Video Screencast Help
Security Response
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Shunichi Imano | 24 Feb 2007 08:00:00 GMT | 0 comments

In last Friday's blog titled Hello Screen Saver, Sayonara Files, we reported about Trojan.Pirlames, which can be obtained through peer-to-peer file-sharing networks.

Today, we found a couple of similar Japanese Trojans; Trojan.Haradong.B and Trojan.Pirlames.B.

Trojan.Haradong.B masquerades as a Windows screen saver file or .avi file with the following file names:

...

Liam O Murchu | 23 Feb 2007 08:00:00 GMT | 0 comments

Mirror, mirror on the wall, who is the lamest of them all? The attacker behind this scheme hopes to find out where all the l4m3rs are (his words not mine). In a classic social engineering attack, customers have been reporting that they have received an unusual piece of spam recently.

The mail is supposedly from a hosting or collocation company and says something along the lines of this:

Dear COMPANYNAME Inc. Valued Members,

Regarding our new security regulations, as a part of our yearly maintenance we have provided a security guard script in the attachment.

So, to secure your Web sites, please use the attached file and (for UNIX/Linux Based servers) upload the file "guard.php" in: "./public_html"
or (for Windows Based servers which use ASP) upload the file "guard.asp" in: "./wwwroot" in your site.
[instructionsincluded]
Thank you for using our services and products. We look...

Hon Lau | 23 Feb 2007 08:00:00 GMT | 0 comments

Today we received samples of a Japanese Trojan called Trojan.Pirlames, which masquerades as a Windows screen saver file. This Trojan is likely to be spread through file-sharing networks such as Winny, which is highly popular in Japan. We have seen the following file name being used so far:

Master of epic the animation age OP∩+ Miracle Episode I (MP3 128kbps ⌠-⌠TΓWΓΓΓPΓbΓg≥t).zip[MANY SPACE CHARACTERS].SCR

When executed, the Trojan will display an image that warns the user against the use of Winny. One example contains a message that roughly says: "Even though Mr Kaneko (Creator of Winny) was found guilty, you are still using Winny. I really hate these kinds of people."

p2.jpg

In another example, the "...

Liam O Murchu | 23 Feb 2007 08:00:00 GMT | 0 comments

Mirror, mirror on the wall, who is the lamest of them all? Theattacker behind this scheme hopes to find out where all the l4m3rs are(his words not mine). In a classic social engineering attack, customershave been reporting that they have received an unusual piece of spamrecently.

The mail is supposedly from a hosting or collocation company and says something along the lines of this:

Dear COMPANYNAME Inc. Valued Members,

Regarding our new security regulations, as a part of our yearlymaintenance we have provided a security guard script in the attachment.

So, to secure your Web sites, please use the attached file and (forUNIX/Linux Based servers) upload the file "guard.php" in:"./public_html"
or (for Windows Based servers which use ASP) upload the file "guard.asp" in: "./wwwroot" in your site.
[instructionsincluded]
Thank you for using our services and products. We look forward to providing you with a unique and high quality...

Zulfikar Ramzan | 23 Feb 2007 08:00:00 GMT | 0 comments

The “Emperor’s New Security Indicators” is new well-written researchpaper on the effectiveness of security indicators authored by StuartSchechter (MIT Lincoln Labs), Rachna Dhamija (Harvard University &CommerceNet), Andy Ozment (MIT Lincoln Labs & University ofCambridge), and Ian Fischer (Harvard University). The study describedin the paper finds that several well-known security indicators usuallyfail to help end users make correct security decisions.

In a general sense, it’s accepted and widely acknowledged thatdesigning security indicators and communicating the results is far fromeasy. There have been a number of studies that point out theshortcomings of security tools from a usability perspective.Nonetheless, such published studies are valuable since they really helpquantify how dire the situation is. Also, each of these studies isnaturally unique with respect to the exact conditions used. Since theoutcome can be very sensitive to the underlying conditions, it...

