Video Screencast Help

Security Response

Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Daniel Regalado | 25 Oct 2013 23:11:17 GMT

backdoor ploutus head.jpg

 

On September 4, 2013, we were the first to discover and add detections for a new malware targeting ATMs named Backdoor.Ploutus, as reported by our Rapid Release Definitions. Recently, we identified a new variant of this threat and realized that it has been improved and translated into English, suggesting that the ATM software is now being used in other countries.

Symantec added a generic detection for this new variant as Backdoor.Ploutus.B on October 25, 2013, so Ploutus can be...

Ben Nahorney | 22 Oct 2013 19:42:40 GMT

It can all start with what looks like an innocuous email containing a link to a potential job opportunity. Or perhaps it’s an unexpected phone call from someone claiming to be a high-ranking employee, asking you to process an invoice sent by email. It may even be lying in wait behind a website you frequently visit for work.

In many ways, targeted attacks have become public enemy number one in the corporate world, if anything, just for the potential havoc a successful attack can wreak. Stolen intellectual property, a loss of faith by customers, or simply general embarrassment are just a few of the potential outcomes of these attacks.

In this month’s Symantec Intelligence Report we take a detailed look at targeted attacks in 2013. While new techniques have yet to...

Satnam Narang | 22 Oct 2013 14:01:06 GMT

Following media reports that Twitter has restricted URLs in direct messages, spammers found a way around this restriction this weekend in order to push diet pill spam links.

Fig1_5.png

Figure 1. A direct message sends users to the tweet containing the spam link

We first noticed this when someone we follow on Twitter, who has never followed us before, started following us. Shortly after receiving the notification that we had a new follower, we received a direct message from the user.

Fig2_3.png...

Kevin Savage | 22 Oct 2013 10:36:43 GMT

While Ransomlock Trojans have plagued the threat landscape over the last few years, we are now seeing cybercriminals increasingly use Ransomcrypt Trojans. The difference between Ransomlock and Ransomcrypt Trojans is that Ransomlock Trojans generally lock computer screens while Ransomcrypt Trojans encrypt (and locks) individual files. Both threats are motivated by monetary gains that cybercriminals make from extorting money from victims.

Recently, a new threat detected by Symantec as Trojan.Cryptolocker has been growing in the wild. Trojan.Cryptolocker encrypts data files, such as images and Microsoft Office documents, and then demands payment through Bitcoin or MoneyPak to decrypt them—all within a countdown time period. This Ransomcrypt Trojan uses strong encryption algorithms which make it almost...

Candid Wueest | 16 Oct 2013 15:39:32 GMT

cubes_concept02.png

If Hollywood is to be believed, we will all one day be living in a future filled with robots, or less likely, zombies. Robots are everywhere in our predicted future. A common theme on the silver screen is the artificial intelligence mastermind attempting to take over the world. Another is of robots transforming into alternate shapes or robots with the ability to self-repair. Sadly, we are not yet at the stage where cars can transform into fighting robots while doing a front flip in slow motion to a heavy rock soundtrack, but we are getting closer. Researchers at MIT recently presented their exciting new creations, M-Blocks, signalling a new stage of self assembling robots.

The MIT modular robot cubes can rearrange themselves using internal flywheels...

Andrea Lelli | 15 Oct 2013 00:28:33 GMT

Contributor: Satnam Narang

Previously we blogged about Backdoor.Egobot and outlined how it targets specific industries while maintaining a low profile. The cybercriminals behind Egobot may also have developed Infostealer.Nemim for a more widespread and prevalent campaign. Despite a difference in scope, both threats steal information from compromised computers and there are indications these two threats originate from the same source.
 

Nemim components

Symantec detected Nemim in the wild as early as the fall of 2006. One of the earliest samples contained a timer mechanism to determine when to remove itself from the compromised computer. Removal was conditional and tied to a fixed date or based on the number of times the...

Jeet Morparia | 15 Oct 2013 00:26:06 GMT

Attackers use four golden rules in order to drop malicious payloads and steal information

Daniel Regalado | 11 Oct 2013 23:05:17 GMT

Contributor: Val S

Mexican ATMs 1.jpg

It’s well-known that organized crime in Mexico is always finding new ways to steal money from people.  Automatic teller machines (ATMs) are one of the common targets in this effort, but the challenge there is actually getting the money out of the machine. The three most common ways to accomplish this are:

  1. Kidnapping: Criminals kidnap a person for as long as it takes to withdraw all the money from their account. The time depends on the money available in the account since normally there is a limit on the amount allowed to be dispensed per day.
  2. Physically stealing the ATM: Criminals remove the ATM and take it to a location where they can go to work accessing the cash inside. In this scenario, the loss of cash is only one consequence as the criminals...
Symantec Security Response | 09 Oct 2013 14:08:36 GMT
In Microsoft’s Patch Tuesday for October 2013, the company released MS13-080 to address two critical vulnerabilities that have been actively exploited in limited targeted attacks. The first critical vulnerability in Internet Explorer, the Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893), was discussed in an earlier Symantec blog.
 
The second critical vulnerability for Internet Explorer is the Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3897). In a blog post from...
Avdhoot Patil | 09 Oct 2013 12:25:44 GMT
Contributor: Daniel Regalado Arias
 
Phishers frequently introduce bogus applications to add new flavor into their phishing baits. Let’s have a look at a new fake app that phishers are leveraging. In this particular scam, phishers were trying to steal login credentials, but their means of data theft wasn’t with the phishing bait alone. Their ploy also used malware for harvesting users’ confidential information. The phishing site spoofed the login page of Facebook and was hosted on a free web hosting site.
 
figure1_0.png
Figure 1: The phishing site that spoofed the appearance of Facebook’s login page
 
The phishing site boasted that the application would enable users to view a list of people who visited their profile page. The site offered two options...