Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with 10.x
Showing posts in English
Symantec Security Response | 27 Nov 2009 12:38:35 GMT

Security Response has discovered a threat that is being talked about among some members of certain discussion groups in Japan. The threat, named Infostealer.Kenzero, teaches yet another lesson to those using file-sharing networks not to download illegal games. Infostealer.Kenzero primarily arrives in the guise of setup.exe, which in this case is a fake installation file for Japanese pornographic games that are circulating around the file-sharing network “Share.” Several pornographic games have been reported to include this malicious setup.exe file.

Once the setup.exe file is executed it attempts to download image files (.bmp) from a predetermined website. Using these images, the threat brings up a form that asks the user to enter personal information, including his or her full name, password for the game, email address, postal code, residential...

khaley | 17 Nov 2009 20:13:47 GMT

Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need. I expect it to show up in a revision of Maslow’s Hierarchy of Human Needs any day now—behind love, but certainly ahead of safety.

I do have a point to all this. Two actually. As we compiled the Security Trends to Watch in 2010, what occurred to me is that the people who most needed to read this information never will. At least not without some social engineering on my part. And since social engineering plays such a prominent role in future trends, it seemed appropriate. So I’ve decided to use this little trick to get people to...

Dermot Harnett | 07 Oct 2009 21:27:55 GMT

Overall spam volumes averaged at slightly over 86 percent of all email messages in September 2009, which is a decrease of 4 percent since July 2009. However, it is considerably greater than September 2008 when spam levels averaged at 78 percent of all email.

Notable this month is that the percentage of spam containing malware has increased, reaching up to 4.5 percent of all spam at one point. When compared to August 2009, Symantec has observed a nine-fold increase in spam containing malware during September. With respect to spam categories, the main movers were Internet spam, which increased  by 3 percent again this month and averaged at 32 percent of all spam; and financial spam, which decreased 3 percent to account for 17 percent of all spam.

Click here to download the October 2009 State of Spam Report, which highlights the following trends:

Rajesh Nikam | 22 Jul 2009 05:34:45 GMT

Misleading Applications report false information of the presence of security risks, threats or system issues on a target computer. We see a flood of such applications that fix supposed system anomalies and some of them are marketed through affiliates. Affiliate marketing makes such products a more lucrative business as some of these products are sharing up to 75% of their profits.

My day started with the analysis of an application from I downloaded the application from the site on a clean computer, basically a fresh installation. On completion of the scan, Registry Doktor 2009 flagged a report with hundreds of problems found on my computer. To fix the reported problems user needs to purchase the product!

imagebrowser image

imagebrowser image

Most of these problems were related to...

Hon Lau | 15 Jul 2009 08:09:22 GMT

This is now getting a bit tedious but the Twitter and Koobface bandwagon just keeps on tumbling down the slippery slopes. Today there are many reports of yet another variant of Koobface doing the rounds through Twitter. The tweets doing the rounds contain the following messages:

  • My home video :)
  • Watch my new private video! LOL :)
  • michaeljackson' testament on youtube

I had a look for some of the hacked twitter accounts myself and found a few unfortunate souls whose accounts have been hijacked to spread this malware. Here's one example I have found below. Some of the TinyURLs are pointing to the AdultFriendFinder Web site; the one below is not responding but appears to be active.

imagebrowser image

Other URLs are directing users to a fake video Web site that contains the usual Codec-type social engineering trick to lure users into...

Irfan Asrar | 13 Jul 2009 09:26:37 GMT

Experts predicted that there would be a rise in the number of mobile threats in 2009 and it seems the creators of SymbOS.Exy.A and SymbOS.Exy.B are out to prove the predication right. They have resurfaced again with yet another signed Symbian malware, SymbOS.Exy.C.

New Certificate

imagebrowser image

Previous certificates used with SymbOS.Exy.A/B

imagebrowser image imagebrowser image...

Hon Lau | 10 Jul 2009 18:16:24 GMT

Not content to let the Dozer and Koobface guys have all the fun, the Ackannta crew has unleashed another new variant on the unsuspecting masses. Today we saw in our spam traps a new variant of Ackannta that we have added detection for as W32.Ackannta.G@mm. Ackannta is a family of mass-mailing worm that also copies itself to removable drives. It has been noted to use well-known brand names and big news items (such as the recent Michael Jackson story) in email campaigns in the past in order to trick users into opening it.

At this time we are seeing this worm being sent out through emails in low numbers. The emails have the following characteristics:

 Jessica would like to be your friend on hi5!

 The email body is written in HTML and is a poorly made copy of the...

Joji Hamada | 06 Jul 2009 07:37:37 GMT

It's Independence Day weekend in the United States and many folks are out at picnics, barbeques, and catching firework shows. However, some of us here in the security industry missed out on these events due a new exploit for a zero-day vulnerability in Microsoft's Video Streaming ActiveX control that we discovered in the wild right before the weekend started.

The exploit uses a specially crafted JavaScript file, along with a data file, to take advantage of a vulnerability in the IMPEG2TuneRequest DirectX object interface located in the Msvidctl.dll file. When a user visits a malicious website hosting these files, the vulnerability allows remote code execution and malicious files are downloaded.

Windows XP users with Internet Explorer 6 and 7 are in danger, but those with Internet Explorer 8 installed are not vulnerable. Preliminary testing shows that computers running Windows Vista are not affected by...