Tag Archives: Messaging Gateway

Much More Than a Free 50 Pound Bet

Hacker Medic March 15, 2013 No Comments

Contributor: Vivek Krishnamurthi

The Cheltenham Festival, also known as the National Hunt Meeting, is a popular horse racing event that occurs every year in March in the United Kingdom. The festival usually coincides with Saint Patrick’s Day. This year, the festival is currently in progress and will end on March 15. A large amount of gambling takes place during the Cheltenham Festival, a fact that spammers seem to be well aware of as we are presently observing an increase in online gambling spam.

One particular sample of spam included instructions on how to register a free bet. The link provided in the message directs the user to a form where they can sign up and get a free bet worth up to £50.

Some of the email header information found in this spam campaign includes the following:

Subject: Bet on Cheltenham with the Best Odds!
From: Cheltenham Festival Bets <xxx@BestWorldOnlinexxx.com>
From: xxxCheltenham Festival Betsxxx“ <xxx.@x.greatnewoffersxxx.com>
From: xxxCheltenham Festival Betsxxx“ <xxx.@x.ExcellentDealsOnlinexxx.com>

Figure. Cheltenham Festival gambling spam

Once the user registers, their personal details are in the hands of the spammers. This situation can be even more alarming if the user shares their banking details. Beware of any fake betting offers from such sites; the reality is you are partaking in much more than a free bet of £50.

Symantec also advises our readers to be cautious when handling any unsolicited or unexpected emails. We are keeping a close eye on spam related to the Cheltenham Festival event, and another upcoming festival—Saint Patrick’s Day.

Spammers Special Feast for St. Patrick’s Day

Hacker Medic March 14, 2013 No Comments

St. Patrick’s Day is a global celebration of Irish culture and a religious holiday on March 17, and it is very special to Irish communities and organizations. Recently, we have observed numerous St. Patrick’s Day related spam messages flowing into the Symantec Probe Network. Many of the spam samples observed are encouraging users to take advantage of clearance sales of cars as well as other product offers.

Interestingly, in one spam campaign, we observed a malicious spam email that tries to trick users by using the name of the event in conjunction with a popular site that allows users to send and receive large files. By clicking on the link, the user is redirected to a Web page that downloads some malicious code, which exploits several common vulnerabilities. The main motive of these spam campaigns is to lure recipients by taking advantage of the St. Patrick’s day holiday in the subject line and body of the email, such as: “Patrick[RANDOM NUMBERS]”. In such cases, users should be careful and avoid clicking on the links.

Figure1. Malicious spam email taking advantage of St. Patrick’s Day

The spam may lead to a website declaring a clearance sale on St. Patrick’s day.

Figure2. Financial spam targeting St. Patrick’s Day

When the user clicks on the “Get Prices Button” for the clearance prices of cars, they get redirected to another Web page that asks them to select the type of car model for a price comparison.

Figure3. Clearance website to compare the prices of car models

After entering the make and model of the car, the user gets redirected to another Web page asking for their personal details, including their address, email address, and payment details. Users should be wary of such information-stealing attempts by spammers.

Figure4. Asking the user for their personal information

Below are some of the subject lines that we have observed regarding the clearance sale spam attacks for St. Patrick’s Day:

/*St. Patrick’s Day clearance, test drive your new car… .* */
See Clearance Prices on all XXX Vehicles on St Patrick
St Patrick’ XXX Clearance
See Clearance Prices on all XXX Vehicles on St Patrick’s
2013 St Patrick XXX Huge Discount – Slashing prices to meet Quotas

The following example is from a spam email that encourages users to take advantage of bogus offers and purchase products. By clicking the URL, the user is re-directed to a fake pharmaceuticals website.

Figure5. Spam website selling fake pharmaceutical products

Symantec advises our readers to be cautious when handling unsolicited or unexpected emails. We at Symantec are monitoring spam attacks 24×7 to ensure that readers are kept up-to-date with information on the latest threats.

Have a great St. Patrick’s Day!

