Spammers use all types of tricks to bypass spam filters: adding ‘noise’ to texts, inserting redirects to advertised sites, replacing text with pictures - anything to stop the automatic filter from reading the keywords and blocking the message. Recently, we’ve been seeing a trend to replace Latin characters with similar-looking symbols from other alphabets. This “font kink” is especially typical of phishing messages written in Italian.
Non-Latin characters are inserted in place of similar-looking Latin characters both in the “Subject” field and in the body of the message. Here is an example of what headers obscured with ‘foreign’ symbols look like:
The eighth annual Counter-eCrime Operations Summit (CeCOS VIII) was held in Hong Kong on April 8th , 9th and 10th, 2014. The event brings together global leaders from financial services, technology, government, law enforcement, communications sectors and research centers.
Cybercrime fighters from the field examined:
- Public-source criminal tracking techniques - Cloud and mobile malware forensics - The latest crimeware and web-based attack schemes - Bitcoin as a cybercrime tool - Globalized industrial cybercrime event data sharing - Ransomware scams menacing businesses - Global approaches to securing the Domain Name System
CeCOS VIII was an open conference for members of the electronic-crime fighting community.
The agenda is located at http://apwg.org/apwg-events/cecos2014/agenda and I had the opportunity to share recent research results on the second day of the event.
On the eve of Easter, we noticed an unusual chain of spam messages. The spammers offered various services: from reducing mortgage costs and helping repay a loan, to enhancing male sexual performance. Neither the subject nor the text of the message had any allusions to the approaching holiday; however, the links leading to the sites advertised by the slogans included Easter-themed keywords: eastertime, easterbunnies, greateastern.
Recently, we’ve seen SMS Trojans starting to appear in more and more countries. One prominent example is Trojan-SMS.AndroidOS.Stealer.a: this Trojan came top in Kaspersky Lab's recent mobile malware ТОР 20. It can currently send short messages to premium-rate numbers in 14 countries around the world.
But this is not all. Another Trojan, Trojan-SMS.AndroidOS.FakeInst.ef, targets users in 66 countries, including the US. This is the first case we have found involving an active SMS Trojan in the United States.