Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Spam Campaigns Take to Tumblr
Ben Nahorney | 16 May 2013 13:15:01 GMT

As the urban legend goes, the bank robber Willie Sutton was asked why he robbed banks. “Because that’s where the money is,” he is attributed as saying. While Sutton has long since distanced himself from the statement, the concept resonates with many people, to the extent that it’s been used to describe principles in accounting and even medicine.  

This principle also holds true in the world of Internet security. In the latest version of the Internet Security Threat Report we discussed the major trends in the spam world, where the percent of spam email continues to decline while more and more social networks are being targeted. Given the growth of social networking in recent years as a means to communicate, this...

Read more
Japanese One-Click Fraud on Google Play Leads to Data Stealing App
Joji Hamada | 16 May 2013 10:07:30 GMT

Since the beginning of the year, a Japanese one-click fraud campaign has continued to wreak havoc on Google Play. The scammers have published approximately 700 apps in total since the end of January. The apps are published on a daily basis and the scammers have invested around US$4,000 in order to pay the US$25 developer fee to publish apps on Google Play.

fig1.png

Figure 1. Total number of developers and apps developed

Dealing with the fraudulent apps has really become a game of cat and mouse. Once the apps are removed from Google Play, the scammers simply publish more under new developer accounts. These are again removed shortly afterwards, but the scammers simply continue to publish more. Most of the apps are removed on the date of publication,...

Read more
Microsoft Patch Tuesday – May 2013
Symantec Security Response | 14 May 2013 19:02:31 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 10 bulletins covering a total of 33 vulnerabilities. Eleven of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the May releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-May

The following is a breakdown of the issues...

Read more
A Phone Call, a Phish, and a Remote Access Trojan
Symantec Security Response | 15 May 2013 08:40:44 GMT

In April 2013, Symantec was alerted to a series of sophisticated social-engineering attacks targeting a limited set of organizations in Europe. The most distinguishing feature of these attacks is that the victim will receive a phone call from the attacker who impersonates an employee or business associate of the organization. The caller spoke in French and asked the victim to process an invoice that they were to receive in an email.

Here is an example of an email that was received during one of the attacks. The email typically contains a malicious link or an attachment, which is actually a variant of W32.Shadesrat, a Remote Access Trojan (RAT).

Email_v2.png

Figure 1. Spear phishing attack email
 

There...

Read more
When Web Servers Serve Evil
Candid Wueest | 13 May 2013 17:51:23 GMT

In the last few months, we have witnessed a rise in the number of cases of modified Web servers that inject malicious redirections into every website that it hosts. One example was the malicious Apache module (Linux.Chapro and Trojan.Apmod) that we blogged about recently. A newer example is Linux.Cdorked, about which our friends at ESET also wrote.

With Linux.Cdorked, instead of adding a malicious Apache module to the configuration list, the attackers instead replaced the main httpd binary file...

Read more
OpUSA Begins Today, Is Your Organization Ready?
Hon Lau | 07 May 2013 21:01:00 GMT

Following on from recent concerted campaigns by Anonymous against Israel on April 7 and Facebook on April 5, the latest target for the online hacktivist collective is the USA and American online interests. Today, hackers and script kiddies of various affiliations are expected to begin a campaign of hack attacks and general online disruption against any target that is related to the USA. From previous activity of this sort, the attackers are generally opportunistic in nature and will aim for the low hanging fruit. Attacks may take various forms including the following:

  • DDoS attacks
  • Hack social media accounts and deface or post fake messages
  • Hack organization websites and deface or steal information and post it as “proof” of breach
  • Hack organization servers and attempt sabotage such as planting disk wiping malware
  • Less likely but plausible scenarios could include attacks against...
Read more
New Internet Explorer 8 Zero-Day Used in Watering Hole Attack
Symantec Security Response | 10 May 2013 20:08:22 GMT

Microsoft has issued Security Advisory 2847140 in response to reports regarding public exploitation of a vulnerability affecting Internet Explorer 8. Other versions such as Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected. Initial reports indicate that a website associated with a department of the US government was compromised to host the exploit in what’s known as a watering hole attack. Upon visiting the site a vulnerable victim would have been redirected to download a back door as the payload.  Symantec products detect the exploit code on the vulnerable site as Trojan.Malscript, Bloodhound.Exploit.494, or...

Read more
Google Glass and Tomorrow's Security Concerns
Symantec Security Response | 07 May 2013 23:17:04 GMT

If you haven’t heard, Google Glass, the latest gadget from the Silicon Valley giant, has set the media and tech world abuzz, with both admiration and controversy surrounding the device. Google Glass was released to the public last week and combines smartphone technology with wearable glasses that is reminiscent of something seen on Star Trek. Public, in this case, actually means beta testers (called Glass Explorers) who had to apply for the chance to purchase the spectacles in advance by writing a 50 word essay using the hashtag, #ifihadglass. Those chosen had the opportunity to purchase the device for $1,500 USD.

Along with the admiration of a device that appears to do everything, comes controversy.  The 8,000 individuals who were able to purchase the device were bound to a restrictive end user license agreement, in which the product would be deactivated and rendered...

Read more
Social Media and Hacktivism: Two Ideas Made for Each Other?
Hon Lau | 01 May 2013 04:17:08 GMT

In today’s connected world, many of us are members of at least one, if not more, social networking services. The influence and reach of social media enterprises, such as Facebook (more than 600M active users per month) and Twitter (more than 140M active users), is staggering and as communications tools they offer a global reach delivering almost instantaneous communications to huge multinational audiences. Social media is attractive for hacktivists because it is a forum for people on the Internet and where big discussions take place. Hijack a forum like this and you have an effective soapbox to get your message across. Hardly a day passes without news of another high profile breach by hacktivists and social media influencers are in the crosshairs. Are...

Read more
What’s in a Password?
Candid Wueest | 30 Apr 2013 05:38:39 GMT

Nearly every week now we can read about a data breach case somewhere, where millions of user accounts and potential other sensitive data has been compromised. Most people are not even shocked by such news anymore, as it is starting to become humdrum.

One of the most common attacks used in such breaches is an SQL injection. This attack has ranked first place on OWASPs Top 10 faults in Web applications for many years. There are several well-known methods to prevent SQL injections, but unfortunately it is still often encountered in productive sites. Furthermore, mis-configured Web servers and vulnerabilities in remote management tools can allow attackers to gain access to systems and read potentially sensitive files.

There has long been a heated discussion about how best to store passwords and that discussion is still ongoing. Most people agree that storing passwords in clear text in a database...

Read more