Malware Attacks Targeting Hugo Chavez’s Death

Hacker Medic March 8, 2013 No Comments

Rumors of Venezuelan President Hugo Chavez’s death were rampant on the news and Internet over the past month, and last Tuesday, the Venezuelan Vice President confirmed that Chavez died after a two year battle with cancer. Chavez’s death has…

Phishers Target Myanmar with Wut Hmone Shwe Yee

Hacker Medic March 7, 2013 No Comments

Contributor: Avdhoot Patil
Phishers have already made their mark in Southeast Asia by targeting Indonesians. For the past couple of years, celebrities have been their key interest in the region. Aura Kasih and Ahmad Dhani are good examples. In March 20…

Upcoming Twitter Chat on Targeted Email Attacks

Hacker Medic January 3, 2013 No Comments

Join hashtag #MailSec and learn more about the dangers of targetted email attacks and how to prevent them.
Takedowns of large botnet rings in recent years have caused spam numbers to plummet. However, the drop in spam doesn’t make spammers any le…

Los Cibercriminales Aman el Futbol y las Redes Sociales

Hacker Medic October 18, 2012 No Comments

Recientemente, los phishers han tomado un gran interés por los temas relacionados con el futbol. Después de que hace unas semanas Symantec descubriera algunos engaños y estafas relacionadas con la FIFA World Cup de 2014, ahora los ciberatacantes pusieron sus ojos en el futbolista Lionel Messi.

A finales de septiembre de 2012, Symantec observó ataques de phishing asociados con temas de redes sociales y en varios de ellos se puede ver que aparece Lionel Messi. Los sitios de phishing identificados estaban hospedados en servicios de hosting gratuito en la web.

En el primer ejemplo, en la imagen de fondo de pantalla del sitio de phishing se podía ver a Lionel Messi y el tema que se promovía hacía alusión al club de fútbol FC Barcelona, a diferencia del sitio legítimo en donde no se incluye un tema. Así, el sitio solicitaba a los usuarios que iniciaran su sesión con el fin de obtener acceso a la página de Messi en dicha red social. En este caso, esto resultó ser sólo una estrategia y no representaba ganancia económica para los usuarios de la página de phishing ya que, una vez que el usuario daba su nombre y contraseña, el sitio de phishing los redirigía al sitio legítimo dentro de la red social en cuestión.

En otro ejemplo, se identificó un sitio de phishing que contiene temas atractivos denominados “Color”. El mensaje de la página de phishing informaba a los usuarios que podían cambiar el fondo de pantalla o tema de su página de perfil en la red social en cuestión con solo introducir sus datos para inicio de sesión. En este caso, los usuarios víctimas de estos sitios de phishing, le habrían dado a los estafadores la oportunidad de robarles con éxito y de manera sencilla su información de usuario y contraseña, misma que podría usarse en un caso de robo de identidad.

Symantec recomienda a los usuarios de Internet seguir las mejores prácticas para evitar ser víctima de ataques de phishing:

• No dar clic en enlaces sospechosos incluidos en correos electrónicos.
• Evite proporcionar información personal sensible al responder un correo electrónico
• Nunca ingrese información personal sensible en un pop-up
• Al introducir información personal o financiera, asegúrese de que el sitio web se codifica con un certificado SSL verificando el candado en la esquina inferior derecha, el ‘https’, o la barra de direcciones en color verde.
• Actualizar frecuentemente su software de seguridad para estar protegido de las amenazas más novedosas

*Gracias a Avdhoot Patil por su ayuda con esta investigación.

Protecting Cloud Services, Applications and Storage with Symantec Protection Engine

Hacker Medic May 15, 2012 No Comments

Did you see my session at Symantec Vision 2012? If not, you missed me talk about how you need your very own Robocop to protect services, applications and storage that accept and distribute files.

His prime directives align very well with how you should approach your service and infrastructure security:

1. Serve the public trust – Your users will TRUST your service. They’ll ignore warnings and common sense because YOU are giving them access to something.

