Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
Boston Marathon Bombing Used in Malicious Spam Campaign
Samir_Patil | 02 May 2013 19:58:04 GMT | 0 comments

Contributor: Christopher Mendes

On the afternoon of April 15, 2013, just when many people were on the cusp of conquering another personal milestone by completing the Boston Marathon, they were hit hard by an act of cowardice. Two bombs struck near the finish line of the Marathon on Monday. Within hours of the bomb blast, large malware-laden spam emails started doing the rounds.

Symantec customers are protected from this attack. Symantec blocks the attack by multi-level detection using Antispam, Intrusion Prevention System technology (IPS), and antivirus (AV). The AV detects the downloaded file as Packed.Generic.402. IPS detects the attack as Web Attack: Red Exploit Kit Website.

The spam email is very simple. The...

Read more
Telugu Movie "Brindavanam" Featured in Phishing Attempt
Ashish Diwakar | 02 May 2013 19:58:05 GMT | 0 comments

Contributor: Avdhoot Patil

Phishers continue to target Indian movies with phishing scams. The phishing site featuring the movie “Bodyguard” is one example, and this month Symantec observed a phishing attack in which phishers used a song from the Telugu movie “Brindavanam” as bait.

image1.jpg

The phishing site displayed a picture of a musical number from the movie “Brindavanam” starring Telugu actresses Samantha and Kajal Aggarwal in the left side of the phishing page. There is also a plot summary of the movie below the image. The phishing page then encouraged users to enter their login credentials stating that, after logging in, they could watch the video. The pictured musical number from the movie was taken from the legitimate movie website. After...

Read more
Phishers Spoof Bank’s Security Guidance Web Page
Mathew Maniyara | 02 May 2013 19:58:06 GMT | 0 comments

Contributor: Sandeep Ingale

When it comes to financial organizations, being informed about best security practices is every customer’s right. Many organizations provide this information on their websites to help their customers learn how to take full advantage of the services available to them while staying secure. Interestingly, these Web pages, meant for the guidance and protection of customers, were mimicked by phishers with the intent of tricking people into handing over personal information.

In March, we discovered a phishing site spoofing a popular credit card services company that asked users for confidential information, allegedly for additional security. It should be kept in mind that a legitimate site will never ask for confidential information for this reason.

The phishing site prompts users through a three-step procedure for activating their card and adding higher security. The first step asks users for personal and card-related...

Read more
2013 ISTR Shows Changing Cybercriminal Tactics
Symantec Security Response | 02 May 2013 19:58:08 GMT | 0 comments

The Symantec Internet Security Threat Report (ISTR) 2013 reveals how the threat landscape is evolving, compiling information from more than 69 million attack sensors in 157 countries around the world. This year’s report shows more targeted attacks, an increasing focus on smaller businesses, and the continued development of new threats.

Targeted attacks, hacktivism, and data breaches

Targeted attacks saw a 42 percent increase in 2012, bringing the average number up to 116 per day, with a corresponding increase in data theft and incidents of industrial espionage. Attackers appear to be changing their targets as well. Small businesses make up a larger percentage of those targeted for attack than in 2011—a threefold increase—with 31 percent of all targeted attacks directed at companies with fewer than 250 employees. Attackers are evidently finding valuable data to steal from such small companies and fewer defenses in place to stop them....

Read more
Indian Online Users Enticed to Take the Bitter Red Pill of Truth
Roberto Sponchioni | 02 May 2013 19:58:09 GMT | 0 comments

We recently observed a small spam campaign that was targeting random users. The campaign focused on users in India.  

Figure1_map.png

Figure 1. Heatmap of compromised computers related to the spam campaign

The emails contained a malicious attachment, detected as Spyware.Redpill, which is used by the bad guys to steal confidential information.

Spyware.Redpill is not new by any means; back in 2008 we created a signature for Spyware.Redpill to protect users. Redpill was designed to collect information for people wishing to know if their partner had been cheating on them. The name “red pill” was a nod to the Matrix film franchise, the red pill and its opposite, the blue pill were the choice between the blissful...

Read more
Microsoft Patch Tuesday – April 2013
Candid Wueest | 02 May 2013 19:58:12 GMT | 0 comments

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 14 vulnerabilities. Four of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Apr

The following is a breakdown of the issues...

Read more
Shylock Beefing Up and Looking for New Business Opportunities
Symantec Security Response | 02 May 2013 19:58:17 GMT | 0 comments

Shylock (a.k.a. The Merchant of Malice) is one of the most sophisticated banking Trojan horse programs presently occupying the financial fraud threat landscape. From its humble beginnings in 2011, it has seen increased infections in the United Kingdom, Italy, and the United States. This is consistent with the increased number of targeted financial institutions over that time period. Shylock is currently targeting over 60 financial institutions with the majority of them operating in the United Kingdom.

The main purpose of Shylock is to perform a man-in-the-browser (MITB) attack against a configured list of target organization websites. The attack is used to steal user credentials and apply social engineering tactics in order to convince the user to perform...

Read more
Social Scams - Part 2: How to Clean Up Your Browser and Facebook Timeline
Satnam Narang | 02 May 2013 19:58:18 GMT | 0 comments

During recent weeks, I have seen different scams on Facebook attempt to convince users to install Google Chrome extensions. I have noticed some conversations taking place around the scams; people not sure how to get rid of the scammer photos or how to prevent the scams from spreading further. Some users have unfortunately  gone as far as creating new Facebook profiles for themselves. This is not necessary.

If you have been tricked by one of these scams, here is how you can clean up your browser and Facebook timeline:
 

Remove bad browser extensions

If you have installed the Chrome extension for Facebook Black, Profile Spy ("See Your Profile Viewers"), or Free PS4, you will need to uninstall it from your...

Read more
Social Scams - Part 1: Reusing Old Scams to Push Browser Extensions
Satnam Narang | 02 May 2013 19:58:19 GMT | 0 comments

Last year, we talked about scams and spam circulating on Facebook in our whitepaper. Social networking scammers often reuse common lures to trick users, such as offering free products or additional features that are not available on their network of choice. What these scammers do differently is find new ways to get more eyeballs to view their specific links. Whether it is likejacking or even convincing users to paste code (an external JavaScript file) into the browser address bar, these scammers are relentless.

Just recently, we published a blog about the Facebook Black scam that has been spreading. While that scam continued to spread, we found two old lures being reused,...

Read more
Japanese One-Click Fraud Campaign Comes to Google Play
Joji Hamada | 02 May 2013 19:58:22 GMT | 0 comments

One-click fraud refers to a scam that attempts to lure users interested in adult-related video to a site that attempts to trick them into registering for a paid service. For many years, it has been common to see this type of fraud on computers. As smartphone usage has increased, so has the number of these types of scams on smartphone devices. People typically come across these scam sites by searching for things that they are interested in or by clicking on links contained in spam messages. We also witnessed the advent of one-click fraud Android apps just over a year ago and those apps can now be found on Google Play.

dev7.png

...
Read more