Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
MySpace Shockwave Flash Hack
Eric Chien | 18 Jul 2006 07:00:00 GMT | 0 comments

The recent Yahoo! Mail worm, JS.Yamanner@m , is symptomatic of our increased usage and reliance on Web applications. This past weekend we saw a similar attack, but this time it was on the MySpace social networking site. Web applications are just as vulnerable to certain exploits, and even more so in some cases. In particular, services that allow people to author and post content under the service domain must always neuter any active content such as Javascript. MySpace fails to do so, allowing an attacker to automatically hijack any user's MySpace page as soon as they visit an infected MySpace page.

The attack works by using an embedded Shockwave Flash file. The MySpace site allows members to post embedded content, such as movies and Shockwave Flash files, via an HTML “embed” tag. Shockwave Flash files can contain scripting that is simply a variant of JavaScript (...

Read more
MySpace Shockwave Flash Hack
Eric Chien | 18 Jul 2006 07:00:00 GMT | 0 comments

The recent Yahoo! Mail worm, JS.Yamanner@m, is symptomatic of our increased usage and reliance on Webapplications. This past weekend we saw a similar attack, but this timeit was on the MySpace social networking site. Web applications are justas vulnerable to certain exploits, and even more so in some cases. Inparticular, services that allow people to author and post content underthe service domain must always neuter any active content such asJavascript. MySpace fails to do so, allowing an attacker toautomatically hijack any user's MySpace page as soon as they visit aninfected MySpace page.

The attack works by using anembedded Shockwave Flash file. The MySpace site allows members to postembedded content, such as movies and Shockwave Flash files, via an HTML“embed” tag. Shockwave Flash files can contain scripting that is simplya variant of JavaScript (known as Action...

Read more
Windows Vista: Network Attack Surface Analysis
Oliver Friedrichs | 18 Jul 2006 07:00:00 GMT | 0 comments

I think that it goes without saying that Windows Vista is one of the most important technologies that we will see in the next year. With current versions of Windows appearing on well over 90% of desktop systems, Vista will undoubtedly become the dominant operating system within a few years. The appearance of Windows Vista gives Symantec an interesting opportunity to both perform new research, and to publish the findings of that research. First of all, Vista is a beta operating system, meaning that it is changing at an extremely rapid pace; bugs are getting fixed, and in some cases new ones are introduced. Second, there is more freedom to discuss it because it is being made available explicitly for this purpose (to undergo testing and scrutiny).

With that said, I am very happy to present the Symantec Advanced Threat Research team’s first publicly available research paper: Windows...

Read more
MySpace Shockwave Flash Hack
Eric Chien | 18 Jul 2006 07:00:00 GMT | 0 comments

The recent Yahoo! Mail worm, JS.Yamanner@m , is symptomatic of our increased usage and reliance on Web applications. This past weekend we saw a similar attack, but this time it was on the MySpace social networking site. Web applications are just as vulnerable to certain exploits, and even more so in some cases. In particular, services that allow people to author and post content under the service domain must always neuter any active content such as Javascript. MySpace fails to do so, allowing an attacker to automatically hijack any user's MySpace page as soon as they visit an infected MySpace page.

The attack works by using an embedded Shockwave Flash file. The MySpace site allows members to post embedded content, such as movies and Shockwave Flash files, via an HTML “embed” tag. Shockwave Flash files can contain scripting that is simply a variant of JavaScript (...

Read more
New PowerPoint Zero-day Found: Coincidence or Strategy?
Elia Florio | 17 Jul 2006 07:00:00 GMT | 0 comments

Just a day after Microsoft released theirJuly security bulletins, a new PowerPoint zero-day vulnerability wasdiscovered as part of a targeted and limited attack. It was Tuesday,July 12th, and it was Microsoft’s "patch day". On July 11th, Microsofthad released seven new security bulletins aspart of the standard security life cycle. The following bulletins arerated as “critical” and affect the Microsoft Office suite, which isquickly becoming the next most popular platform exploited by attackers:
• MS06-037 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
• MS06-038 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
• MS06-039 - Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)

Inaddition, the MS06-037 patch was long awaited because it fixes severalExcel...

