Symantec Connect
  • Login
  • Register
  • All of Connect
    • All of Connect
    • Backup and Archiving
    • Endpoint Management & Virtualization
    • Storage and Clustering
    • Security
    • Inside Symantec
    • Vision User Conference
    • Partners
    • Developers
    •  
  • Overview
  • Forums
  • Articles
  • Blogs
  • Downloads
  • Events
  • Videos
  • Groups
  • Ideas

Security Response: Showing posts tagged with Endpoint Protection (AntiVirus): Showing posts by Marc FossiSyndicate content

Login to participate
Symantec Partners with Microsoft on Digital Crimes Consortium
Marc Fossi | October 13, 2009
0 comments

In the fight against cybercrime, cooperation between security industry leaders, law enforcement, and Internet technology providers is becoming ever-more important; case in point, Conficker, which received so much attention earlier this year. To address this threat, the Conficker Working Group—a large-scale collaborative effort among security vendors, law enforcement agencies, and ISPs—was formed with successful results.

This week, technology industry, government, and law enforcement leaders from around the globe have converged upon Microsoft’s Redmond, WA campus for the first-ever meeting of the Digital Crimes Consortium. Symantec is a platinum sponsor of the Digital Crimes Consortium and is partnering with Microsoft on this important initiative. In addition, myself and fellow Symantec Security Technology and Response expert Jeff Wilhelm are presenting on key security topics at the event.

The consortium is intended to be a foundation for building a...

Read more
Tags: Endpoint Protection (AntiVirus), Evolution of Security, Security, Security Response
ISTR XIII: Malicious Code—Who Do You Trust?
Marc Fossi | April 10, 2008
0 comments

In late May 2007, the MPack attack kit was first observed in the wild. This kit relied on compromised Web pages to redirect users to an MPack server that attempted to exploit Web browser and plug-in vulnerabilities in order to install malicious code on computers. MPack experienced great success because it took advantage of the trust many users place in certain Web sites. Since the Web browser is the primary gateway to the Internet for most users, Web pages that they visit frequently—such as online forums and other Internet communities—are a useful means of compromising computers for attackers.

Because of the success of kits like MPack and Ice-Pack, it seems that malicious code authors have begun to incorporate similar features in the threats they create. In the current period, seven percent of the volume of the top 50 malicious...

Read more
Tags: Endpoint Protection (AntiVirus), Internet Security Threat Report, Security, Security Response
Banking with Confidence
Marc Fossi | January 23, 2008
0 comments

News of the Silentbanker Trojan seems tohave (rightfully) caused quite a few people to wonder if the computersthey use to access their online banking are secure. I’ve gotten someinteresting questions about the security of online banking since LiamO’Murchu’s blog about Silentbankerwas published last week.

 

Some people I talked to said that they’llnever use online banking again, but I don’t think that’s the answer(just ask anyone who has ever had their bank card skimmed). Instead, I think people are better off securing their computers andusing a few best practices to ensure that their transactions are safe.

 

So, here are a few tips for online banking:

 

• Use a strong password to access your online banking and change itoften. Strong passwords are...

Read more
Tags: Endpoint Protection (AntiVirus), Malicious Code, Security, Security Response
Wetware Hacks
Marc Fossi | November 22, 2007
0 comments

Your hardware is well secured. You’ve got agood perimeter firewall in place that only allows communication onauthorized ports, an IDS to scan for suspicious activity, WPA2encryption set on wireless devices, and so on. Your software is secureas well. Patches up to date, good password policy enforcement, etc.

So where is the weak point in your network? I think there’s a commonexpression used to describe it – the problem exists between keyboardand chair.

Lately, more attacks have relied upon social engineering to infectusers rather than automated exploitation of vulnerabilities in networkservices. Social engineering is nothing new, but the sophistication ofsome of these attacks has been increasing. Three prime examples of thiscome to mind.

Earlier this year, there was a large-scale attack using the MPack kitin...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Security Risks, Security Response
Old hoaxes don’t die…
Marc Fossi | September 27, 2007
0 comments

…they just move to new mediums. Waaaay back in 1994, a computervirus hoax known as Good Times was passed around the Internet. Whilenot the first computer virus hoax, it is probably one of the bestknown. Since then there have been many similar hoaxes all promisingcertain destruction of your computer if you open an email originatingfrom a certain address or simply by reading certain words that appearon your monitor. Naturally, when many people receive one of thesehoaxes they decide to forward the message to all their friends andfamily to save them from this fate, thus helping the chain letter tospread (if I tell two friends and they tell two friends…).

