Posts tagged malware
Goo.gl fake antivirus worm spreads across Twitter
Jan 24th
By Tony Bradley
Twitter and Twitter users are being targeted by a malicious worm. The worm sends out tweets with a goo.gl shortened URL link directed to a rogue antivirus application. The attack demonstrates once again how URL shortening can be a Pandora’s box as users click on links with no clue where they might lead.
A post on Naked Security by Sophos’ Graham Cluley describes the threat. “Thousands of Twitter users are finding that their accounts have been tweeting out malicious links without their permission, pointing to a fake anti-virus attack,” adding, “A quick search on the popular micro-blogging network finds many tweets from users containing no message other than a goo.gl shortened link (Google’s equivalent to bit.ly or tinyurl), which itself points to a URL ending with “m28sx.html”.
Security Predictions for 2011
Dec 17th
On December 7, we released our MessageLabs Intelligence 2010 Annual Security Report which highlighted the changes in the threat landscape during 2010 and looked ahead to potential trends for 2011. This blog is a snap shot of some of the trends and predictions noted in the report.
Global Spam Trends
In 2011, spam will become more culturally and linguistically diverse. The use of English in spam will fall from approximately 95 per cent of all spam to below 90 per cent driven by economic growth and broadband adoption in emerging economies. For instance, spammers will target Brazil with more than 40 percent of spam in Portuguese. Portuguese and Spanish will become some of the most popular languages used in spam other than English.
Spammers can be quite creative
Nov 19th
By Mathew Nisbet
Spammers will try anything to get their spam past your filters and into your inbox. We’ve seen many tricks involving random text hidden in the body, use of images, a message body with nothing but a link to the main message somewhere on the web. This example is one of the more elaborate (but ultimately futile) attempts that I’ve seen.
Recently we have been seeing a run of emails that pretend to be informing the recipient that they have a number of “unread” or “important” messages waiting for them on a well known social network. Over a 3 day period, between October 24 and 26, we saw roughly 18,500 of these. Since then the volume has dropped to less than 100 per day, but we are still seeing them.
The use of a well known social media brand name is the first part of the approach to bypass filters. The message copies the format of common legitimate email subjects and cannot be detected based on a signature related to the subject alone. It is also a piece of social engineering, to try and entice an unsuspecting user into opening the email. Read the rest of this entry »
What caused sudden drop in spam traffic?
Oct 28th
It has been widely reported that global spam volumes have decreased, especially on October 3 when spam levels dropped to their lowest for some time.
Dan Bleaken
At Symantec Hosted Services we have a wealth of data on spam traffic, and crucially what contribution to global spam each of the major botnets makes. This blog will take a close look at botnet spam, what factors influence botnet output, and will try to explain some of the changes that occurred around October 3. Read the rest of this entry »
It’s mostly tricks not treats with Halloween online ads
Oct 24th
Halloween is drawing near, so the spammers are busy laying out bait in the form of Halloween jackpots, sweepstakes, gift cards, e-cards, personalized gifts, online contests, and even print products and costumes. 
Perhaps this is one of those seasons during which people—both young and old—celebrate with full gusto.
Unfortunately, this type of popular event brings with it a whole host of malicious circumstances on the Internet that people are being enticed to fall for. For it is common knowledge that where people show some vulnerability, spammers are not far behind!
ITB blog readers dig Facebook security, phone OSs and discount plans
Oct 20th
A Facebook security and privacy setting guide, a video blog of a mobile operating system smackdown and a review of a new budget cell phone plan for Quebec users were top picks in the recently concluded ITBusiness.ca blogging contest.
Nestor Arellano
Headlines about Facebook’s continuing security and privacy faux pas, the social networking site’s most recent retooling and not to mention repeated hand slapping from Ontario’s privacy commissioner must have had something to do with Facebook security and privacy hardening guide being the top read at ITBusiness.ca Blogs.
In his winning blog, security expert Claudiu Popa, however took a different approach by not only talking about Facebook’s security and privacy settings, but also offering readers a easy to follow free downloadable tool. Popa is principal of Informatica Corp., an international IT security consultancy firm based in Toronto. Read the rest of this entry »
Dating scams on the rise
Sep 22nd
Dating scams are a common spam email problem. Spam relating to sex or dating currently accounts for approximately 4 per cent of global spam.
In a typical scam, a recipient (male or female) would receive an email from a stranger and the email might say something along the lines of: “I found your information on a website. I think you are my true love…write back to me soon”. Read the rest of this entry »
Beware of tricks used by spammers
Sep 8th
It is well known that spammers use many different tactics to add legitimacy to their emails.
Two techniques that are popular include personalizing emails and using images to try to fool the recipient into being scammed.
Spammers will often add text to email that specifically mentions the recipient. This is a technique used in legitimate marketing campaigns where a well known company has access to the users’ personal information because the user has signed up to receive their newsletter or is a previous customer. However for a spammer, obtaining personal information is not so simple. An easy way for them to get a similar effect though, is to simply use the email address to which they are sending. While this is not a name, it can have the same effect by making the email appear it was sent in accordance with a legitimate mailing list, rather than spamming at random. This can be a fairly effective tactic as a lot of websites now use email addresses as usernames.
How cyber crooks break CAPTCHAs
Aug 11th
The per centage of spam containing shortened hyperlinks has increased significantly over the last year. As far as spammers are concerned, any tactic that makes it harder to block their spam emails is going to be exploited. These shortened hyperlinks contain reputable and legitimate domains, making it harder for traditional anti-spam filters to identify the messages as spam.
Paul Wood
Analysis in the latest MessageLabs Intelligence Report revealed that URL-shortened spam hit a one day peak of 18 per cent, or 23.4 billion spam emails, on April 30, 2010. This doubled last year’s peak level of 9.3 per cent of spam, or more than 10 billion spam emails, on July 28, 2009.
While botnets are often the source of short URL spam, 28 per cent of this type of spam originated from sources not linked to a known botnet, such as unidentified spam-sending botnets or non-botnet sources such as webmail accounts created using CAPTCHA-breaking tools.
World Cup-related scams
Jul 8th
Buying a fake World Cup ticket isn’t the only scam that awaits the unwary footie fan online. As the tournament in South Africa reaches its climax and excitement mounts in the lead up to the final, fraudsters are continuing to augment their attacks with a variety of World Cup-related email ruses. Supporters will need a sharp defensive line-up to keep them out.
Paul Wood
Despite FIFA’s stringent rules about distribution and resale, there are still World Cup tickets on offer from unauthorized online outlets. Some of these will be old-fashioned touts using new channels to sell tickets at higher than face value. Some will be genuine people who bought tickets and now can’t go, but are unaware of the resale rules (which state that tickets can only be transferred to another named person with FIFA’s permission). And some will be outright fraudulent: the tickets are forgeries or don’t exist at all.
The end result for the ardent fan is the same: they risk flying themselves to South Africa at great expense only to find they are refused permission to the stadium. Read the rest of this entry »
