Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Prepare for #OpPetrol Targeting Gas and Oil
Symantec Security Response | 20 Jun 2013 00:32:02 GMT

On June 20, Anonymous will launch the #OpPetrol campaign against international gas and oil companies. It was announced on May 11, shortly after the campaign called #OpUSA began.

These types of organized attacks are often similar, as we have seen in previous operations, and may include:

  • Distributed denial-of-service (DDoS) attacks
  • Hacking and defacing social media accounts or posting fake messages
  • Hacking and defacing organization websites or stealing information and posting it as "proof" of breach
  • Hacking organization servers and attempting sabotage, such as planting disk wiping malware

There are various ways attackers may target these organizations, including using tools like the LOIC (Low Orbit Ion Cannon) or...

Read more
Targeted Attack Exploits Ichitaro Vulnerability
Symantec Security Response | 19 Jun 2013 17:20:00 GMT

JustSystems, developer of the Japanese word processor software called Ichitaro, recently announced a vulnerability—Multiple Ichitaro Products CVE-2013-3644 Remote Code Execution Vulnerability (CVE-2013-3644)—that has been exploited by attackers in the wild. Symantec has seen the exploitation being used in targeted attacks since May, but it has been limited to users in Japan and the volume of attacks has been minimal.

The attacker can leverage this vulnerability by sending a specially crafted attachment as part of a spear phishing campaign. When a user opens the malicious Ichitaro document file, arbitrary code is executed causing malware to be dropped onto the computer. Symantec detects the malicious document files as...

Read more
Social Network Scam Targets NBA Finals
Satnam Narang | 18 Jun 2013 20:59:50 GMT

For sports fans, the most exciting time of the year is the post season. It is when the underdogs have a chance to topple the better teams in the league, or last year's champions are trying to win it again. Depending on the sport, these events can draw a lot of viewers, whether it is a single event or a seven game series. So, its no surprise there are sites that claim to offer fans the ability to watch these events online.

Right now, we are in the midst of the NBA finals pitting some of the finest players in the league against each other in their quest to win it all. The series was just tied 2-2 before Game 5 on Sunday. On that day, some Facebook users may have seen pages offering a free live stream of the game.
 

image1_2.jpeg

Figure 1....

Read more
Malware Using Fake Certificate to Evade Detection
Val S | 14 Jun 2013 19:29:24 GMT

Contributor: Hiroshi Shinotsuka

Malware authors are always seeking new ways to hone their craft. As cybercriminals are facing a multitude of preventative technologies from Symantec and users are becoming more security conscious, it is becoming increasingly difficult for the bad guys to win.

Recently, during research, we came across an oddly named sample, Word13.exe. Upon first glance, it appears to be a digitally signed file from Adobe.
 

Fake Certificate 4.jpg

Figure 1. Word13.exe file signed by Adobe
 

Fake Certificate 1.png

Figure 2. Fake digital signature properties
...

Read more
Microsoft Office CVE-2013-1331 Coverage
Symantec Security Response | 14 Jun 2013 00:25:57 GMT

The time between discovery of a vulnerability and the emergence of an exploit keeps getting shorter—sometimes a matter of only hours. This increases pressure on IT managers to rapidly patch production systems in conflict with configuration management and best practices for quality assurance. Many organizations struggle to keep up with the constant release of new patches and updates.

Last Tuesday, June 11, 2013, Microsoft released a security bulletin (MS13-051) which covers a number of vulnerabilities. One of the vulnerabilities has reportedly been exploited in targeted attacks. Attackers can leverage this vulnerability by sending a specially crafted attachment as part of a spear phishing campaign.

Microsoft Office PNG File CVE-2013-1331 Buffer Overflow Vulnerability (CVE-2013-1331)—a remote stack-based buffer overflow...

Read more
“Sakura” Site App on the Apple App Store
Joji Hamada | 13 Jun 2013 21:47:18 GMT

Japanese one-click fraud apps on Google Play made their debut at the beginning of the year and have now become a regular on the market as new variants appear on an almost daily basis. I was curious to see whether the scammers had attempted to target other mobile platforms, so I did some investigative work. The result of which was I didn’t find any one-click fraud on other platforms, but I did came across a dodgy app in the Apple App Store that uses a strategy that is similar to one-click fraud apps.

Once opened, the app accesses certain URLs and displays content from them within the app. The app itself pretty much acts as a frame for the fraudulent site. The particular app leads to fake dating services, called “sakura” sites in Japan, rather than one-click fraud apps that attempt to fool users into paying for an adult video service.

The app was introduced on the App Store as a game and certainly does not look like it is related to a dating service on...

Read more
Being a Modern Fan
Satnam Narang | 12 Jun 2013 16:30:31 GMT

Friedrich Nietzsche, a German philosopher, once said that, “without music, life would be a mistake.” This resonates with me, as someone with a profound love and appreciation for music. Like many fans, I’m an avid concert and festival attendee. Just last year, I attended a number of music festivals, from Coachella to Rock The Bells.

Last year’s Coachella music festival sold out quickly. While my friends and I managed to secure tickets, not everyone was so lucky. Shortly after ticket sales ended, I observed a Facebook fan page offering “free tickets” to users who liked the page. It had close to 10,000 likes but contained little information. I started warning friends that the page was a scam. The page was eventually taken down, with no free tickets awarded after all.

These types of online ticket scams may not seem common, but that perception is precisely why an offer like this—whether through social networking or email—may...

Read more
Microsoft Patch Tuesday – June 2013
Symantec Security Response | 11 Jun 2013 18:54:22 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing five bulletins covering a total of 23 vulnerabilities. Nineteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the June releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Jun

The following is a breakdown of the issues...

Read more
Linux Kernel Exploit Ported to Android
Symantec Security Response | 12 Jun 2013 00:20:53 GMT

Malware authors are notorious for quickly leveraging new exploits in the public domain for nefarious purposes. The recent discovery of a Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability (CVE-2013-2094) in the Performance Counters for Linux (PCL)—currently being exploited on various platforms—has now been modified to work on the Android operating system.  

For anyone unfamiliar with the Android operating system, it is based off the open source Linux operating system. This means that many of the discovered Linux kernel based vulnerabilities have the possibility of being exploited in Android devices. However, with different Android devices using different versions of the Linux kernel, only certain devices may be affected by a particular exploit.

...
Read more
Backdoor.Tranwos Abuses EFS to Prevent Forensic Analysis
Kazumasa Itabashi | 07 Jun 2013 17:45:03 GMT

Recently, we discovered a threat that abuses the Encrypting File System (EFS), which Symantec detects as Backdoor.Tranwos. Not only is it trivial for program code to use EFS, it’s also very effective at preventing forensic analysis from accessing the contents of the file.

The threat creates the folder %Temp%\s[RANDOM ASCII CHARACTERS] and then calls the EncryptFileW API in order to encrypt the folder and all files and folders subsequently created in the encrypted folder will be encrypted automatically by Windows. The threat also copies itself as the file name wow.dll in the folder and then modifies the Characteristic attribute of the PE header in order to change to a DLL file.
 

backdoor tranwos 1 edit.png...

Read more