Contributor: Christopher Mendes
On the afternoon of April 15, 2013, just when many people were on the cusp of conquering another personal milestone by completing the Boston Marathon, they were hit hard by an act of cowardice. Two bombs struck near…
Phishers continue to target Indian movies with phishing scams. The phishing site featuring the movie “Bodyguard” is one example, and this month Symantec observed a phishing attack in which phishers used a song from the Telugu movie “Brindavanam” as bait.
The phishing site displayed a picture of a musical number from the movie “Brindavanam” starring Telugu actresses Samantha and Kajal Aggarwal in the left side of the phishing page. There is also a plot summary of the movie below the image. The phishing page then encouraged users to enter their login credentials stating that, after logging in, they could watch the video. The pictured musical number from the movie was taken from the legitimate movie website. After login credentials are entered, users are redirected to this legitimate movie website which features the same video. Due to the popularity of this musical number, and the star cast, phishers were probably hoping for a large audience, increasing the number of user credentials they could steal.
The phishers’ redirection to a legitimate Web page is to create the illusion of a valid login for duped users. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes. The phishing site was hosted on server based in Montreal, Canada.
Users are advised to adhere to the following best practices to avoid phishing attacks:
Do not click on suspicious links in email messages
Do not provide any personal information when answering an email
Do not enter personal information in a pop-up page or screen
Ensure the website is encrypted with an SSL certificate by looking for the padlock, “https”, or the green address bar when entering personal or financial information
Update your security software frequently (such as Norton Internet Security which protects you from online phishing)
Contributor: Sandeep Ingale
When it comes to financial organizations, being informed about best security practices is every customer’s right. Many organizations provide this information on their websites to help their customers learn how to take …
Contributor: Avdhoot Patil
New methods to entice victims into handing over their personal information are always being devised by the people behind phishing websites and the use of fake social networking applications is always popular.
During the past …
Com a renúncia de Bento XVI e da eleição do novo pontífice da Igreja Católica, Francisco I, nas últimas semanas o Vaticano tem aparecido nos principais noticiários. O interesse gerado por este tema tem chamado atenção dos spammers, que aproveitam o momento para espalhar malware na web.
O Symantec Security Response tem observado que atacantes estão distribuindo spams que direcionam os usuários a um site que hospeda o ‘Kit Exploit Blackhole’. A boa notícia é que a Symantec já oferece proteção para esta ameaça.
A mensagem maliciosa afirma ser de um canal de notícias bem conhecido. As seguintes linhas de assunto são usadas neste ataque:
Assunto: Opinião: O novo Papa Bento pode ser processado por casos de abuso sexual? – [REMOVIDO]
Assunto: Opinião: Novo papa e autoridades do Vaticano processados por suposto abuso sexual! – [REMOVIDO]
Assunto: Opinião: Novo Papa processado por não usar cinto de segurança no Papamóvel … – [REMOVIDO]
Os domínios utilizados no e-mail foram recentemente registados. Ao clicar no link da mensagem, o usuário é direcionado para um site malicioso que hospeda o malware. A imagem seguinte é uma captura de tela do e-mail malicioso (em inglês):
Abusar da popularidade de uma agência de notícias conhecida aumenta as chances de um ataque bem sucedido. No entanto, a Symantec oferece proteção multinível adequada contra essa ameaça. As recomendações dos especialistas da companhia são não abrir e-mails não solicitados e manter o software de segurança atualizado, a fim de manter-se protegido contra as ameaças on-line.
Easter Sunday is one of the most important festivals in the Christian calendar and it is observed anywhere between March 22 and April 25 each year; this year it falls on March 31. Spam messages related to Easter have begun flowing into the Symantec Probe Network. As expected, most of the spam samples are encouraging users to take advantage of products offers, personalized letters, e-cards, as well as clearance sales of cars and replica watches. Clicking the URL will automatically redirect the user to a website containing some bogus offer.
Figure 1. Spam product offer related to Easter
Spammers are also exploiting the event by sending casino spam email using the name “Easter bonnet”. The Easter bonnet represents the tail-end of a tradition of wearing new clothes at an Easter festival.
The following spam sample provides instructions for ways that users can acquire a “bonus”.
“Three different bonuses can produce some extra winnings.”
“Make your deposit and get free spins.”
“Free welcome package up to $500.”
Figure 2. Casino spam targeting the Easter bonnet
In the next spam sample, users are encouraged to take advantage of the bogus offers for purchasing a product. By clicking the URL it directs the user to a fake pharmaceuticals website.
Figure 4. Personalized letter targeting the Easter festival
Some of the headers observed for Easter related spam can easily be recognized:
Subject: XXX, Get your Easter savings on all vehicles
Subject: Shop Easter toys, baskets, plush and more
Subject: HappyEasterInAdvance,
Subject: Fun and Unique Easter Gifts
Subject: Celebrate Easter with a Personalized Gift
Subject: Easter eCard
Subject: Easter flowers at exceptional savings – shop now
Subject: Make the Easter bunny jealous! Easter flowers – from $19.99
Subject: Challenge Ends Easter weekend
Subject: Easter is hopping your way…and so are $19.99 bouquets!
Subject: 25-free spins on xxx this-Easter
Subject: Letter From Easter Bunny For Your Child
From: “EasterBunny” <EasterBunny@[REMOVED]>
From: Personalized Easter Gifts <xxx@[REMOVED]>
From: “Easter Sale” <xxx.beaches@[REMOVED]>
From: Easter Flowers <jewel@[REMOVED]>
From: “Easter Bouquets” <noreply@[REMOVED]>
From: “The Easter Bunny” <joint@[REMOVED]>
From: “Easter Letters Online” <xxx@[REMOVED]>
From: “Easter Clearance!” <xxx@[REMOVED]>
Symantec advises our readers to be cautious when handling unsolicited or unexpected emails. We at Symantec are monitoring spam attacks 24×7 to ensure that readers are kept up-to-date with information on the latest threats.
Contributor: Ayub Khan
Symantec has been constantly monitoring phishing sites hosted on compromised Indian websites. In 2011, our study detailed these compromised sites and we did a similar study of phishing sites in 2012.
From August 2012 to November …