Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Security Response remove filter
Solaris Telnet Worm
Eric Chien | 28 Feb 2007 | 0 comments

Soon after information was released about a vulnerability in the in.telnetd daemon in Solaris 10, Symantec's Deepsight monitoring system began to see spikes in port 23 traffic. Most of this traffic was due to people scanning for vulnerable systems. However, yesterday we saw a renewed spike in traffic that has been correlated to a worm known as Wanuk, which uses the vulnerability to spread.

wanuk_fig1.jpg

Once Wanuk is on the system, it drops an executable that creates a /bin/sh back door, which listens on port 32982/TCP. In addition, Wanuk's payload includes sending out system broadcast messages of creatively...

Read more
Mespam: Infecting Web 2.0 with LSP
Elia Florio | 28 Feb 2007 | 0 comments

People using Web 2.0 have personal Web spaces, blogs, and online discussions on forums and public boards. Everyone can create Web content from his or her own computer just by using the browser. So what would be the perfect vector for spreading malwares in the Web 2.0 world? The Web itself, of course.

On Monday we posted a blog about a new variant of Trojan.Mespam distributed via StormWorm/Peacomm botnet. We noticed that this new Mespam takes advantage of new Web technologies and spreads by injecting malicious links when users interact with the Web.

What does it mean? When users are going to post something on any Web site running VBulletin or phpBB, the Trojan will sneakily add a malicious link into the outgoing Web packet. The same also happens when users are sending emails using clients such as Gmail, Yahoo,...

Read more
Here's One that Speaks for Itself
Stephen Doherty | 28 Feb 2007 | 0 comments

From time to time virus writers leave messages in their code. Sometimes these are shout-outs to other virus writers, sometimes it is their own nickname, and other times they send messages to us.

Here is one that speaks for itself:

Dear Symantec: For years I have longed for just one thing, to make malware with just the right sting, you detected my creation and got my domains killed, but I will not stop, I can rebuild. P.S. F@?k you a**^$les, especially Stephen Doherty who is the biggest f@??#t I know of.

Message Edited by SR Blog Moderator on 08-26-2008 12:36 PM
Read more
Rebuking the New School
Mat Carter | 28 Feb 2007 | 0 comments

As any regular reader of security industrynews will tell you, over the past few years the quality that is mostprized by malicious coders is stealth. Loud, reputation-enhancingattacks are strictly for the teenage malcontents of a previous century.Today’s malicious coders are professionals who prefer a more commercialmodel, which aims to compromise as many machines as possible, asquietly as possible, with the minimum amount of effort—and they areadopting increasingly diversified tactics to this end.

Older malicious code tended to rely on the static hosting of themalicious payload and this was always susceptible to filtering andtargeted action from law enforcement. Consequently a trend developed totry and keep the payload moving and hard to shut off using fast fluxDNS techniques, or to store it on "bullet proof" hosting from providersthat usually ignore complaints. However, the Security Response team hasrecently noticed a simpler approach that can be utilized...

Read more
Vista Research Overview
Oliver Friedrichs | 28 Feb 2007 | 0 comments

Last July, I discussed how Windows Vista™ was one of the mostimportant technologies that we would see in 2007. Last year, SymantecAdvanced Threat Research released four research papers on the then betaversion of Windows Vista. These papers provided a security analysis ofthe new Windows Vista network stack, user-mode security defenses,kernel-mode security technologies, and the Teredo protocol—a key IPv6over IPv4 transition technology in Vista. Being one of the firstthird-party assessments on the progression of Windows Vista security,these papers were extremely well received in the technology industry.

Fast forward to today, and Windows Vista has now been released tobusinesses and consumers alike. Throughout its release, Symantec hastracked the evolution of Vista very closely and continued to assess itspotential in defeating today’s attackers. We’ve documented our findingsin a series of six research papers that are being released in thecourse of the next week. The goal of this...

Read more
Vista Research Overview
Oliver Friedrichs | 28 Feb 2007 | 0 comments

Last July, I discussed how Windows Vista™ was one of the mostimportant technologies that we would see in 2007. Last year, SymantecAdvanced Threat Research released four research papers on the then betaversion of Windows Vista. These papers provided a security analysis ofthe new Windows Vista network stack, user-mode security defenses,kernel-mode security technologies, and the Teredo protocol—a key IPv6over IPv4 transition technology in Vista. Being one of the firstthird-party assessments on the progression of Windows Vista security,these papers were extremely well received in the technology industry.

Fast forward to today, and Windows Vista has now been released tobusinesses and consumers alike. Throughout its release, Symantec hastracked the evolution of Vista very closely and continued to assess itspotential in defeating today’s attackers. We’ve documented our findingsin a series of six research papers that are being released in thecourse of the next week. The goal of this...

Read more
Identity Threats in Next Generation Protocols
Brian Hernacki | 27 Feb 2007 | 0 comments

Today most of the identity oriented transactions on the Internet are done via plain old HTML forms and, if we're lucky, over SSL. And once again, something that seemed sufficient at first, is showing strain as usage grows. HTML/HTTP ends up providing a pretty clumsy and inadequate way to do identity transactions. It offers a poor user experience and wasn't really designed with security in mind. This has contributed to much of the grief over fraud, phishing, etc. Our primary defense mechanism against such threats has historically been the SSL certificate, but we know users don't read those. We also know users don't look too carefully at URLs (even when they are not obsfucated). Some of the more risk prone sites have...

Read more
Fake Archiver Product Found in Korea
Masaki Suenaga | 26 Feb 2007 | 0 comments

A fake installer for the Korean version of ALZIP – a commercial archiver application and a component of the ALTOOLS series created by ESTsoft Corp – was recently discovered, which Symantec detects as Trojan.Dropper.

When the fake installer is executed, it displays the same window as the genuine application and then installs the genuine archiver. During installation, it drops another executable file, which in turn drops Backdoor.Trojan and Hacktool.Keylogger. These two files are hidden by a third dropped file detected as Hacktool.Rootkit.

The rootkit does not hide the files in Safe Mode however. The files are:
%System%\yoorycom.d1l
%...

Read more
Not-So-Fun Video Postcard
Eric Chien | 26 Feb 2007 | 0 comments

A variety of bulletin boards are being spammed with the message to visit mailfreepostcards.com (don't visit that domain!) for a fun video. However, when visiting that site, users are prompted to download an executable. Message board spam is nothing new, but what is different about this message board spam is the spam text is actually integrated into legitimate messages posted by real users.

Posters are infected with an updated version of Trojan.Mespam, which is downloaded by Trojan.Peacomm. This threat has the ability to watch all your network traffic via a layered service provider (LSP) and when it notices you posting to a bulletin board, it modifies your posting to include the spam text.

Trojan.Mespam can not only inject text into...

Read more
Password Protected – How to Develop a Strong Password
Luis Navarro | 26 Feb 2007 | 0 comments

I recently received a call from a friend who had set up an online payment reception service with a well-known provider so he could receive payments through his Web site. "I’ve got a question – there is a charge for $300 for some computer equipment that I did not order, what’s happening?" After going through the more obvious questions, I asked him: "What is your password?" It turns out his password was, literally, “password.” Someone just entered his account name, guessed the password, and now could use his account for online shopping. This is a rather extreme example, but it illustrates very well the need for strong passwords.

Adherence to stated password policies is something I get asked about quite a bit by clients looking to implement a Security Awareness Program. A weak password can disable a reasonable security infrastructure, effectively bypassing other security measures that have been implemented. Although other methods for user authentication...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,850