Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with 11.x
Showing posts in English
A Reminder about Rootkits
John H | 18 Jan 2012 17:47:22 GMT | 0 comments

 

Rootkit stories show up in the mainstream media on a regular basis these days. While these stories raise public awareness about what the bad guys are doing, they usually leave readers wondering what they can do to protect themselves from silent threats infecting their computers at home and in the office. 
Broadly defined, a rootkit is any software that acquires and maintains privileged access to the operating system (OS) while hiding its presence by subverting normal OS behavior. A rootkit typically has three goals: 
 
  1. A rootkit wants to be able to run without restriction on a target computer. 
  2. It wants to elude being detected by the computer or an installed security product. 
  3. It wants to deliver its payload, such as stealing passwords or network bandwidth, or installing other malicious software.
 
So what can you do (other than re-build your computer...
Read more
Spammers Mark 10th Anniversary of 9/11
Samir_Patil | 09 Sep 2011 21:50:48 GMT | 0 comments

Thanks to Vivek Krishnamurthi for contributing to this blog.

Every sensitive event is an opportunity to exploit. With this motive in the background, it is not surprising to see spammers exploit 9/11.  With the 10th anniversary of the tragedy just a day away, spammers want to make the best use of this emotionally charged environment. 

Here are two examples of scams that Symantec has noticed in recent days that attempt to exploit the emotional scars left by 9/11:
 
First email example exploiting 9/11
Figure 1: First email example exploiting 9/11
 
 
Second email example exploiting 9/11
Figure 2: Second email example exploiting 9/11
 
The first sample tries to entice...
Read more
I Think I Know You – Part 2
Kevin Haley | 19 Aug 2011 16:30:16 GMT | 0 comments

 

In 2004, Massachusetts Senator Edward “Ted” Kennedy was refused an airline boarding pass by the Transportation Security Administration (TSA) on five different occasions. Despite being from one of the most famous families in American politics, not to mention being a U.S. Senator, he still appeared on a no-fly list designed to prevent terrorists from boarding airplanes. This was a mistake; one that took three weeks to clear up. No explanation was ever publicly given. One has to assume that there was someone else, presumably a suspected terrorist, with a similar name.
 
I was reminded of that incident at Black Hat, where Alessandro Acquisti from Carnegie Mellon University presented a paper called, “Faces of Facebook: Privacy in the Age of Augmented Reality” (which is also the starting point for the...
Read more
I Think I Know You
Kevin Haley | 18 Aug 2011 21:52:19 GMT | 0 comments

 

An increasing number of photo sharing and social networking sites have facial recognition software to help users identify and “tag” people in photos. I don’t have much use for this type of feature; for me looking at old photos is more about pleasant discoveries than efficient searches. But I can see where people would find it useful. Whether you like the feature or not, it does provide compelling proof that the technology, while less than perfect, is viable and cheap. After all, this feature is implemented in essentially free software.  
 
Facial recognition software is also popular with law enforcement agencies as a way to catch criminals and terrorists.  In fact, they are already using it to  catch the  bad guys. And given the ongoing investment from government(s), we are going to see facial recognition systems that are bigger, better, and faster in the coming years.  More on that in a future...
Read more
Global Debt Crises News Drives Pump-and-Dump Stock Scams
Samir_Patil | 10 Aug 2011 23:56:59 GMT | 0 comments

 

Just as they sound, pump-and-dump stocks are promoted (pumped) by their owners in order to inflate the price of the stocks as much as possible so that they may then be sold (dumped) before their valuation crashes back to reality. The spam for these scams tries to convince the prospective mark that the penny stock is actually worth more than its valuation, or that it will soon skyrocket. Most of these claims are either misleading or false. 
 
In a successful campaign, the deluge of spam will help artificially drive up the price of the stock to a point where the scammers decide to sell their shares. This usually coincides with them ending the spam campaign, which in turn reduces the interest in the stock, helping to drive its valuation back to its original low price (which can also be exploited in the market). A well-executed pump-and-dump spam campaign can produce substantial profits for the scammers in a matter of days.
...
Read more
Microsoft Patch Tuesday - August 2011
Robert Keith | 09 Aug 2011 20:02:05 GMT | 0 comments

Hello and welcome to this month’s blog on Microsoft's patch releases. This is an average month—the vendor is releasing 13 bulletins covering a total of 22 vulnerabilities.

