Recently in Spam Category
Posted By Netgear Threat Lab at 4:05 PM, June 8, 2010
With the 2010 FIFA World Cup closely approaching and the world going into a frenzy, spammers armed with malicious emails are also joining in on the festivities.
So far we've seen two types of these mal-emails:
The first is your typical Nigerian scam - The email claims that the recipient was just drawn as a winner in the online sweepstakes held by the International Federation of Association Football (FIFA). In order to receive the winnings the victims are required to provide detailed personal information. Further emails will eventually require them to pay a fee to secure their winnings. The personal information provided will be used in a vast array of crimes such as identity theft, distribute spam, phishing, and other types of fraud.
The other type of spam contains a PDF attachment. The message body has content such as a detailed guide to South African tourism, ticketing services, and other information to induce the user to open the PDF attachment.
The PDF file actually contains malicious code that exploits a known vulnerability in Adobe Reader. Once the user opens the PDF, it will automatically download and install a variety of malware.
FIFA has recently alerted fans about similar online scams on their blog. With the start of the World Cup approaching in a couple of days, expect to see more and more of these scams.
Posted by: Netgear Threat Lab at 4:05 PM
Categories: Malware , Netgear Threat Lab , Phishing , Spam
Posted By Pete at 1:37 PM, November 3, 2009
I hope everyone enjoyed their Halloween and their fair share of candy. And no, we are not talking about killing "REAL" zombies (the ones in flesh, or rotten flesh to be more exact) here.
As we've mentioned time and time again, zombies are a growing problem in today's Internet. Once a PC has been infected, it joins the ranks of the fellow infected as zombies who respond to any command a hacker might give it. They are used to send spam (yes, the spam you get everyday comes from a zombie, NOT a mailman in cyberspace), carry out denial of service attacks, and many other mischievous deeds.
Our friends at Sophos have designated October 31st as the International Kill-A-Zombie Day (images of Resident Evil, Zombieland, and Night of the Living Dead just pop into my mind saying that). They've come out with two very interesting videos to promote zombie awareness. Have a look and join the fight!
Posted by: Pete at 1:37 PM
Categories: General , Malware , Spam
Posted By Pete at 4:59 PM, October 30, 2009
I just received this email in my Yahoo mailbox:
What do you guys think? Should I email Mrs. Elizabeth and claim my 11 million?
I could really use the extra cash right now.
Posted by: Pete at 4:59 PM
Categories: General , Phishing , Spam
Posted By Netgear Threat Lab at 3:01 PM, October 30, 2009
In Q3, Pharmacy spam returned to the top spot with 68% of all spam messages. Last quarter's top spam subject, enhancers, fell from 46.2% to 11% of all spam messages this quarter.
Spam levels averaged 83% of all email traffic throughout the quarter, peaking at 97% in July and bottoming out at 71% in August.
Source: Commtouch Labs
Posted by: Netgear Threat Lab at 3:01 PM
Categories: Netgear Threat Lab , Spam
Posted By Pete at 5:26 PM, July 17, 2009
Michael Jackson's unexpected passing has shocked the world and generated a new wave of "Michael Mania". Everywhere you go, people are talking about it. It's all over TV, radio, and the Internet. Even I have pulled out my old stash of Michael Jackson CDs and gave Thriller another good listen.
As we've mentioned before in this blog, hot news items such as this one are often exploited by spammers and other cyber criminals. Sadly, MJ is no exception. Riding on this wave of public interest, emails claiming Michael Jackson being murdered, having exclusive video footage, or emails with Michael Jackson's songs or pictures began to surface minutes after his death. These emails contain attachments and bad URLs that had malware. These were all used in attempt to infect user PCs and to extract information from them for criminal purposes.
Another method also used was fake Michael Jackson related blogs. Users would see many pop-up services when browsing to these fake blog sites pretending to talk about Michael Jackson. While the users are reading the fake blogs, malicious scripts would attack the reader's machine in the background.
