Security Response

Computer viruses got their name because they spread just like biological viruses. There are other parallels as well; for instance, best practices. In the medical world they are called preventative measures, but really they are best practices. For instance, you should wash your hands in soap and water often. In the computer world, the equivalent is keeping your security software up to date and keeping your patches current. For computer users, if you follow this one best practice, your computer will stay healthy.
 
We wrote earlier about how the spammers are taking advantage of public concern about the swine flu. Now the malware writers have entered the game, too. Potential victims are going to get an email with a PDF attachment that promises to answer all questions about the much talked about swine flu. The attachment is named “Swine influenza frequently asked questions.pdf.” It is a real PDF file, and when opened it will show something like this:...

In an effort to track the prevalence of Mother’s Day spam, we’ve started monitoring recent spam samples and have found that the spammers seem less enthusiastic about Mother’s Day than other events around the world, such as the resurgence of interest in the swine flu. Most of the Mother’s Day-related spam we analyzed consisted of Internet offers providing personalized gifts such as photo frames or jewelry. Others included gift cards, kitchen related products, and the ever-present weight-loss solutions.

Some of the common subject lines are listed below:

Personalized Mothers Day Gifts
Mother's Day Gifts
This is about Mother's Day next month
Microwavable...

We have recently come across a different type of phishing attack that involves JavaScript being used to attempt to trick users into submitting sensitive banking-related information. This type of attack usually carries an HTML file attachment. The HTML file will locally open a look-alike bank submission form with the capability to pass critical user information to the phisher’s server.

Case 1

In the past, we monitored attacks with a similar type of file attachment, but they contained straightforward redirection code. There are different ways to redirect users to the desired location. One of the simpler HTML codes for redirection is shown below:

Sample image of the message:

...

Yesterday at the RSA conference a group of Symantec executives and technologists met with industry influencers to discuss a broad collection of topics, ranging from innovation to reputation to virtualization. It was a pretty interesting discussion and I'd like to focus on one particular aspect that is near and dear to me—the importance of maintaining innovation momentum in a down economy. There are plenty of historical examples that show that companies that innovate through tough times emerge with a strong and sustainable advantage over those that don't. An interesting point, but I think there is more compelling evidence that sustained innovation is the smart thing to be doing right now.

Someone once said that there are two kinds of products in the world: those that cost a dollar but help you earn five dollars, and those that cost a dollar but help you save five dollars. Both are valid value propositions, but in this economy it's not too surprising that people are...