Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Malware Targeting Windows 8 Uses Google Docs
Takashi Katsuki | 16 Nov 2012 22:55:39 GMT | 0 comments

Initially, I thought that Backdoor.Makadocs was a simple and typical back door Trojan horse. It receives and executes commands from a command-and-control (C&C) server and it gathers information from the compromised computer including the host name and the operating system type. Interestingly, the malware author has also considered the possibility that the compromised computer could be running Windows 8 or Windows Server 2012.
 

Figure 1. Operating Systems check
 

Windows 8 was released in October of this year. This is not necessarily a surprise for security researchers as we always encounter new malware when new products are released. However, this malware does not...

Read more
Instagram Spam Leads to Premium Mobile Services
Ben Nahorney | 14 Nov 2012 16:04:40 GMT | 0 comments

Spammers have long been leveraging social networking sites to pull off scams. Generally speaking, as the popularity of a service increases, so too do the illicit activities of scammers. It seems that the popular photo-sharing service Instagram is the latest social networking site to catch the attention of these scammers.

I discovered this first-hand when I received an Instagram photo comment, from an unfamiliar account, which had nothing to do with the photo:

"Hi there, Get a FREE Game in my Profile, OPEN it up, Get 85.90$ :-) xx"

I went to check out the user, who appeared to be a rather attractive woman with followers in the thousands, but surprisingly for a photo-sharing service, not a single photo.

Figure 1. Scammer’s Instagram profile

Who was...

Read more
Windows 8 Not Immune to Ransomware
Symantec Security Response | 13 Nov 2012 21:49:39 GMT | 0 comments

Cybercriminals have for some time now recognized that ransomware can be a highly profitable endeavor. This has led to a significant increase of different ransomware in the wild with no sign of it leaving the threat landscape anytime soon.

So, how effective is ransomware on Windows 8 compared to other operating systems? To answer this question, Symantec ran several prevalent ransomware samples currently found in the wild in a default Windows 8 environment. While some samples ran poorly on Windows 8, it did not take long to find a ransomware variant (Trojan.Ransomlock.U) that successfully locked a Windows 8 system, effectively holding it to ransom.
 

...

Read more
Microsoft Patch Tuesday - November 2012
Candid Wueest | 13 Nov 2012 18:25:50 GMT | 0 comments

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing six bulletins covering a total of 19 vulnerabilities. Seven of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the November releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-Nov

The following is a breakdown of the issues...

Read more
Ransomware: A Growing Menace
Symantec Security Response | 08 Nov 2012 14:00:42 GMT | 0 comments

We regularly access computers in order to help with all manner of our daily activities. Indeed, many of us have come to depend on them, storing important files and documents for work and leisure. Imagine a scenario where you find that you can no longer use your computer, or imagine you are coming up to an important deadline and find that you are denied access to that important document you were working on. Suppose that a solution is offered to restore access, but for a fee. Would you pay? Should you pay?

Ransomware is a problem that has been with us for several years, but this year Symantec has seen a substantial growth in the sheer number and variety of this particular type of malware. This recent explosion in ransomware is most likely the result of existing cyber-criminal gangs realizing the revenue-generating power of the ransomware business model. The premise is simple and straightforward, take away something important to a user and demand cash for its return.

To...

Read more
Ransomware: How to Earn $33,000 Daily
Symantec Security Response | 08 Nov 2012 14:00:22 GMT | 0 comments

Ransomware is a type of malicious software that disables the functionality of a computer in some way and demands a ransom in order to restore the computer to its original state. Recent variants use law enforcement imagery to add legitimacy to the warning messages. The malware uses geo-location services to determine the location of the computer it is running on and then, after locking the computer displays a message appropriate to that country. The message usually claims that the user has broken the law by browsing some illegal material. Figure 1 is an example of a ransomware variant that displays a message claiming to be from the FBI.

Figure 1. An example of a ransomware message

The message states that in order to unlock the computer, “a fine” must be paid using one of...

Read more
Millions Download SMS Spoofing Code Found on Google Play
Mario Ballano | 05 Nov 2012 19:52:59 GMT | 0 comments

A few days ago, researchers from North Carolina State University published a video demonstrating how an app can simulate the reception of a text message from a spoofed source. SMS spoofing can be used for a number of malicious intentions, including SMS phishing attacks (SMSishing), which could trick someone into providing banking credentials or subscribing to paid services.

The code to perform this action has been publicly documented and in use since August, 2010. However, we have not yet found any instances that use the code for an SMSishing attack. Instead, the vast majority of apps use the code to deliver advertisements, including a couple hundred applications hosted on Google Play.

To send a spoofed SMS message there is no need to send a text message over the air. In fact, a...

Read more
Airpush Begins Obfuscating Ad Modules
Costin Ionescu | 02 Nov 2012 17:15:52 GMT | 0 comments

Many Android apps contain advertising modules provided by third parties in order to monetize their development efforts. Airpush is a company that produces one of the more aggressive advertising modules. Their advertising modules can place ads in the Android notification bar where users are alerted to events such as missed messages or missed phone calls.

Unfortunately, in the most common versions of Android, the notification bar fails to show the user which app actually generated the advertisement. Since these advertisements can appear when the user is not actively using the app, there may be confusion on how to stop the advertisements from appearing in the notification bar. It is worth noting that changes have since been made by both Google and Airpush to better link advertisements directly to apps.

Many users disapprove of this model of advertising which has resulted in a controversy causing waves of not-so-good ratings and comments for some apps. This has prompted...

Read more
LOL Links Wake Up Rage?
Kazumasa Itabashi | 01 Nov 2012 07:44:18 GMT | 0 comments

W32.IRCBot.NG and W32.Phopifas

In a previous blog, my colleague Kevin Savage detailed a social engineering attack that utilized instant messaging applications. While the infection rates of W32.IRCBot.NG and W32.Phopifas have passed their peaks, the modules continue to be updated daily.

The infection routine of these threats has not changed since they were discovered, but the threat authors have added new file-hosting sites to use in order for the threats to be downloaded. W32.IRCBot.NG attempts to steal passwords that are used to log into the file-hosting sites from compromised computers. In addition, some modules are located on the servers of virtual server services and...

Read more
Zero-Day World
Dinesh Theerthagiri | 30 Oct 2012 19:24:00 GMT | 0 comments

Zero-day (zero-hour or day zero) vulnerabilities are previously unknown vulnerabilities that have not been revealed publicly but are exploited by attackers. Discovering and exploiting zero-day vulnerabilities helps cyber criminals to increase the success rate of attacks. Attacks using zero-day exploits are tough to identify and analyze because in many cases information is not available until attacks have already occurred. There is practically no protection against zero-day attacks as details of the vulnerability is usually a mystery when these attacks are first observed.

In a typical scenario, when a new vulnerability is found, the company who created the hardware or software is notified, and works to produce a fix in a sensible time. A security vulnerability is a programming error that escapes the testing phase. Attackers can sometimes identify the bug, exploit it, and wrap up the exploit with a malicious payload to carry out zero-day attacks against targets of...

Read more