The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Spam Test |Caution! Fraud!

Darya Gudkova
Kaspersky Lab Expert
Posted May 30, 09:39  GMT

Lately, our traps have been catching emails like these:

In them someone with a very English name is asking to book a hotel or air tickets for their family. A naïve recipient would think “Ah, wrong address”.

Spam Test |Absent-minded spammers

Tatiana Kulikova
Kaspersky Lab Expert
Posted April 09, 13:42  GMT
Tags: Spam Letters, Social Engineering

A large number of scam emails disguised as newsletters sent by the CNN television channel have been detected again. Sensational headlines are used in the messages to grab the attention of recipients (e.g., falling stock indexes, the election of a new Pope etc.). Users are asked to click on the links provided in the messages to get access to the complete versions of the articles. To make them look authentic, the emails also include links to real CNN pages, but of course the link with the main piece of news is fake. It leads to a compromised website which uses JavaScript to redirect the user to a site hosting malware – in this case, the Blackhole exploit kit.

At the same time as the CNN newsletter scam, there has also been an epidemic of scam emails imitating Facebook notifications. In these emails, spammers suggested that users check out new comments on their photos. The mechanism used in the malicious link was the same as in the case described above. The most curious part, though, was that the scammers did not even bother to change the links. While in the former case the link included “cnnbrnews.html” after the domain name, the same ending in the link provided in fake Facebook messages looks out of place.

Unfortunately, this is the only part of the scam where the cybercriminals were careless. Emails containing the malicious links are still being distributed, so be cautious when handling suspicious messages.

comments      Link

Spam Test |Lottery fraudsters freshen up their repertoire

Maria Rubinstein
Kaspersky Lab Expert
Posted November 08, 14:23  GMT

Earlier, we wrote about the tricks that fraudsters often use on their gullible victims. There’s a prize for you, just pay a small fee to open a bank account (or transport costs, bank fees, overheads etc.), and you will be a millionaire! Sounds familiar, doesn’t it? However, old tricks become stale over time, and readers become alert and suspicious to them. So, the fraudsters have come up with a new variation of an old scam.

Spam Test |Spam: Euro 2012 vs Summer Olympics

Posted June 14, 07:35  GMT
Tags: Spam Letters

Summer 2012 will be packed with sporting events. This week sees the Euro 2012 football championship kick off in Poland and Ukraine. The tournament will bring together 16 of Europe’s best teams, and football fans from all over the continent will be watching closely regardless of whether their country qualified for the finals or not. Official ticket sales for Euro 2012 were launched on 12 December 2011, but spammers – rather unusually for them – were in no hurry to exploit the event. The first mailing offering tickets to Euro 2012 was only detected at the beginning of January. Since Ukraine is one of the host countries for Euro 2012, there were lots of messages in Russian and Ukrainian. The afore-mentioned message offering tickets was just one of them.

Spam Test |A gift from ZeuS for passengers of US Airways

Dmitry Tarakanov
Kaspersky Lab Expert
Posted April 03, 12:58  GMT
Tags: ZeuS


On 20 March, we detected a spam campaign targeting passengers of US Airways. Almost the entire week cybercriminals were sending users the following email allegedly from US Airways:

There is a brief description of the check-in procedure and a confirmation code is provided for online reservation.

The criminals are obviously banking on any recipients flying on the flight mentioned in the email clicking on the link "Online reservation details".

Different emails contained different links — for example, we noticed the following domains: sulichat.hu, prakash.clanteam.com, panvelkarrealtors.com.

After clicking the link a series of redirects eventually leads to a domain hosting BlackHole Exploit Kit.

Spam Test |Valentine’s coupon

Posted February 14, 08:15  GMT
Tags: Spam Letters

It may not be in the same league as Christmas and New Year, but with every year Valentine’s Day is being exploited more and more by spammers. In the week before it is celebrated this year Valentine’s spam accounted for 0.3% of all spam.

We registered the first Valentine’s spam as far back as 14 January – a whole month before the holiday itself – and it struck us as being rather unusual.

Like the majority of spam mass mailings exploiting the Valentine’s Day theme, this particular mailing was in English. It is a well-known fact that the lion’s share of English-language spam is distributed via partner programs. (Unlike other parts of the world, the practice of small and medium-sized companies ordering spam mailings or sending out spam themselves is not very popular in the USA and most western European countries.) However, the first Valentine’s spam of the year bucked this trend and had nothing to do with a partner program.

This particular offer for Valentine’s Day gifts made use of coupon services.

As you can see from the screenshot, the recipient is urged to buy a small gift for their loved one making use of a discount, an offer which the company made via the major coupon service Groupon.

Coupon services have proved to be a big success around the world. Every day various websites offer special deals on anything from two to several dozen goods or services.

Groupon is one of the biggest Internet projects of its kind and it’s fairly easy to find its promo campaigns online. The site also informs its subscribers about new deals via email. The company that sent out the first Valentine’s spam detected by Kaspersky Lab used an advert for this major portal, the legitimate Groupon email campaign plus spam advertising.

We’ve already noted that for small companies coupon services are fast becoming a credible alternative to spam advertising. Judge for yourself: the method used to spread adverts is the same – via email, but spam filters don’t block legitimate mailings from major Internet resources. Another important advantage is that the firms that offer coupon services are not breaking the law. The size of the mailing may well be less than a spam mailing that a company could order, but the legitimate mailing is sent out to the relevant region and the recipients are genuinely interested in special offers sent by coupon services. As a result, a targeted, legitimate mailing can be more effective than the typical ‘carpet bombing’ associated with traditional spam.