2. Protect the innocent – Your users are unlikely to be as security-aware as you are, they may not understand risks and they certainly shouldn’t be trusted to protect themselves 🙂

3. Uphold the law – You need to be able to set and enforce policies and you need to do this at your application or storage level.

{If you’re a fan of Robocop, as I am, just ignore the “Classified” 4th directive… It doesn’t quite fit the metaphor 🙂 }

Symantec Protection Engine gives you the ability to do just that.

It gives you out-of-the box integrations with almost all storage vendors, many applications and services. Oh and we’ll also give you access to our SDK so you can embed our industry leading threat detection technology DIRECTLY INTO YOUR OWN APPLICATIONS.

BETA

I’m delighted to announce that we’re now accepting registrations for the Symantec Protection Engine 7.0 beta program.
This major release is the next generation of the technologies currently sold as Symantec Scan Engine and Symantec AV for NAS/Messaging/Caching.

For more information about this new release and the benefits of participating in our beta program, use this link: https://symbeta.symantec.com/callout/default.html?callid=7E4530E666124B0A80EFBF428FE32301

Symantec Email Submission Client (SESC) 1.0: NOW AVAILABLE

Hacker Medic March 20, 2012 No Comments

Hi!

My last post back in October 2011 introduced the beta program for a new application for our messaging security customers.

I’m delighted to announce that we achieved our Generally Available (GA) milestone yesterday on March 19th meaning that the Symantec Email Submission Client is now available for all of our customers to download and install. This is my first “1.0” product release so I’m particularly excited to see this product ship 🙂

Did I mention that this is provided at no extra charge? Yup, free.

We had some excellent beta participants in this cycle, ranging from large enterprise customers to small businesses and we got some fantastic real world feedback which helped us ship an even better product than we originally scoped.

So, what is SESC?

The Symantec Email Submission Client (SESC) enables messaging administrators to streamline their process and procedures around one of the highest help desk call generators – missed spam.

Without blocking ALL email, no mail security vendor can claim to have a 100% catch rate. Despite having an externally verified and market leading catch rate, Symantec understands that customers want to be able to report missed spam to us so that we are able to prevent the same spam attack hitting them again.

The SESC has been designed with the end user in mind, with the goal of making it SIMPLE TO SUBMIT.

Awesome! How does it work?

SESC integrates with Microsoft Exchange Server 2007 and 2010, utilising the flexible Exchange Web Services (EWS) platform to provide native support for all rich Exchange clients including Outlook, Outlook:Mac, OWA and Exchange enabled mobile devices.

By integrating directly with the backend of the messaging system, customers can avoid the costly admin overhead associated with deploying a plug-in or client to endpoint devices.

Because of the way EWS works, we are able to recommend that SESC is installed to a non-Exchange server so that there is no additionaly CPU burden placed on your mission critical infrastructure. You can run SESC on any Windows 2008 R2 server, both physical or virtual (VMware ESX/ESXi or MS Hyper-V) are supported too.

What about the user experience?

Like I said, we want this to be as simple as possible and actually aimed to make it easier than deleting an item from your Exchange client.

To submit missed spam (aka false negatives) to Symantec, end-users simply move the offending message to an special folder in their mailbox.

This folder name is fully configurable by Administrators, who also have absolute control over which users are enabled for submissions. Using their existing Active Directory infrastructure, Administrators can use pre-existing or new Groups or OU’s as well a providing a custom LDAP query to opt-in the users.

There are two working modes for SESC, Moderated Submissions and Direct Submissions.

With Direct Submission mode, every message moved to the submission folder by an end-user is submitted to Symantec.

With Moderated Mode, Administrators can delegate an approval process to one or more users. In this mode, the end-user moves the message to the submission folder as normal. This message is then made available to the ‘approval’ user who can decide whether the message should be submitted to Symantec or not.

This is particularly useful where data privacy may be a concern.

