Video Screencast Help
Security Response
Showing posts in English
Avdhoot Patil | 01 Aug 2014 08:32:58 GMT

Contributor: Virendra Phadtare

Phishers are continuing to focus on social networks as a platform for their phishing activities. Fake social media applications in phishing sites are not uncommon. In the past, we have seen a bogus Asian chat app and a fake voting campaign in phishing attacks. These fake apps are typically developed for the purpose of harvesting personal information. 

Symantec recently observed a phishing site with a fake gaming application that claimed to offer unlimited chips for an Indian poker gaming application called Teenpatti. Phishers promoted a fake version of the Teenpatti game called “Teenpatti Hack”. The phishing site was hosted on a free Web hosting service.

...

Kazumasa Itabashi | 31 Jul 2014 11:37:17 GMT

case_doll_concept.png

Symantec Security Response has observed a new variant of ransomcrypt malware which is easy to update and uses open source components to encrypt files. The variant, detected as Trojan.Ransomcrypt.L, uses a legitimate open source implementation of the OpenPGP standard to encrypt files on the victim’s computer. The threat then displays a ransom notice in Russian, asking the user to pay in order to unlock the files.

This isn’t the first time we’ve seen malware authors using open source encryption components in their ransomware threats, but it does show a continuing trend of attackers making ransomware easier to create and maintain. While ransomware can typically be complex, the malware author for Trojan.Ransomcrypt.L made the threat easy to develop and maintain.

...
Symantec Security Response | 30 Jul 2014 14:27:53 GMT

qs-header-image2_650px.png

Each day, millions of people worldwide are actively recording every aspect of their lives, thoughts, experiences, and achievements in an activity known as self-tracking (aka quantified self or life logging). People who engage in self-tracking do so for various reasons. Given the amount of personal data being generated, transmitted, and stored at various locations, privacy and security are important considerations for users of these devices and applications. Symantec has found security risks in a large number of self-tracking devices and applications. One of the most significant findings was that all of the wearable activity-tracking devices examined, including those from leading brands, are vulnerable to location tracking. 

Our researchers built a number of scanning devices using Raspberry Pi minicomputers and, by taking them out to athletic...

Symantec Security Response | 28 Jul 2014 15:21:02 GMT

Symantec Security Response has found that a new variant of Trojan.Snifula (Neverquest) is targeting more than 30 Japanese financial institutions, including 12 regional banks. The threat first appeared in 2006 and is used to steal victims’ financial information from specific banking sites through man-in-the-browser (MITB) techniques. Snifula’s new targets show that the malware is broadening its focus to smaller financial institutions, meaning that consumers should be wary of the threat regardless of which bank they use. 

We previously predicted that Snifula would be updated to target additional financial institutions and now it has happened. While monitoring Snifula’s activities, we came across a configuration file for a Snifula variant that lists 20 credit card sites and 17 online...

Symantec Security Response | 25 Jul 2014 13:41:11 GMT

backdoor_concept.png

Symantec Security Response recently discovered a peculiar back door program that targeted a Korean organization. The malware, detected by Symantec as Backdoor.Baccamun, is dropped by an RTF document written in Korean that is disguised as an internal invitation to the organization’s employees for a free car inspection. The document file exploits the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158) and drops the Backdoor.Baccamun upon successful exploit of the vulnerability.

The back door is quite compact (19 kilobytes) and is smaller than average back door programs. It can perform the following actions:

  • List running processes
  • Terminate...
Binny Kuriakose | 23 Jul 2014 23:28:53 GMT

Contributor: Mayur Deshpande

Phishing emails masquerading as banking communications are observed in huge quantities every single day. Spammers will often exploit global news and major world events to carry out phishing attacks. Phishing emails often use international and regional news to disguise their phishing content and force the recipients to give up sensitive personal data.

Recently, Canada enacted an anti-spam law which mandates that all companies obtain explicit consent from customers for email correspondence. Spammers exploited this news to send phishing emails pretending to request consent for emails. This phishing attempt shown below goes a step further and fabricates fake news about a similar law in the United States.

Fake US Antispam Law 1 edit.png

Figure. Phishing sample...

Ankit Singh | 22 Jul 2014 22:25:38 GMT

Facebook Scam.png

Contributor: Himanshu Anand

Facebook scams are a regular occurrence in today’s world, but attackers have become more aggressive and are now using Facebook scams to exploit a user’s system. Normally Facebook scams trick users into filling out fake surveys, or sharing videos and pictures. It is very rare that a scam redirects to an exploit kit, but in the case of one famous Facebook scam targeting users who wanted to work from home, that was exactly what happened. The “EXPOSED: Mom Makes $8,000/Month” scam, which we observed recently, redirected users to the Nuclear exploit kit. This particular scam has since been removed by Facebook.

Facebook Scam 2.png

Figure 1....

Symantec Security Response | 16 Jul 2014 23:01:43 GMT

Despite Japan's isolated adoption of unique and sometimes incompatible technological standards, often described as Galapagosization, the country still seems to be open game when it comes to banking malware. Attacks on online banking are nothing new in Japan and the country has dealt with several prominent cases in the last year. For instance Infostealer.Torpplar targeted confidential information that was specific to Japanese online banks and credit cards, and variants of Infostealer.Bankeiya utilized various methods including zero-day vulnerabilities and exploit kits to target Japanese users. Japan's National Police Agency reported that US$11,840,000 was stolen in 2013 as a result of cybercrime and, as of May 9, 2014, US$14,170,000...

Satnam Narang | 15 Jul 2014 16:12:08 GMT

One year ago, we warned users about one of the first instances of adult webcam spam on the up-and-coming mobile dating application Tinder. We also warned about an impending flood of spam bots once an Android version was released. Now, a year later, we have observed a number of different spam campaigns using fake profiles to flirt with users of the service.

Adult webcam spam
The first spam campaign we identified ultimately set the tone for future campaigns. These spam bots claimed to offer an adult webcam session and asked users to click on a link to another website. The spammers iterated their efforts; modifying their scripts, switching short URL services (from goo.gl to bit.ly), and linking to different webcam sites. Eventually, these bots were set up to get users to...

Symantec Security Response | 10 Jul 2014 17:40:05 GMT

An international law enforcement operation has struck a major blow against the gang behind Shylock, one of the world’s most dangerous financial Trojans. The takedown, which was led by the UK National Crime Agency, resulted in the seizure of a command and control (C&C) servers, in addition to domains that Shylock uses for communication between infected computers.

Trojan.Shylock is designed to intercept online banking transactions and steal victims’ credentials. The gang behind it appears to be based in Russia or Eastern Europe and its main target is customers of UK banks. It has also hit financial institutions in a number of other European countries and the US. Shylock is more advanced than many other financial Trojans:

  • The attackers behind Shylock have an advanced, targeted...