Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Joseph Blackbird | 21 Mar 2007 07:00:00 GMT | 0 comments

As spring quickly approaches, the Internet continues to grow into amore and more complex world driven by commerce. Businesses have longsince moved in and millions of dollars change hands every day online.Along with big business comes organized crime. Perhaps not necessarilythe organized crime immortalized in stories like The Godfather or The Sopranos,but Internet crimes are carried out in an organized way designed toconnect the theft of a single person’s user account credentials to abuyer on the mass market for illegal information. Throughout thisorganization, bots play the leading role.

Bots, once used primarily by their owners to carry out denial ofservice attacks driven by grudges, bragging rights, or politicalmotives, have been firmly incorporated into the toolkit of organizedcrime on the Internet. Bots can do pretty much anything: carry outattacks, host spam relays, carry out DoS attacks, host phishing sites,and log keystrokes on the computer they...

Ron Bowes | 20 Mar 2007 07:00:00 GMT | 0 comments

The default install of OpenBSD is well known to have one of the mostsecure default installations available. The OpenBSD team hastraditionally enjoyed the luxury of claiming to have only a singleremotely exploitable vulnerability the past 10 years. However, CoreSecurity recently discovered a new vulnerability in the IPv6 stack of OpenBSD. As a result, the OpenBSD project had to change the text on their main page to: “Only two remote holes in the default install, in more than 10 years!”

A buffer overflow may be triggered when a fragmented IPv6 packet isreceived. Although this was originally thought by the vendor to be nomore than a denial of service issue, a proof of concept exploit wasdeveloped, proving that the vulnerability is exploitable. The totaltime elapsed between the vulnerability being initially disclosed...

Marc Fossi | 20 Mar 2007 07:00:00 GMT | 0 comments

Six months ago, in the previous volume of Symantec's Internet Security Threat Report,I wrote that we were seeing a shift away from “noisy” worms towardstargeted Trojans that attract less attention. In the second half of2006, this trend remained true, as the volume of Trojans reported bySymantec customers increased and the volume of worms decreased. At thesame time, a lot of these Trojans are becoming more sophisticated.

In the latest edition of the Internet Security Threat Report,we note that multi-stage downloaders, also referred to as modularTrojans, are becoming more prevalent most likely because of theirversatility. The first stage of these downloaders is usually a smallTrojan that disables your security and antivirus applications thendownloads a more complex threat. Since the initial stage disablessecurity applications, the second stage can be almost...

Marc Fossi | 20 Mar 2007 07:00:00 GMT | 0 comments

Six months ago, in the previous volume of Symantec's Internet Security Threat Report,I wrote that we were seeing a shift away from “noisy” worms towardstargeted Trojans that attract less attention. In the second half of2006, this trend remained true, as the volume of Trojans reported bySymantec customers increased and the volume of worms decreased. At thesame time, a lot of these Trojans are becoming more sophisticated.

In the latest edition of the Internet Security Threat Report,we note that multi-stage downloaders, also referred to as modularTrojans, are becoming more prevalent most likely because of theirversatility. The first stage of these downloaders is usually a smallTrojan that disables your security and antivirus applications thendownloads a more complex threat. Since the initial stage disablessecurity applications, the second stage can be almost...

Dean Turner | 19 Mar 2007 07:00:00 GMT | 0 comments

Twice yearly, Symantec publishes a comprehensive report on theoverall worldwide Internet threat landscape. With a dedicated team ofresearchers, authors, and the support of over 1,800 analysts worldwide,the Symantec Internet Security Threat Report has become oneof the largest publicly available reports of its kind.The reportprovides a window into the world of malicious code, network attacks,vulnerabilities, phishing, and spam. With a threat landscape dominatedby data theft, data leakage, fraud, and coordinated criminal activity,the team behind the report recognized the importance of looking notjust at the types and volume of the attacks, but how, where, and whythey take place. For the first time in this report, we discuss not onlythe root causes behind these types of activities, but where theseactivities take place in the world and what they’re worth in anunderground economy.

We’ve seen a gradual process where blended threats have morphed froma single attack...

