Coming up Next – Chinese New Year

Giving gifts for Chinese New Year is a traditional custom, not only for families but also for businesses to show their gratitude to customers. While everyone is ready to welcome the Year of the Rabbit, spammers have already provided many holiday surprises for them.

Chinese New Year is on February 3 this year, about half a month earlier than last couple of years. Spammers have also adjusted their attack schedule for the upcoming festival.

Product and business promotion spam have been observed since last December. Most attacks have customized the ‘From’ line alias and use promotional ‘Subject’ lines related to Chinese New Year.

The following two samples are medical product promotions with a customized ‘From’ line and have a subject line related to the occasion.

From:可输入多个<[Details Removed]>

Subject:过年了!给领导送什么哪?(AD)

Translation:

From: you may enter multiple choices <[Details Removed]>

Subject: It's almost the new year! What kind of gift you will pick for your boss? (AD)

Translation:

It's almost the new year! What kind of gift you will pick for your boss? (AD)

Typical options are wine and gift cards… It’s time to change now……!

Healthy and luxury products - Vit Number 1 coming up this year…..

Gift targets:

1. Owners with more than 10 million dollars in assets!

2. Top level governors!

3. Second generation individuals from wealthy families, governors’ families, etc!

Purchase method:

[Details Removed]

Or add QQ[Details Removed]

Mobile:[Details Removed]

 

From: "" <Details Removed>

Subject: 过年了!孝敬父母什么哪(AD)?

Translation:

Subject: Chinese New Year is coming up! What kind of gifts are you getting for your parents (AD)?

Translation:

Chinese New Year is coming up! What kind of gifts are you getting for your parents (AD)?

Bei Jing<Details Removed> continues medical traditions by introducing:

Scorpion essence 1: “The refill station for men and beauty salon for women!” … See details here:

In store purchase - elite level supplement “Scorpion essence 1” Beijing<Details Removed>…See details here:

hxxp://<Details Removed>

//<Details Removed> purchase - elite level supplement “Scorpion essence 1”…See details here:

hxxp://<Details Removed>

Please add me QQ<Details Removed> Or mobile<Details Removed> !

 

Next is a food product promotion with links advertising known auction sites with randomization inserted in ‘Subject’ line and ‘From’ alias. The links in the body take you to the spammers' promotional products on the auction site.

From:中国信用卡<[Details Removed]>

Subject: 亲爱的会员[Details Removed]:春节到了,为您精心准备的食品!直接进入[Details Removed]购买~省心省力~

Translation:

From: China credit card <[Details Removed]>

Subject: Dear member [Details Removed]: It's almost Chinese New Year. We prepared a great food gift basket for you! Directly enter [Details Removed] shopping site~ save time and effort~

Translation:

This email is sent in HTML format. If you can't view it, please click on the link or copy the URL link and open it.

http://[Details Removed]

 

The last sample is for a sale on software; the business sent unsolicited promotional mail for Chinese New Year.

From:[Details Removed]

Subject: 春节前[Details Removed] 商城6折大促销了!

Translation:

Subject: [Details Removed] Shop sales of 40% OFF before Chinese New Year!

Translation:

[Details Removed] Software sale of 40% OFF before Chinese New Year. The sale applies to everyday goods, home decor, office stationary, books, hardware, machinery, electronics, financial management products, etc. [Details Removed] Shop http:// [Details Removed]

Spammers Set for Valentine’s Day

Valentine’s Day brings excitement for celebrating love and affection between dear ones. Spammers are  gearing up for  Valentine’s Day with several offers like product spam, gift cards, personalised cards, and financial spam. Symantec has been  observing Valentine’s Day-related spam since early January and we have recently seen a spike in product spam related to the event.

Below are Valentine’s day related spam samples:

Subject: An original gift for Valentine's Day

Subject: Take Her Breath Away

Subject: Super great designer watches

Subject: Personalized gifts for your Valentine

Subject: Very Hush-Hush Valentines Day Offer

Subject: The best Valentines gifts

Subject: Quick and Easy Valentine's Day Gifts

Subject: $19.99 Flowers for Valentine's Day + FREE Vase

Spammers promoting fake product offers at discounted price and the URL mentioned in the message redirects the user to the spam Web page which asks for personal information.

We are also observing interesting phishing attacks based on the Valentine’s Day theme. The domains used in phishing attacks resemble the name of the event.

http://www.valentinegirlxxxx.co.uk/~friday/myca/us/logon/action.html

http://www.valentinegirlxxxx.co.uk/~logic/us/myca/logon/action.html

http://valentinexxx.org/~bloom/help/weurhwe9urh9w[removed]/Login.htm

Last year’s statistics show that product spam  was the most popular spam tactic. Continuing that trend, we expect product spam to remain the most dominant compared to other spam categories.

.

Symantec advises our readers to be cautious when handling unsolicited or unexpected emails.   Updating antispam signatures regularly helps prevent personal information from being compromised. We at Symantec are closely monitoring the Valentine’s Day spam attacks to keep our readers updated.

Note: Thanks to blog contributors, Anand Muralidharan and Amit Kulkarni.

Hacker Challenging Court Order to Surrender Computer Gear to Sony

Hacker George Hotz must surrender his computer gear to Sony next week

The lawyer representing a hacker who published the first major PlayStation 3 jailbreak on the internet said Sunday he would challenge a federal judge’s order requiring his client surrender his computer gear to console-maker Sony.

