Recently, we blogged about systems compromised by W32.Virut that were observed downloading W32.Waledac.D (Kelihos). Symantec has followed the Waledac evolution for a number of years and have observed the botnet showing considerable resilience against t…
Contributor: Avdhoot Patil
Phishers have continued to focus on social networking sites as a platform for their phishing activities. Symantec is familiar with various phishing campaigns related to social networking. Celebrity promotions, fake applicatio…
これまでに最も多く悪用されている法律的な記述は、米国の「Bill S.1618 Title III」、通称「MURK」という法案です。スパムに関連しているものの、この法案は上下両院で否決されたため、制定には至っていません。したがって、「Bill S.1618 Title III に従っている」と書かれていたら、その言葉自体に嘘があることになり、まず疑ってかかる必要があります。この法案を引用したスパムメールは、同法案が提出された 1998 年から確認されています。
法律 No. 28493 / 29246 / D. S. 031-2005-MTC(ペルー、スペイン語)
No. 28493 / 29246 / D. S. 031-2005-MTC はペルーの法律で、当然スペイン語で書かれています。他の国や地域から送信されたスペイン語のメールでも、この法律を引用して合法性を主張するものがあります。以下のサンプルでは、登録解除オプションとして Web メールに返信するように説明されています。
商用メールに関するフランスの 2 つの法律がスパムで確認されていますが、この例では適切な受信拒否(オプトアウト)オプションがユーザーに示されていません。受信拒否(オプトアウト)リンクがある場合には、ユーザーの個人情報が削除されるというメッセージの書かれた Web ページにリダイレクトされるのが一般的です。もちろん、実際に削除が実行されることはありません。
Contributor: Binny Kuriakose
Anonymity disguised as freedom of expression and lack of clear cut laws makes cyberspace murky from a security point of view. Countries are waking up and realizing that there is a need for laws which enable authorities to c…
Symantec is observing an increase in spam containing URLs. On May 16, URL spam volume increased by 12% from 84% to 96% and since then the URL spam volume fluctuated between 95% and 99%. That means 95% of the spam messages delivered during this period has one or more URLs in it.
Figure 1. URL spam message volume
During this period, .ru was the most used top-level domain (TLD). As illustrated in Figure 2, it is interesting to note a drop in .ru spam and a simultaneous rise in .com and .pw spam. Over 73% of the URL spam contained the .ru, .com, or .pw TLDs.
Figure 2. Top 3 TLDs distribution (last seven days)
Table 1. Spam volume of top 5 TLDs that contributed to total URL spam
We are observing an increasing use of shortened URLs and free Web domains with the .ru TLD. The spam examples seen are mainly hit-and-run (a.k.a. snowshoe) spam. The call to action URL in the spam message leads to fake offers or online pharmacy stores.
Below are the Subject lines that may be seen in spam emails.
Subject: Ends Today! Buy One, Get One Free
Subject: 48 Hours Only | Free Shipping!
Subject: FREE LIFETIME PASS – WHENEVER YOU WANT
Subject: Are you dreaming about good health?
Subject: Satisfy your girl fully
Subject: Win your lady’s addiction
Subject: Present your women real care
Subject: You need Ukrainian woman with beautiful eyes that are ready to talk to private theme?
Figure 3. URL spam message
This sudden rise in URL spam volume was seen in December 2012 and January this year when holiday season spam and year-end spam was on the rise. Symantec will continue to monitor this uptick in spam containing URLs and will keep our customers protected with additional filters to block these attacks.
Phishers are trying everything they can to improve their chances of harvesting user credentials. They are known for experimenting with different fake social media applications in a desperate move to lure users. Recently, we found a few examples of some…
Natural disasters, like tornadoes and earthquakes, are quite common in the United States of America. Unfortunately, the Oklahoma City suburb of Moore experienced a violent tornado on Monday, May 20, that sadly resulted in dozens of casualties. Spammers…