Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
Malware Using Fake Certificate to Evade Detection
Val S | 14 Jun 2013 19:29:24 GMT

Contributor: Hiroshi Shinotsuka

Malware authors are always seeking new ways to hone their craft. As cybercriminals are facing a multitude of preventative technologies from Symantec and users are becoming more security conscious, it is becoming increasingly difficult for the bad guys to win.

Recently, during research, we came across an oddly named sample, Word13.exe. Upon first glance, it appears to be a digitally signed file from Adobe.
 

Fake Certificate 4.jpg

Figure 1. Word13.exe file signed by Adobe
 

Fake Certificate 1.png

Figure 2. Fake digital signature properties
...

Read more
Microsoft Office CVE-2013-1331 Coverage
Symantec Security Response | 14 Jun 2013 00:25:57 GMT

The time between discovery of a vulnerability and the emergence of an exploit keeps getting shorter—sometimes a matter of only hours. This increases pressure on IT managers to rapidly patch production systems in conflict with configuration management and best practices for quality assurance. Many organizations struggle to keep up with the constant release of new patches and updates.

Last Tuesday, June 11, 2013, Microsoft released a security bulletin (MS13-051) which covers a number of vulnerabilities. One of the vulnerabilities has reportedly been exploited in targeted attacks. Attackers can leverage this vulnerability by sending a specially crafted attachment as part of a spear phishing campaign.

Microsoft Office PNG File CVE-2013-1331 Buffer Overflow Vulnerability (CVE-2013-1331)—a remote stack-based buffer overflow...

Read more
“Sakura” Site App on the Apple App Store
Joji Hamada | 13 Jun 2013 21:47:18 GMT

Japanese one-click fraud apps on Google Play made their debut at the beginning of the year and have now become a regular on the market as new variants appear on an almost daily basis. I was curious to see whether the scammers had attempted to target other mobile platforms, so I did some investigative work. The result of which was I didn’t find any one-click fraud on other platforms, but I did came across a dodgy app in the Apple App Store that uses a strategy that is similar to one-click fraud apps.

Once opened, the app accesses certain URLs and displays content from them within the app. The app itself pretty much acts as a frame for the fraudulent site. The particular app leads to fake dating services, called “sakura” sites in Japan, rather than one-click fraud apps that attempt to fool users into paying for an adult video service.

The app was introduced on the App Store as a game and certainly does not look like it is related to a dating service on...

Read more
419 Scammers Eye ICC Champions Trophy 2013
Anand Muralidharan | 13 Jun 2013 18:43:50 GMT

The International Cricket Council (ICC) Champions Trophy 2013 is currently being held in England and Wales. The group matches are already in progress and the grand finale will be held on June 23. In the past, Symantec observed various spam emails targeting the ICC World T20 and the Cricket World Cup. As expected, we have seen ICC Champions Trophy 2013 scam emails flowing into the Symantec Probe Network.

Nigerian scammers have reached out through text based emails, .doc files, and PDF files. Here, the scam message is attached as a .doc file called ICC UPDATE.doc. The email says that the reader has won a brand new Camry Solara worth 85,000 Euro. This is typical of 419 scams. The scam email explains that the winning email address was obtained in a raffle and was sent to the final drawing conducted at...

Read more
Being a Modern Fan
Satnam Narang | 12 Jun 2013 16:30:31 GMT

Friedrich Nietzsche, a German philosopher, once said that, “without music, life would be a mistake.” This resonates with me, as someone with a profound love and appreciation for music. Like many fans, I’m an avid concert and festival attendee. Just last year, I attended a number of music festivals, from Coachella to Rock The Bells.

Last year’s Coachella music festival sold out quickly. While my friends and I managed to secure tickets, not everyone was so lucky. Shortly after ticket sales ended, I observed a Facebook fan page offering “free tickets” to users who liked the page. It had close to 10,000 likes but contained little information. I started warning friends that the page was a scam. The page was eventually taken down, with no free tickets awarded after all.

These types of online ticket scams may not seem common, but that perception is precisely why an offer like this—whether through social networking or email—may...

Read more
Microsoft Patch Tuesday – June 2013
Symantec Security Response | 11 Jun 2013 18:54:22 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing five bulletins covering a total of 23 vulnerabilities. Nineteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the June releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Jun

The following is a breakdown of the issues...

Read more
Linux Kernel Exploit Ported to Android
Symantec Security Response | 12 Jun 2013 00:20:53 GMT

Malware authors are notorious for quickly leveraging new exploits in the public domain for nefarious purposes. The recent discovery of a Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability (CVE-2013-2094) in the Performance Counters for Linux (PCL)—currently being exploited on various platforms—has now been modified to work on the Android operating system.  

For anyone unfamiliar with the Android operating system, it is based off the open source Linux operating system. This means that many of the discovered Linux kernel based vulnerabilities have the possibility of being exploited in Android devices. However, with different Android devices using different versions of the Linux kernel, only certain devices may be affected by a particular exploit.

...
Read more
Phishers Now Target Real Madrid Fans
Ashish Diwakar | 11 Jun 2013 04:44:49 GMT

Contributor: Avdhoot Patil

It seems that targeting football clubs, football celebrities, and football events has become a habit for phishers. They continue their uncivilized activities and in particular single out football. Now, phishers have set their eyes on the Real Madrid Football Club based in Madrid, Spain. Real Madrid is one of the world’s richest football clubs and has a large fan base.

Real Madrid fake login.png

Figure. Fake Facebook phishing page featuring Real Madrid and Cristiano Ronaldo.

 As we can see in the figure, the phishing page asks users to enter Facebook login...

Read more
Scammers Take Advantage of Dance Grand Prix Europe 2013
Anand Muralidharan | 10 Jun 2013 20:59:45 GMT

Contributor: Vivek Krishnamurthi

The International Dance Competition “Dance Grand Prix Europe” is set to begin June 12 and will be hosted in Spain. The purpose of the competition is to showcase all the top dancers from various dance schools and this major event attracts choreographic talent from around the world. Spammers also don’t want to miss this event and the opportunity to circulate a scam.
 

image1_0.jpeg

Figure 1. Dance Grand Prix Europe 2013 spam
 

To grab the reader’s attention, the spam email reveals some appealing facts about the event along with "only a little fee" required but no additional charges for participation in the event. Clicking the URL will automatically redirect the user to a website containing a bogus...

Read more
Beware of Fake Gift Offers for Father’s Day
Anand Muralidharan | 10 Jun 2013 13:27:32 GMT

A lot of people are counting down the days until they can express their appreciation and love towards their dads by giving them gifts for Father’s Day, which is celebrated on June 16. Last month we published a blog called Spammers Continue to Exploit Mother’s Day, now it’s the turn of Father’s Day, as spam messages have started flowing into the Symantec Probe Network. Most of the spam emails attempt to encourage users to take advantage of product offers, fake surveys, and replica watches. Clicking the URL contained in the spam message automatically redirects the user to a website containing a bogus offer.

Figure1_1.png

Figure 1. Gift offer spam

Figure2_0.png...

Read more