Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Security Risks
Showing posts in English
ISTR XI – Malicious Code and Phishing
Marc Fossi | 20 Mar 2007 07:00:00 GMT | 0 comments

Six months ago, in the previous volume of Symantec's Internet Security Threat Report,I wrote that we were seeing a shift away from “noisy” worms towardstargeted Trojans that attract less attention. In the second half of2006, this trend remained true, as the volume of Trojans reported bySymantec customers increased and the volume of worms decreased. At thesame time, a lot of these Trojans are becoming more sophisticated.

In the latest edition of the Internet Security Threat Report,we note that multi-stage downloaders, also referred to as modularTrojans, are becoming more prevalent most likely because of theirversatility. The first stage of these downloaders is usually a smallTrojan that disables your security and antivirus applications thendownloads a more complex threat. Since the initial stage disablessecurity applications, the second stage can be almost...

Read more
The Symantec Internet Security Threat Report, Volume XI
Dean Turner | 19 Mar 2007 07:00:00 GMT | 0 comments

Twice yearly, Symantec publishes a comprehensive report on theoverall worldwide Internet threat landscape. With a dedicated team ofresearchers, authors, and the support of over 1,800 analysts worldwide,the Symantec Internet Security Threat Report has become oneof the largest publicly available reports of its kind.The reportprovides a window into the world of malicious code, network attacks,vulnerabilities, phishing, and spam. With a threat landscape dominatedby data theft, data leakage, fraud, and coordinated criminal activity,the team behind the report recognized the importance of looking notjust at the types and volume of the attacks, but how, where, and whythey take place. For the first time in this report, we discuss not onlythe root causes behind these types of activities, but where theseactivities take place in the world and what they’re worth in anunderground economy.

We’ve seen a gradual process where blended threats have morphed froma single attack...

Read more
Symantec's Home and Home Office Security Report–February Roundup
Joseph Blackbird | 09 Mar 2007 08:00:00 GMT | 0 comments

February's Home and Home Office Security Report covers a number ofsecurity issues, including this month's "Hot Topic," which describes anattack targeting insecure routers that could allow a hacker to view allthe information you type online, including passwords! Recently,researchers have discovered a method that hackers may be able to use tobreak into your networks through your home wireless or wired router. Totake advantage of this issue, a hacker would simply have to entice youto load a Web page that they control. Once loaded, the site wouldhijack your router and allow the hacker to control the Web sites thatyou visit. For example, if you type in the Web address of your bank,the hacker could redirect your request to a site that is designed tolook like your bank's Web site, but is, in fact, controlled by thehacker. Any information that you enter on the hacker-controlled sitewould be viewable by the hacker, including user names and passwords foronline banking, credit card...

Read more
Operation Spamalot
Josh Harriman | 09 Mar 2007 08:00:00 GMT | 0 comments

No, this is not a new Monty Python skit.This is a real operation and is being implemented right now by theSecurities and Exchange Commission (SEC). Operation Spamalothas halted trading in 35 companies. Their reason is basically thatinformation regarding these companies have been spammed out throughemail to millions of people touting false or misleading information inorder to drive up stock prices. We in Security Response have spoken ofthis phenomenon before in a couple of recent blogs, Spam and Stock Speculation and Trojan.Peacomm Part 2.

But now, the SEC has stepped in and is trying to put a stop to thisactivity and...

Read more
30 Second Backdoor
Liam O Murchu | 08 Mar 2007 08:00:00 GMT | 0 comments

A threat that we see very frequently in the lab is the back doornamed Backdoor.GrayBird or Backdoor.HuiPigeon. Today, I will shed somelight on this back door both to show how easy it has become to create apowerful back door with a rich feature set, and also to show why we seeso much of this particular back door.

Backdoor.Graybird gets its name from the Chinese company that makesthe product, which translates to Gray Bird. It is a commercial Chineseremote access tool that sells for about $100 for a 100 user license. Itcan be configured to run silently on the victim's machine and isnormally distributed via email or via drive-by downloads. (If sent viaemail, the user still needs to execute the file.) It can be packed tomake each sample unique and, most recently, NsAnti has been the packerof choice.

Backdoor.Graybird is very popular in underground Chinese hackingforums partly because it is all written in Chinese, so it is easilyunderstood, and also because cracked...