In recent years, I noticed that these messages were showing up in myinbox less and less frequently. Did people learn not to believe thesemessages? Well, apparently not. They seem to be making a comeback, butrather than being sent via email they’re now sent through the messagingsystems on various social networking sites, as well...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Spam, Security Response
Hit the beaches: ISTR XII
Marc Fossi | September 17, 2007
0 comments

In a military operation, a beachhead is a point where an attackingforce landing by sea reaches a beach and defends it untilreinforcements arrive. At this point, the reinforcements will expandthe attack. What can this possibly have to do with malicious code? Inthe last six months, we’ve seen a large shift towards multistageattacks as described in Volume XII of the Symantec Internet Security Threat Report.The first stage of a typical multistage malicious code attack consistsof a small and quiet initial downloader Trojan being installed on acomputer. This initial stage may disable security applications on thecomputer, then download other malicious code as part of a secondarystage attack (expanding the beachhead).

Of great concern is that the secondary stages usually allow theattackers to perform a wider variety of attacks against the user. Thelater stages are often back doors that...

Read more
Tags: Endpoint Protection (AntiVirus), Malicious Code, Security, Security Response
Hit the beaches: ISTR XII
Marc Fossi | September 17, 2007
0 comments

In a military operation, a beachhead is a point where an attacking force landing by sea reaches a beach and defends it until reinforcements arrive. At this point, the reinforcements will expand the attack. What can this possibly have to do with malicious code? In the last six months, we’ve seen a large shift towards multistage attacks as described in Volume XII of the Symantec Internet Security Threat Report. The first stage of a typical multistage malicious code attack consists of a small and quiet initial downloader Trojan being installed on a computer. This initial stage may disable security applications on the computer, then download other malicious code as part of a secondary stage attack (expanding the beachhead).

Of great concern is that the secondary stages usually allow the attackers to perform a wider variety of attacks against the user. The later stages are often back...

Read more
Tags: Endpoint Protection (AntiVirus), Internet Security Threat Report, Security, Security Response
Hacking the Bubble
Marc Fossi | July 25, 2007
0 comments

Hacking has existed in one form or another for quite some time. Just as the Internet grew by leaps and bounds in the '90s, so did the hacking community. While the dot-com bubble thrust the Internet into the general public’s conscience, it also brought hacking into the limelight. Web site defacements and denial of service attacks quickly became commonplace. Naturally, with the rapid growth of the Internet population, a rise in the number of people looking to take advantage of neophyte users also took place.

More hacking groups began forming in the '90s, such as the L0pht. In 1998 members of the L0pht testified before congress that they could shut down the Internet in 30 minutes. In 1992, five members of the Masters of Deception group were indicted in federal court and later plead guilty. The...

Read more
Tags: Endpoint Protection (AntiVirus), Evolution of Security, Security, Security Response
Morris and the Brain
Marc Fossi | July 13, 2007
0 comments

Same thing we do every night – try to take over the world…

Morris and Brain. The average person doesn’t know these names very well in comparison to Melissa, CodeRed, Nimda, Slammer, and Funlove. They all had their day and are burned in the memories of the users who were infected and those who cleaned up after them. Without Morris and Brain, though, the current “superstars” wouldn’t exist.

Brain (also known as...

Read more
Tags: Endpoint Protection (AntiVirus), Evolution of Security, Security, Security Response
Dialing for Trojans
Marc Fossi | June 25, 2007
0 comments

Many people have said that the lack of attacks upon Apple’s operating systems and devices can be attributed to a lower market share than Microsoft Windows-based PCs. With the shift towards malicious code being written for financial gain, it makes more economic sense. (I know that there are other arguments to be made, but bear with me.) Why write a Trojan that only runs on about 10% of computers when you can write one that is capable of affecting closer to 90% of them? Far more bang for the buck.

At the same time, there haven’t been many attacks on cellular phones and mobile devices. There have been several proof of concept Trojans, worms, and viruses for Symbian Smart Phones as well as a few for the Windows Mobile platform. Some of these have even resulted in small, localized outbreaks. Again, the lack of attacks on these devices has been attributed to a smaller user base.

On June 29th, however, these two platforms will converge when Apple’s iPhone is released in the...

Read more
Tags: Endpoint Protection (AntiVirus), Mobile & Wireless, Security, Security Response
Phishing, the Online Confidence Scam
Marc Fossi | June 11, 2007
0 comments

There have been numerous proposals for ways to prevent phishing scams. Suggestions ranging from EV certificatesto new specialized top-level domains seem to imply that the end ofphishing would be brought about through their implementation.Unfortunately, this isn’t likely to be the case.

