Symantec Connect
  • Login
  • Register
  • All of Connect
    • All of Connect
    • Backup and Archiving
    • Endpoint Management & Virtualization
    • Storage and Clustering
    • Security
    • Inside Symantec
    • Vision User Conference
    • Partners
    • Developers
    •  
  • Overview
  • Forums
  • Articles
  • Blogs
  • Downloads
  • Events
  • Videos
  • Groups
  • Ideas

Security Response: Showing posts tagged with Security Response: Showing posts by John McDonaldSyndicate content

Login to participate
Qakbot, Data Thief Unmasked: Part II
John McDonald | December 22, 2009
0 comments

Theft
As we discussed in Part I, the primary purpose of Qakbot is to steal information from the compromised computer. In addition to targeting login details for FTP, POP3 and IMAP, the worm also attempts to steal Cookies - not only regular browser session cookies but also Flash cookies. A discussion of Flash cookies is beyond the scope of this article, but be aware that unlike traditional browser cookies, Flash cookies are not controlled through the cookie privacy controls in a browser which means they cannot be cleared or deleted in the simple manner that normal tracking cookies are removed.

Qakbot uses several techniques to collect private keys from the system certificates contained on the compromised computer. First, it replaces all certificate-related dialog boxes so that the “OK” button is automatically pushed as soon as the dialog is created...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Security Response
Yet Another iPhone Worm?
John McDonald | November 22, 2009
0 comments

It's only been a couple of short weeks since the iPhone background-changing incident that took the world by storm (well, parts of Australia at least), but already a Dutch ISP has reported what would be the first malicious iPhone worm to be seen in the wild.

Unfortunate news to be sure, but not exactly surprising. Our two recent blogs relating to iPhone threats warned (and I quote) that 'the publicly released code could easily be altered so that consequences were not so benign'. In case you missed them, the first blog was about the Ikee rickroller, which wasn't really considered malicious in that it only changed the iPhone background to a picture of 80's pop singer Rick Astley and was really more of a warning from the creator that jailbroken iPhones in a certain state could be compromised. That incident...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Security Response
The Mariposa Butterfly
John McDonald | October 1, 2009
0 comments

There has been a flurry of news articles over the past few days on what the media appears to have labeled the Mariposa botnet, after the name a Canadian information security firm used for this particular threat. The ‘butterfly’ in the title of this article refers to the fact that the threat is believed to stem from the Butterfly bot kit, which is no longer for sale.

Several security vendors have commented that this threat isn't new, and indeed Symantec has been detecting variants of it since as early as January this year. We currently have various detection names for these samples, the majority of which are one variant or another of W32.SillyFDC, Trojan Horse or more recently Packed.Generic...

Read more
Tags: Endpoint Protection (AntiVirus), Emerging Threats, Evolution of Security, Malicious Code, Security, Security Response
Delphi Falls Prey
John McDonald | August 19, 2009
0 comments

It seems someone has it in for Delphi. Or at least older Delphi environments and programs compiled using them. As has been reported, there is a threat on the loose that targets Delphi development environments, specifically versions 4 through 7.

To provide some brief background, Delphi is a software development environment for Microsoft Windows applications. Using Pascal as its underlying language, Delphi came into being when Windows 3.1 was first released along with the introduction of the graphical user interface (GUI).

According to Wikipedia, Delphi 7 was released in August 2002 and became the standard version used by Delphi developers. Delphi 7 was the last free version released, which probably explains why it is still actively used today. Delphi is mainly used for the development of desktop and enterprise database applications, but it is a general-purpose software development tool suitable for most software projects including Web applications. It is a popular...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Security Response
.NET Malware - Looking Forward to Windows 7?
John McDonald | July 30, 2009
0 comments

A lot of water has passed under the proverbial bridge since the Donut virus of 2002. W32.Donut was of course a concept virus (named "dotNET" by its creator) to demonstrate weaknesses in the Microsoft .NET architecture that, at the time, was brand new. Although Microsoft started development on the .NET framework in the late 1990s, version 1.0 wasn't officially released until February 13, 2002. With the release of Windows 7 this October, .NET has suddenly taken on a greater significance. While previous Microsoft operating systems did not include the .NET framework by default, starting with Vista and Windows Server 2008 and continuing into Windows 7, it is now a native part of the OS installation. What makes this especially significant is the widespread belief that Windows 7 will become the Microsoft operating system of choice, whereas the uptake of Vista was relatively poor.

...
Read more
Tags: Endpoint Protection (AntiVirus), Security, Security Response
New Ichitaro Vulnerability Right on Cue
John McDonald | March 17, 2009
0 comments

Well, it's that time of year again. April is the first month of the fiscal year in Japan, and a time when people look forward to the breath-taking beauty of cherry blossoms—known as sakura in Japan—slowly covering the country from end to end for an all-too-brief few weeks. Unfortunately it also seems to be a time malicious code authors in the Land of the Rising Sun see as opportune to do some of their dirty work. In this case, that misuse of perfectly good time resulted in the release of an exploit for a new Ichitaro vulnerability.

JustSystems’ Ichitaro is one of the most widely used word processing programs in Japan. On this occasion, a specially crafted Ichitaro word document creates a randomly named .tmp file in the Windows system directory. This .tmp file then drops and opens a legitimate Ichitaro word document, but it also creates a file named “beer80.exe” in the system directory. The .exe file will be unseen by the user and will,...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Vulnerabilities & Exploits, Security Response

About Security Response Blog

Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.
Filter by:

Blog Tags

10.x 11.x 9.x and Earlier Antivirus2010 Backdoor.Tidserv Brightmail Gateway Emerging Threats Endpoint Encryption Endpoint Protection (AntiVirus) Endpoint Protection Small Business Enterprise Security Manager Evolution of Security General Symantec IT Healthcare Landscape IT Risk Management Internet Security Threat Report Live PC Care Malicious Code Misleading Applications Mobile & Wireless Online Fraud Password Management Restore Security Security Risks Spam Sykipot SymbOS.Exy Symbian Trojan.FakeAV Trojan.Zbot VirusDoctor Vulnerabilities & Exploits Windows Zeus
© 2010
  • Symantec Corporation
  • Contact Us
  • Get RSS
  • Privacy Policy
  • Symantec.com