Read more
The Emperor's New Security Indicators
Zulfikar Ramzan | 23 Feb 2007 08:00:00 GMT | 0 comments

The “Emperor’s New Security Indicators” is new well-written researchpaper on the effectiveness of security indicators authored by StuartSchechter (MIT Lincoln Labs), Rachna Dhamija (Harvard University &CommerceNet), Andy Ozment (MIT Lincoln Labs & University ofCambridge), and Ian Fischer (Harvard University). The study describedin the paper finds that several well-known security indicators usuallyfail to help end users make correct security decisions.

In a general sense, it’s accepted and widely acknowledged thatdesigning security indicators and communicating the results is far fromeasy. There have been a number of studies that point out theshortcomings of security tools from a usability perspective.Nonetheless, such published studies are valuable since they really helpquantify how dire the situation is. Also, each of these studies isnaturally unique with respect to the exact conditions used. Since theoutcome can be very sensitive to the underlying conditions, it...

Read more
Where Are All the L4m3rs?
Liam O Murchu | 23 Feb 2007 08:00:00 GMT | 0 comments

Mirror, mirror on the wall, who is the lamest of them all? Theattacker behind this scheme hopes to find out where all the l4m3rs are(his words not mine). In a classic social engineering attack, customershave been reporting that they have received an unusual piece of spamrecently.

The mail is supposedly from a hosting or collocation company and says something along the lines of this:

Dear COMPANYNAME Inc. Valued Members,

Regarding our new security regulations, as a part of our yearlymaintenance we have provided a security guard script in the attachment.

So, to secure your Web sites, please use the attached file and (forUNIX/Linux Based servers) upload the file "guard.php" in:"./public_html"
or (for Windows Based servers which use ASP) upload the file "guard.asp" in: "./wwwroot" in your site.
[instructionsincluded]
Thank you for using our services and products. We look forward to providing you with a unique and high quality...

Read more
Telling “Your” Story
Symantec Security Response | 14 Feb 2007 08:00:00 GMT | 0 comments

Anyone who has something to say now hasaccess to media and the means to distribute his or her message. Folkshave discovered that their fifteen minutes of fame can easily beachieved through the Internet with video clips, blogs, and vlogs(a blog that contains video). User-generated content opens the door tonew opportunities. We can learn about a day in the life of a soldier atwar, showing first hand what we have only been able to see in themovies. "Lookie loos" (or casual observers) now record events happeningin real time using only their cell phones, thus becoming amateur journalists. People are demonstrating their unique talents, effectively becoming cyber rock starsand, in some...

Read more
Vista: "Secure" but not "Security"
Symantec Security Response | 12 Feb 2007 08:00:00 GMT | 0 comments

As I sit here looking for inspiration for my next blogpontification, I realized that I would be remiss if I didn't touch abit on Vista given Microsoft's latest announcement. If you do a searchon Vista in your browser, you’ll see plenty of material out theretouting how “secure” Vista is. But let’s face it, at the most basiclevel, Vista, in and of itself, is just another operating system. So,let’s not confuse an operating system that’s more secure with somethingthat is an actual security solution that provides real protectionagainst the breadth of computer attacks. Perhaps it's just semantics,but it does cause some confusion as illustrated by severalconversations I've been in where people I’ve talked to have made thismistake. So, let's set the record straight.

For the record, and without getting too much into the nitty-grittydetails, Vista is simply an operating system that contains a variety ofnew features that make it less readily hackable and exploitable. That’sit. Although...

Read more
The Big 3-0!
Dave Cole | 09 Feb 2007 08:00:00 GMT | 0 comments

We recently hit a big milestone here at Symantec Security Response:30 VB100 awards in a row! This means that for every VB100 test forwhich we have submitted a product, we’ve detected all the threats onthe latest WildList without missing a threat and without triggering afalse positive on a clean file. For a little perspective, this streakstretches all the way back to the last century (OK, 1999) with theNovember 1999 VB100 test for Windows 98. We think this a prettyremarkable achievement in consistency and reliability.

There were a couple other notable items in the latest test, not theleast of which was that it was the first VB100 that covered Microsoft’snew Vista operating system. We were one of several security companieswho notched a win on the inaugural Vista VB100, but there were a few ofus who didn’t quite make the cut.Note that malware on...

Read more