Video Screencast Help
Security Response
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Symantec Security Response | 30 Jul 2014 14:27:53 GMT

qs-header-image2_650px.png

Each day, millions of people worldwide are actively recording every aspect of their lives, thoughts, experiences, and achievements in an activity known as self-tracking (aka quantified self or life logging). People who engage in self-tracking do so for various reasons. Given the amount of personal data being generated, transmitted, and stored at various locations, privacy and security are important considerations for users of these devices and applications. Symantec has found security risks in a large number of self-tracking devices and applications. One of the most significant findings was that all of the wearable activity-tracking devices examined, including those from leading brands, are vulnerable to location tracking. 

Our researchers built a number of scanning devices using Raspberry Pi minicomputers and, by taking them out to athletic...

Symantec Security Response | 28 Jul 2014 15:21:02 GMT

Symantec Security Response has found that a new variant of Trojan.Snifula (Neverquest) is targeting more than 30 Japanese financial institutions, including 12 regional banks. The threat first appeared in 2006 and is used to steal victims’ financial information from specific banking sites through man-in-the-browser (MITB) techniques. Snifula’s new targets show that the malware is broadening its focus to smaller financial institutions, meaning that consumers should be wary of the threat regardless of which bank they use. 

We previously predicted that Snifula would be updated to target additional financial institutions and now it has happened. While monitoring Snifula’s activities, we came across a configuration file for a Snifula variant that lists 20 credit card sites and 17 online...

Symantec Security Response | 25 Jul 2014 13:41:11 GMT

backdoor_concept.png

Symantec Security Response recently discovered a peculiar back door program that targeted a Korean organization. The malware, detected by Symantec as Backdoor.Baccamun, is dropped by an RTF document written in Korean that is disguised as an internal invitation to the organization’s employees for a free car inspection. The document file exploits the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158) and drops the Backdoor.Baccamun upon successful exploit of the vulnerability.

The back door is quite compact (19 kilobytes) and is smaller than average back door programs. It can perform the following actions:

  • List running processes
  • Terminate...
Ankit Singh | 22 Jul 2014 22:25:38 GMT

Facebook Scam.png

Contributor: Himanshu Anand

Facebook scams are a regular occurrence in today’s world, but attackers have become more aggressive and are now using Facebook scams to exploit a user’s system. Normally Facebook scams trick users into filling out fake surveys, or sharing videos and pictures. It is very rare that a scam redirects to an exploit kit, but in the case of one famous Facebook scam targeting users who wanted to work from home, that was exactly what happened. The “EXPOSED: Mom Makes $8,000/Month” scam, which we observed recently, redirected users to the Nuclear exploit kit. This particular scam has since been removed by Facebook.

Facebook Scam 2.png

Figure 1....

Symantec Security Response | 16 Jul 2014 23:01:43 GMT

Despite Japan's isolated adoption of unique and sometimes incompatible technological standards, often described as Galapagosization, the country still seems to be open game when it comes to banking malware. Attacks on online banking are nothing new in Japan and the country has dealt with several prominent cases in the last year. For instance Infostealer.Torpplar targeted confidential information that was specific to Japanese online banks and credit cards, and variants of Infostealer.Bankeiya utilized various methods including zero-day vulnerabilities and exploit kits to target Japanese users. Japan's National Police Agency reported that US$11,840,000 was stolen in 2013 as a result of cybercrime and, as of May 9, 2014, US$14,170,000...

Satnam Narang | 15 Jul 2014 16:12:08 GMT

One year ago, we warned users about one of the first instances of adult webcam spam on the up-and-coming mobile dating application Tinder. We also warned about an impending flood of spam bots once an Android version was released. Now, a year later, we have observed a number of different spam campaigns using fake profiles to flirt with users of the service.

Adult webcam spam
The first spam campaign we identified ultimately set the tone for future campaigns. These spam bots claimed to offer an adult webcam session and asked users to click on a link to another website. The spammers iterated their efforts; modifying their scripts, switching short URL services (from goo.gl to bit.ly), and linking to different webcam sites. Eventually, these bots were set up to get users to...

Symantec Security Response | 10 Jul 2014 17:40:05 GMT

An international law enforcement operation has struck a major blow against the gang behind Shylock, one of the world’s most dangerous financial Trojans. The takedown, which was led by the UK National Crime Agency, resulted in the seizure of a command and control (C&C) servers, in addition to domains that Shylock uses for communication between infected computers.

Trojan.Shylock is designed to intercept online banking transactions and steal victims’ credentials. The gang behind it appears to be based in Russia or Eastern Europe and its main target is customers of UK banks. It has also hit financial institutions in a number of other European countries and the US. Shylock is more advanced than many other financial Trojans:

  • The attackers behind Shylock have an advanced, targeted...
himanshu_mehta | 08 Jul 2014 18:40:33 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing six bulletins covering a total of 29 vulnerabilities. Twenty-four of this month's issues are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the July releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14...

Ankit Singh | 03 Jul 2014 17:01:17 GMT

On June 28, the popular video sharing website Dailymotion was compromised to redirect users to the Sweet Orange Exploit Kit. This exploit kit takes advantage of vulnerabilities in Java, Internet Explorer, and Flash Player. If the vulnerabilities were successfully exploited during the campaign, pay-per-click malware was then downloaded on the victim’s computer. This week, Dailymotion is no longer compromised, as users are currently not being redirected to the exploit kit.

We believe that the attackers compromised Dailymotion in order to target a large number of users. Dailymotion is in Alexa’s top 100 most popular websites list, so the attackers could have potentially infected a substantial amount of users’ computers with malware through this attack. We found that the campaign mainly affected Dailymotion visitors in the US and Europe.

...

Ankit Singh | 02 Jul 2014 08:46:25 GMT

Contributor: Karthikeyan Kasiviswanathan

Last week, it was reported that popular Web portal AskMen.com was compromised to redirect users to a malicious website that hosted the Nuclear Exploit Kit. Symantec has found during investigations that users were also redirected to the Rig Exploit Kit during this attack. Symantec has notified the owners of  the AskMen.com site about this compromise.

The Rig Exploit Kit was discovered a few months ago and mainly exploits vulnerabilities in Internet Explorer, Java, Adobe Flash, and Silverlight. We decided to take a closer look at how the exploit kit was used in this attack to find out what damage it could do to users’ computers.

Rig Exploit Kit’s features
To set up the attack, the attackers injected malicious JavaScript into the website...