For those of us who are not hardcore gamers (yours truly included),but have fond memories of playing Pitfall on the Atari 2600 or Pirateson an old Apple, the world of online gaming has been experiencing aperiod of explosive growth in recent years. The rapid increases inplayers and dollars flowing into the gaming industry go well beyond theconsole-based games such as Sony’s PS3 and Nintendo’s Wii and extend toPC-based games such as the hugely popular World of Warcraft (WoW) whichenjoys a thriving online population that recently reached over 6 million users worldwide.WoW is a massively multiplayer online game (MMOG) that allows playersfrom across the globe to interact socially in a persistent world wherethe player is represented by their in-game avatar who increases inskills, gains possessions and presumably builds relationships overtime. The MMOG market...
We’re happy to report that so far today, Peacomm and Mixor.Q activity is lighter than the maelstrom of activity we’ve seen in previous days. We’ve noted no new spam runs today, with the malware submissions and activity levels tapering off a bit as well. Phew! Our Security Response team in Pune, India, has pulled together a slick Flash-based run through of the attack, which can be viewed using the following URL: http://www.symantec.com/content/en/us/home_homeoffice/media/flash/peacomm.html
Just a little more info on this threat you may have not heard before—it is communicating over peer-to-peer using the Overnet protocol and network (of eDonkey fame). After connecting to the network, the threat then searches for some particular hashes (searches are done by hash, not by specific filename) and eventually it receives a reply that includes some 'meta tag' information...
This past spring we announced that Phish Report Network (PRN) was officially open for any organization who wanted to have phishing attacks against their brand blocked through the PRN’s community of solution providers, including Yahoo, Netscape, Symantec and others. This was (and still is) completely free of charge to the organization sending the data. We’re now pleased to announce that anyone, from Grandma Jones in Topeka to Uncle Jack in Melbourne, can now submit their fresh phish to the PRN. It’s a piece of cake to do and mostly consists of copying the URL of the fraudulent Web site into a submission form at the following location: https://submit.symantec.com/antifraud/phish.cgi
Once we receive the suspicious URLs, we vet them both programmatically as well as manually to make sure it is indeed a fraudulent...
Now that all of the hard work has been done by everyone else compiling the stats and the 100+ page report, it’s time for a glance at the tea leaves. (Typical product manager.) ;-) This blog will serve as a very abbreviated recap of the Future Watch section of the latest ISTR, which looks ahead to the short-term horizon for what we think some of the main issues will be. This isn’t the "toaster is infected with a worm which jumped there from a flawed RFID chip” type of stuff; rather, it’s the patterns that we see forming that are either right around the corner, or are already showing signs of being a clear pattern. Your toaster is safe for now. :-)
While the ISTR report itself discusses both Windows Vista and Web 2.0 issues in the Future Watch section, I’m going to pass on those topics here, as we’ve already provided in-depth coverage of both in previous blogs. (You can find these blogs in the...
Last month, I blogged on the security and privacy implications surrounding Web 2.0, but left a little for another day. Following up after this year’s Black Hat, where Web 2.0 issues were cast into the spotlight, I’m here to finish what I started and provide an update on some interesting happenings.
Since my last post To begin with, the potential for AJAX to empower sophisticated JavaScript malware and a host of invasive Web applications was demonstrated at Black Hat in Las Vegas. From port scanning to fingerprinting and basic network mapping, all done using the AJAX group of technologies, it’s clear that we’ve only begun to see what’s possible via malicious Web sites. While they may not have the immediate impact of a...
As we stand here in the middle of 2006, it’s already become a little tired to mention the shift in the threat landscape from the digital graffiti of the past to the outright criminal pursuits that dominate the industry today. The dramatic impact of this shift has left a dense fog in its wake—hanging over the industry—obscuring other important changes that have taken place during the same timeframe. Some of the more interesting trends have been specifically related to the concept of “Web 2.0”: the new genre of Web technologies and models that have emerged, like a phoenix, from the ashes of the dotcom meltdown. Let’s take a look at a few Web 2.0 trends and see what impact they have on security.
User-created content Blogs are first to leap to mind here, but there are certainly other notable areas where the content creation responsibilities have shifted from the traditional publisher into the hands of the people. Check out the spate of new online video...
