Video Screencast Help
Security Response
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Candid Wueest | 09 Jan 2014 15:05:24 GMT

The New Year has started and many people are still holding to their resolutions. Besides the usual suspects of exercising more and quitting smoking, some might have planned on finding a new apartment. Unfortunately, this also means a rise in prepaid rental ad scams. So be cautious while you’re searching for a new home.

The prepaid rental scam advertisements can be encountered on nearly any platform and in most countries. The ads often look very professional; some are even copies of real ads from legitimate sources. We have seen them on established apartment rental sites, online notice boards, B&B agency sites, and even in the classified ads section of newspapers. The website owners try their best to spot false advertisements and delete them as fast as possible, but there is always a chance that there is a new ad that hasn’t been removed yet.

The scam is pretty simple. Once the victim shows interest in the apartment the alleged landlord informs the victim that he...

Val S | 09 Jan 2014 00:44:56 GMT

In the first week of 2014, we came across a website using tried and tested social engineering techniques to coerce victims into installing malware. The domain http://newyear[REMOVED], was registered on December 30, 2013. Based on our research, 94 percent of  attacks appear to be targeting users based in the United Kingdom through  advertising networks and free movie streaming and media sites.

The attackers attempt to trick victims using the following techniques:

  • A URL containing the words “new year” and “fix”
  • A professional looking template (from Google, Microsoft or Mozilla) telling the victim that a critical update is necessary for their system to function properly
  • Redirecting the user, based on their browser type, to a fake but convincing Chrome, Firefox, or Internet Explorer Web page.
  • Using a JavaScript loop to force the victim to give up and stay on site – users have to click on the “Yes/No” option 100 times in...
Satnam Narang | 20 Dec 2013 23:12:35 GMT

Recently we have observed a series of mobile ads intended to scare users into believing that their device is infected with a threat called “Trojan: MobileOS/Tapsnake”.


Figure 1. Fake Tapsnake infection warnings

The malware alert is fake. Tapsnake is an older Android threat (we blogged about it in 2010 and detect it as Android.Tapsnake) that just happens to be mentioned in these ads to make them appear more authentic. We visited a site serving these ads using a brand new Android device with a fresh install and nothing on it and still received this alert. Users of Apple's iPhone...

Candid Wueest | 17 Dec 2013 19:55:23 GMT

Webcam blackmailing 1.jpg

Recently, we wrote about creepware and how people use it to spy on unsuspecting victims through webcams. As the name implies, this is really creepy. Unfortunately, there are other similar threats on the Internet. Another scam that has become very popular this year is webcam blackmailing. In these cases, the scammers don’t hide the fact that they are using the webcam.

The scam starts with a simple contact request on a social network or dating site. In general, the profile sending the request appears to be the scammer (posing as a woman), and the request is sent to single men. After a bit of...

Gavin O Gorman | 17 Dec 2013 00:40:59 GMT

The Browlock ransomware (Trojan.Ransomlock.AG) is probably the simplest version of ransomware that is currently active. It does not download child abuse material, such as Ransomlock.AE, or encrypt files on your computer, like Trojan.Cryptolocker. It does not even run as a program on the compromised computer. This ransomware is instead a plain old Web page, with JavaScript tricks that prevent users from closing a browser tab. It determines the user’s local country and makes the usual threats, claiming that the user has broken the law by accessing pornography websites and demands that they pay a fine to the local police.


Satnam Narang | 16 Dec 2013 23:23:48 GMT

Over the weekend, a hoax about mass account deletion made its rounds on photo-sharing app Instagram. A bogus account @activeaccountsafe, posted a photo which claimed to be a privacy policy update from Instagram. The photo reads:

“On December 20, 2013 we will be randomly deleting a huge mass of Instagram accounts. Many users create multiple accounts and don’t use them all. This cost us $1.1 million to run inactive accounts. These accounts become inactive and then create spams. In order for us to keep al spam off of Instagram we will be randomly deleting accounts. To keep your account active REPOST this picture with @ActiveAccountSafe & #ActiveAccountSafe . We’re doing this to keep active users online.”

Instagram Hoax 1 edit 2.png

Figure 1. The hoax Instagram account @ActiveAccountSafe...

Dinesh Theerthagiri | 10 Dec 2013 19:53:34 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eleven bulletins covering a total of 24 vulnerabilities. Ten of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the December releases can be found here:

The following is a breakdown of the...

Symantec Security Response | 10 Dec 2013 14:19:40 GMT


Some people stick a piece of tape over the webcam on their laptop, maybe you even do it yourself. Are they over cautious, paranoid, a little strange? Are you? Or is there reason behind this madness? Many of us have heard the stories about people being spied on using their own computer or people being blackmailed using embarrassing or incriminating video footage unknowingly recorded from compromised webcams. But are these stories true and are some people’s seemingly paranoid precautions justified? Unfortunately the answer is yes, precaution against this type of activity is necessary and there are a multitude of programs out there that can be used for this type of malicious activity…and more. Remote access Trojans (RATs), or what we are calling creepware, are programs that are installed without the victim’s knowledge and allow an attacker to have access and...

Symantec Security Response | 06 Dec 2013 22:34:41 GMT

Cybercriminals are constantly looking for ways to evolve their malware. Evolution is the key for survival because antivirus research, analysis, countermeasures, and public awareness thwart the efficacy of malware and its spread. During the past year, Ransomware has received a lot of news coverage which has decreased the number of uninformed victims and lowered the impact and effectiveness of the malware along with the percentage of return to the criminal.

Due to this increased public awareness, in the last quarter of 2013 we have seen cybercriminals reorganize around a new type of extortion: Cryptolocker. This threat is pervasive and preys on a victim's biggest fear: losing their valuable data. Unlike previous Ransomware that locked operating systems and left data files alone and usually recoverable, Cryptolocker makes extortion of victims more effective because there is no way to...

Symantec Security Response | 04 Dec 2013 11:25:59 GMT
There has been recent media coverage around a new online banking Trojan, publicly known as Neverquest. Once Neverquest infects a computer, the malware can modify content on banking websites opened in certain Internet browsers and can inject rogue forms into these sites. This allows attackers to steal login credentials from users. The threat can also let attackers take control of a compromised computer through a Virtual Network Computing (VNC) server. Neverquest can replicate itself by stealing login details and spamming out the Neverquest dropper, by accessing FTP servers to take credentials in order to distribute the malware with the Neutrino Exploit Kit and by obtaining social networking credentials to spread links to infected websites...