Video Screencast Help

Security Response

Showing posts tagged with 9.x and Earlier
Showing posts in English
Symantec Security Response | 06 Nov 2013 15:13:57 GMT
On November 5, Microsoft issued an advisory and a blog post to report a new zero-day vulnerability in the Microsoft Graphics component that affects Windows, Microsoft Office and Microsoft Lync: the Multiple Microsoft Products Remote Code Execution Vulnerability (CVE-2013-3906). The advisory states that the vulnerability exists in the way that certain components handle specially crafted TIFF images, potentially allowing an attacker to remotely execute code on the affected computer. 
 
While Microsoft has yet to release a patch for this vulnerability, it has provided a temporary "...
John H | 18 Jan 2012 17:47:22 GMT

 

Rootkit stories show up in the mainstream media on a regular basis these days. While these stories raise public awareness about what the bad guys are doing, they usually leave readers wondering what they can do to protect themselves from silent threats infecting their computers at home and in the office. 
Broadly defined, a rootkit is any software that acquires and maintains privileged access to the operating system (OS) while hiding its presence by subverting normal OS behavior. A rootkit typically has three goals: 
 
  1. A rootkit wants to be able to run without restriction on a target computer. 
  2. It wants to elude being detected by the computer or an installed security product. 
  3. It wants to deliver its payload, such as stealing passwords or network bandwidth, or installing other malicious software.
 
So what can you do (other than re-build your computer...
Samir_Patil | 09 Sep 2011 21:50:48 GMT

Thanks to Vivek Krishnamurthi for contributing to this blog.

Every sensitive event is an opportunity to exploit. With this motive in the background, it is not surprising to see spammers exploit 9/11.  With the 10th anniversary of the tragedy just a day away, spammers want to make the best use of this emotionally charged environment. 

Here are two examples of scams that Symantec has noticed in recent days that attempt to exploit the emotional scars left by 9/11:
 
First email example exploiting 9/11
Figure 1: First email example exploiting 9/11
 
 
Second email example exploiting 9/11
Figure 2: Second email example exploiting 9/11
 
The first sample tries to entice...
khaley | 19 Aug 2011 16:30:16 GMT

 

In 2004, Massachusetts Senator Edward “Ted” Kennedy was refused an airline boarding pass by the Transportation Security Administration (TSA) on five different occasions. Despite being from one of the most famous families in American politics, not to mention being a U.S. Senator, he still appeared on a no-fly list designed to prevent terrorists from boarding airplanes. This was a mistake; one that took three weeks to clear up. No explanation was ever publicly given. One has to assume that there was someone else, presumably a suspected terrorist, with a similar name.
 
I was reminded of that incident at Black Hat, where Alessandro Acquisti from Carnegie Mellon University presented a paper called, “Faces of Facebook: Privacy in the Age of Augmented Reality” (which is also the starting point...
khaley | 18 Aug 2011 21:52:19 GMT

 

An increasing number of photo sharing and social networking sites have facial recognition software to help users identify and “tag” people in photos. I don’t have much use for this type of feature; for me looking at old photos is more about pleasant discoveries than efficient searches. But I can see where people would find it useful. Whether you like the feature or not, it does provide compelling proof that the technology, while less than perfect, is viable and cheap. After all, this feature is implemented in essentially free software.  
 
Facial recognition software is also popular with law enforcement agencies as a way to catch criminals and terrorists.  In fact, they are already using it to  catch the  bad guys. And given the ongoing investment from government(s), we are going to see facial recognition systems that are bigger, better, and faster in the coming years.  More on that in a future...
Samir_Patil | 10 Aug 2011 23:56:59 GMT

 

Just as they sound, pump-and-dump stocks are promoted (pumped) by their owners in order to inflate the price of the stocks as much as possible so that they may then be sold (dumped) before their valuation crashes back to reality. The spam for these scams tries to convince the prospective mark that the penny stock is actually worth more than its valuation, or that it will soon skyrocket. Most of these claims are either misleading or false. 
 
In a successful campaign, the deluge of spam will help artificially drive up the price of the stock to a point where the scammers decide to sell their shares. This usually coincides with them ending the spam campaign, which in turn reduces the interest in the stock, helping to drive its valuation back to its original low price (which can also be exploited in the market). A well-executed pump-and-dump spam campaign can produce substantial profits for the scammers in a matter of days.
...
Robert Keith | 09 Aug 2011 20:02:05 GMT

Hello and welcome to this month’s blog on Microsoft's patch releases. This is an average month—the vendor is releasing 13 bulletins covering a total of 22 vulnerabilities.

Three of the issues are rated critical and they affect Internet Explorer and Windows DNS. The DNS issue could allow an attacker to take complete control of an affected computer. The remaining issues—rated important to moderate—affect Internet Explorer, Windows, Windows DNS, Visio, Visual Studio, and the Windows kernel.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available;
  • Run all software with the least privileges required while still maintaining functionality;
  • Avoid handling files from unknown or questionable sources;
  • Never visit sites of unknown or questionable integrity;
  • Block external access at the network perimeter to all key systems unless...
Mathew Maniyara | 28 Jul 2011 17:28:28 GMT

Symantec keeps track of the brands targeted by phishing and monitors trends in the countries in which the brand’s parent company is based. Over the past couple of months, phishing sites have been increasingly targeting Brazilian brands. In May and June, the number of phishing sites on Brazilian brands made up about 5 percent of all phishing sites. This is an increase of nearly three times that of the previous month. The phishing Web pages were in Brazilian Portuguese. The most targeted brand in these phishing sites was a social networking site.

 
Below are some noteworthy statistics on the trend observed:
 
  • The majority of the phishing on Brazilian brands, approximately 58 percent, used IP domains (e.g., domains such as hxxp://255.255.255.255). 
  • Twelve Web-hosting sites were used to host 4 percent of the phishing sites on Brazilian brands.
  • There were several banks attacked in phishing and...
Samir_Patil | 20 Jul 2011 18:46:23 GMT

What is a spammer’s route to success?  When he manages to bypass the labyrinth of spam filters to reach your inbox!  But with filters becoming more advanced by the day, spammers have to continuously re-invent their attacks. The next question is, then, “What’s the new trend now?” 

Well, as far as pharma-spam goes, spammers are no longer content to just flog meds. Now, it’s a med for EVERY occasion. It doesn’t matter if the occasion is special or not. After all, it is the user who makes the occasion special.
 
Symantec has detected a range of email spam messages promoting the sale of pharmaceuticals for different occasions, ranging from the Cannes Festival to little-known Catholic saint feast days. (The Catholic Church commemorates and dedicates each calendar day to a saint.) Bulk spam mails of this sort are sent daily to millions of people across the globe. Some of the events and...
Irfan Asrar | 18 Jul 2011 19:54:16 GMT

A quick online search would reveal a number of articles declaring any one of the last few years as being the “year of mobile malware.” Conversely, these searches also reveal claims that the same years are not going to be the year of mobile malware. These search results go back as far as the early part of the decade. The contradictory nature of these bold predictive headlines could be explained by the fact that the articles are typically written at the beginning of each year—and who knows what the year may hold at the outset?

But, if the criteria to qualify 2011 as the real "year of mobile malware" was to be challenged, then surely the events of the past few weeks alone should be enough to justify the fact that this year truly has seen considerable seismic activity that has shifted the tectonic plates of the mobile threat landscape.
 
...