A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future. When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors. For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer.
The exploit targets a vulnerability in the way Internet Explorer uses cascading style sheet (CSS) information. CSS is used in many Web pages to define...
I had the honor recently of moderating a virtual roundtable discussion on the top Internet security trends from 2009 and what we expect to see in the security threat landscape in 2010. Funny thing about security predictions—you hope they won’t come true, but expect them to anyway. The roundtable featured expert panelists Paul Wood (Senior Analyst, MessageLabs Intelligence, Symantec) and Zulfikar Ramzan (Technical Director, Symantec Security Response). They each have unique insights into the world of cybercrime, spam, phishing attacks, and other cyberthreats that plague us all.
We want to give a big thanks to everyone who joined in to listen to our experts, and we hope you found it interesting. For those of you who couldn’t make it, please take a few minutes to listen to the podcast of the actual roundtable.
Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need. I expect it to show up in a revision of Maslow’s Hierarchy of Human Needs any day now—behind love, but certainly ahead of safety.
I do have a point to all this. Two actually. As we compiled the Security Trends to Watch in 2010, what occurred to me is that the people who most needed to read this information never will. At least not without some social engineering on my part. And since social engineering plays such a prominent role in future trends, it seemed appropriate. So I’ve decided to use this little trick to get people to...
The Security Response team has compiled the top security trends of 2009. We pulled data from the Global Intelligence Network and the experiences of the thousands of analysts and security experts at Symantec to come up with the top trends for the year. While none of these trends will be a surprise to anyone even casually following the threat landscape, when compiled and summarized, it is clear that the breadth of security problems in the past year was pretty stunning.
For example:
• Toolkits and threat recycling have made malware easier to create than ever
• Polymorphic technology is being applied to make threats harder to catch
• Botnets, large and small, are used as the foundation of attacks making most attacks complex
• All major news events are used for social engineering
• Major brands are being appropriated by cybercriminals...
On November 4, 2009, Marsh Ray published detailed information about a vulnerability that affects the TLS/SSL protocols and allows for limited man-in-the-middle (MITM) attacks. We say “limited” because the attack exploiting this issue would be different from traditionally viewed MITM attacks, which would involve an attacker placing themselves in the middle of the SSL session between a client and a server and being able to intercept, view, and modify any requests or responses exchanged by the two communicating parties. In an attack using this recent TLS vulnerability, due to the way SSL-enabled applications handle the session-renegotiation process, an attacker may inject arbitrary plaintext into the beginning of the application protocol stream. This can affect multiple protocols that can communicate over an SSL session, such as HTTPS, IMAP, POPS, SIP, etc. Note that in this attack, the attacker would have no ability (at least...
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a moderate month—the vendor is releasing six bulletins covering a total of 15 vulnerabilities.
Three of the issues are rated “Critical” and affect Web Services on Devices API, License Logging Server, and the Windows kernel. An attacker could exploit these issues remotely to gain complete control of a vulnerable computer.
The remaining issues, rated “Important”, affect Excel, the Windows kernel, Office, and Active Directory. Although these are only rated “Important” by Microsoft, we consider the Office and Excel issues quite serious and advise customers to apply updates as soon as possible.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or...
The Fragus exploit pack showed up on our radar a few months ago and has been steadily growing to become one of the most prevalent exploit packs being seen in the wild today by Symantec. It is similar to other popular exploit packs available—such as Unique, YES, Eleonore, and Liberty—but it brings some new and interesting features with it. Exploit packages are generally designed as a means to allow attackers to group and serve exploits from their website against the browsers of unsuspecting visitors. It is done in a nice GUI form, hosted on a Web server, and allows the attacker to generally choose which exploits to run. Once exploited, a final payload is served to the system. All of this is dished up in a control panel with some nice statistics on how successful the campaign has been.
