Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Security Risks
Showing posts in English
Keylogging at the Habbo Hotel
Peter Coogan | 20 Feb 2008 08:00:00 GMT | 0 comments

Social networking Web sites have become apopular pastime and are a means of staying in touch with friends formany people. Yesterday, Websensereported on a Trojan keylogger aimed at users of Habbo, a popularsocial networking site for teenagers. This is not the first timeteenagers and children have been targeted. One of the first instanceswas a worm called W32.Pokey that used the Pikachu character from Pokemon as a social engineering tactic.

In the Habbo case, users are duped into believing they are gettingtools that will give them the opportunity to make a name for themselvesin Habbo without having to fork out the costs. In fact what they aregetting is a malicious Trojan horse program that logs keystrokes on thecompromised computer and sends the logs to...

Read more
More Difficult Than Proving the Prime Number Theorem
M.K. Low | 18 Feb 2008 08:00:00 GMT | 0 comments

It is very easy to post your public information onto socialnetworking sites. It took me less than five minutes to create andactivate my account and half an hour to populate the data with mybirthday, my home town, my status, my education, and my likes (puppies)and dislikes (chicken balls with red sauce). In another half hour, Iwas able to upload pictures of my Asia trip, my friends and family, andeven my Hello Kitty small kitchen appliance collection.

But, it's not so easy to remove personal information off these sites. In a recent BBC articleit was shown that users on a popular social networking site who, afterterminating their accounts, found it difficult to delete personalinformation. A popular social networking site states that "Deactivationwill completely remove your profile and all...

Read more
Register to Vote, Lose your Identity
Josh Harrison | 11 Feb 2008 08:00:00 GMT | 0 comments

With the primaries going on it reminded me of a problem that can putthose of us who have registered to vote at an unnecessary risk ofidentify theft exposure. With everything we are doing to secure theworld electronically, it can still be the old analog means that doom us.

Last fall I received a piece of junk mail, I mean, "US postage paidpolitical glossy information to help inform voters" material. This isthe usual type of glossy, slick advertising mailer that most of us tossinto the garbage can. I decided to open it and inside I saw “Vote forMeasure 123456” and some political marketing info. OK, I still am goingto toss it. And then I noticed the little “Vote by Mail Application”attached. It was nicely pre-printed with name and address and my date of birth (DOB)!Yeesh, why didn’t they just go ahead and post my social security numbertoo?! Some may argue that a DOB is already a matter of public recordand I agree it isn’t as sensitive as your social security...

Read more
AMTSO: The Back Story
Mark Kennedy | 08 Feb 2008 08:00:00 GMT | 0 comments

On Monday, February 4th, Symantec and morethan 40 security software technologists and anti-malware testersannounced the first steps in creating the Anti-Malware TestingStandards Organization, or AMTSO. It’s been an interesting road to get here so I thought it would be interesting to chronicle a bit of the back story here.

Last May in Reykjavik, Iceland I gave a presentation on a new, morerelevant, form of anti-malware testing called "dynamic testing"(http://www.slideshare.net/frisksoftware/active-tes...). Thiswas borne out of the fact that even though our security suitescontained numerous protection technologies, only one – static filescanning – was being evaluated in tests. While static file scanning iscertainly an important part of a security suite, taking...

Read more
Ban Bad Banner Ads
Candid Wueest | 31 Jan 2008 08:00:00 GMT | 0 comments

Many people don’t like flashy advertisementbanners on Web pages. But ads are a necessary thing for some pages tokeep them free and help the owners pay their hosting fees. That mighthave been one of the reasons the bad guys thought of when usingmalicious banner ads as an attack vector. I’m not talking about theannoying banners that will overlay half of your screen so that you haveto click them away manually. I’m talking about malicious ads, sometimesreferred to as "malvertisement" or "badvertisement," which contain amalicious script or a hidden redirector. Most of the time it’s a flashobject that contains an obfuscated action script which redirects theuser to a malicious site after performing some user client checks. Ifthe IP address of the requester falls into the desired geographiclocation and the IP address was not yet served, then it will beredirected to the bad site. This site can then either use one of thewell known Web attacking toolkits to exploit a...

