Symantec Connect
  • Login
  • Register
  • All of Connect
    • All of Connect
    • Backup and Archiving
    • Endpoint Management & Virtualization
    • Storage and Clustering
    • Security
    • Inside Symantec
    • Vision User Conference
    • Partners
    • Developers
    •  
  • Overview
  • Forums
  • Articles
  • Blogs
  • Downloads
  • Events
  • Videos
  • Groups
  • Ideas

Security Response: Showing posts tagged with Security Response: Showing posts by Silas BarnesSyndicate content

Login to participate
The Summer Storm
Silas Barnes | August 18, 2008
0 comments

Seventy-seven megabytes of network traffic, 356 spam emails sent and 10,082 unique IP addresses contacted. All in just under 60 minutes.

This is what a system infected by one recent Storm rootkit pumps out. Since Storm first arrived on the scene in January of last year, it has made headlines throughout the world as one of the most successful and persistent threats currently operating in the wild. At Symantec, our global spam traps caught just under 150,000 Storm-generated emails during June and July this year: 

 

 

 

And, the tried-and-true method by which the Storm team successfully infects machines hasn't changed either. The method consists of bulk emailing with "interesting" content aimed at enticing the victim into either visiting a Web site or...

Read more
Tags: Endpoint Protection (AntiVirus), Malicious Code, Security, Security Response
Large-Scale Spam Campaign Continues
Silas Barnes | August 15, 2008
0 comments

As expected, the arrival of the 2008 Olympics in Beijing was accompanied by an increase in Olympics-related spam. From fake news to performance enhancing medication, spammers are taking full advantage of the Games to entice us to click their links and open their attachments.

The majority of the malicious links lead to one of a number of variants of Downloader, Backdoor.Trojan, Infostealer, Trojan.Erotpics, and, more recently, Trojan.Pandex. These threats, which use filenames such as get_flash_update.exe, get_flash_codec.exe and install.exe, are entry points for the target install which is a fake antivirus product.

The tried-and-true method of malicious file delivery for this round is the use of false news stories relating to the Olympics:

 

This particular link (circled in red in the above...

Read more
Tags: Endpoint Protection (AntiVirus), Malicious Code, Security, Security Response
Bye Bye Bandwidth?
Silas Barnes | July 11, 2008
0 comments

Everyone knows that in a matter of hours, hype can turn a small event into something much larger in the minds of society. Enter the latest round of malicious spam we have seen here at Symantec—the death of the Internet.

 

The following spam subject lines have been seen:

 

Secret Plan To Kill Internet By 2012: Leaked?

PLAN TO KILL THE INTERNET BY 2012- Documented

2012: The year the Internet as we know it dies...

2012: The Year The Internet Ends

 

This certainly sounds devastating because many of us spend a rather large amount of our time, both as part of work and as part of life, online. Addition information on this...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Spam, Security Response
The Changing Face of Hacktivism
Silas Barnes | May 15, 2008
0 comments

The term "hacktivism" often conjures up images of small groups of left-wing hackers defacing Web sites of political parties in an expression of outrage, coupled with demands of truth and justice for the down-trodden. This may have been the case ten years ago, but more recently hacktivism has broken the predefined mold in more ways than one.

The features of the Internet that make it such an invaluable tool for communicating with the global population also provide an avenue for disgruntled groups to voice their options, send messages of unity to the like-minded at great speed, and coordinate electronic attacks. The development of distributed denial-of-service kits, combined with their ease of use and the ability to globally distribute them in minutes, effectively means that an entire country can mobilize a group of dedicated attackers, numbering in the millions, in a relatively short time. Though a vast proportion of these 'net warriors are not security...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Security Risks, Security Response
Do as I Say, Not as I Do
Silas Barnes | March 3, 2008
0 comments

While there are various ways for attackers to trick users intodisclosing their authentication credentials, phishing remains one ofthe most popular. Our spam traps caught a series of emails purportingto be from a disgruntled eBay user demanding an answer regarding arecent transaction. The emails contain a number of hyperlinks to theproduct in question which, when clicked, results in a browser-based FTPtransaction to a remote host which displays a carbon copy of thelegitimate eBay login page.

What caught my attention was the inclusion of one of eBay's securitytips within the fraudulent copy, instructing users to "Check that theWeb address in your browser starts with https://signin.ebay.com". Oneonly needs to follow this advice to see that the page they are on isindeed suspicious:

...

Read more
Tags: Endpoint Protection (AntiVirus), Online Fraud, Security, Security Response
The Orkut Worm – Digging Deeper
Silas Barnes | February 29, 2008
0 comments

Due to some confusion with this particularthreat, we’ve decided to provide some further details on the Orkut wormwe blogged on earlier in the week. The worm, recently renamed toW32.Scrapkut, uses active code injection as a vehicle to propagate tothe Orkut friends of its unfortunate victim.

Initially, a malicious scrap is posted to the victim’s scrapbook, containing a link to what appears to be a YouTube video:

image1.jpg

When a victim clicks on the link, they are redirected to an externalsite which prompts them to download the file “flashx_player_9.8.0.exe”.For those who read Symantec’s Security Response Blog regularly, you mayrecognize the page in question:

...