New Jersey’s George Hotz, well-known in the jailbreaking community for unlocking the iPhone and other exploits, had published the jailbreak code on his website and on YouTube a month ago.

Sony, the maker of the 4-year-old console, sued Hotz in San Francisco federal court demanding a judge order him to remove the code. Sony also requested that the 21-year-old computer consultant surrender “any and all computer hardware and peripherals containing circumvention devices, technologies, programs, parts thereof, or other unlawful material, including but not limited to code and software, hard disc drives, computer software, inventory of CD-ROMS, computer diskettes, or other material containing circumvention devices, technologies, programs, parts thereof, or other unlawful material.”

The judge’s Thursday ruling (.pdf) did not sit well with Hotz’ attorney, Stewart Kellar of San Francisco.

“The information sought at issue is less than 100 kilobytes of data. Mr. Hotz has terabytes of storage devices,” Kellar said in a Sunday telephone interview. “Impounding his computers, it’s like starting a forest fire to cut down a single tree.”

Within days, Kellar said he would petition U.S. District Judge Susan Illston to reconsider her ruling — which came in the form of a temporary restraining order requiring Hotz surrender the equipment next week. Hotz, he said, has already abided by Illston’s decision ordering him to remove the code from his website and YouTube.

That said, the code has spread like wildfire. Yet Illston appears to be ordering Hotz to make sure all the code is eliminated from the net.

The defendant, Illston ruled, “shall retrieve” code “which he has previously delivered or communicated.”

Kellar said that was impossible. “Mr. Hotz can’t retrieve the internet,” he said.

Hotz, who goes by the online handle “Geohot,” accessed the so-called “metldr keys” or root keys that trick the PS3 system into running unauthorized programs, like pirated or homebrewed games. It was the first, full-scale root-level firmware hack of the console.

Sony, in its lawsuit, alleged the console jailbreak breached the Digital Millennium Copyright Act and other laws, and would eat into game sales for the 41 million PS3 units sold. Illston agreed that Hotz’ activities likely violated the DMCA, and made her order pending more litigation in the weeks-old case.

The DMCA makes it either a civil or criminal offense to traffic in wares meant to circumvent devices protecting copyrighted works. Ironically, performing a similar hack on a mobile phone is lawful. The U.S. Copyright Office exempted cell phone jailbreaking from being covered by the DMCA.

“At the heart of this whole issue is whether you truly own the device you purchased,” Kellar said.

Illston also tentatively agreed with Sony’s complaint that Hotz likely breached the Computer Fraud and Abuse Act by acquiring unauthorized access to the game console, access that Sony forbids.

That act, too, can be either a civil or criminal violation. It was unsuccessfully used to prosecute Lori Drew in the country’s first cyberbullying prosecution in 2009.

Sony, which is seeking unspecified monetary damages, has just released a firmware update designed to nullify Hotz’ code.

Photo: Courtesy of George Hotz

Internet ‘Kill Switch’ Legislation Back in Play

Legislation granting the president internet-killing powers is to be re-introduced soon to a Senate committee, the proposal’s chief sponsor told Wired.com on Friday.

The resurgence of the so-called “kill switch” legislation came the same day Egyptians faced an internet blackout designed to counter massive demonstrations in that country.

The bill, which has bipartisan support, is being floated by Sen. Susan Collins, the Republican ranking member on the Homeland Security and Governmental Affairs Committee. The proposed legislation, which Collins said would not give the president the same power Egypt’s Hosni Mubarak is exercising to quell dissent, sailed through the Homeland Security Committee in December but expired with the new Congress weeks later.

The bill is designed to protect against “significant” cyber threats before they cause damage, Collins said.

“My legislation would provide a mechanism for the government to work with the private sector in the event of a true cyber emergency,” Collins said in an e-mail Friday. “It would give our nation the best tools available to swiftly respond to a significant threat.”

The timing of when the legislation would be re-introduced was not immediately clear, as kinks to it are being worked out.

An aide to the Homeland Security committee described the bill as one that does not mandate the shuttering of the entire internet. Instead, it would authorize the president to demand turning off access to so-called “critical infrastructure” where necessary.

An example, the aide said, would require infrastructure connected to “the system that controls the floodgates to the Hoover dam” to cut its connection to the net if the government detected an imminent cyber attack.

What’s unclear, however, is how the government would have any idea when a cyber attack was imminent or why the operator wouldn’t shutter itself if it detected a looming attack.

About two dozen groups, including the American Civil Liberties Union, the American Library Association, Electronic Frontier Foundation and Center for Democracy & Technology, were skeptical enough to file an open letter opposing the idea. They are concerned that the measure, if it became law, might be used to censor the internet.

“It is imperative that cyber-security legislation not erode our rights,” (.pdf) the groups wrote last year to Congress.

A congressional white paper (.pdf) on the measure said the proposal prohibits the government from targeting websites for censorship “based solely on activities protected by the First Amendment of the United States Constitution.”

Oddly, that’s exactly the same language in the Patriot Act used to test whether the government can wiretap or investigate a person based on their political beliefs or statements.

Photo: LeSimonPix/Flickr

See Also: