Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
Prepare for #OpPetrol
Symantec Security Response | 19 Jun 2013 23:54:49 GMT

On June 20, Anonymous will launch the #OpPetrol campaign. It was announced on May 11, shortly after the campaign called #OpUSA began.

These types of attacks are often similar, as we have seen in previous operations, and may include:

  • Distributed denial-of-service (DDoS) attacks
  • Hacking and defacing social media accounts or posting fake messages
  • Hacking and defacing organization websites or stealing information and posting it as "proof" of breach
  • Hacking organization servers and attempting sabotage, such as planting disk wiping malware

There are various ways attackers may target these organizations, including using tools like the LOIC (Low Orbit Ion Cannon) or phishing emails to trick recipients into revealing...

Read more
Targeted Attack Exploits Ichitaro Vulnerability
Symantec Security Response | 19 Jun 2013 17:20:00 GMT

JustSystems, developer of the Japanese word processor software called Ichitaro, recently announced a vulnerability—Multiple Ichitaro Products CVE-2013-3644 Remote Code Execution Vulnerability (CVE-2013-3644)—that has been exploited by attackers in the wild. Symantec has seen the exploitation being used in targeted attacks since May, but it has been limited to users in Japan and the volume of attacks has been minimal.

The attacker can leverage this vulnerability by sending a specially crafted attachment as part of a spear phishing campaign. When a user opens the malicious Ichitaro document file, arbitrary code is executed causing malware to be dropped onto the computer. Symantec detects the malicious document files as...

Read more
Social Network Scam Targets NBA Finals
Satnam Narang | 18 Jun 2013 20:59:50 GMT

For sports fans, the most exciting time of the year is the post season. It is when the underdogs have a chance to topple the better teams in the league, or last year's champions are trying to win it again. Depending on the sport, these events can draw a lot of viewers, whether it is a single event or a seven game series. So, its no surprise there are sites that claim to offer fans the ability to watch these events online.

Right now, we are in the midst of the NBA finals pitting some of the finest players in the league against each other in their quest to win it all. The series was just tied 2-2 before Game 5 on Sunday. On that day, some Facebook users may have seen pages offering a free live stream of the game.
 

image1_2.jpeg

Figure 1....

Read more
Hospitality Spam Takes a New Ride
Anand Muralidharan | 18 Jun 2013 18:30:51 GMT

Hospitality is the friendly bonding between the guest and host, especially efforts to make the guest feel comfortable. Spammers exploit hospitality events, and the bond between guest and host, with fake promotional offers. We are currently observing an increase in spam messages which exploit hospitality offered by major events, festivals, and concerts. The spam messages invite users to watch the events at entertaining venues happening in different places. Hospitality spam tries to entice users with bogus offers such as the following:

  • Luxury items
  • Fine dining
  • Champagne
  • VIP parking
  • VIP hostess service
  • Gambling
  • Q&A with sports celebrities
  • Large plasma screens
     

image1_1.jpeg

Figure 1. British Grand Prix hospitality spam ...

Read more
Malware Using Fake Certificate to Evade Detection
Val S | 14 Jun 2013 19:29:24 GMT

Contributor: Hiroshi Shinotsuka

Malware authors are always seeking new ways to hone their craft. As cybercriminals are facing a multitude of preventative technologies from Symantec and users are becoming more security conscious, it is becoming increasingly difficult for the bad guys to win.

Recently, during research, we came across an oddly named sample, Word13.exe. Upon first glance, it appears to be a digitally signed file from Adobe.
 

Fake Certificate 4.jpg

Figure 1. Word13.exe file signed by Adobe
 

Fake Certificate 1.png

Figure 2. Fake digital signature properties
...

Read more
Microsoft Office CVE-2013-1331 Coverage
Symantec Security Response | 14 Jun 2013 00:25:57 GMT

The time between discovery of a vulnerability and the emergence of an exploit keeps getting shorter—sometimes a matter of only hours. This increases pressure on IT managers to rapidly patch production systems in conflict with configuration management and best practices for quality assurance. Many organizations struggle to keep up with the constant release of new patches and updates.

Last Tuesday, June 11, 2013, Microsoft released a security bulletin (MS13-051) which covers a number of vulnerabilities. One of the vulnerabilities has reportedly been exploited in targeted attacks. Attackers can leverage this vulnerability by sending a specially crafted attachment as part of a spear phishing campaign.

Microsoft Office PNG File CVE-2013-1331 Buffer Overflow Vulnerability (CVE-2013-1331)—a remote stack-based buffer overflow...

Read more
“Sakura” Site App on the Apple App Store
Joji Hamada | 13 Jun 2013 21:47:18 GMT

Japanese one-click fraud apps on Google Play made their debut at the beginning of the year and have now become a regular on the market as new variants appear on an almost daily basis. I was curious to see whether the scammers had attempted to target other mobile platforms, so I did some investigative work. The result of which was I didn’t find any one-click fraud on other platforms, but I did came across a dodgy app in the Apple App Store that uses a strategy that is similar to one-click fraud apps.

Once opened, the app accesses certain URLs and displays content from them within the app. The app itself pretty much acts as a frame for the fraudulent site. The particular app leads to fake dating services, called “sakura” sites in Japan, rather than one-click fraud apps that attempt to fool users into paying for an adult video service.

The app was introduced on the App Store as a game and certainly does not look like it is related to a dating service on...

Read more
419 Scammers Eye ICC Champions Trophy 2013
Anand Muralidharan | 13 Jun 2013 18:43:50 GMT

The International Cricket Council (ICC) Champions Trophy 2013 is currently being held in England and Wales. The group matches are already in progress and the grand finale will be held on June 23. In the past, Symantec observed various spam emails targeting the ICC World T20 and the Cricket World Cup. As expected, we have seen ICC Champions Trophy 2013 scam emails flowing into the Symantec Probe Network.

Nigerian scammers have reached out through text based emails, .doc files, and PDF files. Here, the scam message is attached as a .doc file called ICC UPDATE.doc. The email says that the reader has won a brand new Camry Solara worth 85,000 Euro. This is typical of 419 scams. The scam email explains that the winning email address was obtained in a raffle and was sent to the final drawing conducted at...

Read more
Being a Modern Fan
Satnam Narang | 12 Jun 2013 16:30:31 GMT

Friedrich Nietzsche, a German philosopher, once said that, “without music, life would be a mistake.” This resonates with me, as someone with a profound love and appreciation for music. Like many fans, I’m an avid concert and festival attendee. Just last year, I attended a number of music festivals, from Coachella to Rock The Bells.

Last year’s Coachella music festival sold out quickly. While my friends and I managed to secure tickets, not everyone was so lucky. Shortly after ticket sales ended, I observed a Facebook fan page offering “free tickets” to users who liked the page. It had close to 10,000 likes but contained little information. I started warning friends that the page was a scam. The page was eventually taken down, with no free tickets awarded after all.

These types of online ticket scams may not seem common, but that perception is precisely why an offer like this—whether through social networking or email—may...

Read more
Microsoft Patch Tuesday – June 2013
Symantec Security Response | 11 Jun 2013 18:54:22 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing five bulletins covering a total of 23 vulnerabilities. Nineteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the June releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Jun

The following is a breakdown of the issues...

Read more