Video Screencast Help
Security Response
Showing posts in English
Hon Lau | 22 Aug 2014 18:59:00 GMT

Third Party Mobile 1.jpg

NIST has published draft guidelines (Technical Considerations for Vetting 3rd Party Mobile Applications (Special Publication 800-163)) to help guide organizations on how to check over third party mobile apps before they allow them for use in their environment. The document contains a wealth of information and advice on how organizations can approach the tricky problem of deciding whether certain mobile apps should be allowed or not. This report comes at a time when many organizations are struggling to get to grips with mobile device related security problems posed by the growth of BYOD and the challenge of increasing use of employer provisioned mobile devices. As the boundaries between business and personal use becomes...

Lionel Payet | 22 Aug 2014 10:17:15 GMT

automobile-sector-concept.png

Contributor: Mark Anthony Balanza

As a successful business sector, the automobile industry is an attractive target for cybercrime. The automobile industry is composed of a multitude of businesses ranging from manufacturers and sellers to garages offering maintenance and repair. Earlier this month, we observed a spam campaign that targeted several small to medium sized companies within the automobile industry in Europe with Infostealer.Retgate (also known as Carbon Grabber).

The Carbon Grabber crimeware kit first appeared on underground forums earlier this year. Crimeware kits are not new and since the Zeus (Trojan.Zbot) malware’s notoriety,...

Avdhoot Patil | 19 Aug 2014 23:33:39 GMT

Phishers are known for capitalizing on current events and using them in their phishing campaigns. Celebrity scandals are popular and Symantec recently observed a phishing attack on the Facebook platform that claimed to have the sex tape of well-known Filipino television host and news anchor Paolo Bediones. Paolo Bediones became a hot topic last month when an adult video featuring a person resembling this TV host appeared online.

Symantec discovered a fake Facebook site behind a campaign that offered the "sex scandal" video of Paolo Bediones.

image1_0.jpg

Figure. Phishing site requests user login, then steals credentials

A message on the phishing site requests users to login to watch the full sex video. If users enter their Facebook login credentials, the phishing page...

Symantec Security Response | 15 Aug 2014 19:24:03 GMT

image1_25.png

News of the Ebola virus epidemic in West Africa has hit every news outlet around the globe, and cybercriminals are once again using the latest headlines to bait victims. Symantec has observed three malware operations and a phishing campaign using the Ebola virus as a social engineering theme.

Malware and phishing campaigns
The first campaign is fairly simple. Attackers send out an email with a fake report on the Ebola virus to entice victims and what users actually get is an infection of the Trojan.Zbot malware.

In the second campaign, cybercriminals send out an email that impersonates Etisalat, a telecommunications service provider in the United Arab Emirates with footprints in 18 countries across the Middle East,...

Satnam Narang | 14 Aug 2014 21:32:10 GMT

Within 48 hours of the news surrounding the death of actor and comedian Robin Williams, scammers honed in on the public’s interest and grief. There is currently a scam campaign circulating on Facebook claiming to be a goodbye video recorded by the actor just before his death.
 

fbscam-bbcnews-rw.png

Figure 1. Fake BBC news site with fake Robin Williams goodbye video
 

There is no video. Users that click on the link to the supposed video are taken to a fake BBC News website. As with many social scams, users are required to perform actions before they can view the content. In this case, users are instructed to share the video on Facebook before watching.
 

fbscam-share-numbers.png

Figure 2. Facebook share dialog with fake...

himanshu_mehta | 12 Aug 2014 20:52:31 GMT

Welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 37 vulnerabilities. Twenty-eight of this month's issues are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the August releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-aug

The following issues are addressed this month:

  1. ...

Candid Wueest | 12 Aug 2014 15:58:36 GMT

VMserver_concept.png

In the security field, virtual machines (VM) have been used for many years and are popular among researchers because malware can be executed and analyzed on them without having to reinstall production systems every time. As we previously discussed, these tests can be done manually or on automated systems, with each method providing different benefits or drawbacks. Every artifact is recorded and a conclusion is made to block or allow the application. For similar reasons, sandbox technology and virtualization technology have become a common component in many network security solutions. The aim is to find previously unknown malware by executing the samples and analyzing their behavior. 

However, there is an even bigger...

Symantec Security Response | 07 Aug 2014 14:01:54 GMT

3587091_-_fig_1.png

A cyberespionage campaign involving malware known as Wipbot and Turla has systematically targeted the governments and embassies of a number of former Eastern Bloc countries. Trojan.Wipbot (known by other vendors as Tavdig) is a back door used to facilitate reconnaissance operations before the attackers shift to long term monitoring operations using Trojan.Turla (which is known by other vendors as Uroboros, Snake, and Carbon). It appears that this combination of malware has been used for classic espionage-type operations for at least four years. Because of the targets chosen and the advanced nature of the malware used, Symantec believes that a state-sponsored group was behind these...

Laura O'Brien | 06 Aug 2014 14:27:42 GMT

STOLEN_PASSWORDS_HEADER.jpg

A recent report claimed that a Russian cybercrime group stole 1.2 billion user names and passwords from 420,000 websites. The breaches reportedly affect a huge variety of entities ranging from Fortune 500 firms to very small sites. The affected sites weren’t identified, as many of them are still vulnerable to attack.

The group allegedly managed to obtain these details by using botnets to probe websites for vulnerabilities. The report states that when one of the botnet’s infected computers visits a website, the attackers force the computer to carry out an SQL injection attack on the site to see if it contains vulnerabilities. If the site is...

Symantec Security Response | 06 Aug 2014 12:10:36 GMT

Since its emergence in 2007, Trojan.Asprox has remained one of the most prolific botnets on the threat landscape. During this time it has evolved into a formidable threat encompassing new functionalities which have been well documented within the information security industry. While always maintaining a presence on the threat landscape, since late last year the Asprox botnet has resurged and has been steadily increasing its numbers as a result of ongoing self-propagating spam campaigns.

Now Symantec has observed Trojan.Asprox.B, adding yet another new module to its arsenal in the form of a URL viewer that is used to push advertising pages to a victim’s browser. To date, we have observed Asprox push casino, loan, mobile spyware, and pornographic adverts to unwilling victims’ browsers. In...