Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Reality Check
Showing posts in English
Ctrox | 14 Jan 2010 | 6 comments

Recently, Symantec convened a panel of researchers to review the 2009 threat landscape and to discuss what we can expect in 2010.

The group was unanimous in saying what we saw this year was ugly. Botnets prevailed and took over as a primary means of disseminating spam and spreading malware, while social engineering attacks became more sophisticated.

But the group was also in agreement in saying that what we experienced this year will pale in comparison to what 2010 will bring: “fast flux” botnets will dominate, rogue security software vendors will up their game, and fraud targeted at social networking applications will grow.

That’s the bad news. The good news is that with some preparation and the right security solutions in place, we can continue to outsmart the bad guys.

Here are the security trends that are likely to be noteworthy in 2010: 

  • Social engineering will be the primary attack vector –...
Ctrox | 11 Jan 2010 | 0 comments

The emails arrive bearing subject lines such as “State Vaccination H1N1 Program,” “Governmental registration program on the H1N1 vaccination,” and “Create your personal Vaccination Profile.” Purportedly from the Centers for Disease Control, the messages urge recipients to register for H1N1 vaccinations.

The problem is they’re bogus.

The messages lead users to an official-looking CDC site where they’re asked to create a profile in order to receive a vaccination for the swine flu. The site encourages users to download a vaccination profile archive and includes a link to the download.

Clicking on the link, however, actually downloads and installs a new variant of the “Zbot” Trojan horse. Called “Zeus” by some security companies, the malware is a bot Trojan that hijacks the Windows PC for nefarious activities, including sending out more spam.

It’s just the latest example of the way...

Ctrox | 11 Jan 2010 | 0 comments

Never at a loss to cook up new and ingenious scams, cyber-criminals are using increasingly persuasive online scare tactics to convince users to purchase rogue security software.

Rogue security software, also known as “scareware,” pretends to be legitimate security software but actually provides little or no value and may even install malicious code on a user’s computer.

According to the recently released Symantec Report on Rogue Security Software, there are two main ways in which rogue security software is installed on a computer: either it is downloaded and installed manually by a user after he or she has been tricked into believing that the software is legitimate, or it is unknowingly installed onto a computer when a user visits a malicious website.

Rogue security software is advertised in a variety of locations, including malicious and...

Ctrox | 04 Jan 2010 | 2 comments

Did you know that pirated software can cost you your identity?

Increasingly, counterfeit software is likely to contain spyware, which after installation can steal personal and confidential information from your computer without your knowledge. This stolen information can be exploited immediately by identity thieves.

In some cases, people turn over their financial information to disreputable businesses in exchange for pirated software that doesn’t work and can make their computers more vulnerable to virus attacks and various online threats. That could result in the loss of irreplaceable files or the corruption of other software on the computer.

In other cases, pirated software can lead to the destruction of a computer by permanently damaging the hard drive or other components.

Follow these guidelines to steer clear of pirated software: 

  • Be wary of “too good to be true” pricing. Prices that are 30% below MSRP are...
Ctrox | 04 Jan 2010 | 2 comments

New technology from Symantec that harnesses the “wisdom of crowds” is fundamentally changing how spyware, viruses, and worms are detected.This reputation-based technology leverages the anonymous software usage patterns of millions of Symantec users to automatically identify new threats.

Continue reading to learn how this technology could change the rules of the malware game, shifting the odds in favor of users.

Coming to terms with a new threat landscape

Seismic changes in the threat landscape over the last few years have dramatically altered the typical distribution profile for new malware. Today, instead of a single malware strain infecting millions of machines, it’s much more common to see many millions of malware strains, each targeting only a handful of machines. In 2008, Symantec discovered more than 120 million distinct malware variants. In such an environment, it’s necessary to move beyond traditional security approaches...

Ctrox | 04 Jan 2010 | 0 comments

Cyber-criminals are using search engines as platforms from which they deliver malicious code. It’s an increasingly common practice known as search engine “poisoning.”

Earlier this year it was reported that Google was serving up advertisements that led to misleading applications (also known as rogue security software). The scammers were taking advantage of Google-sponsored ads for acquiring traffic and redirecting it to malware-infected copies of legitimate software.

In one case, a Google search for a popular data compression utility led to a fake downloads page hosting a bogus version of the utility. The end result was that the user was tricked into running a security scan using this rogueware and receiving confirmation that the machine was indeed infected. The criminals then attempted to sell a disinfection tool to remove the malware they installed on the victim’s machine.

The various tactics that cyber-criminals use to hoodwink users...