Showing 27 results for: Spam ×

BOM Obfuscation in Spam

Spammers try all sorts of tricks to obfuscate, including trying to obfuscate URLs so they cannot be recognized by various URL blacklisting or other scanning services. We recently came across a trick we hadn't seen before. Here is the original...

Jumping through the hoops: multi-stage malicious PDF spam

We've recently encountered a number of malicious spam messages with PDFs attached. The PDFs themselves are not malicious as they don't contain executable code, but they do contain images with underlying URI actions. The image, if clicked, will open the...

Quaverse RAT: Remote-Access-as-a-Service

***UPDATE as of September 28, 2015 - see the bottom of this post for removal instructions*** Quaverse RAT or QRAT is a fairly new Remote Access Tool (RAT) introduced in May 2015. This RAT is marketed as an undetectable Java...

Lessons in Spam JavaScript Obfuscation Layers

Spammers seem to be adding layers of obfuscation to their malware attachments in an attempt to evade spam filters that look inside attachments. Most malware attachments come in the form of executables, or, increasingly, Word files with malware-laden macros. These...

Attackers concealing malicious macros in XML files

XML files are harmless text files right? Wrong! The group behind the malicious Microsoft Office document campaigns have started to utilize Microsoft Office XML formats to hide malicious macros. This week, our spam traps were flooded with spam with XML...

Deobfuscating Malicious Macros Using Python

Over the past few weeks, we've observed cybercriminals spamming users, particularly in the UK, using document files embedded with malicious macros masquerading as invoices. The attachment is either a Word or an Excel document file. Here are some examples incorporating...

Hacking a Reporter: UK Edition

Over the summer, a U.K. journalist asked the Trustwave SpiderLabs team to target her with an online attack. You might remember that we did the same in 2013 by setting our sites on a U.S.-based reporter. This scenario, however, would...

Stupid Spammer Tricks – Reversing Characters

Spammers engaged in phishing attacks constantly try to get their emails past spam filters. They try many different tactics, and these can include taking advantage of HTML coding characteristics. These HTML tricks can make the email look normal when rendered...

Stupid Spammer Tricks – Multi-Character Set Text

Looking to refinance your house? Install solar panels? Hey, this email about refinancing (or solar power) looks good. But is it really? Is it legitimate or just spam for a fly-by-night outfit? Spammers are constantly trying new tricks to make...

Hey, can I use your server for spamming?

Over the last few months I have encountered two separate cases of our customers being impacted by outbound spam, i.e., spam originating from within their networks. The first sign that anything was wrong was that the customers' mail servers were...

Physical Address Strangeness in Spam

Ten years ago, Congress passed the "CAN-SPAM Act" (also known as the You-CAN-SPAM Act, since it defined legal spam and supersedes any stricter state antispam laws). One of the provisions of the act is that there must be a legitimate...

Behind the Phish: Romance Perhaps?

When I look at the masses of spam we receive on a daily basis, I often wonder who is behind it all. What systems do they have in place, and who are the people behind such madness? We have often...

Analysis of Malicious Document Files Spammed by Cutwail

In our Global Security Report, we highlighted a zero day vulnerability in the Windows Common Controls affecting Microsoft Office (CVE-2012-0158). This was reportedly being used for targeted attacked against NGOs and human rights activist. Over the past week, the Cutwail...