Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Vulnerabilities & Exploits
Showing posts in English
khaley | 06 Jan 2010 17:48:24 GMT

When I worked at a small business the IT guy also took care of the phone system, assembled bookcases if needed, and occasionally worked the front desk when the receptionist was on break. In a small business everyone wears many hats and you often don’t really have the skills necessary to do everything asked of you all that well. Or if you do, you probably don’t have the time.

But certainly small and medium businesses understand the importance of computer security and make sure they take all the steps necessary to protect their business from the potentially devastating losses of cybercrime! Well, that’s half right. According to a survey done last year by Symantec, SMBs know security is important but they are not taking proper steps to protect themselves. In fact, a stunning 33 percent of SMBs don’t even run basic antivirus software.

The SMBs surveyed said they don’t have the staffing, budget, or bandwidth to properly protect themselves. And...

Patrick Fitzgerald | 29 Dec 2009 12:26:36 GMT

Over the last few days there have been many articles written about an issue in Microsoft’s Internet Information Services (IIS).  This issue allows an attacker to bypass normal security restrictions when uploading a file to a Web application running on a vulnerable version of IIS.  This issue could allow an attacker to upload and execute arbitrary code with the privileges of the Web server.

There are varying reports on the severity of this issue, but according to Microsoft only poorly configured Web servers are at risk from this issue:

“An attacker would have to be authenticated and have write access to a directory on the web server with execute permissions which does not align with best practices or guidance Microsoft provides for secure server...

Mircea Ciubotariu | 17 Dec 2009 11:32:37 GMT

We have recently learned of yet another zero-day exploit in Adobe Acrobat. This time it's an overflow for a special type parameter in a function provided by the multimedia.api plugin that can be manipulated from JavaScript in the following manner:

media.newPlayer(null)

Somewhere deep in newPlayer, deinit_obj is set as the handler for deleting the object when it's no longer needed:

code1.png

And eventually deinit_obj calls the destroy function from the object's v_table:

code2.png

So far, so good, except the...

Andrea Lelli | 09 Dec 2009 17:24:13 GMT

A peak of new infections of Trojan.Mebroot has been found in the wild and after some investigation the data shows that there is a new wave of Mebroot Trojans being distributed through a popular exploit pack. The binary executables are using a newer packer to avoid detection from antivirus products.

Mebroot has been around for some time; apart from updating their packer, the most interesting thing about this infection is how Mebroot gets itself onto your machine in the first place. I had a glance at the network capture and the intrusion seems to be coming from Java:

one.jpg

...

two.jpg

Images 1 and 2: The network activity shows a series of http GET requests that end up downloading an executable onto the machine.

This data stream shows some requests being made to the malicious server....

Robert Keith | 08 Dec 2009 19:29:57 GMT

Hello and welcome to this month’s blog on the Microsoft patch releases. This month we also have a "Patch Tuesday" from Adobe.

Microsoft's patches

Microsoft released six security bulletins to address 12 vulnerabilities; seven are rated "critical." The critical issues affect Internet Explorer, Project, and Internet Authentication Service (IAS). Attackers could exploit the IAS remotely, without any interaction from victims. For the other issues, a user must visit a malicious Web page or open a malicious file.

The remaining issues, rated “Important” and “Moderate,” affect IAS, WordPad, Word, Active Directory Federated Services, and Windows LSASS.

Adobe's patches

Adobe is scheduled to release security updates for Flash Player and AIR (Adobe Integrated Runtime). Although both of the updates scheduled for release today are classified as "critical," all customers should apply the Flash Player update immediately because...

Candid Wueest | 03 Dec 2009 21:58:29 GMT
The Mozilla Firefox browser is constantly gaining in popularity. A recent market share survey by Net Applications awards Firefox with 24% of users worldwide. One of the key philosophies of Firefox is that its functionality can easily be extended using plug-ins or extensions. According to the Mozilla foundation there are more than 12,000 extensions available and they have recorded more than 1 billion extension downloads so far. Quite an irresistible target for a malware author, don’t you think?
 
This is by no means a new phenomenon, nor a Firefox-centric one. Browser helper objects (BHOs) in Microsoft’s Internet Explorer have been misused by attackers for years, and we saw malicious Firefox extensions appear more than three years ago. But, we have recently observed an increase in malware that drops malicious BHOs, Firefox extensions, and even Opera user scripts—all this in order to maximize their impact on a user’s machine....
Security Intel Analysis Team | 21 Nov 2009 13:05:59 GMT

A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future.  When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors.  For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer.

The exploit targets a vulnerability in the way Internet Explorer uses cascading style sheet (CSS) information. CSS is...

Marian Merritt | 20 Nov 2009 14:45:48 GMT

I had the honor recently of moderating a virtual roundtable discussion on the top Internet security trends from 2009 and what we expect to see in the security threat landscape in 2010. Funny thing about security predictions—you hope they won’t come true, but expect them to anyway. The roundtable featured expert panelists Paul Wood (Senior Analyst, MessageLabs Intelligence, Symantec) and Zulfikar Ramzan (Technical Director, Symantec Security Response). They each have unique insights into the world of cybercrime, spam, phishing attacks, and other cyberthreats that plague us all.
 
We want to give a big thanks to everyone who joined in to listen to our experts, and we hope you found it interesting. For those of you who couldn’t make it, please take a few minutes to listen to the podcast of the actual roundtable.

You can read more about...

khaley | 17 Nov 2009 20:13:47 GMT

Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need. I expect it to show up in a revision of Maslow’s Hierarchy of Human Needs any day now—behind love, but certainly ahead of safety.

I do have a point to all this. Two actually. As we compiled the Security Trends to Watch in 2010, what occurred to me is that the people who most needed to read this information never will. At least not without some social engineering on my part. And since social engineering plays such a prominent role in future trends, it seemed appropriate. So I’ve decided to use this little trick to get people to...

khaley | 17 Nov 2009 19:59:04 GMT

The Security Response team has compiled the top security trends of 2009. We pulled data from the Global Intelligence Network and the experiences of the thousands of analysts and security experts at Symantec to come up with the top trends for the year. While none of these trends will be a surprise to anyone even casually following the threat landscape, when compiled and summarized, it is clear that the breadth of security problems in the past year was pretty stunning.

For example:

•    Toolkits and threat recycling have made malware easier to create than ever
•    Polymorphic technology is being applied to make threats harder to catch
•    Botnets, large and small, are used as the foundation of attacks making most attacks complex
•    All major news events are used for social engineering
•    Major brands are being appropriated by cybercriminals...