Dean Turner | 19 Mar 2007 07:00:00 GMT | 0 comments

Twice yearly, Symantec publishes a comprehensive report on theoverall worldwide Internet threat landscape. With a dedicated team ofresearchers, authors, and the support of over 1,800 analysts worldwide,the Symantec Internet Security Threat Report has become oneof the largest publicly available reports of its kind.The reportprovides a window into the world of malicious code, network attacks,vulnerabilities, phishing, and spam. With a threat landscape dominatedby data theft, data leakage, fraud, and coordinated criminal activity,the team behind the report recognized the importance of looking notjust at the types and volume of the attacks, but how, where, and whythey take place. For the first time in this report, we discuss not onlythe root causes behind these types of activities, but where theseactivities take place in the world and what they’re worth in anunderground economy.

We’ve seen a gradual process where blended threats have morphed froma single attack...

Eric Chien | 16 Mar 2007 07:00:00 GMT | 0 comments

One of the principles behind malware is that it follows technologyand mainstream culture. If ninety percent of the world was using theEricOS, the vast majority of threats would be designed to run on theEricOS because otherwise the threat would have nothing to infect.

In China, online computer usage patterns affect the types of malwareSymantec sees there. In particular, if you walk into an Internet cafein China, rarely do you see people using search engines like Google oron Web sites like MySpace. Instead, the vast majority of people haveheadphones on and are playing online games such as Lineage or World ofWarcraft.

Thus, Symantec sees a lot of Infostealers that attempt to stealcredentials for these types of online games. Once credentials arestolen, the hacker logs into the account, steals the virtual items, andthen attempts to sell them for real money through various boardsoutside the virtual gaming world.

An example of this threat is Lingling (...

Eric Chien | 16 Mar 2007 07:00:00 GMT | 0 comments

One of the principles behind malware is that it follows technologyand mainstream culture. If ninety percent of the world was using theEricOS, the vast majority of threats would be designed to run on theEricOS because otherwise the threat would have nothing to infect.

In China, online computer usage patterns affect the types of malwareSymantec sees there. In particular, if you walk into an Internet cafein China, rarely do you see people using search engines like Google oron Web sites like MySpace. Instead, the vast majority of people haveheadphones on and are playing online games such as Lineage or World ofWarcraft.

Thus, Symantec sees a lot of Infostealers that attempt to stealcredentials for these types of online games. Once credentials arestolen, the hacker logs into the account, steals the virtual items, andthen attempts to sell them for real money through various boardsoutside the virtual gaming world.

An example of this threat is Lingling (Lingling means...

Peter Ferrie | 15 Mar 2007 07:00:00 GMT | 0 comments

Pop quiz. What do all of these viruses have in common?

- Shrug (2001)
- OU812 (2001)
- Chthon (2002)
- EfishNC (2002)
- Gemini (2002)
- EfishNC.B (2002)
- JunkMail (2002)
- Pretext (2002)
- EfishNC.C (2002)
- Conscrypt (2003)
- Croissant (2003)
- JunkHTMail (2003)
- Shrug!IA64 (2004)
- Shrug!AMD64 (2004)
- Shrug!IA32/AMD64 (2004)
- Macaroni (2005)
- Macaroni.B (2005)
- Macaroni.C (2005)
- ACDC (2005)
- Charm (2005)
- JunkMail.B (2005)
- Hidan (2005)
- Screed (2006)
- Starbucks (2006)
- Boundary!IA32 (2006)
- Boundary!AMD64 (2006)
- Idiotic (2006)
- MachoMan!IA32 (2006)
- MachoMan!PPC (2006)
- Stutter (2007)

Apparently, they are all written by the same person, a virus writerwho goes by the name of roy g biv. (Please note that the names aboveare the names given by the virus writer.) The question, though, is howlikely is it that...

Kelly Conley | 14 Mar 2007 07:00:00 GMT | 0 comments

Replica watches are all the rage these days. It seems with all the spam that I’ve seen lately about replica watches, they are the "must have" of the season. Come get your replica watch at hundreds and sometimes thousands of dollars off the retail price of the authentic version!

Replica watches are not a new thing. No, they have been hawked on the Internet and streets of major cities for a long, long time. What we at Symantec have recently been seeing, is wave after wave of email spam regarding replica watches over the past few days. Most of these attacks have been high in volume.

What specifically are theses spammers hawking? Replicas of Rolex, Cartier, Breitling, Omega, Hermes, and many other top brands. When you click on the link provided in the spam emails, the intent of the spammers becomes obvious as you are taken to Web sites with large pictures of the wares that they are trying to sell. Every time I open a link to a replica site, I can almost hear the...