Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Endpoint Protection (AntiVirus) remove filter
Showing posts by Brian Ewell remove filter
新たな電子メールワームの発生: "Here you have"
Brian Ewell | 09 Sep 2010 | 0 comments

シマンテックセキュリティレスポンスでは、「Here you have」という件名の電子メールによって拡散しているワームに関する報告を確認しました。この電子メールは、知り合いからの電子メールであると信じた受信者に、URL をクリックして文書を入手するよう伝えてきます。実際には、その URL は偽装されていて、別のサーバーでホストされている悪意のあるバイナリファイルにリンクされています。

問題の電子メールは以下のような体裁で送られてきます。

この例の場合、実際にダウンロードされるのは、「PDF_Document21_025542010_pdf.scr」という名前の「members.multimania.co.uk」というドメインでホストされているファイルです。このファイルは W32.Imsolk.A@mm のマイナーな亜種です。このワームの機能の主な特徴は以下のとおりです。

·         自動実行機能 (autorun) によって、マップされたドライブを介して拡散する
·         アドレス帳から連絡先を取得し、電子メールを介して拡散する
·         インスタントメッセンジャーを介して拡散する
·         各種のセキュリティ関連プログラムを無効にする

シマンテック製品をお使いの場合、20100909.023...

Read more
New Round of Email Worm, "Here you have"
Brian Ewell | 09 Sep 2010 | 0 comments

Security Response has confirmed reports of a worm spreading through email under the subject  "Here you have". The mail to the unsuspecting recipient claims to be providing a document available through a URL. The URL is spoofed and actually points to a malicious binary being hosted on a different server.

The email will appear similar to the following:

In this instance, the actual file downloaded would be named ‘PDF_Document21_025542010_pdf.scr’ and is housed on the domain ‘members.multimania.co.uk’. This file is a minor variation of W32.Imsolk.A@mm. The main characteristics of the worm’s functionality are as follows:

·         Spread through mapped drives through autorun
·  ...

Read more
Downadup + Waledac?
Brian Ewell | 08 Apr 2009 | 0 comments

We have come across a system infected with W32.Downadup.C that has provided some interesting information. We discovered some similarly named files, 484528750.exe and 484471375.exe, which had shown up in the \Windows\temp folder within one minute of each other. These files turned out to be W32.Waledac and a modified W32.Downadup variant, respectively.


The W32.Downadup variant has some minor differences in functionality, but the presence of the W32.Waledac sample begs the question, "Is Downadup spreading Waledac?" The information we currently have may only be circumstantial, but is certainly worth investigating. We’ll continue to monitor this in an effort to gather more data and determine if this type of dual infection is indeed a...

Read more
Mayday, Mayday, a Botnet is Here
Brian Ewell | 06 Feb 2008 | 0 comments

A recent reportindicates there is a newer, more sinister botnet that is setting itselfup to surpass the Storm worm. The botnet, called MayDay, is thought tobe more elusive and have a greater capacity for causing damage thanit's Storm worm counterpart. Symantec Security Response has come acrossa sample and has released a new detection named Trojan.Daymayto identify this malware. Computers protected by Symantec antivirusproducts were previously protected as the sample was detected asW32.Mytob.AA@mm.

Symantec has seen limited activity with respect to distribution ofthe sample, which is believed to have originally been spammed out bythe author(s). At the time of writing, the Trojan is serving up creditscore related spam. It is yet to be seen how successful the Trojan...

Read more
Bot Roast II Completed
Brian Ewell | 29 Nov 2007 | 0 comments

On November 29 the FBI announced the results of its second Bot Roast (see the FBI release).This is the FBI operation responsible for hunting out and attempting tobring to justice cyber criminals involved in cultivating botnets. Thesebotnets, which can call home to millions of computers, are responsiblefor millions of dollars in financial losses at both a corporate andconsumer level. The FBI operation has resulted in the successfulcapture, indictment, and/or sentencing of multiple criminals. In thelong run it may be only a small slice of the world of botnets, but makeno mistake, any gains in fighting this epidemic are well received. TheFBI and those involved should be commended.

Of course, what's a blog entry without the standard "practice safecomputing" comment: Insure your system is patched and protected as bestas possible through the use of a security package. Anything we...

Read more
Potential New Xunlei 0-day Exploit
Brian Ewell | 02 Aug 2007 | 0 comments

Symantec has observed active exploitationof a potential 0-day vulnerability in Xunlei Web Thunder. Thisvulnerability has been assigned BID 25192. This vulnerability is closely related to a previously discovered Xunlei vulnerability identified as BID 24552. Exploitation of this new vulnerability may result in arbitrary download of malicious files onto the compromised computer.

Symantec has observed an instance in which a copy of W32.Bratsters was downloaded. In addition to this malware detection, the IPS signature HTTP XunLei WebThunder ActiveX Download also detects the attempted exploitation.

Symantec recommends...

Read more
Spam Attack: RARed Trojan
Brian Ewell | 24 Apr 2007 | 0 comments

Symantec Security Response has seen an increasing number ofsubmissions of Trojan.Peacomm and related malware arriving in emailscontaining password-protected RAR archives.

As with the previous Peacomm spam run, the email contains an image(a GIF file) and an attachment. The image contains a message about apatch that can be used to "remove worm files" and the password for thefile attached. However, in this case, the attachment is a RAR archive.

The files inside the RAR archive are detected as Trojan.Packed.13.This detection for Trojan.Packed.13 was available in definitions datedMarch 22, 2007. The Trojan.Packed.13 sample drops another maliciousfile, which is also already detected by March 22 definitions, this timeas W32.Mixor.Q@mm.

These are some of the email Subject lines being used by this wave of spam:
Trojan Alert!
Virus Alert!
Virus Detected!
Virus Alert!
Warning!
Spyware Alert!
Worm Detected!

Some sample Attachment...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,915