Symantec Connect
  • Login
  • Register
  • All of Connect
    • All of Connect
    • Backup and Archiving
    • Endpoint Management & Virtualization
    • Storage and Clustering
    • Security
    • Inside Symantec
    • Vision User Conference
    • Partners
    • Developers
    •  
  • Overview
  • Forums
  • Articles
  • Blogs
  • Downloads
  • Events
  • Videos
  • Groups
  • Ideas

Security Response: Showing posts tagged with Security Response: Showing posts by Parveen VashishthaSyndicate content

Login to participate
“Google Sponsored Links” Websites Blacklisted by Google
Parveen Vashishtha | January 28, 2010
0 comments

The use of search engines to deliver malware is well known. Previously we reported that attackers were using Google-sponsored search results to promote malicious websites. Instead of using techniques such as search engine optimization (SEO) poisoning to get the optimum listing in the search engine results, attackers recently managed to compromise well known site autonagar.com, which is promoted by Google’s sponsored links. Interestingly, up until late last week, autonagar.com was hosting malicious exploits and was blacklisted by Google SafeBrowse. However, at the time of posting this blog the malicious code has been removed from autonagar.com and Google is no longer blocking it.

In this specific example, users who rely on Google’s sponsored links run the risk of their computers being...

Read more
Tags: Endpoint Protection (AntiVirus), Emerging Threats, Malicious Code, Security, Security Response
“Google Sponsored Links” Sponsor Misleading Websites Blacklisted By Google
Parveen Vashishtha | June 11, 2009
0 comments

Attackers often use search engines to deliver malware. Earlier we reported that Yahoo-sponsored search results were used to promote misleading applications. Also, attackers reportedly abused Google advertisement services in order to push out misleading applications.

Instead of using techniques like search engine optimization (SEO) poisoning to get the optimum listing in the search engine results, attackers have recently been using Google’s sponsored links. In this situation the attackers’ advertisements would have been displayed on all websites that use Google’s sponsored links. For example, when a user searches for Adobe Flash player 9, Google-sponsored links might display one particular download link as flashplayer.9-downloadcenter.com. (Please do not...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Security Risks, Security Response
Easter Surprise For You
Parveen Vashishtha | March 26, 2009
0 comments

Easter is around the corner and as expected, attackers have already started to poison search engine queries to redirect users to websites that deliver misleading applications. Various search keywords related to Easter have been poisoned in Internet search results so that links to rogue websites are returned in the search listings. Some of the examples of poisoned keywords are:

Easter verse
Popular Easter Bible verse scriptures
Easter greeting card verses
Easter Bible verses
Easter verses poems
Bible Easter verse
Easter-Bible
Easter Bible quotes

Attackers are using various tricks, such as referrer checking, in order to evade security researchers. If the bogus domains returned in the search listing are visited directly, we will see a page with many Easter-related keywords and links used to bolster the page’s search ranking. However, if the bogus links are clicked on from the search engine results, users will be redirected to...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Security Risks, Security Response
Yahoo! Sponsored Search Results Leads to Misleading Websites
Parveen Vashishtha | March 10, 2009
0 comments

Search engines are often used by attackers as platforms from which to deliver malicious code. A while ago it was reported that Google was serving up advertisements that led to misleading applications (also known as rogue antispyware products).

This time, the malicious code authors are using “Yahoo! Sponsored Search” listings as a means to promote a misleading product called ”Antivirus & Security.” Antivirus-2009-new.com and Antivirus-pro-download.com are returned in Yahoo! Sponsored Search results as the latest version of AVG antivirus; however, the website actually claims that it is better than AVG and is an alternative to AVG antivirus. The sponsored search result leads to antivirus-2009-new.com and antivirus-pro-download.com, where users are asked to make a payment to buy a membership in order to obtain the product.

Instead of using techniques like search engine...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Security Risks, Security Response
ActiveX File Overwrite/Delete Vulnerabilities - Continued
Parveen Vashishtha | October 28, 2008
0 comments

In a blog article from last year, I discussed the rise in popularity of exploits using ActiveX overwrite/delete vulnerabilities due to their ease of use. Since that time, we have seen over 100 such vulnerabilities.

Microsoft requires developers of ActiveX controls to mark their controls “not safe for scripting” if they can arbitrarily write or delete files. However, developers not realizing the security implications or the full capabilities of their ActiveX control often fail to do so, allowing unauthorized remote users to arbitrarily write files to disk. In some cases, the ActiveX control does not even need to be installed by the user—as was the case with the Access Snapshot Viewer ActiveX Vulnerability.

Recently we’ve seen a sharp rise in these types...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Vulnerabilities & Exploits, Security Response
ActiveX File Overwrite/Delete Vulnerabilities
Parveen Vashishtha | October 23, 2007
0 comments

A new type of vulnerability isbecoming more popular these days. It is an arbitrary file overwrite/deletevulnerability that can be exploited by attackers to overwrite or deletearbitrary files on an affected computer. These vulnerabilities existparticularly because of a registered ActiveX control failing torestrict which domains may load the control for execution. An attackexploiting this vuln can lead to arbitrary code execution by a remoteattacker.

 

Successful exploitation of this vulnerability allows attackers tocreate, or append to, arbitrary files. An attacker can write to a startupfolder to execute arbitrary code during the next reboot or logonsession. A user will not be required to authorize the objectinstantiation since the object is within a signed ActiveX control. Atypical exploitation scenario would require an attacker to convince atargeted user to visit a malicious website.

 

We have come across approximately 40...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Vulnerabilities & Exploits, Security Response
MPack: Getting More Dangerous
Parveen Vashishtha | August 16, 2007
0 comments

In our previous analysiswe discussed ‘What is Mpack and how it works’. We had reviewed MPackversion 0.84 in our previous blog. This time we will compare it with anupdated version, MPack v 0.91.

1. The exploits include the existing ones present in v0.84. The list of exploits is present at the end of this blog.

2. There have been some changes to the management and reportinginterface. A new file admin.php is introduced and stats.php has beenremoved.

The developers of the tool kit have provided admin.php for securecontrol and configuration of the Mpack installation. The Mpack ownercan set username and password protection through settings.php.

There have been changes in the user interface, cosmetic changes likebetter styles used to view, and copyrighted logo: (c) 2007 DreamCoders– Logo.

MPack toolkit v0.91 also comes with...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Vulnerabilities & Exploits, Security Response

About Security Response Blog

Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.
Filter by:

Blog Tags

10.x 11.x 9.x and Earlier Antivirus2010 Backdoor.Tidserv Brightmail Gateway Emerging Threats Endpoint Encryption Endpoint Protection (AntiVirus) Endpoint Protection Small Business Enterprise Security Manager Evolution of Security General Symantec IT Healthcare Landscape IT Risk Management Internet Security Threat Report Live PC Care Malicious Code Misleading Applications Mobile & Wireless Online Fraud Password Management Restore Security Security Risks Spam Sykipot SymbOS.Exy Symbian Trojan.FakeAV Trojan.Zbot VirusDoctor Vulnerabilities & Exploits Windows Zeus
© 2010
  • Symantec Corporation
  • Contact Us
  • Get RSS
  • Privacy Policy
  • Symantec.com