Read more
Tags: Endpoint Protection (AntiVirus), Malicious Code, Security, Security Response
The Scandal That Wasn't
Silas Barnes | February 12, 2008
0 comments

Following on from yesterday's EEG Web site hack,a collection of recently registered sites, hosted on blogspot.com,claim to have obtained an explicit video featuring Hong Kong actorEdison Chen and actress Cecilia Cheung.

When a user visits one of these sites, they are prompted to download"a new version of Video ActiveX Object" to play the video. Needless tosay, the file setup.exe is not an update as claimed. Rather, it is amalicious file detected as Trojan.Zlob by Symantec antivirus products.

cecilia-small.jpg

The malicious sites we have seen to date:
• edison-...

Read more
Tags: Endpoint Protection (AntiVirus), Emerging Threats, Security, Security Response
Same Storm, Different Day
Silas Barnes | February 11, 2008
0 comments

As Valentines Day approaches, we see theStorm team have made yet another change in an effort to furtherpopulate their army of bots. A subsection of their herd that have beenhosting the Valentines-related content now presents the visitor withone of eight randomly themed images and bestows upon them the gift of"valentine.exe," detected as eitherTrojan.Peacomm.D or Trojan.Peacomm.

The page serves up a random image file per visit (or refresh of thepage), probably via some server-side scripting. A five second delayusing a meta-refresh tag provides enough time to enjoy the image beforebeing prompted to save the executable on the local system. A recentperusal of our spam trap continues to catch a large number of emailswith a...

Read more
Tags: Endpoint Protection (AntiVirus), Emerging Threats, Security, Security Response
Zero-Day Exploit for Lianzong Game Platform
Silas Barnes | February 5, 2008
0 comments

Symantec has discovered a zero-day exploit for a popular Chinese gaming platformthat is currently active in the wild. The exploit targets twovulnerable methods in the file HanGamePluginCn18.dll (referenced byCLSID:61F5C358-60FB-4A23-A312-D2B556620F20), causing a buffer overflowcondition.

The exploit attempts to download a malicious file from mm[dot]sqmnoopt[dot]com, which is detected as Downloader.Additionally, a configuration file is downloaded fromcnxz[dot]kv8[dot]info, which contains links to 27 malicious executablesdownloaded from 444[dot]sqmnoopt[dot]com and 2[dot]kv8[dot]info. Thesefiles are detected as Infostealer.Gampass

The vendor has been...

Read more
Tags: Endpoint Protection (AntiVirus), Security, Vulnerabilities & Exploits, Security Response
JaseZone? More like FakeZone.
Silas Barnes | January 25, 2008
0 comments

We all know that there is a certain amountof risk we have to accept when we place personal information on a Website, including the possibility that someone may use that informationwithout our explicit permission. We also know that social networkingsites are becoming increasingly popular as more and more people enjoythe convenience with which to re-establish and maintain contact withlong lost friends, distant relatives, and work colleagues. Well, now itseems as though you don't even have to go to the trouble of signing upfor a profile with one social networking site or even provide content -they can do it for you!

Douglas Rushkoff, an author and documentarian from the UnitedStates, was momentarily confused when he started receiving a suddenburst of NDR (non-delivery report) emails informing him that a numberof emails he had previously sent could not be delivered - particularlywhen he did not remember sending any such emails. And these particularemails all...

Read more
Tags: Endpoint Protection (AntiVirus), Online Fraud, Security, Security Response
The Winds of Change - A New Storm is Brewing
Silas Barnes | January 15, 2008
0 comments

Well, the holidays are over and people are now back working. Including the controllers of the Storm botnet.

Steven Adair of Shadowserverhas confirmed that the recently festive Storm domains have now hadtheir DNS records deactivated. This means that for those of us who haveyet to go back to work, the malicious Christmas and New Year themedemails we may see in our inboxes are now less of a threat. However, wehave seen this sort of behavior in the past and we should prepareourselves for the next "infection run", as the deactivation of domainsis often the result of the shifting of a threat rather than itscessation.

Security Researcher Nicholas Albright of the Digital Intelligence and Strategic Operations Groupbelieves that the next infection wave will coincide with Valentines...

Read more
Tags: Endpoint Protection (AntiVirus), Emerging Threats, Security, Security Response

About Security Response Blog

Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.
Filter by:

Blog Tags

10.x 11.x 9.x and Earlier Antivirus2010 Backdoor.Tidserv Brightmail Gateway Emerging Threats Endpoint Encryption Endpoint Protection (AntiVirus) Endpoint Protection Small Business Enterprise Security Manager Evolution of Security General Symantec IT Healthcare Landscape IT Risk Management Internet Security Threat Report Live PC Care Malicious Code Misleading Applications Mobile & Wireless Online Fraud Password Management Restore Security Security Risks Spam Sykipot SymbOS.Exy Symbian Trojan.FakeAV Trojan.Zbot VirusDoctor Vulnerabilities & Exploits Windows Zeus
© 2010
  • Symantec Corporation
  • Contact Us
  • Get RSS
  • Privacy Policy
  • Symantec.com