Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Security Risks
Showing posts in English
Crimeware Book Chat on Network World (Wednesday 28-May-2008 from 2-3pm ET)
Zulfikar Ramzan | 27 May 2008 21:09:26 GMT | 0 comments

In my most recent blog entry, I mentioned that Markus Jakobsson and I recently collaborated on a new book:  “Crimeware:  Understanding New Attacks and Defenses.” Network World is hosting a live chat session, and attendees will be eligible to win one of ten copies of the book.

To attend the chat, please go to:  http://www.networkworld.com/chat/ on Wednesday, May 28, 2008 from 2:00 – 3:00 PM Eastern.

We’ll be happy to answer any questions you have about the book or about crimeware and the threat landscape in general. I hope you’ll be able to join!



Message Edited by SR Blog Moderator on 05-27-2008 02:46 PM...

Read more
The Changing Face of Hacktivism
Silas Barnes | 15 May 2008 21:20:35 GMT | 0 comments

The term "hacktivism" often conjures up images of small groups of left-wing hackers defacing Web sites of political parties in an expression of outrage, coupled with demands of truth and justice for the down-trodden. This may have been the case ten years ago, but more recently hacktivism has broken the predefined mold in more ways than one.

The features of the Internet that make it such an invaluable tool for communicating with the global population also provide an avenue for disgruntled groups to voice their options, send messages of unity to the like-minded at great speed, and coordinate electronic attacks. The development of distributed denial-of-service kits, combined with their ease of use and the ability to globally distribute them in minutes, effectively means that an entire country can mobilize a group of dedicated attackers, numbering in the millions, in a relatively short time. Though a vast proportion of these 'net warriors are not security...

Read more
Copyright Violations in the Underground
Liam O Murchu | 25 Apr 2008 23:25:31 GMT | 0 comments
 
 

The problem: You develop a software package that you want to sell in the underground community. However, your buyers are not the most reputable/trustworthy people. How do you prevent your product from being purchased once and then distributed freely afterwards? How do you enforce your “copyright”?

The solution: Ask the antivirus companies to help you out.

Here is a perfect example. The screen shot below is taken from a typical underground software package. Shown in the screen shot are the terms and conditions of the sale—the “licensing agreement.” Yes, that’s right; some underground packages come with a licensing agreement. The document is written in Russian, but a translation is provided below.

 

...

Read more
Crimeware Book Now Available
Zulfikar Ramzan | 18 Apr 2008 20:15:41 GMT | 0 comments

For some time now, Symantec has stressed that the online threat landscape shifted a few years back, away from hobbyist-driven threats towards financially driven threats. This trend has given rise to a class of malicious software known as "crimeware."

I recently had the pleasure of collaborating with Markus Jakobsson on a book, "Crimeware: Understanding New Attacks and Defenses," which studies the problem and where it seems to be heading. The book is an edited volume in which we were fortunate to include contributions that were received from top experts across industry and academia all over the world.

We worked on the book to bring to light the fact that the game has changed considerably. The book covers the following topics:

- A general overview of Crimeware, including taxonomy of well known threats, such as keyloggers, screenscrapers, rootkits, botnets, and the like.
- A more detailed study of well...

Read more
Yet another Site Falls Prey to XP Antivirus
Vikram Thakur | 25 Mar 2008 07:00:00 GMT | 0 comments

A couple of weekends ago, I was doing
exactly what most computer users do in their free time. I was sitting
front of the computer, visiting sites that I have no business with. One
site led to another and I eventually started looking for some old
friends I had lost contact with over the years. One such search led me
to Spoke.com, a business networking site. Using the Spoke search box
soon had me believing that my computer might be infected and I would
soon need to scan it for malicious programs. OK, I didn't really
believe it because I was laughing a bit too much, trying to understand
what the "warning" was trying to tell me:



...

Read more
Cloning Shop for Mac Users Now Open!
Alfredo Pesoli | 21 Mar 2008 07:00:00 GMT | 0 comments

This week, our friends at Trend blogged
about a new misleading application for the Mac. We decided to take a
look at it as well. The application, named iMunizator, is a variant of
the well known rogue antivirus product called Macsweeper, which we have blogged about previously.



When launched, iMunizator performs a full scan of the system and
soon after it reports the “problems” that it found. Worryingly, some of
the files detected by iMunizator are actually safe system binaries that
should never be removed—files with "app" extensions. See the screenshot
below:



...

Read more
Your Friendly Password Archiver
Candid Wueest | 13 Mar 2008 07:00:00 GMT | 0 comments

We all know that you should back up your data periodically if you don't want to lose it in the case of an incident. This is not as trivial as it used to be. You might have some information stored remotely in online services. Most likely you will have an online email account and may want to have those emails archived on your local backup drive.

So I wasn't surprised when I saw an article last week on Jeff Atwood's blog about someone searching for a way to archive emails from Gmail. By the way, any IMAP client might be a good way. The sad part of the story was that the guy stumbled on a shareware tool called G-Archiver. After playing around with the software, he discovered that there is a hard-coded Gmail account with a password in this application. After doing some more analysis, it was evident that this tool does not only archive your emails locally, it will...

Read more
Life's Not Like the Movies
Trevor Mack | 10 Mar 2008 07:00:00 GMT | 0 comments

There was some news last week regarding an online banking service and the fact that someone at this particular bank forgot to renew some Web site security certificates. The story caught my eye for a couple of reasons. First, because of the job that I do here at Symantec I need to take note of reports such as these. They are often chalked up to human error and as this article on theregister.co.uk states, a lot of these issues are unfortunately considered to be only small problems. It may be a small problem because the solution isn’t difficult to obtain, only time consuming, and hopefully doesn’t affect anyone adversely. (In this case the problem didn’t affect the security or integrity of the Web site in question and was rectified quickly.) However, I personally consider these issues to be bigger problems because I can’t surf the ‘net as quickly as...

Read more
A Crooked Review, or Creative Marketing?
John Park | 07 Mar 2008 08:00:00 GMT | 0 comments

If you search for the word "antivirus" on major search engines like Google, Yahoo, or MSN there is a possibility you will end up with "6StarReview.com" or "StarReviews.com" with a link name like "Top 10 Antivirus for 2008" as one of top sponsored ads. The Star Reviews is basically a Web-only review site that covers everything from blog services to online banking. Perhaps the site is a bit heavy on affiliate links, but nothing out of the ordinary. No pop-ups. No browser exploits. All in all, it looks legit.

...

Read more
Going, Going, Gone!
Symantec Security Response | 06 Mar 2008 08:00:00 GMT | 0 comments

29A is a well known underground virus research group. It had many notorious members, such as Benny, VirusBuster, Super, ValleZ who were prominent in the virus-writing circles. This group published a virus magazine in order to spread the know how to create viruses. Up until now they have published seven full versions of the magazine on their Web site.

The content of the magazine discusses new technologies and techniques of use to virus and malware creators; in particular it also contains virus source code and tutorials on how to write viruses. 29A achieved many firsts in the virus world, such as the first 64 bit virus and other creations including W32.Peelf.2132, W2k.Stream,...

Read more