Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Security Response remove filter
Showing posts by Stuart Smith remove filter
Bad Bunny
Stuart Smith | 05 Jun 2007 | 0 comments

…was the case that they gave me. Specifically, SB.Badbunny, a fairlynovel OpenOffice macro virus that attempts to spread via IRC. Thenovelty comes partly from the attention-grabbing trendiness of workingon OpenOffice and many Unix-based operating systems (Linux andMacintosh included), but also with its use of a variety of scriptinglanguages to improve portability. Badbunny doesn't just use theOpenOffice macro language, but has components written in Ruby,JavaScript, Python and Perl.

What makes this virus worth mentioning is that it illustrates howeasily scripting platforms, extensibility, plug-ins, ActiveX, etc, canbe abused. All too often, this is forgotten in the pursuit to matchfeatures with another vendor. Fortunately, in this case the ease-of-useof these scripting languages attracted an amateur developer who wrotemultiple critical bugs in the code, causing Badbunny to barelyreplicate.

Given that Web servers are an area where operating systems are stillvery much...

Read more
Another Big Thing, Part 2
Stuart Smith | 23 May 2007 | 0 comments

As with my last blog, the topic this time is behavioral detection, and the various trade-offs involved. We already covered some of the issues in the use of virtual environments for the detection of threats, and this time we’ll cover some of the issues involved in classifying behavior and mitigating damage.

Whatever your approach is to generating and tracking behavior, you need the ability to classify it. There are challenges to tracking behavior, but once you have a profile of behavior, determining what is malicious is a harder problem. Some security products solve this by handing off the problem to the user. Most don’t. The real problem in profiling is that the definition of what is malicious has changed over time. Is tracking your activity as you surf a web page malicious? If you say yes, what about the wonderful “suggest” features that use historical data? Is any program that downloads silently with no GUI malicious? What about Windows Update or Live Update? Something...

Read more
Another Big Thing, Part 1
Stuart Smith | 22 May 2007 | 0 comments

The amount of new malware in the wild is growing quickly. While this is not a new observation, I have seen some claims that behavioral detection may be the answer to this ever-increasing amount of malware. Unlike more traditional types of detection that look at static attributes inherent in a piece of software, such as unique data, code, etc., behavioral detection involves running a possible threat, tracking its behavior with various monitors, and then using the information gathered to determine if it is malicious. As more behavioral detection products emerge, one article asked “Is Desktop Antivirus Dead?” [1]. Hardly, but it is worth a look at why the question even comes up.

Behavioral detection holds out the promise of more zero-day detections, and it reduces the number of updates you need to make to your antivirus software. Note that you cannot safely eliminate updates, since the definition of malicious behavior changes over time. The history of malware, from viruses and...

Read more
Making Money in the New Old-Fashioned Way
Stuart Smith | 05 Mar 2007 | 0 comments

Larry Wall once said, “Three great virtues of programming arelaziness, impatience, and hubris.” It appears the authors of aW32.Darksnow have taken this saying to heart. It also appears that theywere too impatient to read the other virtues he lists – diligence,patience, and humility. And they’ve mainly focused on the virtue oflaziness, by trying to find a way to make money using other people’scomputers (and electricity and bandwidth). Specifically, they wanted tomake money using other people’s computers to spoof “impressions” ofadvertising links. Without asking the people, of course. That would betoo much work. And they’d probably say no.

Of course, you can’t just set up a computer, and let a program sitthere and pretend to view Web pages. You’d need a lot of computers toreally make money. And the ad networks are smart enough to figure outthat someone probably isn’t sitting on their computer all dayrefreshing a Web page, so the virus writers couldn’t get any money forthis....

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,791