Revision Note: V1.0 (May 13, 2014): Advisory published.Summary: Microsoft is announcing the availability of an update for supported editions of Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 that improves credential p…
Revision Note: V1.0 (May 13, 2014): Advisory published.Summary: Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use …
Revision Note: V24.0 (May 13, 2014): Revised advisory to clarify that the 2961887 update is not cumulative and requires that the 2942844 update be installed for affected systems to be offered the update.Summary: Microsoft is announcing the availability…
Revision Note: V19.0 (May 13, 2014): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS14-023, “Vulnerabilities in Microsoft Office Could Allow Remote Code Execution.Summary: Microsoft is awa…
Revision Note: V1.0 (May 13, 2014): Advisory published.Summary: With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure B…
avast! Virus Lab infographic shows how prolific and wide-spread Browser Ransomware attacks have been over the last three months. During December I wrote about the tricks and tactics of Browser Ransomware. Browser Ransomware is malware that works in different types of browsers to prevent people from using their PCs. To get access back to their […]
Expanded relationship will provide comprehensive security to companies transitioning workloads to the cloud
Running multiple antivirus programs on the same computer can cause conflicts resulting in false positives, a slowdown in performance, or system instability. Question of the week: Can I have more than one antivirus program on my computer at a time? This is a good question to ask the week that security geeks are discussing the […]
Is the era of oversharing over? Recent revelations about state-sponsored surveillance and mega-breaches engineered by cybercrime gangs have put the issue of privacy in the spotlight. After more than a decade where people appeared to be sharing more and more details about themselves online, there is some evidence that a backlash is now underway. Certainly the founders of a number of new social networking services seem to think so and they have made privacy one of the main selling points of their offerings.
One effort at building a more anonymous social network is Secret. Its creators decided to move in the opposite direction to most social networks and minimize the personal information its users share. Available as either an iOS or Android app, it doesn’t use real names or profile photos. Users instead anonymously share text and images. Their posts are shared with other friends who are also on Secret, but users are not told which of their friends authored the post. They can choose to share those posts with their own friends and, if a post goes two degrees beyond its author, it is shared publicly and marked with its broad location (e.g. California).
Secret goes to some length to reassure its users of their privacy. For example, it markets itself with the fact that customer data is stored on Google servers – the same servers used in Gmail – and all communications are encrypted with TLS. Message data is encrypted before being written to its servers and keys are stored in an off-site keystore service that rotates keys. When the app connects a user with someone they know from their contacts book, it doesn’t send phone numbers or email addresses to Secret’s servers. Contact details are locally hashed with a shared salt and the server then compares them against other hashed values.
Secret’s arrival is a sign that social media moguls have spotted which way the wind is blowing. The app was developed by online publishing platform Medium, which was founded by Evan Williams and Biz Stone. Williams was a co-founder of blogging platform pioneer Pyra Labs (and credited with coining the phrase “blogger”) and was later a co-founder of Twitter.
The latest service to launch is Cloaq, which goes far beyond Secret in the level of anonymity it offers its users. Users don’t have to provide any personal information when they sign up, such as their name, email address or phone number. Instead, they choose their own password and Cloaq assigns them a user ID. The company is handing out accounts in batches, e.g. @alpha1 through to @alpha999 and so on. The downside of having such an anonymous service is that anyone who does forget their user ID or password has no way of retrieving it.
In addition to new social media ventures, established operators have also begun to perceive a market for private services. For example, Twitter chief executive Dick Costolo recently said that the company is exploring the option of introducing a “whisper mode” that will allow its users to move conversations into the private sphere. While the company already has a private direct messaging feature, Costolo indicated that the whisper mode would allow for a smoother transition between public and private conversations. Additionally, he indicated that the feature could enable private conversations between more than two people.
Revelations about surveillance have also prompted some of the main online service providers to beef up their privacy measures. For example, Google has now moved to a default encrypted HTTPS connection whenever a user of its email service Gmail logs on. Furthermore, the company said that it was encrypting all traffic on its data center network, meaning that Gmail data will also be encrypted if it moves between Google servers. The move is intended to allay privacy fears following revelations about state-sponsored surveillance of traffic between data centers.
