Video Screencast Help

Security Response

Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Avdhoot Patil | 09 Oct 2013 12:25:44 GMT
Contributor: Daniel Regalado Arias
 
Phishers frequently introduce bogus applications to add new flavor into their phishing baits. Let’s have a look at a new fake app that phishers are leveraging. In this particular scam, phishers were trying to steal login credentials, but their means of data theft wasn’t with the phishing bait alone. Their ploy also used malware for harvesting users’ confidential information. The phishing site spoofed the login page of Facebook and was hosted on a free web hosting site.
 
figure1_0.png
Figure 1: The phishing site that spoofed the appearance of Facebook’s login page
 
The phishing site boasted that the application would enable users to view a list of people who visited their profile page. The site offered two options...
Dinesh Theerthagiri | 08 Oct 2013 20:00:32 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 26 vulnerabilities. Sixteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the October releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Oct

The following is a breakdown of the...

khaley | 01 Oct 2013 22:10:00 GMT

The P in PC stands for personal. We don’t think of that much anymore. It was a big deal in 1981 when IBM introduced the PC and it sat on your desk or underneath it. You didn’t share it with anyone. It was personally yours.

Kinda.

Frankly, I’m not sure we ever had a “personal” relationship with our PCs, but we really have a personal relationship with our cell phones. In fact, according to the 2013 Norton Report, 48 percent of people sleep within arm’s reach of their phones. Twenty-five percent check their phone during a dinner with friends. And 49 percent of people get upset if they leave their mobile phones at home when they go out.

It’s hard to see anyone making sure they slept within arm’s reach of their PC, but mobile phone users treat their devices like a loved one. Maybe that’s why...

Anand Muralidharan | 30 Sep 2013 14:00:20 GMT
Symantec has observed a new spam tactic targeting YouTube using .avi and .mp3 extensions in URLs by placing a random YouTube link in the email content. This spam threat is also targeting the pharmaceutical industry, as we have previously observed in this blog: Pharma Spammers Brandjack YouTube.
 
In this new spam threat, users will be redirected to a fake pharmacy website when they click on the links. The following URLs were seen in spam samples using .avi and .mp3 extensions examined by Symantec:
 
http://www.[REMOVED].com/Fox.avi
http://www.[REMOVED].com/Yamamoto.avi
http://www.[REMOVED].vn/Larue.avi 
http://www.[REMOVED].com/McAlear.avi
http://www.[REMOVED].ru/87342.mp3
http://www.[REMOVED].ru/327182.mp3
http://www.[REMOVED].fr/472738.mp3
http://www.[REMOVED...
Symantec Security Response | 30 Sep 2013 13:07:00 GMT

The ZeroAccess botnet is one of the largest known botnets in existence today with a population upwards of 1.9 million computers, on any given day, as observed by Symantec in August 2013. A key feature of the ZeroAccess botnet is its use of a peer-to-peer (P2P) command-and-control (C&C) communications architecture, which gives the botnet a high degree of availability and redundancy. Since no central C&C server exists, you cannot simply disable a set of attacker servers to neuter the botnet. Whenever a computer becomes infected with ZeroAccess, it first reaches out to a number of its peers to exchange details about other peers in its known P2P network. This way, bots become aware of other peers and can propagate instructions and files throughout the network quickly and efficiently. In the ZeroAccess botnet, there is constant communication between peers. Each peer continuously...

Symantec Security Response | 24 Sep 2013 09:14:38 GMT

While Craigslist has always been a favorite social engineering theme for scammers, Symantec has identified another on-going SMS spam campaign abusing Craigslist’s popularity. The scam tricks users into installing free and legitimate open source software on their PC by leveraging phone numbers posted on Craigslist ads. The software comes bundled with additional software that will allow scammers to make money through affiliate programs. 

craigslist_sms_spam_scam02.gif

FigureHow the SMS spam redirects users to download open source software

The first stage of the scam involves the victim receiving an SMS text message on their device. Online research suggests that the scammers are harvesting phone numbers directly from online Craigslist postings for this scam campaign. The sale of spamming and harvesting...

Satnam Narang | 20 Sep 2013 20:26:03 GMT

On the heels of its most highly acclaimed episode, Breaking Bad fans tweeting about the popular AMC show may find themselves targeted by a new Twitter spam tactic.

Traditionally, spammers and scammers abused the reply functionality built into the service but over the years, spammers have searched for different ways to gain visibility amongst Twitter users. The most recent tactic being utilized is called list spam.

A Twitter list consists of a curated group of Twitter users. Users can create their own lists or subscribe to existing lists already created by others. Spammers are using this feature to get the attention of Twitter users.

Various lures have been used in Twitter list spam recently, from offering celebrity phone numbers to free gift cards, devices, and video games.
...

Symantec Security Response | 18 Sep 2013 11:48:48 GMT

On September 17, Microsoft issued an advisory reporting a new zero-day vulnerability in Internet Explorer: Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893). The advisory states that the vulnerability may corrupt memory in a way that could allow attackers to execute arbitrary code. The attack works by enticing users to visit specially crafted websites that host the vulnerability through Internet Explorer. Microsoft also states that at this time the vulnerability is known to be exploited in only a limited number of targeted attacks.

While Microsoft is yet to release a patch for this vulnerability, they have provided a temporary "Fix It” tool solution as a...

Symantec Security Response | 17 Sep 2013 13:00:01 GMT

For the past few years, reports have continued to emerge detailing the activities of actors behind various targeted attacks or Advanced Persistent Threats (APTs). Here at Symantec Security Response, we’ve been keeping our eyes on a group that we believe are among the best of breed. We’ve given them the name of Hidden Lynx—after a string that was found in the command and control server communications. This group has a hunger and drive that surpass other well-known groups such as APT1/Comment Crew. Key characteristics of this group are:

  • technical prowess
  • agility
  • organized
  • sheer resourcefulness 
  • patience

These attributes are shown by the relentless campaigns waged against multiple concurrent targets over a sustained period of time. They are the pioneers of the “watering hole” technique used to ambush targets, they have early access to zero-day vulnerabilities, and they have the tenacity...

Nick Johnston | 12 Sep 2013 11:14:56 GMT
Phishers are known for making their phishing sites look exactly like the sites they are spoofing. We have seen plenty of examples of the detail they employ, like using JavaScript to include the current date in their static pages. In recent times, Symantec have seen an increase in generic email phishing. Unlike normal phishing, where phishing messages usually have a target in mind (bank customers or social network users, for instance), the generic email phishing technique is slightly different. In generic email phishing, the phishers will target any email address; who the target is does not matter.
 
These generic phishing messages usually claim that the recipient's mailbox size has been exceeded, and direct them to urgently "re-validate" their mailbox to prevent disruption to their email. Symantec recently identified a generic email phishing website which, at first glance, appeared normal. It looked fairly amateurish—demonstrating...