Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Security Risks
Showing posts in English
Ron Bowes | 12 Oct 2007 07:00:00 GMT | 0 comments

When you visit a Web site, you typicallytype the URL into the browser or click on a bookmark. In either case,the domain name (for example, "www.symantec.com") is sent to yourdomain name system (DNS) server. This server takes the domain name andsends back the server's address. This structure can lead to someinteresting consequences.

How many people actually know which DNS server they're using? And,if they know which server they're using, how much do they trust theperson or company running the server? The majority of networks areconfigured with dynamic host configuration protocol (DHCP). DHCP is aprotocol that allows computers to broadcast a generic "configure me"message to the local network. Any server on the network can respond tothe message, telling the computer which DNS server to use (among otherthings). This problem is two-fold: first, there is no guarantee thatthe response is coming from the expected server. And second, even if itcomes from the proper server,...

Kevin Savage | 10 Oct 2007 07:00:00 GMT | 0 comments

In the ever-expanding world of misleadingapplications, you might wonder how each new application can stand outfrom the crowd and get itself noticed. Browsing the Web sites of someof these applications shows that most employ some form of socialengineering to persuade potential customers to purchase their products.This social engineering ranges from the subtle language of persuasionto bold warnings concerning your personal and online safety.

The most common social engineering used on these Web sites tells usthat just about every online activity is certain to bring spyware andother unwanted pests to your door. Downloading music from the web seemsto be the biggest culprit in this area:

image1.jpeg


IM chatting, online banking, and email activity are also frequently cited as being certain sources of spyware:

...

M.K. Low | 09 Oct 2007 07:00:00 GMT | 0 comments

It's got Paul Anka's guarantee…guarantee void in Tennessee

One of my favorite Napoleon Dynamite scenes is when Napoleon and Kipare watching music videos and Napoleon says, “This is pretty much theworst video ever made”. Kip’s reply is “Napoleon, like, anyone can evenknow that.”

It’s true. How can you substantiate someone’s claim that they arethe worst, the best, the most user-friendly, or simply the only systemthat your company will ever need. Some people blindly put their trustinto companies without authenticating their claims. Just because acompany advertises for an “explosion-proof computer”,“unique, very efficient, non-algorithmic based encryption,” or“guaranteed secure credit cards,” doesn’t mean caveats don’t exist.Fat-free doesn’t necessary imply zero fat; it just means there is lessthan 0.5 g of fat per serving....

Patrick Fitzgerald | 03 Oct 2007 07:00:00 GMT | 0 comments

Wireless Equivalency Protocol (WEP) has been one of the hottesttopics in Irish news over the last few days. One of the leadingproviders of DSL in Ireland has supplied users with wireless routersprotected using WEP. What made this newsworthy is that it has emergedthat the WEP keys used to encrypt the network traffic and to controlaccess to a private network were generated using the (Service SetIdentifier) SSID. The algorithm used to generate the encryption keyshas been analyzed and a tool is freely available which allows anyonewithin range of the router to trespass on a wireless network that hasbeen secured using the default settings.

The DSL provider and media reports are advising customers that ifthey change their WEP keys, they will be safe from any trespassers ormalicious attackers trying to get onto their network. While it is truechanging the default WEP settings will mitigate this particular attackit will not make your wireless network secure.

WEP is a flawed...

M.K. Low | 26 Sep 2007 07:00:00 GMT | 0 comments

Recently, I came across a publication by Tews, Weinmann and Pyshkinthat describes an attack, called aircrack-twp, which can recover a104-bit WEP key in less than 60 seconds. WEP (Wired Equivalent Privacy)is a protocol used for securing wireless LANs (WLANs) that use the RC4stream cipher to encrypt transmitted packets under a common key.

