Video Screencast Help
Security Response
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Oliver Friedrichs | 28 Feb 2007 08:00:00 GMT | 0 comments

Last July, I discussed how Windows Vista™ was one of the mostimportant technologies that we would see in 2007. Last year, SymantecAdvanced Threat Research released four research papers on the then betaversion of Windows Vista. These papers provided a security analysis ofthe new Windows Vista network stack, user-mode security defenses,kernel-mode security technologies, and the Teredo protocol—a key IPv6over IPv4 transition technology in Vista. Being one of the firstthird-party assessments on the progression of Windows Vista security,these papers were extremely well received in the technology industry.

Fast forward to today, and Windows Vista has now been released tobusinesses and consumers alike. Throughout its release, Symantec hastracked the evolution of Vista very closely and continued to assess itspotential in defeating today’s attackers. We’ve documented our findingsin a series of six research papers that are being released in thecourse of the next week. The goal of this...

Oliver Friedrichs | 28 Feb 2007 08:00:00 GMT | 0 comments

Last July, I discussed how Windows Vista™ was one of the mostimportant technologies that we would see in 2007. Last year, SymantecAdvanced Threat Research released four research papers on the then betaversion of Windows Vista. These papers provided a security analysis ofthe new Windows Vista network stack, user-mode security defenses,kernel-mode security technologies, and the Teredo protocol—a key IPv6over IPv4 transition technology in Vista. Being one of the firstthird-party assessments on the progression of Windows Vista security,these papers were extremely well received in the technology industry.

Fast forward to today, and Windows Vista has now been released tobusinesses and consumers alike. Throughout its release, Symantec hastracked the evolution of Vista very closely and continued to assess itspotential in defeating today’s attackers. We’ve documented our findingsin a series of six research papers that are being released in thecourse of the next week. The goal of this...

Brian Hernacki | 27 Feb 2007 08:00:00 GMT | 0 comments

Today most of the identity oriented transactions on the Internet are done via plain old HTML forms and, if we're lucky, over SSL. And once again, something that seemed sufficient at first, is showing strain as usage grows. HTML/HTTP ends up providing a pretty clumsy and inadequate way to do identity transactions. It offers a poor user experience and wasn't really designed with security in mind. This has contributed to much of the grief over fraud, phishing, etc. Our primary defense mechanism against such threats has historically been the SSL certificate, but we know users don't read those. We also know users don't look too carefully at URLs (even when they are not obsfucated). Some of the...

Masaki Suenaga | 26 Feb 2007 08:00:00 GMT | 0 comments

A fake installer for the Korean version of ALZIP – a commercial archiver application and a component of the ALTOOLS series created by ESTsoft Corp – was recently discovered, which Symantec detects as Trojan.Dropper.

When the fake installer is executed, it displays the same window as the genuine application and then installs the genuine archiver. During installation, it drops another executable file, which in turn drops Backdoor.Trojan and Hacktool.Keylogger. These two files are hidden by a third dropped file detected as Hacktool.Rootkit.

The rootkit does not hide the files in Safe Mode however. The files are:
%System%\yoorycom.d1l
%...

Eric Chien | 26 Feb 2007 08:00:00 GMT | 0 comments

A variety of bulletin boards are being spammed with the message to visit mailfreepostcards.com (don't visit that domain!) for a fun video. However, when visiting that site, users are prompted to download an executable. Message board spam is nothing new, but what is different about this message board spam is the spam text is actually integrated into legitimate messages posted by real users.

Posters are infected with an updated version of Trojan.Mespam, which is downloaded by Trojan.Peacomm. This threat has the ability to watch all your network traffic via a layered service provider (LSP) and when it notices you posting to a bulletin board, it modifies your posting to include the spam text.

Trojan.Mespam can not only inject text into your outgoing...

Luis Navarro | 26 Feb 2007 08:00:00 GMT | 0 comments

I recently received a call from a friend who had set up an online payment reception service with a well-known provider so he could receive payments through his Web site. "I’ve got a question – there is a charge for $300 for some computer equipment that I did not order, what’s happening?" After going through the more obvious questions, I asked him: "What is your password?" It turns out his password was, literally, “password.” Someone just entered his account name, guessed the password, and now could use his account for online shopping. This is a rather extreme example, but it illustrates very well the need for strong passwords.

Adherence to stated password policies is something I get asked about quite a bit by clients looking to implement a Security Awareness Program. A weak password can disable a reasonable security infrastructure, effectively bypassing other security measures that have been implemented. Although other methods for user authentication...

Shunichi Imano | 24 Feb 2007 08:00:00 GMT | 0 comments

In last Friday's blog titled Hello Screen Saver, Sayonara Files, we reported about Trojan.Pirlames, which can be obtained through peer-to-peer file-sharing networks.

Today, we found a couple of similar Japanese Trojans; Trojan.Haradong.B and Trojan.Pirlames.B.

Trojan.Haradong.B masquerades as a Windows screen saver file or .avi file with the following file names:

...

Liam O Murchu | 23 Feb 2007 08:00:00 GMT | 0 comments

Mirror, mirror on the wall, who is the lamest of them all? The attacker behind this scheme hopes to find out where all the l4m3rs are (his words not mine). In a classic social engineering attack, customers have been reporting that they have received an unusual piece of spam recently.

The mail is supposedly from a hosting or collocation company and says something along the lines of this:

Dear COMPANYNAME Inc. Valued Members,

Regarding our new security regulations, as a part of our yearly maintenance we have provided a security guard script in the attachment.

So, to secure your Web sites, please use the attached file and (for UNIX/Linux Based servers) upload the file "guard.php" in: "./public_html"
or (for Windows Based servers which use ASP) upload the file "guard.asp" in: "./wwwroot" in your site.
[instructionsincluded]
Thank you for using our services and products. We look...

Hon Lau | 23 Feb 2007 08:00:00 GMT | 0 comments

Today we received samples of a Japanese Trojan called Trojan.Pirlames, which masquerades as a Windows screen saver file. This Trojan is likely to be spread through file-sharing networks such as Winny, which is highly popular in Japan. We have seen the following file name being used so far:

Master of epic the animation age OP∩+ Miracle Episode I (MP3 128kbps ⌠-⌠TΓWΓΓΓPΓbΓg≥t).zip[MANY SPACE CHARACTERS].SCR

When executed, the Trojan will display an image that warns the user against the use of Winny. One example contains a message that roughly says: "Even though Mr Kaneko (Creator of Winny) was found guilty, you are still using Winny. I really hate these kinds of people."

p2.jpg

In another example, the "...

Liam O Murchu | 23 Feb 2007 08:00:00 GMT | 0 comments

Mirror, mirror on the wall, who is the lamest of them all? Theattacker behind this scheme hopes to find out where all the l4m3rs are(his words not mine). In a classic social engineering attack, customershave been reporting that they have received an unusual piece of spamrecently.

The mail is supposedly from a hosting or collocation company and says something along the lines of this:

Dear COMPANYNAME Inc. Valued Members,

Regarding our new security regulations, as a part of our yearlymaintenance we have provided a security guard script in the attachment.

So, to secure your Web sites, please use the attached file and (forUNIX/Linux Based servers) upload the file "guard.php" in:"./public_html"
or (for Windows Based servers which use ASP) upload the file "guard.asp" in: "./wwwroot" in your site.
[instructionsincluded]
Thank you for using our services and products. We look forward to providing you with a unique and high quality...