Google isn’t the only company moving to enhance customer privacy. Yahoo has followed suit, switching on HTTPS as a default on Yahoo mail and encrypting traffic between its data centers. Microsoft too has responded to privacy concerns. Likening the threat posed by surveillance to that presented by malware, the company is encrypting content moving between itself and its customers, in addition to encrypting data center traffic.
Whether a permanent shift towards greater anonymity is underway remains to be seen. However it is clear that the entire industry, from start-ups to the major players, has recognized that it is, for now, a key concern for consumers.
On May 11, 2014, many countries will celebrate Mother’s Day. Plenty of online articles have been giving gifts ideas and advice for making the day special for mom. Companies have also been sending a huge number of promotional emails with a special message about Mother’s Day. Unsurprisingly, spammers have been exploiting this occasion to send out a fresh batch of spam.
Symantec started observing Mother’s Day spam from early April and we have seen a steady increase in the volume of messages ever since. Previous Mother’s Day spam emails often stuck to certain categories. Spam emails offering flower deliveries, jewelry, personalized messages, coupons, and other gifts for mothers were the most common. Survey and product replica spam were also observed in the past.
The following are the major Mother’s Day themed spam campaigns seen this year.
Flowers for Mother
A beautiful bunch of flowers is something any mother will love and spammers use this theme more than any other. From last month, we have seen numerous emails promising flower deliveries by Mother’s Day. Most of these emails included links that redirected to fraudulent websites and some of the links redirected through multiple domains just to increase the traffic.
Figure 1. Preview of a spam email for ordering flowers
The email headers for this category are as follows.
Subject: $19.99 for Flowers and a Vase for Mother’s Day
From: [brand] <Online@[domain]>
Subject: [brand]: $19.99-Flowers for-Mom &-Vase!
From: “[brand] Special” <[brand]Special@[domain]>
Subject: Hi, 50% off Flowers for Mom
From: Fresh Flowers <[brand]@[domain]>
Personalized jewelry for Mom
Beautiful jewelry, particularly rings and pendants with a personalized inscription, is another theme that is a hit around Mother’s Day. Spammers also claim to offer personalized cards or notes along with the product. Like most spam, these emails will usually have links to other sites.
Figure 2. Preview of a spam email selling personalized rings for Mother’s Day
The email header for jewelry-themed spam messages are as follows.
Subject: Give Mom Something Unique This Year
From: Mothers Rings <rings@[domain]>
Product replica spam
This category is not too different from others, except that these spam emails advertise websites selling fake watches, jewelry, and other expensive goods. We observed these emails earlier this year and we continued to see them today. In these campaigns, the spammers give users deadlines for placing orders for the products.
Figure 3. Preview of replica spam related to Mother’s Day
Email headers seen with this spam campaign are as follows.
Subject: Why so soon?
From: Paige (Mother’s Day deadline) <Paige@[domain]>
Lose weight by Mother’s Day
We believe that Mother’s Day-themed weight loss medication spam is a spinoff from an ongoing weight loss spam campaign, which has been the largest spam category by volume over the last couple of weeks. These emails include links which redirects to fake news sites offering information about new weight loss products.
Subject: Drop 10LB by Mothers Day
From: Rid 20 Pounds 2 Weeks <Sophia@[domain]>
Portuguese promo spam
We have seen a Portuguese spam campaign sending a large volume of messages promoting products related to Mother’s Day. This spam campaign uses the name of an online site which sells personalized products.
This spam campaign included links redirecting to a fraudulent website, along with a bogus opt-out option.
Figure 4. Preview of Portuguese promotional spam exploiting Mother’s Day
Here is the email header for this spam campaign.
Subject: Dia das Mães! Ajudaremos você com o presente.
From: “[brand]OnLine” <envio@painel1.[domain]>
Translation:
Subject: Mother’s Day! We’ll help you with this.
Symantec has observed a high volume of Mother’s Day themed hit-and-run spam recently. Most of these emails included links to a .us top level domain (TLD) which, on further analysis, were found to be registered quite recently. The theme of the domain names show that they were created for a Mother’s Day spam campaign. The domain names followed patterns such as flower-1promo-mothersday and mothersdayflower-special.
Symantec antispam filters successfully blocked these spam mails, but as always, we advise our readers not to respond to any of these emails. Remember, take your time to search for a Mother’s Day gift and don’t just click on links found in these spam mails. Symantec wishes all of our customers a happy Mother’s Day.