Read more
The Symantec Advanced Threat Research Team
Oliver Friedrichs | 17 Jul 2006 07:00:00 GMT | 0 comments

Since this is my first Symantec blog entry, I’d like to start things off by giving you some insight into our Advanced Threat Research team, which is a part of the Security Response group here at Symantec. We are responsible for generating all of Symantec’s protection content, which includes antivirus definitions, intrusion detection signatures, spam analysis, phishing site analysis, DeepSight early warning, and vulnerability alerts. Any content that is delivered through LiveUpdate or that drives the protection of Symantec products is delivered by Security Response.

The Advanced Threat Research team has the sole responsibility of researching new and emerging technologies and identifying how those technologies can be attacked. Our goal is fairly simple: to identify areas where attackers will strike next. There is no shortage of things to research, but we are interested specifically in those technologies and threats that will make the most impact within the...

Read more
SMS/MMS: The New Frontier for Spam and Phishing
Ollie Whitehouse | 14 Jul 2006 07:00:00 GMT | 0 comments

I've always wondered why SMS/MMS isn't used more often for spam or other malicious activities (CommWarrior being one notable exception). After talking to people in the industry about this, (that is, the security industry with a cellular or mobile flavor) it became apparent that we all have numerous hypotheses that try to explain the lack of SMS/MMS spam or phishing attacks. Some of the ideas that I've heard over the years include:
a) It costs money to send SMS/MMS messages, whereas to send e-mail it, for all intents and purposes, is free.
b) Any spam originating from a single operator or third party SMS/MMS originator can easily be shut down.
c) There is no need to complicate things as people still fall for e-mail phishing.

These opinions are certainly valid, but I think the tide may be turning, albeit on a very small scale. SMS is...

Read more
New Undisclosed Microsoft PowerPoint Vulnerability
Symantec Security Response | 14 Jul 2006 07:00:00 GMT | 0 comments

Well, it seems that things will never get too boring around here inSymantec Security Response. There is a new, in-the-wild threat runningaround on the Internet that is exploiting a previously undisclosedvulnerability in Microsoft PowerPoint.

In particular,attackers can create specially crafted PowerPoint files to exploit thevulnerability. These files can then be special delivered to yourcomputer via your Inbox as an attachment, or perhaps placed on Webpages for downloading (like a wolf in sheep’s clothing). All you haveto do is open the file—and WHAMMO!—the vulnerability is triggered,potentially allowing the attacker to run his or her code on yourmachine.

At this point in time, we have discovered a Trojan attached to thePowerPoint exploits that we’ve seen in the wild, and made antivirussignatures available for it; the Trojan is detected as Trojan.PPDropper.B....

Read more
SMS/MMS: The New Frontier for Spam and Phishing
Ollie Whitehouse | 14 Jul 2006 07:00:00 GMT | 0 comments

I've always wondered why SMS/MMS isn't used more often for spam or other malicious activities (CommWarrior being one notable exception). After talking to people in the industry about this, (that is, the security industry with a cellular or mobile flavor) it became apparent that we all have numerous hypotheses that try to explain the lack of SMS/MMS spam or phishing attacks. Some of the ideas that I've heard over the years include:
a) It costs money to send SMS/MMS messages, whereas to send e-mail it, for all intents and purposes, is free.
b) Any spam originating from a single operator or third party SMS/MMS originator can easily be shut down.
c) There is no need to complicate things as people still fall for e-mail phishing.

These opinions are certainly valid, but I think the tide may be turning, albeit on a very small scale. SMS is...

Read more
Mac OS X: Viruses and Security
TWoodward | 13 Jul 2006 07:00:00 GMT | 0 comments

Researchers and engineers who are working in the security field musthave strong constitutions—especially when it comes to weatheringnegative backlash and tired conspiracy theories whenever security andMac OS X are mentioned in the same breath. With that in mind, in aneffort to improve the quality of the dialogue, I would like to discusssome important issues regarding Mac OS X and security.

Let’sstart with the hot-button issue of Mac OS X viruses. Simply put, at thetime of writing this article, there are no file-infecting viruses thatcan infect Mac OS X. I see some of you raising a hand or two, wantingto ask me some “but, what about…” types of questions. Indeed, inFebruary of this year, when OSX.Leap.Awas discovered the news headlines declared that it was the “First evervirus for Mac OS X!” Long before the digital ink dried on thosesimplistic and sensational headlines our Security...

Read more