Three of the issues are rated critical and they affect Internet Explorer and Windows DNS. The DNS issue could allow an attacker to take complete control of an affected computer. The remaining issues—rated important to moderate—affect Internet Explorer, Windows, Windows DNS, Visio, Visual Studio, and the Windows kernel.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available;
  • Run all software with the least privileges required while still maintaining functionality;
  • Avoid handling files from unknown or questionable sources;
  • Never visit sites of unknown or questionable integrity;
  • Block external access at the network perimeter to all key systems unless...
Read more
Phishing Brazilian Brands
Mathew Maniyara | 28 Jul 2011 17:28:28 GMT | 0 comments

Symantec keeps track of the brands targeted by phishing and monitors trends in the countries in which the brand’s parent company is based. Over the past couple of months, phishing sites have been increasingly targeting Brazilian brands. In May and June, the number of phishing sites on Brazilian brands made up about 5 percent of all phishing sites. This is an increase of nearly three times that of the previous month. The phishing Web pages were in Brazilian Portuguese. The most targeted brand in these phishing sites was a social networking site.

 
Below are some noteworthy statistics on the trend observed:
 
  • The majority of the phishing on Brazilian brands, approximately 58 percent, used IP domains (e.g., domains such as hxxp://255.255.255.255). 
  • Twelve Web-hosting sites were used to host 4 percent of the phishing sites on Brazilian brands.
  • There were several banks attacked in phishing and...
Read more
Lesser-Known Occasions Promote Meds in Spam Scams
Samir_Patil | 20 Jul 2011 18:46:23 GMT | 0 comments

What is a spammer’s route to success?  When he manages to bypass the labyrinth of spam filters to reach your inbox!  But with filters becoming more advanced by the day, spammers have to continuously re-invent their attacks. The next question is, then, “What’s the new trend now?” 

Well, as far as pharma-spam goes, spammers are no longer content to just flog meds. Now, it’s a med for EVERY occasion. It doesn’t matter if the occasion is special or not. After all, it is the user who makes the occasion special.
 
Symantec has detected a range of email spam messages promoting the sale of pharmaceuticals for different occasions, ranging from the Cannes Festival to little-known Catholic saint feast days. (The Catholic Church commemorates and dedicates each calendar day to a saint.) Bulk spam mails of this sort are sent daily to millions of people across the globe. Some of the events and...
Read more
Android Threat Trend Shows That Criminals are Thinking Outside the Box
Irfan Asrar | 18 Jul 2011 19:54:16 GMT | 0 comments

A quick online search would reveal a number of articles declaring any one of the last few years as being the “year of mobile malware.” Conversely, these searches also reveal claims that the same years are not going to be the year of mobile malware. These search results go back as far as the early part of the decade. The contradictory nature of these bold predictive headlines could be explained by the fact that the articles are typically written at the beginning of each year—and who knows what the year may hold at the outset?

But, if the criteria to qualify 2011 as the real "year of mobile malware" was to be challenged, then surely the events of the past few weeks alone should be enough to justify the fact that this year truly has seen considerable seismic activity that has shifted the tectonic plates of the mobile threat landscape.
 
...
Read more
News Links That 419 Scammers Have Used The Most
Mayur Kulkarni | 23 Jun 2011 16:37:16 GMT | 0 comments

When scammers try to gain sympathy from the email readers or to entice them with huge amount of money, they will usually mention a tragedy or, any event that attracted huge public attention. They may also want the users to read additional information, therefore a URL from a well-known news site is also provided. This addition of a link may assure a reader that the email is genuine, and some action needs to be taken in response to the email. Toward the end of the email scam, an appeal to help the victims is made if it is a tragic event. This message will also provide contact information in the form of email addresses, phone or fax numbers.

Anti spam filters will find it easier to block the news URLs in the scam message because, although they are legitimate, these are old news items and should ideally not be in circulation for any reason.

For the sake of curiosity, we went through our active filters to check such news URLs and surprisingly found some of the filters...

Read more