Tag Archives: spam

.club gTLD Used in Hit-and-Run Spam Attacks

      No Comments on .club gTLD Used in Hit-and-Run Spam Attacks

Spammers have been abusing generic top-level domains, released by the Internet Corporation for Assigned Names and Numbers earlier this year, in hit-and-run spam attacks.
Read more…

Spammers Quick to Take Advantage of Second Posthumous Michael Jackson Album

      No Comments on Spammers Quick to Take Advantage of Second Posthumous Michael Jackson Album

May 13, 2014 witnessed the release of another posthumous compilation album of Michael Jackson recordings, named Xscape. This reworked collection of Jackson tracks was highly anticipated by music lovers, ever since its announcement in March, 2014. News of the album release has once again made Michael Jackson a hot topic and, unsurprisingly, spammers have been quick to exploit this.

This spam campaign uses a very simple email which is crafted to appear like personal mail. It uses Michael Jackson’s name and some of his song titles to create intriguing subject lines. The body of the email contains a link along with a generic comment. A name is used to sign the email message, as seen in Figure 1, in an effort to give the impression that an acquaintance has sent you an email with a link to the new Jackson album. The URL in the body of the email redirects to a fake pharmacy domain which promises cheap medicines without prescription.

The following are subject lines seen in this spam campaign:

  • Subject: $ Planet Earth (Michael Jackson poem) $
  • Subject: * List of songs recorded by Michael Jackson *
  • Subject: * List of unreleased Michael Jackson songs *
  • Subject: [ Hold My Hand (Michael Jackson and Akon song) ]

 

SpamImage1.png

Figure 1. Example of Michael Jackson spam email

We expect more spam exploiting this news in the coming days and believe the possibility of such emails being phishing attempts or containing malware to be very strong.

Users are advised to adhere to the following best practices:

  • Do not open emails from unknown senders
  • Do not click on links in suspicious emails
  • Never enter personal information on suspicious websites, as they may have been created for phishing purposes
  • Keep your security software up-to-date to stay protected from phishing attacks and malware

What Spam Would Mom Like This Year?

      No Comments on What Spam Would Mom Like This Year?

On May 11, 2014, many countries will celebrate Mother’s Day. Plenty of online articles have been giving gifts ideas and advice for making the day special for mom. Companies have also been sending a huge number of promotional emails with a special message about Mother’s Day. Unsurprisingly, spammers have been exploiting this occasion to send out a fresh batch of spam.

Symantec started observing Mother’s Day spam from early April and we have seen a steady increase in the volume of messages ever since. Previous Mother’s Day spam emails often stuck to certain categories. Spam emails offering flower deliveries, jewelry, personalized messages, coupons, and other gifts for mothers were the most common. Survey and product replica spam were also observed in the past.

The following are the major Mother’s Day themed spam campaigns seen this year.

Flowers for Mother
A beautiful bunch of flowers is something any mother will love and spammers use this theme more than any other. From last month, we have seen numerous emails promising flower deliveries by Mother’s Day. Most of these emails included links that redirected to fraudulent websites and some of the links redirected through multiple domains just to increase the traffic.

figure1_22.png
Figure 1. Preview of a spam email for ordering flowers

The email headers for this category are as follows.

Subject: $19.99 for Flowers and a Vase for Mother’s Day
From: [brand] <Online@[domain]>

Subject: [brand]: $19.99-Flowers for-Mom &-Vase!
From: “[brand] Special” <[brand]Special@[domain]>

Subject: Hi, 50% off Flowers for Mom
From: Fresh Flowers <[brand]@[domain]>

Personalized jewelry for Mom
Beautiful jewelry, particularly rings and pendants with a personalized inscription, is another theme that is a hit around Mother’s Day. Spammers also claim to offer personalized cards or notes along with the product. Like most spam, these emails will usually have links to other sites.

figure2_21.png
Figure 2. Preview of a spam email selling personalized rings for Mother’s Day

The email header for jewelry-themed spam messages are as follows.