Let’s look at a phishing scam for what it really is – an onlineversion of the classic confidence scam. The reason it’s called aconfidence scam is that the perpetrator has to gain the confidence oftheir intended victim in order to reap the rewards. Some of these scamsare so thinly veiled that only the extremely gullible will fall victimwhile others are so elaborately played that even some of the mostcautious individuals are fooled. The same goes for the online version.

Some phishing attacks are so poorly crafted (I’m sure most companiesdon’t misspell their own names) that many of...

Read more
Tags: Endpoint Protection (AntiVirus), Online Fraud, Security, Security Response
The Taxing Time of Year
Marc Fossi | April 16, 2007
0 comments

The taxing time of year

It’s tax time once again – that time of year when those who owe aresweating while those getting refunds are gloating. Many people whoprepare their own returns use one of the many software packages on themarket to help them out. One thing that I’ve noticed is that many ofthe makers of these packages are beginning to offer Web-based tools toprepare and file their returns.

Honestly, the security of these Web applications worries me. In therecently published Symantec Internet Security Threat Report it wasfound that 66 percent of the 2,526 vulnerabilities in the second halfof 2006 affected Web applications. To highlight this fact, someonerecently reported that she was able to access other peoples’ returns through the TurboTax Web site. This is likely the result of a simple input validation flaw in the Web application.

Now, many of you who use the...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Security Risks, Security Response
ISTR XI – Malicious Code and Phishing
Marc Fossi | March 20, 2007
0 comments

Six months ago, in the previous volume of Symantec's Internet Security Threat Report,I wrote that we were seeing a shift away from “noisy” worms towardstargeted Trojans that attract less attention. In the second half of2006, this trend remained true, as the volume of Trojans reported bySymantec customers increased and the volume of worms decreased. At thesame time, a lot of these Trojans are becoming more sophisticated.

In the latest edition of the Internet Security Threat Report,we note that multi-stage downloaders, also referred to as modularTrojans, are becoming more prevalent most likely because of theirversatility. The first stage of these downloaders is usually a smallTrojan that disables your security and antivirus applications thendownloads a more complex threat. Since the initial stage disablessecurity applications, the second stage can be almost...

Read more
Tags: Endpoint Protection (AntiVirus), Emerging Threats, Security, Security Response
ISTR XI – Malicious Code and Phishing
Marc Fossi | March 20, 2007
0 comments

Six months ago, in the previous volume of Symantec's Internet Security Threat Report,I wrote that we were seeing a shift away from “noisy” worms towardstargeted Trojans that attract less attention. In the second half of2006, this trend remained true, as the volume of Trojans reported bySymantec customers increased and the volume of worms decreased. At thesame time, a lot of these Trojans are becoming more sophisticated.

In the latest edition of the Internet Security Threat Report,we note that multi-stage downloaders, also referred to as modularTrojans, are becoming more prevalent most likely because of theirversatility. The first stage of these downloaders is usually a smallTrojan that disables your security and antivirus applications thendownloads a more complex threat. Since the initial stage disablessecurity applications, the second stage can be almost...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Security Risks, Security Response
Attack of the Grey Goo
Marc Fossi | February 2, 2007
0 comments

Being a fan of novels in the “cyberpunk” genre, the concept ofvirtual online worlds intrigues me. Standard massively multiplayeronline games (MMOGs) seem boring in comparison to the flexibility of aworld that allows participants to create their own objects within thevirtual environment. These creations are really only limited by theuser’s imagination and the boundaries of the coding language.

Recently, I read an article about residents of Second Life stagingin-world protests against a political party that opened an office inthe world (I won’t get into the details here because this space isn’tabout politics). What really caught my eye were some of the forms theseprotests took, including users strafing the offices with virtualmachine guns and exploding pigs.

So what does any of this have to do with computer security? Well, acouple of things about Second Life are noteworthy. One is that somemiscreants were successful in creating self-replicating code (like avirus) in...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Security Risks, Security Response
  • 1
  • 2
  • next ›
  • last »

About Security Response Blog

Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.
Filter by:

Blog Tags

10.x 11.x 9.x and Earlier Antivirus2010 Backdoor.Tidserv Brightmail Gateway Emerging Threats Endpoint Encryption Endpoint Protection (AntiVirus) Endpoint Protection Small Business Enterprise Security Manager Evolution of Security General Symantec IT Risk Management Internet Security Threat Report Live PC Care Malicious Code Misleading Applications Mobile & Wireless Online Fraud Restore Security Security Risks Spam Sykipot SymbOS.Exy Symbian Trojan.FakeAV Trojan.Zbot VirusDoctor Vulnerabilities & Exploits Windows Zeus
© 2010
  • Symantec Corporation
  • Contact Us
  • Get RSS
  • Privacy Policy
  • Symantec.com