Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Security Risks
Showing posts in English
Mathew Maniyara | 03 Feb 2010 21:40:30 GMT

Symantec has observed a new trend in phishing in which the phishing Web page contains pornographic content. The phishing site states that the end user can obtain free pornography after logging in or signing up. These offers tempt users into entering their credentials in the hopes of obtaining pornography.

The attackers use several offers of pornography as bait. Some of the offers are adult chat, social networking with adult personals for sexual favors, blogs with free pornography, and so on. The screenshot below is an example of a phishing website using a leading information services brand. The site states that they provide email alerts for sex parties:

Screen shot 2010-02-03 at 9.33.52 PM.png

In January, new phishing attacks such as the above example continued to be observed abusing legitimate brands. The phishing pages were created using free Web hosting sites. Upon entering login...

Joji Hamada | 28 Jan 2010 11:19:45 GMT

Yesterday we saw SEO poisoning attacks when searching for keywords such as "Apple Tablet". Now, after the product announcement has been made, we are seeing the same attack with the actual name of the product included in the search term.

Using search terms like "Apple Ipad rumor" or "Apple Ipad size" are likely to produce results from sites like,, or, ultimately compromising your computer with rogue security software.



No worries for Symantec product users.  Our HTTP FakeAV Redirect Request IPS signature will detect the attack.  Our...

khaley | 21 Jan 2010 17:44:42 GMT

Did you follow the Senate race in Massachusetts between Scott Brown and Martha Coakley? Well, so did cybercriminals. They likely had no interest in who won, however. What attracted them was how many of us were performing online searches, looking for information on the race. So, the bad guys raced to answer this need, but it wasn’t with information on who won. It was with traps to infect us with rogue security software.

Symantec—through use of our Norton Safe Web technology—has identified significant search engine poisoning in searches related to the political race. At one point we looked at the results of a search for “Massachusetts senate race results” and found that 33 of the first 100 search results led to malicious sites. Eleven of the first 100 results for the related search “Brown Coakley results” also led to malicious sites. Unfortunately none of this is all that surprising to us. From Michael Jackson’s death, to the...

khaley | 20 Jan 2010 11:57:32 GMT

AntiVirus Live, Personal Security, Malware Defense, and Desktop Defender

These are all names for different rogue security software programs. We identified 250 different “brands” of these bogus products in the Rogue Security Software Report published in October 2009. But these four—and many others—are not among those 250. They are all new since October. You can see some examples of some of the new graphic styles of these fake AVs here.

In fact, there are so many of these misleading applications that we don’t even try to write a unique definition for each one of them. We use generic signatures such as Trojan Horse,...

Symantec Security Response | 08 Jan 2010 16:46:58 GMT

Last December we saw a couple of malicious JavaScript strings being pasted into Web sites on compromised servers. The beginning of the scripts look like one of the following:

  • <script>/*GNU GPL*/ try{window.onload = function(){var ~
  • <script>/*CODE1*/ try{window.onload = function(){var ~

We’ve now confirmed a new version. One of the sites we saw was originally compromised with the "/*GNU GPL*/" script and was recently updated with the "/*LGPL*/" script. A top portion of the obfuscated script looks something like this:

<script>/*LGPL*/ try{ window.onload = function(){var C1nse3sk8o41s = document.createElement('s&c^$#r))i($p@&t^&'.repl

Once deobfuscated, it leads to a URL that looks something like this:



khaley | 06 Jan 2010 17:48:24 GMT

When I worked at a small business the IT guy also took care of the phone system, assembled bookcases if needed, and occasionally worked the front desk when the receptionist was on break. In a small business everyone wears many hats and you often don’t really have the skills necessary to do everything asked of you all that well. Or if you do, you probably don’t have the time.

But certainly small and medium businesses understand the importance of computer security and make sure they take all the steps necessary to protect their business from the potentially devastating losses of cybercrime! Well, that’s half right. According to a survey done last year by Symantec, SMBs know security is important but they are not taking proper steps to protect themselves. In fact, a stunning 33 percent of SMBs don’t even run basic antivirus software.

The SMBs surveyed said they don’t have the staffing, budget, or bandwidth to properly protect themselves. And...

Hon Lau | 28 Nov 2009 12:15:34 GMT

The car accident involving Tiger Woods last night outside his home in Windemere, Florida has been generating a lot of heat as far as Web traffic and searches go. Since the news broke, the top web searches on Google has been related to the this story. Even hours after the break of the story, six out of the top ten search items are still related to this event.  Tiger Woods is obviously a huge celebrity from a sport that has a huge worldwide following. The circumstances surrounding this accident are still as yet unclear.   

Search rankings for results relating to Tiger Woods

From an IT security point of view this unfortunate incident is just another fruit ripe for the picking as far as malware writers are concerned. So it comes as no surprise that the creators of rogue antivirus or misleading application software have already jumped on the bandwagon and attempted to poison web search...

Marian Merritt | 20 Nov 2009 14:45:48 GMT

I had the honor recently of moderating a virtual roundtable discussion on the top Internet security trends from 2009 and what we expect to see in the security threat landscape in 2010. Funny thing about security predictions—you hope they won’t come true, but expect them to anyway. The roundtable featured expert panelists Paul Wood (Senior Analyst, MessageLabs Intelligence, Symantec) and Zulfikar Ramzan (Technical Director, Symantec Security Response). They each have unique insights into the world of cybercrime, spam, phishing attacks, and other cyberthreats that plague us all.
We want to give a big thanks to everyone who joined in to listen to our experts, and we hope you found it interesting. For those of you who couldn’t make it, please take a few minutes to listen to the podcast of the actual roundtable.

You can read more about...

khaley | 17 Nov 2009 20:13:47 GMT

Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need. I expect it to show up in a revision of Maslow’s Hierarchy of Human Needs any day now—behind love, but certainly ahead of safety.

I do have a point to all this. Two actually. As we compiled the Security Trends to Watch in 2010, what occurred to me is that the people who most needed to read this information never will. At least not without some social engineering on my part. And since social engineering plays such a prominent role in future trends, it seemed appropriate. So I’ve decided to use this little trick to get people to...

khaley | 17 Nov 2009 19:59:04 GMT

The Security Response team has compiled the top security trends of 2009. We pulled data from the Global Intelligence Network and the experiences of the thousands of analysts and security experts at Symantec to come up with the top trends for the year. While none of these trends will be a surprise to anyone even casually following the threat landscape, when compiled and summarized, it is clear that the breadth of security problems in the past year was pretty stunning.

For example:

•    Toolkits and threat recycling have made malware easier to create than ever
•    Polymorphic technology is being applied to make threats harder to catch
•    Botnets, large and small, are used as the foundation of attacks making most attacks complex
•    All major news events are used for social engineering
•    Major brands are being appropriated by cybercriminals...