Symantec

Symantec has observed a new spam tactic being used in which fake
surveys are seeking users' opinions or views on features provided by
their social networking site. The sample shown below is one such spam
email targeting Facebook:

Various “Subject” lines of this spam are as follows:

Subject: Take our online survey and receive a new gaming unit!
Subject: Take our social networking survey and get a gift card!
Subject: Give your opinion on social networks and choose your prize!
Subject: Receive a hot new MP#3 player for your opinions!

Upon clicking the link provided in the message, the user is
redirected to a fake survey page where the user has to answer questions
related to features provided by social networking site. Upon completion
of survey, the users are promised exciting gifts.

Spammers are trying to demonstrate the legitimacy of the scam by
notifying users of a few required terms and conditions, such as:

1) Participants must be a U.S. resident at least 18 years of age or older.
2) Users must register with valid information.

The sample shown below is a screenshot of one such fake survey:

Strange stories of celebrities have suddenly erupted in the spam
ring, which describe their deaths in  plane crashes or car accidents.
The intention of distributing such false news is to spread viruses
using HTML or zipped attachments. This is one more in a series of
recent virus attacks seen in the last few weeks. We had written on one
of the attacks in a recent security response blog post. This is an old trick of using celebrity names to lure recipients into opening malicious URL or attachments.

In one of the campaigns seen, spammers are using subject lines showing that a celebrity has died. Examples include:

It's fairly well known that different types of malware can "kill"
security products in various ways. These kinds of malware are known as retroviruses.
In order to step things up a notch, some risks are utilizing legitimate
software uninstallers to trick users into uninstalling legitimate
security products. A new variant of the Trojan.FakeAV threat has been using this technique to install a newly released clone of the CoreGuard Antivirus
security risk, called "AnVi Antivirus". In this case, the Trojan is
utilizing this social engineering technique to trick users into
uninstalling many well-known security products, including solutions by
Symantec, Microsoft, AVG, Spyware Doctor, and Zone Labs, before
installing AnVi Antivirus.

Upon executing the malicious file, the Trojan shows a message box
asking the user to uninstall the legitimate antivirus program, if it is
present on the computer:

In a typical 419 scam message, we usually see lottery winning
notifications, mentions of next of kin, or fake business offers. Often
we observe spammers creating fake stories tying in with disasters or
news linked to users' emotions. In a recent targeted scam tactic,
spammers have created a fake story threatening users about a DDOS attack
on their website.

In this latest spam campaign, the spammer claims to be a hacker owning a huge network capable of a DDOS attack,
and threatens users that their website will be brought down with a DDOS
attack if they fail to shell out $200. The domain name mentioned in the
spam message is legitimate and its registrant dates are old. There are
intentional spelling mistakes in the message in an effort to evade
content-based antispam filters.

In this targeted attack, the “To” header is an email address provided
in the registrant contact details for the domain. And the “Subject”
header follows a format similar to “Hosting - Important Updates and
Information”, which helps the email to appear as if it has been sent by
the hosting service provider.

Below is an example of the spam message:

Symantec has recently observed phishing websites spoofing courier
service brands. There were primarily three brands targeted and
fraudsters were attempting to steal customers’ login credentials.

So what’s in the login credentials of courier service brands that
fraudsters can take advantage of? Couriers provide their customer with
several online features upon registering with the brand’s legitimate
website. The features help customers to track their shipments, make
online payments for their orders, specify the address for delivery, and
so on. If login credentials are stolen, fraudsters can benefit from
these features because it may enable them to reroute valuable packages
to any address they provide.

We all know spammers follow holidays and news events closely, given
that spam volumes always increase before upcoming events. In the Chinese
culture there are a lot of holidays based on the lunar calendar and
various traditions. The most recent cultural holidays were Father’s Day
(August 8) and the upcoming Chinese Valentine’s Day for loving couples
is the following Monday (August 16).

We observed many product promotions for these custom holidays last
year. They are mainly gift shopping advertisements from different
retailers. Product and service promotions for these two holidays have
been discovered lately, which doesn’t come as a surprise.

Sample 1: Chinese restaurant promotion
Randomized “From” line with Father’s Day-related “Subject” line, banquet menu list in the body.
From: <Details Removed>
Subject: 父親節感恩宴安排好了嗎?

Translation:
Subject: Have you made dinner reservation for Father's Day yet?

Body Translation: