Contributor: Sandeep Ingale
When it comes to financial organizations, being informed about best security practices is every customer’s right. Many organizations provide this information on their websites to help their customers learn how to take …
Contributor: Avdhoot Patil
New methods to entice victims into handing over their personal information are always being devised by the people behind phishing websites and the use of fake social networking applications is always popular.
During the past …
Com a renúncia de Bento XVI e da eleição do novo pontífice da Igreja Católica, Francisco I, nas últimas semanas o Vaticano tem aparecido nos principais noticiários. O interesse gerado por este tema tem chamado atenção dos spammers, que aproveitam o momento para espalhar malware na web.
O Symantec Security Response tem observado que atacantes estão distribuindo spams que direcionam os usuários a um site que hospeda o ‘Kit Exploit Blackhole’. A boa notícia é que a Symantec já oferece proteção para esta ameaça.
A mensagem maliciosa afirma ser de um canal de notícias bem conhecido. As seguintes linhas de assunto são usadas neste ataque:
Assunto: Opinião: O novo Papa Bento pode ser processado por casos de abuso sexual? – [REMOVIDO]
Assunto: Opinião: Novo papa e autoridades do Vaticano processados por suposto abuso sexual! – [REMOVIDO]
Assunto: Opinião: Novo Papa processado por não usar cinto de segurança no Papamóvel … – [REMOVIDO]
Os domínios utilizados no e-mail foram recentemente registados. Ao clicar no link da mensagem, o usuário é direcionado para um site malicioso que hospeda o malware. A imagem seguinte é uma captura de tela do e-mail malicioso (em inglês):
Abusar da popularidade de uma agência de notícias conhecida aumenta as chances de um ataque bem sucedido. No entanto, a Symantec oferece proteção multinível adequada contra essa ameaça. As recomendações dos especialistas da companhia são não abrir e-mails não solicitados e manter o software de segurança atualizado, a fim de manter-se protegido contra as ameaças on-line.
Easter Sunday is one of the most important festivals in the Christian calendar and it is observed anywhere between March 22 and April 25 each year; this year it falls on March 31. Spam messages related to Easter have begun flowing into the Symantec Probe Network. As expected, most of the spam samples are encouraging users to take advantage of products offers, personalized letters, e-cards, as well as clearance sales of cars and replica watches. Clicking the URL will automatically redirect the user to a website containing some bogus offer.
Figure 1. Spam product offer related to Easter
Spammers are also exploiting the event by sending casino spam email using the name “Easter bonnet”. The Easter bonnet represents the tail-end of a tradition of wearing new clothes at an Easter festival.
The following spam sample provides instructions for ways that users can acquire a “bonus”.
“Three different bonuses can produce some extra winnings.”
“Make your deposit and get free spins.”
“Free welcome package up to $500.”
Figure 2. Casino spam targeting the Easter bonnet
In the next spam sample, users are encouraged to take advantage of the bogus offers for purchasing a product. By clicking the URL it directs the user to a fake pharmaceuticals website.
Figure 4. Personalized letter targeting the Easter festival
Some of the headers observed for Easter related spam can easily be recognized:
Subject: XXX, Get your Easter savings on all vehicles
Subject: Shop Easter toys, baskets, plush and more
Subject: HappyEasterInAdvance,
Subject: Fun and Unique Easter Gifts
Subject: Celebrate Easter with a Personalized Gift
Subject: Easter eCard
Subject: Easter flowers at exceptional savings – shop now
Subject: Make the Easter bunny jealous! Easter flowers – from $19.99
Subject: Challenge Ends Easter weekend
Subject: Easter is hopping your way…and so are $19.99 bouquets!
Subject: 25-free spins on xxx this-Easter
Subject: Letter From Easter Bunny For Your Child
From: “EasterBunny” <EasterBunny@[REMOVED]>
From: Personalized Easter Gifts <xxx@[REMOVED]>
From: “Easter Sale” <xxx.beaches@[REMOVED]>
From: Easter Flowers <jewel@[REMOVED]>
From: “Easter Bouquets” <noreply@[REMOVED]>
From: “The Easter Bunny” <joint@[REMOVED]>
From: “Easter Letters Online” <xxx@[REMOVED]>
From: “Easter Clearance!” <xxx@[REMOVED]>
Symantec advises our readers to be cautious when handling unsolicited or unexpected emails. We at Symantec are monitoring spam attacks 24×7 to ensure that readers are kept up-to-date with information on the latest threats.
Contributor: Ayub Khan
Symantec has been constantly monitoring phishing sites hosted on compromised Indian websites. In 2011, our study detailed these compromised sites and we did a similar study of phishing sites in 2012.
From August 2012 to November …
Contributor: Saurabh Farkade
The Vatican City has been in the news a lot in the past few weeks due to Benedict XVI’s resignation and the election of Pope Francis. Spammers have picked up on this opportunity for spreading malware.
Symantec Securit…