Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Malware Authors Create Android.Exprespam After Prosecutors Drop Case
Joji Hamada | 07 Jan 2013 15:34:52 GMT | 0 comments

In October 2012, the Tokyo Metropolitan Police arrested a group of five individuals for their involvement in developing and distributing Android malware that collected personal data, but that did not deter at least one group of scammers from doing the same as they continued to lure Android device owners to their malware. The Tokyo District Public Prosecutors Office then dismissed the case in December last year because it was unable to find enough evidence to prove that the five suspects were committing a crime. The dismissal has now led to the creation of yet another Android malware targeting Japanese Android device owners.

Symantec has identified new malware, which we detect as Android.Exprespam that collects personal data, such as the device owner’s phone number as well as names and email addresses, stored in Contacts on the compromised device.  Like previously...

Read more
Elderwood Project Behind Latest Internet Explorer Zero-Day Vulnerability
Symantec Security Response | 03 Jan 2013 22:25:35 GMT | 0 comments


 

In our recent blogs about the latest Internet Explorer zero-day vulnerability, we explained what watering hole attacks are and referenced our research paper about the Elderwood Project. The paper highlights a string of watering hole attacks by the Elderwood group. After revisiting those previous attacks, we have been able to confirm that this latest Internet Explorer zero-day is a continuation of the Elderwood Project.
 

...

Read more
Internet Explorer Zero-Day Used in Watering Hole Attack: Q&A
Symantec Security Response | 31 Dec 2012 21:38:44 GMT | 0 comments

In a recent blog, Symantec reported on a new Internet Explorer zero-day being actively exploited in the wild. Microsoft has since released Security Advisory 2794220 which confirms the Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability (CVE-2012-4792) is a zero-day vulnerability which affects Internet Explorer 8, Internet Explorer 7, and Internet Explorer 6.

The following Q&A briefly outlines what is known about the watering hole attack, the Internet Explorer zero-day, and the protection Symantec has in place.
 

What is a watering hole attack?

A watering hole attack is a method of targeting sites which are likely to be visited by targets of...

Read more
New Internet Explorer Zero-Day Used In Watering Hole Attack
Symantec Security Response | 30 Dec 2012 00:27:55 GMT | 0 comments

 

We have received multiple reports of a new Internet Explorer zero-day vulnerability being exploited in the wild. Initial reports indicate that the website used in these attacks belong to a U.S. based think-tank organization. The site was believed to be compromised and used to serve up the zero day exploit as part of a watering hole style attacks as far back as December 21st.
 
A flash file named today.swf was used to trigger the vulnerability in Internet Explorer. The flash file is detected as Trojan.Swifi and protection has been in place for our customers since December 21st. Further details and analysis will be provided soon.
 
We have carried out in-depth research into watering hole style attacks dating back to 2009. That research and analysis is contained in a paper named...
Read more
Ransomware: Extorting Money by Panic and Pressure
Jeet Morparia | 25 Dec 2012 00:18:58 GMT | 0 comments

We have blogged in the past about Ransomware being a growing menace and that ONE SHOULD NOT PAY RANSOM if affected. Ransomware has now raised its ugly head up once again. Writers of Trojan.Ransomlock.G (a.k.a. Reveton) have updated their locking screen to induce panic and to blackmail the user into paying ransom.

Recently, blogger Kafeine found a ransomware sample which threatens to format and wipe all the documents on the compromised system if the user attempts to unlock the computer manually.
 

...

Read more
Trojan.Stabuniq Found on Financial Institution Servers
Fred Gutierrez | 20 Dec 2012 21:33:27 GMT | 0 comments

Contributor: Alan Neville

Almost a year ago we added detection for a low prevalence Trojan found on servers belonging to financial institutions, including banking firms and credit unions. The Trojan also compromised home computer users and computers at security firms. For easier identification and tracking we recently renamed this threat to Trojan.Stabuniq.
 

Figure 1. Trojan.Stabuniq distribution by type
 

Approximately half of unique IP addresses found with Trojan.Stabuniq belong to home users. Another 11 percent belong to companies that deal with Internet security (due, perhaps, to these companies performing analysis of the...

Read more
Pikspam: An SMS Spam Botnet
Symantec Security Response | 20 Dec 2012 00:07:18 GMT | 0 comments

The recent discovery of an Android SMS spam botnet by Cloudmark, which is detected by Symantec as Android.Pikspam, has gained media attention. While delivering spam by botnets is nothing new, mobile technology has opened up new attack vectors to cybercriminals who are using the proven attack techniques of social engineering and spam with success on mobile devices.

The attack consists of SMS messages advertising free versions of popular games, or possibly to inform you that you have won a prize. Unsuspecting victims who receive the text messages and follow the link can download a Trojanized app from a third-...

Read more
Botnets for the Masses
Val S | 19 Dec 2012 11:02:47 GMT | 0 comments

Not so long ago, aspiring bot-herders, who wanted to get started with a botnet of their own, would have to hang out in the right circles or learn how to make one themselves. If they hung out in the right circles they would be provided with guidance and documentation to get started. If they were creative enough and had enough time and skill they could create their own from scratch.

But what if they didn’t have this skill set, or didn’t hang out in the right circles? Just like everything else, they could pay to have someone do it for them. The following examples of crimeware kits for sale have been found in various places on the Internet. Due to various reasons including, enabling the practice of crimeware and legal issues, we cannot confirm that the items being sold are legitimate.  Some have the characteristics of a scam due to inaccuracies in the description (old versions being touted as new) or pricing that does not reflect the going market rate.

...

Read more
Trojan.Batchwiper Reported in Iran
Symantec Security Response | 16 Dec 2012 21:30:57 GMT | 0 comments

On December 16, 2012, CERTCC-IR posted an advisory regarding a new threat, Trojan.Batchwiper, that wipes disks. We have recovered samples matching the hashes mentioned in their advisory and, based on preliminary analysis, can confirm their findings.

The samples are not sophisticated and will wipe any drives starting with the drive letters D through I, along with files on the currently logged-in user’s Desktop. After deletion, the threat will then run Chkdsk on the drives. The wiping will only occur on the following dates:

  • 12/10/2012
  • 12/11/2012
  • 12/12/2012
  • 01/21/2013
  • 01/22/2013
  • 01/23/2013
  • 05/06/2013
  • 05/07/2013
  • 05/08/2013
  • 07/22/2013
  • 07/23/2013
  • 07/24/2013
  • 11/11/2013
  • 11/12/...
Read more
Microsoft Patch Tuesday - December 2012
Candid Wueest | 11 Dec 2012 17:10:35 GMT | 0 comments

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 12 vulnerabilities. Ten of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the December releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-Dec

The following is a breakdown of the issues...

Read more