Coupon services have had a noticeable impact on mail traffic and Internet advertising. They have also affected spam. There are now a number of spam categories associated with coupon services.

The first is that of unsolicited mailings by the services themselves. This category of spam is quite rare – the more serious companies don’t want to tarnish their reputation by being associated with spam. However, some start-ups trying to break in to the market are willing to resort to spam in an attempt to attract subscribers or to allow their platforms to be used for promotions by other companies.

Another category of ‘coupon’ spam is that which simply uses the word “coupons” instead of “discounts” to make goods or services more attractive to users. These spam mailings can offer ‘coupons’ for some of the most unexpected items. For instance, the people behind pharmaceutical spam think nothing of offering a small discount on medications and passing it off as a coupon.

A third category of coupon spam includes things like the Valentine’s spam mentioned above. This involves a company whose offers are already available via a coupon service attempting to reach a wider audience by resorting to spam. As I see it, this approach is counterproductive. The majority of users react negatively to spam, and using it to advertise will only do harm to a company’s reputation. This is especially important as many coupon services rely on the trust of their users. Spam, therefore, can actually work against a coupon service, reducing the effect of a promotion instead of enhancing it.

The potential popularity of coupon services carries with it a specific threat. Users of the services tend to leave some money on their account balance so they can spend it at any time on a deal that takes their fancy. Although the amount of money stored on such accounts may not be very much, it is still likely to attract phishing attacks against the customers of coupon services.

So as not to play into the spammers’ hands, or to avoid falling victim to a phishing attack, when using these coupon services, users need to follow three simple rules:

  1. Don’t open emails from coupon services that you haven’t registered with. On the one hand, this secures you against phishing attacks or mail traffic containing malicious code. On the other hand, if a spammer’s email turns out to be simply a commercial offer, you reduce the number of responses, making the spammers’ work less profitable.
  2. If an email from a coupon service to which you are registered asks you to verify your account via a link, or to enter your login and password in some other way, do not under any circumstances do so. Remember that large organizations never ask you to send your login and password via email. Any such request should be seen as an attempt to steal your account. If you are in any doubt as to whether a message is fraudulent, it is best to enter the service’s website using the method that you normally use, e.g. by entering the address in the address bar of the browser or selecting it from a ‘favorites’ tab. Only when you have opened the site and are certain that it is genuine should you open your account and make sure there are no problems with it.
  3. If you get a message from a major service about coupons that you didn’t order, don’t open the message and, more importantly, don’t download any attachments that came with the email.

Coupon services often send purchased coupons as an attachment in an email. If you have not purchased any coupons from the service, there’s a chance that an email attachment might be malicious. If you are not sure whether or not you bought the coupon, you can always check by entering your account. We have not yet detected a malicious attachment disguised as a coupon. Nevertheless, we recommend that users be careful – spammers that participate in partner programs are usually the first to react to new opportunities, including those that involve spreading malicious code. It’s just a matter of time before this type of spam traffic appears.

Comment      Link

Spam Test |Spam and YouTube: a long-term relationship

Darya Gudkova
Kaspersky Lab Expert
Posted September 22, 09:59  GMT
Tags: Spammer techniques, Email

We recently noticed a mass mailing among the general flow of spam that at first glance looked just like the usual “forum” junk mail that appears on forums and bulletin boards, and which are sent as email notifications to users of those forums.

Spam Test |Desire for knowledge or the vice of curiosity?

Natalia Zablotskaya
Kaspersky Lab Expert
Posted September 15, 14:06  GMT
Tags: Spam Letters, Social Engineering

One of the main rules of IT security is to be very cautious when dealing with archived attachments in emails. “If you’re not sure, don’t open it!” It’s an easy rule to follow when the text in the message obviously has nothing to do with you.

When an experienced user reads about IT security problems at a bank where they don’t have an account, or about winning a lottery that they never bought a ticket for, then it’s usually immediately obvious that they are faced with yet another example of spam and there’s absolutely no reason to open the attached ZIP file. Cybercriminals will often resort to all types of social engineering to trick people into passing on their personal data and/or infecting their own computers. More often than not, they send messages that are made to look as though they come from well-known companies that either offer rewards for those that fill out or run the attached files (even stooping to threats of all kinds for those that fail to do so). But less mundane approaches are also used.

Spam Test |Phishers are lovin’ McDonald's

Darya Gudkova
Kaspersky Lab Expert
Posted September 13, 14:34  GMT
Tags: Social Engineering, JavaScript

Today we came across a new, very sophisticated type of phishing. The user receives a message that, at first glance, appears to be from McDonald's. It states that the recipient has won the chance to participate in a survey and immediately receive remuneration of $80 for doing so.

Spam Test |New spam sources in the making

Posted September 13, 07:14  GMT
Tags: Spam Statistics

After the Pushdo/Cutwail, Bredolab and Rustock botnets were taken offline, the geography of spam sources underwent some major changes. In particular, from September 2010 the US, for a long time the leading spam distributor, began to lose ground. For several months now it hasn’t even made it into the Top 10 leading sources of spam and only occasionally appears at the bottom of the Top 20.

The US and some European countries have been replaced by Asian and Latin American countries. The cybercriminals have clearly established new bases for distributing spam with eight of July’s top 10 spam sources located in Asia and Latin America.

Sources of spam in July 2011