Video Screencast Help
Security Response
Showing posts in English
himanshu_mehta | 08 Jul 2014 18:40:33 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing six bulletins covering a total of 29 vulnerabilities. Twenty-four of this month's issues are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the July releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14...

Binny Kuriakose | 04 Jul 2014 10:01:54 GMT

Contributor: Vijay Thawre

It’s a time of freedom and joy for Americans as the United States prepares to celebrate its 238th Independence Day on July 4 with fireworks, parades, music, and public events. However, like every other year, spammers are sending people a barrage of cleverly crafted spam aimed at exploiting this mood of celebration.

This year, Symantec has observed a variety of spam, ranging from fake Internet offers to pharmacy deals, which take advantage of the US Independence Day.

Travel promotion spam
In travel promotion spam campaigns, the spammer tries to lure customers with offers of premium travel arrangements for July 4. The spammer claims to offer chartered private jets, aiming to entice customers with the luxury of having a plane at their disposal. They also make a pitch for budget travelers as well. The spam message includes a link  to a page that asks users to enter their personal information....

Ankit Singh | 03 Jul 2014 17:01:17 GMT

On June 28, the popular video sharing website Dailymotion was compromised to redirect users to the Sweet Orange Exploit Kit. This exploit kit takes advantage of vulnerabilities in Java, Internet Explorer, and Flash Player. If the vulnerabilities were successfully exploited during the campaign, pay-per-click malware was then downloaded on the victim’s computer. This week, Dailymotion is no longer compromised, as users are currently not being redirected to the exploit kit.

We believe that the attackers compromised Dailymotion in order to target a large number of users. Dailymotion is in Alexa’s top 100 most popular websites list, so the attackers could have potentially infected a substantial amount of users’ computers with malware through this attack. We found that the campaign mainly affected Dailymotion visitors in the US and Europe.

...

Ankit Singh | 02 Jul 2014 08:46:25 GMT

Contributor: Karthikeyan Kasiviswanathan

Last week, it was reported that popular Web portal AskMen.com was compromised to redirect users to a malicious website that hosted the Nuclear Exploit Kit. Symantec has found during investigations that users were also redirected to the Rig Exploit Kit during this attack. The site has since removed the malicious code and users are no longer being redirected to any exploit kit.

The Rig Exploit Kit was discovered a few months ago and mainly exploits vulnerabilities in Internet Explorer, Java, Adobe Flash, and Silverlight. We decided to take a closer look at how the exploit kit was used in this attack to find out what damage it could do to users’ computers.

Rig Exploit Kit’s features
To set up the attack, the attackers injected malicious...

Symantec Security Response | 30 Jun 2014 12:58:04 GMT

dragonfly_concept.png

An ongoing cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to energy supplies in affected countries.

Among the targets of Dragonfly were energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers. The majority of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland. 

The Dragonfly group is well resourced, with a range of malware tools at its disposal and is capable of launching...

Candid Wueest | 27 Jun 2014 16:07:09 GMT

android_tablet_security.png

 

At this year’s Google I/O developer conference, the technology giant shared its vision of a connected world where smart watches, smartphones, cars, laptops, televisions, and thermostats all interact seamlessly with one another. Of course, central to this vision was one of the conference’s main themes, the idea of Android everywhere and on every device. However, while all this is very exciting and filled with possibility, this new wave of devices and capabilities will spur on a race to develop more contextually aware and voice-enabled apps on the Android operating system (OS) – which, as a platform, has been a popular target for attackers. 

 

Android L
Google’s next version of Android to be released, referred to as Android L, comes with many new features and capabilities. There are also a few...

Sammy Chu | 26 Jun 2014 19:49:01 GMT

Image spam has been around for a longtime and peaked in January 2007 when Symantec estimated that image spam accounted for nearly 52 percent of all spam. Pump-and-dump image stock spam made up a significant portion of that 52 percent. Image spam has been in hibernation mode for a long time until recently when Symantec detected a significant increase in these attacks from our global Intelligence network.

Between June 20 and June 23, 52.25 percent of spam messages contained an image, compared to just 2.23 percent between June 13 and June 19. As with the last wave of image spam, image stock spam made up a significant portion of image spam messages. 

Image Stock 1 edit.jpg

Figure 1. Significant increase in image spam

Pump-and-dump image stock spam’s main problem stems from how it can cause financial...

Candid Wueest | 24 Jun 2014 18:38:29 GMT

Fire Phone 1.png

Everyone has heard stories about smartphones with malfunctioning battery packs bursting into flames, but the new Amazon Fire Phone, despite its name, could pose a different kind of danger. Amazon’s recently announced device is due to be released in July and may present some potential security concerns for users.

Fire OS

Amazon’s Fire Phone runs on Fire OS 3.5, which is based on Android 4.2 (Jelly Bean) and Amazon says they are working on upgrading to Android 4.4 (KitKat). Since the Fire OS is a fork of the Android OS, it is unclear how Amazon will react to major Android updates or patches in the future. Even with updates and patches, most users never consider upgrading the OS on their mobile device anyway, which can increase the attack surface of the device.

3D illusion...

Sean Butler | 23 Jun 2014 21:05:36 GMT

On June 19, we came across an interesting e-card spam campaign. E-card spam typically distributes malware; however this campaign simply redirects the user to a “get rich quick” website.

This campaign’s emails are very basic. The messages are sent from a spoofed 123greetings.com email address and contain one sentence and a link.

ecard spam 1.png

Figure 1. E-card spam campaign email

After looking at the header for one of the emails, we saw that the email appears to have been sent from an Amazon IP address. This is most likely an attempt to trick anyone that reads the header into thinking the email is legitimate. However, the IP address actually resolves to a DNS name that is not associated with Amazon.

In the body of the emails, the spammers use URL shorteners to redirect victims to their site...

Shunichi Imano | 19 Jun 2014 10:53:19 GMT

Nico Nico, meaning “smile” in Japanese, is one of the biggest video sharing sites in Japan, with more than 30 million free members and over 2 million paid subscribers.

Rumors surfaced earlier today, claiming that some users who were watching videos on Nico Nico saw a strange pop-up message, asking them to update Flash Player to the latest version.

Niconico_5_LOB.png
Figure 1. The suspicious pop-up message, which says “This page cannot be displayed! Update to the latest version of Flash Player!”

The domain that the pop-up message appears from, downloads.[REMOVED].biz, does not look like it belongs to Adobe or Nico Nico.

If the user clicks “OK” on the pop-up message, they will be redirected a fake Flash Player download site, which mimics the appearance of the legitimate Adobe website.

...