As if Michael Jackson's death hasn't already been exploited enough by the media, cyber criminals also felt the need to jump in on the exploitation. So, fake emails, fake videos, fake pictures, fake URLs, fake blogs, fake nose (sorry), there are so many smoke and mirrors regarding this subject floating around that one really needs to be careful what they click on. Otherwise your machine might be the one that's paralyzed.
Posted by: Pete at 5:26 PM
Categories: General , Malware , Phishing , Spam , Worms
Posted By Netgear Threat Lab at 2:19 PM, July 2, 2009
The adoption of social networking has spread like wild fire the past few years. It has become a mainstay as one of the major activities people participate in when on the Internet. However, at the same time, its popularity has attracted the attention of malware authors and other cyber criminals. After using Facebook and MySpace as a means to spread malware, they have now turned their attention to Twitter. A new virus utilizing Twitter has caught our eyes.
This new Twitter does not use "tweets" to spread, but instead is another type of email spam based phishing attack. The bait this time - is the trust users have for official invitation emails from Twitter itself.
The user will receive an invitation email from email@example.com with the subject being "Your friend invited you to twitter!". The contents of this email are identical to real invitations from Twitter with one exception: the invitation URL in the email is fake and does not lead to the Twitter Web site. Instead, it's a link to a Invitation Card.zip file. This zip file contains the virus Trojan.Win32.Buzus.anee. This virus infects Explorer.exe and will at theinstruction of its creator, download more malware onto the infected desktop.
With more and more people utilizing social networks as part of their everyday lives, attacks that exploit these social networks only look to be more common. The next time you receive a tweet or a app invite on Facebook, look twice before you click.
Posted by: Netgear Threat Lab at 2:19 PM
Categories: Malware , Netgear Threat Lab , Phishing , Spam , Viruses
Posted By Pete at 3:18 PM, May 6, 2009
By now, you've all probably heard or read about the recent swine flu outbreak. Everyone here is on code orange swine flu alert. People are taking safety precautions (the right thing to do) so that this thing doesn't do too much damage. Well, it turns out we are not the only ones affected by this virus. Believe it or not, your PC is also at risk. Read more about it here and here.
Swine flu related spam and phishing attacks have already begun surfacing on the Internet. Some of these emails contain eye catching subject lines such as "First US swine flu victims!" or "Madonna caught swine flu!". Others claim to sell pharmaceuticals that cure or prevent swine flu and contain links to fake online drug sites. None of this should be any surprise as hot news items are almost always exploited by spammers see Richardson, Natasha.
Expect only more of these spam and phishing attacks exploiting swine flu in the coming weeks.
Posted by: Pete at 3:18 PM
Categories: General , Phishing , Spam
Posted By Netgear Threat Lab at 12:09 PM, April 27, 2009
April 1st has come and gone, however the activities of the Kido (Conficker) worm have not stopped because of it. Recently, a mutated variant of Kido with new functionality has caught our attention. This new variant is detected as Trojan-Downloader.Win32.Kido, and compared to past variants the main difference is that it uses Peer to Peer (P2P) protocols for communication instead of HTTP which was used by previous variants of this worm. This means that this new variant of Kido utilizes P2P channels to download new malicious code or for botnet control.
Once a user PC is infected by this new variant of Kido, it will automatically download fake anti-malware software by the name of "spyware protect 2009" (detected as FraudTool.Win32.SpywareProtect2009). Once installed, this anti-malware program attempts to scare the user by notifying the user that a "virus" had been detected on their PC and requests the user to pay $49.95 to remove this so called "virus".
At the same time, an email worm by the name of Email-Worm.Win32.Iksmas will also be downloaded. This worm steals user data and sends out spam using the infected host. One more interesting point about this new Kido variant is the author configured a self termination date of May 3rd (date-limited functionality until 3rd May 2009). Why? We are still trying to find out. Perhaps the next Kido update will provide us with more clues.
Posted by: Netgear Threat Lab at 12:09 PM
Categories: Malware , Netgear Threat Lab , Phishing , Spam , Viruses , Worms
« Phishing |
Main Index |
| Spyware »