With SESC, customers no longer have to use the existing and rather convoluted method of submission; which involves supplying the entire missed spam message as an RFC822 attachment to ANOTHER email and sending it to the correct email address at Symantec.

The Symantec Email Submission Client is available today for the following products:

Symantec Messaging Gateway
Symantec Mail Security for Exchange

Simply sign into http://fileconnect.symantec.com and download the installer.

Note: Symantec Protection Suite Enterprise Edition customers will be able to download SESC from Fileconnnect from April 2012.

There are some really fantastic extensions to our submissions process coming in the next release of Symantec Messaging Gateway which not only extend the functionality of SESC but also help to improve your protection even more. What’s more, the beta for Symantec Messaging Gateway 10 is due to kick off in May 2012 – if you are interested in participating please get in touch either in the comments below or you can email me ian_mcshane@symantec.com.

I’m excited to get more feedback as we start to think about the next releases of SESC so please do download, install it, check it out and let me know what you think either in the comments or directly by email.

Cheers!

Ian McShane

Senior Product Manager | Messaging & Web Security

Endpoint & Mobility | Symantec

Announcing the Symantec Email Submission Client Beta

Hacker Medic October 31, 2011 No Comments

One of the great things about working in the Messaging & Web Security BU is the amount of cool new technology and functionality we work on. Some times, this is behind the scenes on our backend systems and other times this is new functionality for existing products.

This time, however, I’m really excited to announce the beta program of a brand new application:

Symantec Email Submissions Client

This application allows you to automate the submission of missed spam (aka false negatives) to Symantec, directly from your end user mailboxes.

Symantec Email Submission Client takes advantage of the Exchange Web Services framework built into Microsoft Exchange Server to provide a submissions solution that:

Does NOT require any installation to you endpoint devices.
Does NOT require any updates to be managed/pushed to your endpoint devices.
Does NOT require any complex end user training.
Does NOT require any additional licensing from Symantec.

Deploying the Symantec Email Submission Client allows you to:

Provide your end users with a consistent answer to the question “What do I do with this spam message?”
Reduce helpdesk calls by providing a simple process for your end users to follow.
Increase antispam effectiveness and block even more threats from entering your environment.
Take full advantage of our antispam technology today and in future Messaging Security product updates.

In order to participate in this beta program, you must be running Microsoft Exchange Server 2010 or 2007 SP1 (or above).

To receive more information and to register for this beta program, use the following link:

http://symbeta.symantec.com/callout/?callid=6DFF3025F2654CE0AB37629981C7988E

When the final release ships, the Symantec Email Submission Client will be provided to all customers using a Symantec mail security product as part of your existing product entitlement. This includes customers using:

Symantec Messaging Gateway (formerly known as Symantec Brightmail Gateway)
Symantec Mail Security for Microsoft Exchange
Symantec Protection Suite

This beta program supports our commitment to product quality and customer satisfaction, enabling customers to download pre-release versions of our products and to provide feedback directly to members of the Symantec product team.

Symantec Protection for Sharepoint Servers 6.0 Beta

Hacker Medic August 2, 2011 No Comments

I’m excited to announce that the beta program has started for our next release of Symantec Protection for Sharepoint Servers.

You can sign up to this beta at this link : https://symbeta.symantec.com/callout/default.html?callid=8A18C6447CE54D99AD4ADEBCC28E7F9C

With this release, you’ll see new features such as:

Completely new quarantine management functionality available through the UI.
Brand new user interface.
Simple export & import of configuration, settings and policies to enable quick and easy disaster recovery as well as roll out your policies to multiple farms in a quick and efficient manner.

This release supports the following platforms:

Windows® SharePoint® Services 2.0 (WSS 2.0)
Windows SharePoint Services 3.0 (WSS 3.0)
SharePoint Portal Server 2003 (SPS 2003)
Microsoft Office SharePoint® Server 2007 (MOSS 2007)
Microsoft SharePoint Foundation 2010
Microsoft Office SharePoint® Server 2010

We’re looking forward to your feedback!

//ian