with a Personalized Gift
Subject: Easter eCard
Subject: Easter flowers at exceptional savings – shop now
Subject: Make the Easter bunny jealous! Easter flowers – from $19.99
Subject: Challenge Ends Easter weekend
Subject: Easter is hopping your way…and so are $19.99 bouquets!
Subject: 25-free spins on xxx this-Easter
Subject: Letter From Easter Bunny For Your Child
From: “EasterBunny” <EasterBunny@[REMOVED]>
From: Personalized Easter Gifts <xxx@[REMOVED]>
From: “Easter Sale” <xxx.beaches@[REMOVED]>
From: Easter Flowers <jewel@[REMOVED]>
From: “Easter Bouquets” <noreply@[REMOVED]>
From: “The Easter Bunny” <joint@[REMOVED]>
From: “Easter Letters Online” <xxx@[REMOVED]>
From: “Easter Clearance!” <xxx@[REMOVED]>
Symantec advises our readers to be cautious when handling unsolicited or unexpected emails. We at Symantec are monitoring spam attacks 24×7 to ensure that readers are kept up-to-date with information on the latest threats.
Most of us are aware of spam, and while we may think it’s just an annoyance, what’s really dangerous about it is the fact that most spam are phishing attempts. Phishing is when cybercriminals attempt to fraudulently acquire your personal information, such as passwords and credit card details, by masquerading as a trustworthy person or Read more…
The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a… Read more »
The gang that maintains Android.Enesoluty has been busy since last summer registering over one hundred domains used to host app sites and sending spam from these domains. It is now apparent that the group is also still busy developing malware variants….
Our analysis of Trojan.Jokra, the threat which recently caused major outages within the Korean Broadcasting and Banking sectors, has produced another wiper.
Security researchers the past few days have been discussing the wiper component found in this T…
Tidserv (a.k.a. TDL) is a complex threat that employs rootkit functionality in an attempt to evade detection. The malware continues to be on the Symantec radar since its discovery back in 2008. The latest variant of Tidserv being distributed in the wil…