The RC4 stream cipher is at the heart of the WEP protocol and is oneof the most widely used stream ciphers in the world due to itssimplicity and compact software implementation. Packets of informationare encrypted using the following method: A 24-bit initializationvector (IV) is chosen for each packet which is concatenated with thesecret 104-bit RC4 common key to form the 128-bit per packet or sessionkey. The per-packet key is encrypted through the RC4 stream cipher toproduce a pseudo-random keystream. Note that, since each packet has...

Vikram Thakur | 21 Sep 2007 07:00:00 GMT | 0 comments

If you've recently received an email with an attachment or link,asking you to install a patch or an update from Microsoft, pleasebeware as this is in all probability a hoax and could transfer controlof your computer to some unknown entity anywhere in the world.

Recently, we received samples of emails which prompted users toinstall patches for Windows, via fake Security Bulletins. The patcheswere either linked from the email or attached to the mail itself.Symantec products detect the linked file as Trojan.Dropper.

Patch-1sm.JPG
Click image for larger view


In this case, the installer distributed via this...

Marvin Fabuli | 13 Sep 2007 07:00:00 GMT | 0 comments

TechNewsWorld recently published an article discussing how epidemiologists are using the outbreak of a virtual disease in a MMOG to study human behavior and hopefully apply the lessons to future outbreaks of disease. The incident in question is the intentional introduction of a plague by Blizzard Entertainment two years ago into its own World of Warcraft, basically to “add a little kick” to the game.

The disease was called Corrupted Blood and, just for fun, the makers made it truly viral so that, once infected, gamers would pass on the virus to others. That said, the pandemic was supposed to be limited to a new area in the game only meant to be accessible to high-level players who, it was presumed, would have the strength and knowledge to deal with the disease.

Of course...

Kevin Savage | 12 Sep 2007 07:00:00 GMT | 0 comments

The world of misleading applications (aka"rogue antispyware") never ceases to amaze with clever socialengineering and tricks to con and persuade users into parting withtheir hard-earned cash. We have recently noticed a sharp increase inthe number of these applications. One example we came across recentlythat is really contributing to the trend is called AVSystemCare.

This misleading application is unique in two ways:


- It uses a clever trick that makes it easy to generate an endless amount of clones that while looking and behaving
the same, are named differently.
- It offers localized versions in numerous languages.


AVSystemCare uses a clever trick to allow all of its clones to useidentical files, but yet have different names. Installing any of theseclones involves downloading a small file from the clone Web site. Whenthe user executes this file it will download the main applicationcomponents. All of...

Ben Nahorney | 31 Aug 2007 07:00:00 GMT | 0 comments

About a year ago we wrote about misleading applications and the business models behind them.Misleading applications, also commonly known as “rogue antispyware”applications, claim to detect and remove threats from your computer.What they actually do instead is report threats on clean computers andrequest payment for removal of these non-existent threats. Today, theirnumbers are on the rise, making up a larger portion of the securityrisks in the threat landscape. For example, we have discovered morethan 40 new misleading applications since June 2007.

So how have they risen to such prominence? Misleading applicationsplay upon a user’s concern that malicious threats may reside on his orher computer. “Your computer may be at risk!” is the overriding themewhen a user encounters one of these risks. The irony is that themisleading application itself...

Liam O Murchu | 02 Aug 2007 07:00:00 GMT | 0 comments

Brazil is the home of the infamous Infostealer.Bancos family ofmalware. Recently, however, we have seen a more diverse number of sites- beyond just banking sites - coming into the crosshairs of theBrazilian malware gangs. Is the recent W32.Imcontactspam worm anotherof their creations?

The worm is Brazilian and spammed the infected users’ MSN contactswith email advising them that they had received an electronic greetingcard. We see these types of worms quite often; however what caught ourattention were the similarities between the techniques this worm usesand the techniques used by the Infostealer.Bancos family of trojans.

When executed, the worm does the following:

  1. Minimizes the real MSN Messenger login window;
  2. Displays a fake Portuguese language MSN login screen;
  3. Records the username and password that is typed;
  4. Displays the real MSN Messenger login window (user must re-type password);
  5. Records the email address of all...