Security Response

Symantec Security Response is aware of in-the-wild malware exploiting the Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Buffer Overflow Vulnerability (BID 51292). Microsoft has already issued a patch against this vulnerability in the monthly patch release this January. Applying the patch is strongly recommended.

There are several components involved in this live attack:

• a.exe
• baby.mid
• i.js
• mp.html

Symantec products detect mp.html and i.js as Trojan.Malscript. The vulnerable baby.mid file is detected as Trojan Horse and the end-result file, a.exe, is flagged as Downloader.Darkmegi....

Recently, a new threat called Android.Fakeneflic has taken advantage of gaps in the availability of a legitimate video streaming service in order to target mobile users in North America. Here is another example of social engineering at work; however, this time the users that are being targeted are in Eastern Europe.

Premium SMS dialers have always been a problem on the mobile threat landscape, especially in Eastern Europe, where dialers showed up on mobiles phones not too long after the introduction of the micro edition of the Java Virtual Machine (JVM) for mobile devices. It should therefore come as no surprise that the authors responsible for leveraging this lucrative revenue source appear to be making a switch to newer platforms. Here is the latest example of a dialer that has...

The number of targeted attacks has increased dramatically in recent years. Major companies, government agencies, and political organizations alike have reported being the target of attacks. The rule of the thumb is, the more sensitive the information that an organization handles, the higher the possibility of becoming a victim of such an attack.

Here, we’ll attempt to provide insight on a number of key questions related to targeted attacks, such as where did the malicious email come from, which particular organizations are being targeted, which domains (spoofed or not) sent the email, what kinds of malicious attachments did the emails contain, etc. Our analysis of the data showed that, on average, targeted email attacks are on the rise:

Figure 1. Targeted attacks trend

Origin

For this analysis, we first looked at the origin of the email...

Recent Distributed Denial of Service (DDoS) attacks on a number South Korean websites have been in news for the past week. The threat responsible for carrying out these attacks is Trojan.Koredos.

This attack is reminiscent of another attack, launched on July 4th, 2009 against the U.S. and South Korean governments, as well as financial and media websites. For now, the attack has subsided and the affected sites can be accessed without any issues. However, the computers have not been cleaned for the Trojan.Koredos infection will be greeted with a surprise well after the initial infection, which we will detail in this blog.

Attacks such as this usually involve a command and control (C&C) server that sends commands to the compromised computers, resulting in systematic and coordinated attacks. In this case, the...