Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Security Response remove filter
Showing posts by Silas Barnes remove filter
The Summer Storm
Silas Barnes | 18 Aug 2008 | 0 comments

Seventy-seven megabytes of network traffic, 356 spam emails sent and 10,082 unique IP addresses contacted. All in just under 60 minutes.

This is what a system infected by one recent Storm rootkit pumps out. Since Storm first arrived on the scene in January of last year, it has made headlines throughout the world as one of the most successful and persistent threats currently operating in the wild. At Symantec, our global spam traps caught just under 150,000 Storm-generated emails during June and July this year: 

 

 

 

And, the tried-and-true method by which the Storm team successfully infects machines hasn't changed either. The method consists of bulk emailing with "interesting" content aimed at enticing the victim into either visiting a Web site or...

Read more
Large-Scale Spam Campaign Continues
Silas Barnes | 15 Aug 2008 | 0 comments

As expected, the arrival of the 2008 Olympics in Beijing was accompanied by an increase in Olympics-related spam. From fake news to performance enhancing medication, spammers are taking full advantage of the Games to entice us to click their links and open their attachments.

The majority of the malicious links lead to one of a number of variants of Downloader, Backdoor.Trojan, Infostealer, Trojan.Erotpics, and, more recently, Trojan.Pandex. These threats, which use filenames such as get_flash_update.exe, get_flash_codec.exe and install.exe, are entry points for the target install which is a fake antivirus product.

The tried-and-true method of malicious file delivery for this round is the use of false news stories relating to the Olympics:

 

This particular link (circled in red in the above...

Read more
Bye Bye Bandwidth?
Silas Barnes | 11 Jul 2008 | 0 comments

Everyone knows that in a matter of hours, hype can turn a small event into something much larger in the minds of society. Enter the latest round of malicious spam we have seen here at Symantec—the death of the Internet.

 

The following spam subject lines have been seen:

 

Secret Plan To Kill Internet By 2012: Leaked?

PLAN TO KILL THE INTERNET BY 2012- Documented

2012: The year the Internet as we know it dies...

2012: The Year The Internet Ends

 

This certainly sounds devastating because many of us spend a rather large amount of our time, both as part of work and as part of life, online. Addition...

Read more
The Changing Face of Hacktivism
Silas Barnes | 15 May 2008 | 0 comments

The term "hacktivism" often conjures up images of small groups of left-wing hackers defacing Web sites of political parties in an expression of outrage, coupled with demands of truth and justice for the down-trodden. This may have been the case ten years ago, but more recently hacktivism has broken the predefined mold in more ways than one.

The features of the Internet that make it such an invaluable tool for communicating with the global population also provide an avenue for disgruntled groups to voice their options, send messages of unity to the like-minded at great speed, and coordinate electronic attacks. The development of distributed denial-of-service kits, combined with their ease of use and the ability to globally distribute them in minutes, effectively means that an entire country can mobilize a group of dedicated attackers, numbering in the millions, in a relatively short time. Though a vast proportion of these 'net warriors are not security...

Read more
Do as I Say, Not as I Do
Silas Barnes | 03 Mar 2008 | 0 comments

While there are various ways for attackers to trick users intodisclosing their authentication credentials, phishing remains one ofthe most popular. Our spam traps caught a series of emails purportingto be from a disgruntled eBay user demanding an answer regarding arecent transaction. The emails contain a number of hyperlinks to theproduct in question which, when clicked, results in a browser-based FTPtransaction to a remote host which displays a carbon copy of thelegitimate eBay login page.

What caught my attention was the inclusion of one of eBay's securitytips within the fraudulent copy, instructing users to "Check that theWeb address in your browser starts with https://signin.ebay.com". Oneonly needs to follow this advice to see that the page they are on isindeed suspicious:

...

Read more
The Orkut Worm – Digging Deeper
Silas Barnes | 29 Feb 2008 | 0 comments

Due to some confusion with this particularthreat, we’ve decided to provide some further details on the Orkut wormwe blogged on earlier in the week. The worm, recently renamed toW32.Scrapkut, uses active code injection as a vehicle to propagate tothe Orkut friends of its unfortunate victim.

Initially, a malicious scrap is posted to the victim’s scrapbook, containing a link to what appears to be a YouTube video:

image1.jpg

When a victim clicks on the link, they are redirected to an externalsite which prompts them to download the file “flashx_player_9.8.0.exe”.For those who read Symantec’s Security Response Blog regularly, you mayrecognize the page in question:

...

Read more
The Scandal That Wasn't
Silas Barnes | 12 Feb 2008 | 0 comments

Following on from yesterday's EEG Web site hack,a collection of recently registered sites, hosted on blogspot.com,claim to have obtained an explicit video featuring Hong Kong actorEdison Chen and actress Cecilia Cheung.

When a user visits one of these sites, they are prompted to download"a new version of Video ActiveX Object" to play the video. Needless tosay, the file setup.exe is not an update as claimed. Rather, it is amalicious file detected as Trojan.Zlob by Symantec antivirus products.

cecilia-small.jpg

The malicious sites we have seen to date:
• edison-...

Read more
Same Storm, Different Day
Silas Barnes | 11 Feb 2008 | 0 comments

As Valentines Day approaches, we see theStorm team have made yet another change in an effort to furtherpopulate their army of bots. A subsection of their herd that have beenhosting the Valentines-related content now presents the visitor withone of eight randomly themed images and bestows upon them the gift of"valentine.exe," detected as eitherTrojan.Peacomm.D or Trojan.Peacomm.

The page serves up a random image file per visit (or refresh of thepage), probably via some server-side scripting. A five second delayusing a meta-refresh tag provides enough time to enjoy the image beforebeing prompted to save the executable on the local system. A recentperusal of our spam trap continues to catch a large number of emailswith a...

Read more
Zero-Day Exploit for Lianzong Game Platform
Silas Barnes | 05 Feb 2008 | 0 comments

Symantec has discovered a zero-day exploit for a popular Chinese gaming platformthat is currently active in the wild. The exploit targets twovulnerable methods in the file HanGamePluginCn18.dll (referenced byCLSID:61F5C358-60FB-4A23-A312-D2B556620F20), causing a buffer overflowcondition.

The exploit attempts to download a malicious file from mm[dot]sqmnoopt[dot]com, which is detected as Downloader.Additionally, a configuration file is downloaded fromcnxz[dot]kv8[dot]info, which contains links to 27 malicious executablesdownloaded from 444[dot]sqmnoopt[dot]com and 2[dot]kv8[dot]info. Thesefiles are detected as Infostealer.Gampass

The vendor has been...

Read more
JaseZone? More like FakeZone.
Silas Barnes | 25 Jan 2008 | 0 comments

We all know that there is a certain amountof risk we have to accept when we place personal information on a Website, including the possibility that someone may use that informationwithout our explicit permission. We also know that social networkingsites are becoming increasingly popular as more and more people enjoythe convenience with which to re-establish and maintain contact withlong lost friends, distant relatives, and work colleagues. Well, now itseems as though you don't even have to go to the trouble of signing upfor a profile with one social networking site or even provide content -they can do it for you!

Douglas Rushkoff, an author and documentarian from the UnitedStates, was momentarily confused when he started receiving a suddenburst of NDR (non-delivery report) emails informing him that a numberof emails he had previously sent could not be delivered - particularlywhen he did not remember sending any such emails. And these particularemails all...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,916