Subject: Give Mom Something Unique This Year
From: Mothers Rings <rings@[domain]>

Product replica spam
This category is not too different from others, except that these spam emails advertise websites selling fake watches, jewelry, and other expensive goods. We observed these emails earlier this year and we continued to see them today. In these campaigns, the spammers give users deadlines for placing orders for the products.

figure3_12.png

Figure 3. Preview of replica spam related to Mother’s Day

Email headers seen with this spam campaign are as follows.

Subject: Why so soon?
From: Paige (Mother’s Day deadline) <Paige@[domain]>  

Lose weight by Mother’s Day
We believe that Mother’s Day-themed weight loss medication spam is a spinoff from an ongoing weight loss spam campaign, which has been the largest spam category by volume over the last couple of weeks. These emails include links which redirects to fake news sites offering information about new weight loss products.

Subject: Drop 10LB by Mothers Day
From: Rid 20 Pounds 2 Weeks <Sophia@[domain]>

Portuguese promo spam
We have seen a Portuguese spam campaign sending a large volume of messages promoting products related to Mother’s Day. This spam campaign uses the name of an online site which sells personalized products.

This spam campaign included links redirecting to a fraudulent website, along with a bogus opt-out option.

figure4_10.png
Figure 4. Preview of Portuguese promotional spam exploiting Mother’s Day

Here is the email header for this spam campaign.

Subject: Dia das Mães! Ajudaremos você com o presente.
From: “[brand]OnLine” <envio@painel1.[domain]>

Translation:
Subject: Mother’s Day! We’ll help you with this.

Symantec has observed a high volume of Mother’s Day themed hit-and-run spam recently. Most of these emails included links to a .us top level domain (TLD) which, on further analysis, were found to be registered quite recently. The theme of the domain names show that they were created for a Mother’s Day spam campaign. The domain names followed patterns such as flower-1promo-mothersday and mothersdayflower-special.

Symantec antispam filters successfully blocked these spam mails, but as always, we advise our readers not to respond to any of these emails. Remember, take your time to search for a Mother’s Day gift and don’t just click on links found in these spam mails. Symantec wishes all of our customers a happy Mother’s Day.

As Snapchat Adds Native Chat Functionality, Expect Spammers to Adapt

      No Comments on As Snapchat Adds Native Chat Functionality, Expect Spammers to Adapt

Earlier today, photo-messaging application Snapchat unveiled new features that enable users to chat directly within the application, a frequently requested feature. The addition of this feature, while an improvement, provides the individuals responsible for Snapchat spam a new feature to play with in their efforts to target users of the service.

History of Snapchat Spam

Chat Snapchat 1.png

Figure 1. Previous iterations of porn and dating spam on Snapchat

We have written numerous blogs about the rise of Snapchat spam over the last six months. The common thread in each of these spam campaigns was that they were all hindered by the lack of chat functionality. This roadblock presented a challenge to spammers, which led to a common workaround. Each of the spam “snap” messages sent to users featured a caption that asked them to manually perform one of the following actions:

  • Add an attractive girl on Kik messenger
  • Visit a website intended to push diet spam
  • Inform them that they won a gift card or prize that could only be redeemed at an external website

Chat Snapchat 2.png

Figure 2. Previous iterations of diet spam on Snapchat

The Future of Snapchat Spam

Now that the chat functionality is native to Snapchat, spammers can remain within the application itself and tailor their spam to work with this new functionality in mind. They can start building chat bots that communicate directly with Snapchat users or find new ways to trick users into clicking on links.

Restrictions on Sharing Links

Chat Snapchat 3.png

Figure 3. Comparison of sharing links through Snapchat’s “Chat” feature

While spammers can send links within chat messages, the way they appear to the recipient can vary. For messages from non-friends, the links cannot be clicked on. For messages from friends, the links are active and clickable.

Understand that spammers are determined and will find ways to adapt. For instance, a spam campaign could begin with an initial photo message of a scantily clad woman that offers “sexier pictures” if a user adds them as friends to ensure that their links would be clickable as the campaign continues.

Review your privacy settings

Now would be a good time to review your Snapchat privacy settings and make sure that only your friends can send you snaps. Please note that even if you restrict who is allowed to send you snaps, you can still receive friend requests from spammers.

We’re keeping an eye out for new spam campaigns using this new feature and we think you should too. Tweet us @threatintel if you come across new Snapchat spam.