Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Security Response remove filter
Showing posts by Andy Cianciotto remove filter
For Love or Money—Social Engineering by W32.Ackantta.B@mm
Andy Cianciotto | 27 Feb 2009 | 0 comments

Over the past two days, Security Response has observed an increase in detections of W32.Ackantta.B@mm and subsequently, Trojan.Vundo.

 

 

 

 

W32.Ackantta.B@mm is a mass-mailing worm that gathers email addresses from a compromised computer and spreads by copying itself to removable drives and shared folders....

Read more
OSX.Iservice—It’s not going to iWork for you.
Andy Cianciotto | 23 Jan 2009 | 0 comments

What do you call it when pirating software works against you?  OSX.Iservice. What this means is that there is no free lunch, nor is there free Apple iWork '09, unless you download the trial version directly from Apple. Unfortunately, the idea of getting one over on a big corporation fuels a lot of file sharing, and malicious software authors bank on that. 

Symantec has become aware of a Trojan currently being shared on peer-to-peer (P2P) networks. We originally reported on this yesterday on our Norton Protection Blog—take a look at the article New Trojan Attacks Pirates. Disguised as a copy of the legitimate trial version of Apple’s iWork ‘09, the phony iWork ’09 installer has the filename iWork09.zip and is approximately 450MB in size.

 

 

...

Read more
Spam Attack: Zipped Trojan
Andy Cianciotto | 11 Apr 2007 | 0 comments

Security Response has seen a large spam run of what appears to be the latest in the line of Trojan.Peacomm variants. While this is nothing new, this time around the attachments are in the form of password-protected zip files. The recipient is tricked into unzipping the attachment with the included password, then running the unzipped file, to counteract activity related to an unknown worm (with which the recipient has undoubtedly been infected).

We've seen samples arrive in email messages with subjects including, but not limited to, "ATTN!", "Spyware Alert!", "Spyware Detected!", "Trojan Alert!", "Trojan Detected!", "Virus Activity Detected!", "Virus Alert!", "Virus Detected!", "Warning!", and "Worm Activity Detected!". The attachments are generally a .gif image file (...

Read more
Spam Attack: Zipped Trojan
Andy Cianciotto | 11 Apr 2007 | 0 comments

Security Response has seen a large spam run of what appears to be the latest in the line of Trojan.Peacommvariants. While this is nothing new, this time around the attachmentsare in the form of password-protected zip files. The recipient istricked into unzipping the attachment with the included password, thenrunning the unzipped file, to counteract activity related to an unknownworm (with which the recipient has undoubtedly been infected).

We've seen samples arrive in email messages with subjects including,but not limited to, "ATTN!", "Spyware Alert!", "Spyware Detected!","Trojan Alert!", "Trojan Detected!", "Virus Activity Detected!", "VirusAlert!", "Virus Detected!", "Warning!", and "Worm Activity Detected!".The attachments are generally a .gif image file (this image containsthe zip password) and the executable in the form of patch-[random fourdigits].zip.

...

Read more
Cursors and Icons and Exploits—Oh My!
Andy Cianciotto | 29 Mar 2007 | 0 comments

Microsoft has released an out-of-band advisory today for a new exploit targeting a vulnerability in the way that Microsoft Windows handles animated cursor (.ani) files.

The vulnerability is caused by insufficient format validation, priorto rendering cursors, animated cursors, and icons. If successfullyexploited, it will allow an attacker to perform remote code executionon the victim machine. In order to carry out an attack, the attackerwould need to convince potential victims to either visit a Web sitethat contains a Web page that is used to exploit the vulnerability, orview a specially crafted email message or email attachment. Theattacker could enable an affected system to execute code once a userhas viewed a malicious Web page, previewed or read a specially craftedmessage, or opened a specially crafted email attachment.

While it is similar to the vulnerability described in...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,791