You Have Received a Christmas Card

It is more than a month until Christmas, but spammers are all set to spam the vacation season. We have observed Christmas related spam messages flowing into the Symantec Probe Network.

For greeting card spam, spammers used a legitimate look and feel in the email with headers (Subject & From) and flash animations that included a message to open the "Christmas" attachment. After opening the attachment, the malicious code is downloaded on to the user's system. Symantec detects the attachment as W32/AutoRun.BBC!worm.

Figure 1. Christmas card example

As expected, spammers are promoting fake offers by targeting specific categories, including:

  • Products
  • Health
  • Internet
  • Finances
  • Replicas

Most of these spam messages encourage users to buy the products early to take advantage of the bogus offers. Clicking the URL directs the user to a fake product offer site, for example, a Web page selling replica watches, fake pharmaceuticals, or other products.

Figure 2. Fake product offer Web page

Christmas related spam can easily be recognized by observing the From line:

The Subject line can also be used to recognize Christmas related spam:

  • Subject: Christmas Woodworking Gifts
  • Subject: $1,500 cash for Christmas!
  • Subject: Ideal kids project for Christmas
  • Subject: You have received a Christmas Greeting Card!
  • Subject: Combat your waist line in time for Christmas
  • Subject: RE: Christmas sale of medicine production watches has started!
  • Subject: Come Here to Get Christmas Gift for Everybody!
  • Subject: Share A Little Magic This Christmas
  • Subject: Christmas boost [it's only 7 weeks away!]
  • Subject: RE: Wanna make Christmas shopping easy?

Below are several examples of Christmas related spam emails:


We expect to see a sharp spike in the volume of Christmas related spam messages over the next few days. Symantec Security Response continues to closely monitor this spam trend and we will keep our readers updated. We advise our readers to be cautious when handling unsolicited or unexpected emails related to Christmas. Updating antispam signatures regularly can help to prevent personal information from being compromised.

AT&T Breaching Net-Neutrality Rules Despite Lifting Some FaceTime Restrictions

Photo: Myles!/Flickr

AT&T continues to breach net-neutrality regulations despite an announcement that it would begin offering Apple’s FaceTime service to more of its iPhone and iPad subscribers, digital rights groups said.

The nation’s second-largest carrier said Thursday it was expanding the ability of its customers to use the FaceTime application, at no extra charge, for Apple iOS 6 customers with LTE coverage who have subscribed to any tiered plan. The company said the changeover should begin rolling out in the “next eight to 10 weeks.”

AT&T was limiting the iPhone’s FaceTime video-chat service on its cellular networks to users with new, shared data plans, which are generally more expensive. In September, the iPad 3 and newer iPad models, the iPhone 4S and the new iPhone 5 running iOS 6 became capable of using FaceTime over cellular networks instead of solely Wi-Fi.

But despite the change, Public Knowledge said that, until AT&T begins offering the service on all of its cellular plans like Sprint and Verizon do — including for AT&T customers with unlimited data — the company will be violating net neutrality rules.

“This is a step in the right direction,” said John Bergmayer, senior staff attorney with Public Knowledge.

Public Knowledge and other groups have been meeting with AT&T since September, when they threatened to challenge the FaceTime blocking with the Federal Communications Commission. He said within the coming months, if AT&T doesn’t open up FaceTime to all plans where subscribers have compatible Apple devices, he might demand the FCC’s intervention.

Apple’s FaceTime app allows live video conversations between users of Apple devices.

Net neutrality rules prohibit DSL and cable companies from unfairly blocking services they don’t like and require them to be transparent about how they manage their networks during times of congestion. The regulations do allow for certain kinds of mobile network management during periods of congestion, but these cannot unfairly target services that compete with the carriers’ own services.

Mobile carriers like AT&T and Verizon face fewer rules, but are banned from interfering with alternate calling services such as Skype that compete with the carriers’ services.

The nation’s largest carrier, Verizon, is already suing the FCC over the rules. A federal appeals court struck down a previous FCC attempt to enforce similar principles against Comcast after the cable internet provider was caught secretly interfering with peer-to-peer file sharing.

