Since news about Heartbleed broke out earlier this month, the Internet has been full of updates, opinions and details about the vulnerability, with personalities ranging from security experts to celebrities talking about it. Being as opportunistic as they are, cybercriminals have taken notice of this and turned the furor surrounding Heartbleed into lure for a spam attack. Figure 1. Heartbleed spam The spammed mail is a simple-looking one, as far as spam goes. The body is plain text, notifying the user about the ...

Tax season in the US and Canada has always been popular among cybercriminals. After all, it's one of the few reliable times in a year that a lot of money gets thrown around online, due to the convenience of filing (and) paying taxes over the Internet. As such, we make it a point to look out for threats specifically targeting taxpayers before, during and after tax season and every year, we invariably find a lot of them. This year was no ...

Spammers are constantly trying new ways to bypass filters to deliver spam. One of the more typical methods is the use of word salad spam, wherein spammed messages are filled with random words. We recently noticed a spike in salad spam that’s circulating in the wild. Aside from the sudden increase, what’s interesting about this particular spam run is that it uses exact sentences copied from Wikipedia articles. For example, in the spammed message below, the first sentence is “Knipe taught ...

News of a maritime disaster happening on South Korea waters hit full force on April 16, 2014. MV Sewol, a South Korean vessel, capsized off of the country's southern coast. While the world was still reeling from the horrific turn of events, cybercriminals began getting to work. Just mere hours after this event was reported worldwide, we have seen some spammed messages using this piece of news. In the samples that we have observed, the actual news is not used as ...

Facebook users are once again the target of a malicious scheme—this time in the form of a notification about "Facebook Chat". The spammed notification pretends to come from the "official Facebook Chat Team." A notification shows users of a tagged comment to a Facebook Note containing a fake announcement about a Facebook Chat verification requirement. Figure 1. Facebook Chat verification notification The spam tries to sound urgent to convince users to verify their accounts. To do so, they are first asked to to ...