Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Security Risks
Showing posts in English
khaley | 20 Jun 2011 23:57:14 GMT

Troy Hunt, a Microsoft MVP, has done some terrific analysis of the passwords people use. Unfortunately, what has made this possible is the recent trend in hacktivism whereby it is common for hackivists to post the spoils of their attacks online to generate publicity and shame the company being attacked. While this has been bad news for the companies and their customers, it has provided a rich data set for researchers to analyze. The results from Troy’s research are pretty interesting. Rather than rehash the results here, I’ll let you read them yourself:

What struck me while reading the blog is how much we know about what kind of passwords people create and how little we’ve been able to make practical use of any of this knowledge. Sure we all run off and write blogs about how people need to make their...

Nithya Raman | 25 May 2011 17:27:03 GMT

There is no doubt that athletes all around the world are training hard to compete at the London Olympics in 2012, but cyber criminals seem to be gearing up for the event as well. Even with over 400 days still to go until the Olympics, we have already started seeing search terms related to this event returning a large number of poisoned links. As we have observed with search engine optimization (SEO) poisoning in the past, these poisoned links redirect to rogue antivirus sites.

The following are the top 10 poisoned search terms:

We have also found dozens of other poisoned search terms related to Olympics tickets, mascots, offers, and so on. Below is a screenshot of the search results for the term “london 2012 stadium diagram”; Norton Safe Web indicates that all of the first 10 links are malicious:


khaley | 20 May 2011 20:25:20 GMT

At first, I was just plain annoyed. Someone forwarded a hoax email to me twice in the same week. I am often asked about hoax email: “Kevin, you work at Symantec, is this true?” That’s fine; that’s not what annoyed me. What set me off was that both emails had been forwarded to warn me. The forwarder wasn’t even questioning the content of the email. They had accepted clearly bogus warnings about the “world’s worst virus” as fact.
Then I started thinking about the Twitter discussion I recently had about education. Some security professionals are turned off by education because they don’t believe it works. The rest feel it’s important, but never done right. (I fall into the latter category.) And, I decided that my previous approach to educating people about these hoaxes was not working. Just giving people a link to a Web page...

Suyog Sainkar | 28 Apr 2011 08:30:17 GMT

As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software through black hat search engine optimization (SEO) techniques.

Spam campaigns

We have blogged previously about “snowshoe” spammers targeting the upcoming British Royal Wedding of Prince William and Kate Middleton. Spam email messages advertising a replica of Princess Diana’s engagement ring that were observed in February are still making the rounds on the Internet, and the eve of the royal wedding is now upon us. Furthermore, as we had anticipated, we have recently observed additional spam campaigns making use of this significant event to promote various products.

In one such recent spam campaign, email promoting a "...

Parveen Vashishtha | 04 Oct 2010 22:41:52 GMT

In a previous blog we reported on how attackers use social engineering techniques to scare users into purchasing a misleading application. This time around, we have come across a couple of websites that are using a slightly different trick to mislead users.

In order to trick users, these websites used bogus pages that look similar to those presented by security features or technologies when one is about to visit a malicious page. However, it presented a “Download Updates!!” button, unlike Google’s “Get me out of here” button, for example.

Regardless of what browser is used, the user is presented with the same misleading dialog box that seemingly forces the...

Andrea Lelli | 01 Sep 2010 10:24:18 GMT

In previous blogs we have discussed how malware can exploit a search engine’s indexing features in order to spread malicious content. Recently we have observed a massive compromise of websites under the .ch and .nl top-level domains, aimed at performing a massive search engine optimization (SEO) attack to spread fake antivirus applications.

To keep track of pages on the Internet, search engines use automated web scanners, called crawlers or spiders. Their purpose is to find every possible Web page on the net, read its content, and then index it for future user searches. Attackers often try to exploit this feature in order to trick a search engine into associating a malicious Web page with very common...

John McDonald | 02 Jun 2010 22:48:22 GMT


We post a lot of blogs here about all kinds of threats, including pervasive botnets, rootkits, rogue apps, the latest flavor of spam doing the rounds, and so on and so forth. So, for a change I thought I’d talk about something a bit more personal that happened closer to home—something that happened to a good friend of mine. Not a gruesome tale by any means, but one that will hopefully be of interest to some of our less technical readers who may be able to identify with my friend’s plight. I’ve separated the story into three sections and will post them here a few days apart, each containing links to their preceding posting so anyone who missed one can easily catch up.
Part I – Discovery
A call for help

A friend of mine, Derek, recently asked me if I could help him figure out why his Internet connection had been running so slowly for the...

Hon Lau | 22 Apr 2010 17:02:14 GMT

Always ever ready to pounce on any major new events, the creators of rogue antivirus software are quick to seize on the latest major news event to try and push their wares on unsuspecting users. In this case the latest big news event is the false positive relating to McAfee antivirus software.

We have seen poisoned search results since the problem first surfaced. Search terms such as McAfee, 5958, or DAT are returning results that can lead to malicious and fake antivirus scan sites, resulting in the installation of malware. One such site sends the user to that in turn redirects to There you will find the usual fake online scanner followed by the offer of fake antivirus software (Symantec detects them as Trojan.FakeAV).


Sujit Magar | 07 Apr 2010 08:25:58 GMT

Antivirus XP 2010, a clone of the Antivirus2010 family, is amongst today’s most prevalent rogue security software. Fake security software scammers continue to release new clones in frequent attempts to evade antivirus scanner detections. New clones share the same user interface and look and feel of the original application, but the application name changes.

Analysis of Antivirus2010 reveals that it is using a single binary file for multiple clones. Every time such a binary is executed, a different name is displayed as an application title. For example, when it is executed for the first time it displays itself as XP Antispyware 2010; however, when executed again it may display itself as XP Guardian 2010.

The following is a list of the names that it may use in any particular instance:

•    XP Antispyware 2010
•    Antivirus XP 2010
•    XP Guardian 2010
•    XP...

Hon Lau | 22 Mar 2010 15:23:04 GMT

Yesterday there was a volcanic eruption in Iceland near the Eyjafjallajoekull glacier that has led the Icelandic authorities to declare a state of emergency in southern Iceland. People living nearby have been evacuated in case of glacial melt water flooding and the airspace near the now active volcano is effectively closed off.  As you have probably already guessed, any event that commands a high level of public interest will be pounced on quickly by the makers of fake antivirus software in order to make a quick buck. This incident is no exception.

Web searches for subjects relating to this eruption, such as "Iceland Volcanic Eruption" or "Iceland Volcano," will return results that may include dozens of hacked websites. It is not that difficult to spot the hacked sites with the fake antivirus redirection in the search results. Generally, you should look for a pattern like this...