Contributor: Avdhoot Patil
New methods to entice victims into handing over their personal information are always being devised by the people behind phishing websites and the use of fake social networking applications is always popular.
During the past …
Com a renúncia de Bento XVI e da eleição do novo pontífice da Igreja Católica, Francisco I, nas últimas semanas o Vaticano tem aparecido nos principais noticiários. O interesse gerado por este tema tem chamado atenção dos spammers, que aproveitam o momento para espalhar malware na web.
O Symantec Security Response tem observado que atacantes estão distribuindo spams que direcionam os usuários a um site que hospeda o ‘Kit Exploit Blackhole’. A boa notícia é que a Symantec já oferece proteção para esta ameaça.
A mensagem maliciosa afirma ser de um canal de notícias bem conhecido. As seguintes linhas de assunto são usadas neste ataque:
Assunto: Opinião: O novo Papa Bento pode ser processado por casos de abuso sexual? – [REMOVIDO]
Assunto: Opinião: Novo papa e autoridades do Vaticano processados por suposto abuso sexual! – [REMOVIDO]
Assunto: Opinião: Novo Papa processado por não usar cinto de segurança no Papamóvel … – [REMOVIDO]
Os domínios utilizados no e-mail foram recentemente registados. Ao clicar no link da mensagem, o usuário é direcionado para um site malicioso que hospeda o malware. A imagem seguinte é uma captura de tela do e-mail malicioso (em inglês):
Abusar da popularidade de uma agência de notícias conhecida aumenta as chances de um ataque bem sucedido. No entanto, a Symantec oferece proteção multinível adequada contra essa ameaça. As recomendações dos especialistas da companhia são não abrir e-mails não solicitados e manter o software de segurança atualizado, a fim de manter-se protegido contra as ameaças on-line.
Easter Sunday is one of the most important festivals in the Christian calendar and it is observed anywhere between March 22 and April 25 each year; this year it falls on March 31. Spam messages related to Easter have begun flowing into the Symantec Probe Network. As expected, most of the spam samples are encouraging users to take advantage of products offers, personalized letters, e-cards, as well as clearance sales of cars and replica watches. Clicking the URL will automatically redirect the user to a website containing some bogus offer.
Figure 1. Spam product offer related to Easter
Spammers are also exploiting the event by sending casino spam email using the name “Easter bonnet”. The Easter bonnet represents the tail-end of a tradition of wearing new clothes at an Easter festival.
The following spam sample provides instructions for ways that users can acquire a “bonus”.
“Three different bonuses can produce some extra winnings.”
“Make your deposit and get free spins.”
“Free welcome package up to $500.”
Figure 2. Casino spam targeting the Easter bonnet
In the next spam sample, users are encouraged to take advantage of the bogus offers for purchasing a product. By clicking the URL it directs the user to a fake pharmaceuticals website.
Figure 4. Personalized letter targeting the Easter festival
Some of the headers observed for Easter related spam can easily be recognized:
Subject: XXX, Get your Easter savings on all vehicles
Subject: Shop Easter toys, baskets, plush and more
Subject: HappyEasterInAdvance,
Subject: Fun and Unique Easter Gifts
Subject: Celebrate Easter with a Personalized Gift
Subject: Easter eCard
Subject: Easter flowers at exceptional savings – shop now
Subject: Make the Easter bunny jealous! Easter flowers – from $19.99
Subject: Challenge Ends Easter weekend
Subject: Easter is hopping your way…and so are $19.99 bouquets!
Subject: 25-free spins on xxx this-Easter
Subject: Letter From Easter Bunny For Your Child
From: “EasterBunny” <EasterBunny@[REMOVED]>
From: Personalized Easter Gifts <xxx@[REMOVED]>
From: “Easter Sale” <xxx.beaches@[REMOVED]>
From: Easter Flowers <jewel@[REMOVED]>
From: “Easter Bouquets” <noreply@[REMOVED]>
From: “The Easter Bunny” <joint@[REMOVED]>
From: “Easter Letters Online” <xxx@[REMOVED]>
From: “Easter Clearance!” <xxx@[REMOVED]>
Symantec advises our readers to be cautious when handling unsolicited or unexpected emails. We at Symantec are monitoring spam attacks 24×7 to ensure that readers are kept up-to-date with information on the latest threats.
Contributor: Ayub Khan
Symantec has been constantly monitoring phishing sites hosted on compromised Indian websites. In 2011, our study detailed these compromised sites and we did a similar study of phishing sites in 2012.
From August 2012 to November …
Contributor: Saurabh Farkade
The Vatican City has been in the news a lot in the past few weeks due to Benedict XVI’s resignation and the election of Pope Francis. Spammers have picked up on this opportunity for spreading malware.
Symantec Securit…
興味深いのは、この祝日の名前を、大容量ファイルの送受信に利用できる有名サイトと関連付けて騙そうとするスパムメールが確認されていることです。リンクをクリックすると、悪質なコードをダウンロードする Web ページにリダイレクトされます。このページでは、狙われやすい脆弱性がいくつか悪用されています。これらのスパム活動の主な目的は、電子メールの件名や本文で聖パトリックの日を利用してユーザーを誘うことにあります。「Patrick[RANDOM NUMBERS](パトリック[ランダムな数])」といった件名が一例ですが、このような手口には注意して、リンクはクリックしないようにしてください。
図 1. 聖パトリックの日を狙った悪質なスパムメール
スパムからリンクする Web サイトでは、聖パトリックの日にちなんだ在庫一掃セールが宣伝されています。
図 2. 聖パトリックの日を狙った広告スパム
在庫一掃の特別価格を見ようとして[Get Prices](価格を見る)ボタンをクリックすると、次の Web ページにリダイレクトされ、価格を比較するために車種を選択するよう求められます。
図 3. 車種ごとの価格を比較する在庫一掃 Web サイト
型式と車種を選ぶと、さらに別の Web ページにリダイレクトされ、今度は住所や電子メールアドレス、支払方法などの個人情報を入力する画面が表示されます。これは明らかに個人情報を盗み出そうとする手口であり、注意が必要です。
図 4. ユーザーの個人情報を要求するページ
聖パトリックの日を狙った在庫一掃セールのスパムで、これまでに確認された件名の例を以下に示します。
/*St. Patrick’s Day clearance, test drive your new car…(聖パトリックの日の在庫一掃セール、新車の試乗チャンスです…) .* */
See Clearance Prices on all XXX Vehicles on St Patrick(聖パトリックにちなみ、XXX 全車種を在庫一掃価格でご提供)
St Patrick’ XXX Clearance(聖パトリックの日の XXX クリアランス)
See Clearance Prices on all XXX Vehicles on St Patrick(聖パトリックの日、XXX 全車種を在庫一掃価格でご提供)
2013 St Patrick XXX Huge Discount – Slashing prices to meet Quotas(2013 年の聖パトリックの日を祝し、大幅値下げ。売上達成のための出血価格)
次に示すスパムメールのサンプルは、偽の広告でユーザーを煽って商品を購入させようとしています。URL をクリックすると、医薬品販売を騙る偽の Web サイトにリダイレクトされます。