Read more
To Open or Not to Open
M.K. Low | 29 Jan 2008 08:00:00 GMT | 0 comments

Go on any security Web site and their bestpractices state that you should “never view, open, or execute any emailattachment unless the attachment is expected and the purpose of theattachment is known.” But what if it’s your job to open attachments?

In this day and age, human resources (HR) managers post job openingsonline to get the widest possible distribution. Gone are the days ofnewspaper ads and window postings; managers want to attract as manyqualified applicants as possible and Web postings are inexpensive andeffective. This may be one reason why HR is a weak link in the securityof a company. Many companies prompt applicants to email their resumeand cover letter directly to the HR department or a specific manager. Iwent to a dozen international company sites and found that half of themhad the same application process.

To apply for positions on our team, respond by email tojane.doe@xxxxx-...

Read more
My Friend Bill
Kevin Haley | 25 Jan 2008 08:00:00 GMT | 0 comments

I just signed up for a MySpace page. I’vebecome very interested in social networking and it was time to join thefun. Once you create an account the next step is to add some friends toyour network. So the first thing I decided to do was send an invite myfriend Bill Gates. (Now I don’t expect you to believe that Bill Gatesand I are friends. I admit that I’ve never met the man, but I'm tryingto make a bigger point, so bear with me.)

A quick search on MySpace for Bill or William Gates returned 192pages of search results. They couldn’t all be my Bill. I narrowed mysearch. I know what Bill looks like, so I searched just for profilesthat contained a picture. I gave up after finding over a 100 profileswith a picture of Bill Gates and I had only reviewed half the profilepictures. I will say that the number of profiles with Bill in a sweaterwere about even with those of him in a suit. Only a few choose to dragup that old mug shot of him from his teenage years.

...
Read more
Please Don’t Try This at Home
Kevin Haley | 18 Jan 2008 08:00:00 GMT | 0 comments

Comparing security software is a difficultproposition. How do you know if a vendor does a good job catchingviruses? Every once in a while I’m approached by someone who wantsadvice on doing some virus testing. What I tell them is “Don't do it!”Please leave it to the professionals. There are a number of really goodreasons for this:

1. Third-party testers focus on malware that is relevant (like whatis in the wild). To make a collection on your own from the Web can bevery random. Organizations like VB100 do an excellent job of findingwhat viruses are “in the wild” and testing security products againstthis list.

2. Third-party testers can create test environments that mirror thereal world; for instance, you can run a file scan to see if thescanning software finds malware lying dormant on a disk. But today goodsecurity products come with IPS, firewall, and heuristic protection.You'll need active attacks and infections to test these technologiesand you’ll...

Read more
Attack of the Clones II
Mateusz Misiewicz | 17 Jan 2008 08:00:00 GMT | 0 comments

AVSystemCare, DriveCleaner, and MalwareAlarm (a clone of AntiSpywareShield)are known rogue antispyware/antivirus application "brands". They arepart of a growing list of misleading applications that deceive users bydisplaying scary warnings about the computer being infected with alarge number of fake threats, and then ask them to buy the softwarebefore they will fix the problems.

We wrote about AVSystemCare clonesa few months ago. Since then, the number of the domain names associatedwith these misleading...

Read more
Do as I Say, Not as I Do
Orla Cox | 07 Jan 2008 08:00:00 GMT | 0 comments

In these “Stormy” times, here at Symantecwe regularly warn users to be wary of following links in unsolicitedemail. Could it be considered a coincidence then that I received thefollowing gem directly to my work email:


(Click for larger image)

Was this a clever use of reverse psychology by phishers or malwareauthors? Or, had I really received an unsolicited (and unsigned) emailfrom the author of a couple of recent whitepapers on "footprinting" andsocial engineering, asking me to click on a link?

It turns out it was the latter. Thankfully the link wasn’t malicious(the lack of misspellings in the mail was one of few clues!), but somepeople need to start practicing what they’re...

Read more