Security Response

The terms targeted attack, spear phishing, and advanced persistent threat (APT) get bandied around in the media a lot these days. With the spate of recent headlines concerning companies being hacked, every company is on its guard to prevent becoming the next victim—and big headline. One of the major problems associated with targeted attacks is identifying whether or not your company is the actual target of any malware found and not just a random victim of a malware gang. There are several ways to try to do this, such as attempting to find the initial source of infection and analyzing the malware itself. However, attackers are clever and deception is part of their game.

If an attacker’s malware is discovered at any point during the initial stage of a targeted attack, the best-case...

Antivirus companies and malicious software makers are in a continual battle. Antivirus developers attempt to identify and block malicious software, and the malicious software developers want to evade detection so their products can succeed to earn them money.

The recently released Symantec Report on Attack Toolkits and Malicious Websites discusses how malicious software is increasingly being bundled into attack kits and how those kits are being sold in the underground economy and used in a majority of online attacks. One aspect of the report discusses the various forms of obfuscation methods built into these kits to avoid detection by antivirus sensors and researchers.

A major part of this obfuscation arms race is called a “FUD cryptor.” FUD in this case does not stand for “fear, uncertainty, and doubt,” but rather for “fully undetectable” or...

Search results and malicious websites

Among the many excuses I’ve heard from people who take computer security too lightly, or who brush off the likelihood of being targeted by Web attacks, are comments such as “I don’t search for anything bad,” or “I only visit sites I know.” I find this sort of attitude very frustrating, if not amusing, and I like coming across bits of information that I can use to educate these people. So, I was especially interested in the results of some related data analysis that I worked on for on the recently released Symantec Report on Attack Kits and Malicious Websites.

One of the metrics we use in the report examines Web search terms and the number of times the use of each search term resulted in a user visiting a malicious website. The range of search terms was unrestricted and consisted of both...