Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with 11.x
Showing posts in English
Mayur Kulkarni | 23 Jun 2011 16:37:16 GMT

When scammers try to gain sympathy from the email readers or to entice them with huge amount of money, they will usually mention a tragedy or, any event that attracted huge public attention. They may also want the users to read additional information, therefore a URL from a well-known news site is also provided. This addition of a link may assure a reader that the email is genuine, and some action needs to be taken in response to the email. Toward the end of the email scam, an appeal to help the victims is made if it is a tragic event. This message will also provide contact information in the form of email addresses, phone or fax numbers.

Anti spam filters will find it easier to block the news URLs in the scam message because, although they are legitimate, these are old news items and should ideally not be in circulation for any reason.

For the sake of curiosity, we went through our active filters to check such news URLs and surprisingly found some of the filters...

khaley | 20 Jun 2011 23:57:14 GMT

Troy Hunt, a Microsoft MVP, has done some terrific analysis of the passwords people use. Unfortunately, what has made this possible is the recent trend in hacktivism whereby it is common for hackivists to post the spoils of their attacks online to generate publicity and shame the company being attacked. While this has been bad news for the companies and their customers, it has provided a rich data set for researchers to analyze. The results from Troy’s research are pretty interesting. Rather than rehash the results here, I’ll let you read them yourself:

What struck me while reading the blog is how much we know about what kind of passwords people create and how little we’ve been able to make practical use of any of this knowledge. Sure we all run off and write blogs about how people need to make their...

Cathal Mullaney | 20 Jun 2011 18:05:30 GMT

Backdoor.Bifrose first came to our attention in 2004. It is a remote administration backdoor tool that allows unauthorized access to a compromised computer. Once installed, the malware has a range of capabilities, including:  running processes, opening windows, opening a remote shell, stealing system information (such as passwords, and video game serial numbers), generating screen captures, and capturing video from a webcam, among other functionality. While Bifrose has been analyzed in the past, one of the more interesting features of the Trojan has been neglected or overlooked in most write-ups and analysis of the malware: its optional use of the Tor network. Tor, from the overview on their site:

“Is a network...

Samir_Patil | 17 Jun 2011 17:11:23 GMT

Harry Potter and the Deathly Hallows - Part 2 is the last movie of Harry Potter novel series and is being released globally on July 15. The movie has another few weeks before it appears in theaters and it has already become a hot topic for spammers. Symantec reported similar spam activity previously for Part-1 in the blog Harry Potter and The Deadly Hallows of Spam.

In the spam sample below related to the new release, spammers are offering free tickets to Part 2. The message says the offer is valid only in the U.S. and that there are limited supplies of the tickets. The email header shows an example of header spoofing, whereby the email purports to originate from the official Harry Potter site. “From: "Movie Tickets" resolves to “harrypottermovie@removed_address”


Stephen Doherty | 16 Jun 2011 19:13:35 GMT

Malware authors move fast. Following on from the previous blog post on Bitcoin botnet mining, we have seen a recent Trojan in the wild targeting Bitcoin wallets. The Trojan is Infostealer.Coinbit and it has one motive: to locate your Bitcoin wallet.dat file and email it to the attacker. This is not surprising considering the potential values in a Bitcoin wallet. We have also discovered source code on underground forums which locates the wallet and, using FTP, uploads it to the attacker's servers.

infostealer.coinbit code to send Bitcoin wallet info to attacker
Figure 1. Code snippet found on underground forums to steal...

Peter Coogan | 16 Jun 2011 17:49:11 GMT

A digital currency known as Bitcoin (BTC) has been causing a bit of a media stir of late due to its use for illicit purposes. Some readers of this blog will be familiar with and have used a digital currency of some form in the past to purchase goods online. Some may even remember failed digital currencies such as e-gold, which had operations suspended by US authorities after its proprietors were indicted on four counts of violating money laundering regulations back in 2007. With Bitcoin, we now have another multi-million dollar digital currency market without any central authority for regulation. (An in-depth explanation of Bitcoins is...

Michael Ling | 16 Jun 2011 15:25:25 GMT
Do I know who I’m dealing with, and is my communication secure? Those are the two things anyone going online wants to know, especially if they’re banking, shopping or otherwise sharing confidential personal or financial data. That’s because many online users are concerned about identity theft, data breaches and worse – and if they’re not, they should be! 
When users see something on a website that makes them suspect the site isn’t secure, they often abandon the transaction. To circumvent this protective reaction, cybercriminals have become devilishly ingenious and can simulate genuine websites with astonishing accuracy. It’s therefore increasingly difficult to tell the good guys from the bad. Knowing the visual cues for safe and unsafe websites alike is essential for anyone to know whom to trust with their data and business. 
We’ve created a short 10 question...
khaley | 10 Jun 2011 15:37:42 GMT

I believe that we have reached a saturation point.  You know how, after heavy rain, the ground can’t absorb any more water and it begins to pool on the ground? We’ve reached that point with security incidents.  

The bad guys just can’t pump out new malware any faster. Check out the Norton Cybercrime Index.  The trends for 2011 are pretty much flat. The explosive growth in malware we’ve seen in the previous 10 years is just not sustainable. Maybe new hacker tools will come along, new propagation methods, or more platforms, or more people to infect.  But for now, things are beginning to stagnate.  
This is not to say the problem is going away.  There were 286M new malware variants in 2010. 286 million! But even that mind-...
Samir_Patil | 09 Jun 2010 18:43:15 GMT
Social networks focus on building relationships/connections among people who share interests, information and activities. Attackers on phishing expeditions exploit these relationships through social engineering tricks. One ruse that  Symantec has observed recently attempts to exploit the "groups" function of a social networking site. (For other recent attack trends on social networking sites, please see "Users of Social Networking Websites Face Malware and Phishing Attacks."
The issue with gaming the groups function is that some groups inappropriately compel users to invite their friends. Receiving these unwanted invites is unpleasant for both the group users and their friends. Some groups exhort the user with compelling remarks such as, “Don’t forget to invite your friends - without inviting it...
Robert Keith | 08 Jun 2010 19:35:22 GMT

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly busy month—the vendor is releasing 10 bulletins covering a total of 34 vulnerabilities.

Six of the issues are rated “Critical” and affect Data Analyzer ActiveX, Internet Explorer 8 Developer Tools, Internet Explorer, and Windows. All of the “Critical” issues are client-side and can result in remote code-execution in the context of the currently logged-in user if an attacker can trick an unsuspecting victim into performing some action. There are also a record number of issues affecting Excel, with 14 vulnerabilities being discovered in that program, 13 of which are remote code execution.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or...