Liam O Murchu | 23 Feb 2007 08:00:00 GMT | 0 comments

Mirror, mirror on the wall, who is the lamest of them all? Theattacker behind this scheme hopes to find out where all the l4m3rs are(his words not mine). In a classic social engineering attack, customershave been reporting that they have received an unusual piece of spamrecently.

The mail is supposedly from a hosting or collocation company and says something along the lines of this:

Dear COMPANYNAME Inc. Valued Members,

Regarding our new security regulations, as a part of our yearlymaintenance we have provided a security guard script in the attachment.

So, to secure your Web sites, please use the attached file and (forUNIX/Linux Based servers) upload the file "guard.php" in:"./public_html"
or (for Windows Based servers which use ASP) upload the file "guard.asp" in: "./wwwroot" in your site.
[instructionsincluded]
Thank you for using our services and products. We look forward to providing you with a unique and high quality...

TWoodward | 22 Feb 2007 08:00:00 GMT | 0 comments

While Microsoft has chosen a scheduled update approach, Apple Inc.releases updates on an "as-needed" basis. While each approach isarguably valid, during Apple's World Wide Developer Conference lastyear, Bud Tribble, VP of Software Technology at Apple addressed whyApple decided on its approach: "There is some controversy in IT shopsasking 'Wouldn’t it be easier if [Apple] could have their securityupdates scheduled on a monthly basis?' We think it’s better to getthose security updates out as soon as we can get them out and not waitfor the next month to roll around."

First out of the gate is "Security Update 2007-002" containing four patches against vulnerabilities discovered during the "Month of Apple Bugs" campaign. (See Aaron Adams' "...

Jeremy Ward | 22 Feb 2007 08:00:00 GMT | 0 comments

If 2006 was the year of NAC, then 2007 is already shaping up to be the year of Risk Management. Perhaps you missed many of the analyst and expert New Year’s predictions of information security evolving into IT Risk Management this year, but a brief walk through RSA’s show floor and a perusal of the product news coverage would have only confirmed 2007’s focus on IT risk.

Similar to NAC’s challenges, there seems to be a good deal of confusion regarding the definition of IT Risk Management and how it is practiced. Fortunately—nearly one year later and after 500+ in-depth interviews with IT executives and business professionals worldwide—Symantec released the results of a new study, the IT Risk Management Report. The report is designed to cut through some of the industry noise and help organizations understand the fundamental elements of IT...

Zulfikar Ramzan | 21 Feb 2007 08:00:00 GMT | 0 comments

n this blog entry, I’ll talk about where malicious software (or malware) can find its place within the lifecycle of phishing attacks. This material accompanies a recent panel I participated in during the American Association for the Advancement of Science Annual meeting. If you attended the panel, this blog will review the points I made. If you missed the panel, then hopefully you’ll get a sense for what I covered.

Phishing: Overview and Motivation. Recall that a phishing attack is one where some illegitimate entity sends you an email posing to be a legitimate entity, like a bank or credit card company. Their goal is typically to get you to click on a link in the email, which directs you to a Web site that appears to be that of the legitimate entity. You are prompted to enter sensitive information, and from that point onward, the information is in the hands of an attacker. Not only can he or she wipe your accounts clean, but that information can then be used...

Zulfikar Ramzan | 21 Feb 2007 08:00:00 GMT | 0 comments

In this blog entry, I’ll talk about where malicious software (or malware) can find its place within the lifecycle of phishing attacks. This material accompanies a recent panel I participated in during the American Association for the Advancement of Science Annual meeting. If you attended the panel, this blog will review the points I made. If you missed the panel, then hopefully you’ll get a sense for what I covered.

Phishing: Overview and Motivation. Recall that a phishing attack is one where some illegitimate entity sends you an email posing to be a legitimate entity, like a bank or credit card company. Their goal is typically to get you to click on a link in the email, which directs you to a Web site that appears to be that of the legitimate entity. You are prompted to enter sensitive information, and from that point onward, the information is in the hands of an attacker. Not only can he or she wipe your accounts clean, but that information can then...