AT&T in August said that the main reason why it was not breaching the FCC’s net-neutrality rules was because the FaceTime application comes pre-installed on the iPhone and iPad. The company said it was not blocking the app, but that it reserved the right to enforce “some reasonable restrictions” to manage expected traffic congestion of the data-hogging app.


Supreme Court Weighing Genetic Privacy

A criminalist examines for DNA evidence at a lab in the NYC Office of Chief Medical Examiner in 2010, in New York. Photo: Mary Altaffer / AP

Supreme Court justices are to meet privately Friday to weigh whether they will hear a major genetic-privacy case testing whether authorities may take DNA samples from anybody arrested for a serious crime.

The case has wide-ranging implications, as at least 21 states and the federal government have regulations requiring suspects to give a DNA sample upon arrest. In all the states with such laws, DNA saliva samples are cataloged in state and federal crime-fighting databases.

The issue confronts the government’s interest in solving crime, balanced against the constitutional rights of those arrested to be free from government intrusion.

The case before the justices concerns a decision in April of Maryland’s top court, which said it was a breach of the Fourth Amendment right against unreasonable search and seizure to take DNA samples from suspects who have not been convicted.

The Maryland Court of Appeals, that state’s highest court, said that arrestees have a “weighty and reasonable expectation of privacy against warrantless, suspicionless searches” and that expectation is not outweighed by the state’s “purported interest in assuring proper identification” of a suspect.

Maryland prosecutors argued that the mouth swab was no more intrusive than fingerprinting, (.pdf) but the state’s high court said that it “could not turn a blind eye” to what it called a “vast genetic treasure map” that exists in the DNA samples retained by the state.

The court was noting that DNA sampling is much different from compulsory fingerprinting. A fingerprint, for example, reveals nothing more than a person’s identity. But much more can be learned from a DNA sample, which codes a person’s family ties, some health risks and, according to some, can predict a propensity for violence.

In the justices’ Friday conference, they are likely to agree to review the Maryland case, and announce their decision days later. That’s because Chief Justice John Roberts has stayed the Maryland decision pending whether the justices review the case. In the process, he said there was a “fair prospect” (.pdf) the Supreme Court would reverse the decision. If the justices decline the case, the Maryland decision becomes law.

The National District Attorneys Association is urging the Supreme Court to overturn the Maryland decision, saying DNA sampling “serves an important public and governmental interest.” (.pdf)

The group points to the Maryland case at hand, concerning defendant Alonzo King. After being arrested in 2009 on assault charges, a DNA sample he provided linked him to an unsolved 2003 rape case. He was later convicted of the sex crime, but the Maryland Court of Appeals reversed, saying his Fourth Amendment rights were breached.

The issue before the justices does not contest the long-held practice of taking DNA samples from convicts. The courts have already upheld DNA sampling of convicted felons, based on the theory that those who are convicted of crimes have fewer privacy rights.

Still, the U.S. Supreme Court has held that when conducting intrusions of the body during an investigation, the police need so-called “exigent circumstances” or a warrant. For example, the fact that alcohol evaporates in the body is an exigent circumstance that provides authorities with the right to draw blood from a suspected drunk driver without a warrant.

Maryland’s law, requiring DNA samples for those arrested for burglary and crimes of violence, is not nearly as harsh as California’s. The Golden State’s statute is among the nation’s strictest, requiring samples for any felony arrest.

A three-judge federal appeals panel has upheld California’s law, although the court is reviewing the issue again with 11 judges.

DNA testing in the United States was first used to convict a suspected Florida rapist in 1987, and has been a routine tool to solve old or so-called cold cases. It has also exonerated convicts and those on death row.

Cisco Releases Security Advisory for Cisco Secure Access Control Systems (ACS)

Cisco Secure Access Control Systems (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass the TACACS+ based authentication service offered by the product.

Cisco has released software updates that address this vulnerability.

US-CERT encourages users and administrators to review the Cisco Security Advisory 20121107-ACS and follow best practice security policies to determine if their organization is affected and the appropriate response.

This product is provided subject to this Notification and this Privacy & Use policy.