Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with 10.x
Showing posts in English
Improving Passwords
Kevin Haley | 20 Jun 2011 23:57:14 GMT | 0 comments

Troy Hunt, a Microsoft MVP, has done some terrific analysis of the passwords people use. Unfortunately, what has made this possible is the recent trend in hacktivism whereby it is common for hackivists to post the spoils of their attacks online to generate publicity and shame the company being attacked. While this has been bad news for the companies and their customers, it has provided a rich data set for researchers to analyze. The results from Troy’s research are pretty interesting. Rather than rehash the results here, I’ll let you read them yourself: www.troyhunt.com/2011/06/brief-sony-password-analysis.html

What struck me while reading the blog is how much we know about what kind of passwords people create and how little we’ve been able to make practical use of any of this knowledge. Sure we all run off and write blogs about how people need to make their passwords harder to...

Read more
A Retrospective "TOuR" of Backdoor.Bifrose
Cathal Mullaney | 20 Jun 2011 18:05:30 GMT | 0 comments

Backdoor.Bifrose first came to our attention in 2004. It is a remote administration backdoor tool that allows unauthorized access to a compromised computer. Once installed, the malware has a range of capabilities, including:  running processes, opening windows, opening a remote shell, stealing system information (such as passwords, and video game serial numbers), generating screen captures, and capturing video from a webcam, among other functionality. While Bifrose has been analyzed in the past, one of the more interesting features of the Trojan has been neglected or overlooked in most write-ups and analysis of the malware: its optional use of the Tor network. Tor, from the overview on their site:

“Is a network of virtual...

Read more
The Last Horcrux Brings More Spam
Samir_Patil | 17 Jun 2011 17:11:23 GMT | 0 comments

Harry Potter and the Deathly Hallows - Part 2 is the last movie of Harry Potter novel series and is being released globally on July 15. The movie has another few weeks before it appears in theaters and it has already become a hot topic for spammers. Symantec reported similar spam activity previously for Part-1 in the blog Harry Potter and The Deadly Hallows of Spam.

In the spam sample below related to the new release, spammers are offering free tickets to Part 2. The message says the offer is valid only in the U.S. and that there are limited supplies of the tickets. The email header shows an example of header spoofing, whereby the email purports to originate from the official Harry Potter site. “From: "Movie Tickets" resolves to “harrypottermovie@removed_address”

...

Read more
All your Bitcoins are ours…
Stephen Doherty | 16 Jun 2011 19:13:35 GMT | 0 comments

Malware authors move fast. Following on from the previous blog post on Bitcoin botnet mining, we have seen a recent Trojan in the wild targeting Bitcoin wallets. The Trojan is Infostealer.Coinbit and it has one motive: to locate your Bitcoin wallet.dat file and email it to the attacker. This is not surprising considering the potential values in a Bitcoin wallet. We have also discovered source code on underground forums which locates the wallet and, using FTP, uploads it to the attacker's servers.

infostealer.coinbit code to send Bitcoin wallet info to attacker
 
Figure 1. Code snippet found on underground forums to steal Bitcoin data via...

Read more
Bitcoin Botnet Mining
Peter Coogan | 16 Jun 2011 17:49:11 GMT | 0 comments

A digital currency known as Bitcoin (BTC) has been causing a bit of a media stir of late due to its use for illicit purposes. Some readers of this blog will be familiar with and have used a digital currency of some form in the past to purchase goods online. Some may even remember failed digital currencies such as e-gold, which had operations suspended by US authorities after its proprietors were indicted on four counts of violating money laundering regulations back in 2007. With Bitcoin, we now have another multi-million dollar digital currency market without any central authority for regulation. (An in-depth explanation of Bitcoins is available on Wikipedia.)

...
Read more
Are You Sure You’re Secure Online? Take Our Survey
Michael Ling | 16 Jun 2011 15:25:25 GMT | 0 comments

 

Do I know who I’m dealing with, and is my communication secure? Those are the two things anyone going online wants to know, especially if they’re banking, shopping or otherwise sharing confidential personal or financial data. That’s because many online users are concerned about identity theft, data breaches and worse – and if they’re not, they should be! 
 
When users see something on a website that makes them suspect the site isn’t secure, they often abandon the transaction. To circumvent this protective reaction, cybercriminals have become devilishly ingenious and can simulate genuine websites with astonishing accuracy. It’s therefore increasingly difficult to tell the good guys from the bad. Knowing the visual cues for safe and unsafe websites alike is essential for anyone to know whom to trust with their data and business. 
 
We’ve created a short 10...
Read more
Puddles
Kevin Haley | 10 Jun 2011 15:37:42 GMT | 0 comments

I believe that we have reached a saturation point.  You know how, after heavy rain, the ground can’t absorb any more water and it begins to pool on the ground? We’ve reached that point with security incidents.  

 
The bad guys just can’t pump out new malware any faster. Check out the Norton Cybercrime Index.  The trends for 2011 are pretty much flat. The explosive growth in malware we’ve seen in the previous 10 years is just not sustainable. Maybe new hacker tools will come along, new propagation methods, or more platforms, or more people to infect.  But for now, things are beginning to stagnate.  
 
This is not to say the problem is going away.  There were 286M new malware variants in 2010. 286 million! But even that mind-...
Read more
Protecting Privacy on Social Networks
Samir_Patil | 09 Jun 2010 18:43:15 GMT | 0 comments
Social networks focus on building relationships/connections among people who share interests, information and activities. Attackers on phishing expeditions exploit these relationships through social engineering tricks. One ruse that  Symantec has observed recently attempts to exploit the "groups" function of a social networking site. (For other recent attack trends on social networking sites, please see "Users of Social Networking Websites Face Malware and Phishing Attacks."
 
The issue with gaming the groups function is that some groups inappropriately compel users to invite their friends. Receiving these unwanted invites is unpleasant for both the group users and their friends. Some groups exhort the user with compelling remarks such as, “Don’t forget to invite...
Read more
Microsoft Patch Tuesday - June 2010
Robert Keith | 08 Jun 2010 19:35:22 GMT | 0 comments

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly busy month—the vendor is releasing 10 bulletins covering a total of 34 vulnerabilities.

Six of the issues are rated “Critical” and affect Data Analyzer ActiveX, Internet Explorer 8 Developer Tools, Internet Explorer, and Windows. All of the “Critical” issues are client-side and can result in remote code-execution in the context of the currently logged-in user if an attacker can trick an unsuspecting victim into performing some action. There are also a record number of issues affecting Excel, with 14 vulnerabilities being discovered in that program, 13 of which are remote code execution.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or...

Read more
Illegal Games? Pay the Price—Publicly!
Symantec Security Response | 27 Nov 2009 12:38:35 GMT | 0 comments

Security Response has discovered a threat that is being talked about among some members of certain discussion groups in Japan. The threat, named Infostealer.Kenzero, teaches yet another lesson to those using file-sharing networks not to download illegal games. Infostealer.Kenzero primarily arrives in the guise of setup.exe, which in this case is a fake installation file for Japanese pornographic games that are circulating around the file-sharing network “Share.” Several pornographic games have been reported to include this malicious setup.exe file.

Once the setup.exe file is executed it attempts to download image files (.bmp) from a predetermined website. Using these images, the threat brings up a form that asks the user to enter personal information, including his or her full name, password for the game, email address, postal...

Read more