Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Security Risks
Showing posts in English
Joseph Blackbird | 09 Mar 2007 08:00:00 GMT | 0 comments

February's Home and Home Office Security Report covers a number ofsecurity issues, including this month's "Hot Topic," which describes anattack targeting insecure routers that could allow a hacker to view allthe information you type online, including passwords! Recently,researchers have discovered a method that hackers may be able to use tobreak into your networks through your home wireless or wired router. Totake advantage of this issue, a hacker would simply have to entice youto load a Web page that they control. Once loaded, the site wouldhijack your router and allow the hacker to control the Web sites thatyou visit. For example, if you type in the Web address of your bank,the hacker could redirect your request to a site that is designed tolook like your bank's Web site, but is, in fact, controlled by thehacker. Any information that you enter on the hacker-controlled sitewould be viewable by the hacker, including user names and passwords foronline banking, credit card...

Josh Harriman | 09 Mar 2007 08:00:00 GMT | 0 comments

No, this is not a new Monty Python skit.This is a real operation and is being implemented right now by theSecurities and Exchange Commission (SEC). Operation Spamalothas halted trading in 35 companies. Their reason is basically thatinformation regarding these companies have been spammed out throughemail to millions of people touting false or misleading information inorder to drive up stock prices. We in Security Response have spoken ofthis phenomenon before in a couple of recent blogs, Spam and Stock Speculation and Trojan.Peacomm Part 2.

But now, the SEC has stepped in and is trying to put a stop to thisactivity and...

Liam O Murchu | 08 Mar 2007 08:00:00 GMT | 0 comments

A threat that we see very frequently in the lab is the back doornamed Backdoor.GrayBird or Backdoor.HuiPigeon. Today, I will shed somelight on this back door both to show how easy it has become to create apowerful back door with a rich feature set, and also to show why we seeso much of this particular back door.

Backdoor.Graybird gets its name from the Chinese company that makesthe product, which translates to Gray Bird. It is a commercial Chineseremote access tool that sells for about $100 for a 100 user license. Itcan be configured to run silently on the victim's machine and isnormally distributed via email or via drive-by downloads. (If sent viaemail, the user still needs to execute the file.) It can be packed tomake each sample unique and, most recently, NsAnti has been the packerof choice.

Backdoor.Graybird is very popular in underground Chinese hackingforums partly because it is all written in Chinese, so it is easilyunderstood, and also because cracked...

Zulfikar Ramzan | 23 Feb 2007 08:00:00 GMT | 0 comments

The “Emperor’s New Security Indicators” is new well-written researchpaper on the effectiveness of security indicators authored by StuartSchechter (MIT Lincoln Labs), Rachna Dhamija (Harvard University &CommerceNet), Andy Ozment (MIT Lincoln Labs & University ofCambridge), and Ian Fischer (Harvard University). The study describedin the paper finds that several well-known security indicators usuallyfail to help end users make correct security decisions.

In a general sense, it’s accepted and widely acknowledged thatdesigning security indicators and communicating the results is far fromeasy. There have been a number of studies that point out theshortcomings of security tools from a usability perspective.Nonetheless, such published studies are valuable since they really helpquantify how dire the situation is. Also, each of these studies isnaturally unique with respect to the exact conditions used. Since theoutcome can be very sensitive to the underlying conditions, it...

Liam O Murchu | 23 Feb 2007 08:00:00 GMT | 0 comments

Mirror, mirror on the wall, who is the lamest of them all? Theattacker behind this scheme hopes to find out where all the l4m3rs are(his words not mine). In a classic social engineering attack, customershave been reporting that they have received an unusual piece of spamrecently.

The mail is supposedly from a hosting or collocation company and says something along the lines of this:

Dear COMPANYNAME Inc. Valued Members,

Regarding our new security regulations, as a part of our yearlymaintenance we have provided a security guard script in the attachment.

So, to secure your Web sites, please use the attached file and (forUNIX/Linux Based servers) upload the file "guard.php" in:"./public_html"
or (for Windows Based servers which use ASP) upload the file "guard.asp" in: "./wwwroot" in your site.
Thank you for using our services and products. We look forward to providing you with a unique and high quality...

Symantec Security Response | 14 Feb 2007 08:00:00 GMT | 0 comments

Anyone who has something to say now hasaccess to media and the means to distribute his or her message. Folkshave discovered that their fifteen minutes of fame can easily beachieved through the Internet with video clips, blogs, and vlogs(a blog that contains video). User-generated content opens the door tonew opportunities. We can learn about a day in the life of a soldier atwar, showing first hand what we have only been able to see in themovies. "Lookie loos" (or casual observers) now record events happeningin real time using only their cell phones, thus becoming amateur journalists. People are demonstrating their unique talents, effectively becoming ...

Symantec Security Response | 12 Feb 2007 08:00:00 GMT | 0 comments

As I sit here looking for inspiration for my next blogpontification, I realized that I would be remiss if I didn't touch abit on Vista given Microsoft's latest announcement. If you do a searchon Vista in your browser, you’ll see plenty of material out theretouting how “secure” Vista is. But let’s face it, at the most basiclevel, Vista, in and of itself, is just another operating system. So,let’s not confuse an operating system that’s more secure with somethingthat is an actual security solution that provides real protectionagainst the breadth of computer attacks. Perhaps it's just semantics,but it does cause some confusion as illustrated by severalconversations I've been in where people I’ve talked to have made thismistake. So, let's set the record straight.

For the record, and without getting too much into the nitty-grittydetails, Vista is simply an operating system that contains a variety ofnew features that make it less readily hackable and exploitable. That’sit. Although...

Dave Cole | 09 Feb 2007 08:00:00 GMT | 0 comments

We recently hit a big milestone here at Symantec Security Response:30 VB100 awards in a row! This means that for every VB100 test forwhich we have submitted a product, we’ve detected all the threats onthe latest WildList without missing a threat and without triggering afalse positive on a clean file. For a little perspective, this streakstretches all the way back to the last century (OK, 1999) with theNovember 1999 VB100 test for Windows 98. We think this a prettyremarkable achievement in consistency and reliability.

There were a couple other notable items in the latest test, not theleast of which was that it was the first VB100 that covered Microsoft’snew Vista operating system. We were one of several security companieswho notched a win on the inaugural Vista VB100, but there were a few ofus who didn’t quite make the cut.Note that...

Zulfikar Ramzan | 06 Feb 2007 08:00:00 GMT | 0 comments

Castlecops, a volunteer-run organization that has made tremendous waves in fighting phishing, announced a sweepstakesto celebrate their five-year anniversary. A number of security vendors,including Symantec, have contributed prizes to the contest. Inaddition, Castlecops receives a list of verified phishing sites fromSymantec through the Phish Report Network.

For those who don’t know, Castlecops runs the Phish IncidentReporting and Termination (PIRT) task force. If you find a legitimatephishing site and report it to them, Castlecops does the leg work tohelp take the site down before it does additional damage. In addition,they collect information to work with law enforcement. If the phisherhas stored stolen credentials (e.g., passwords, credit card numbers,bank account numbers, social security numbers, etc.) directly on theWeb server that he or she compromised, then there...

Marc Fossi | 02 Feb 2007 08:00:00 GMT | 0 comments

Being a fan of novels in the “cyberpunk” genre, the concept ofvirtual online worlds intrigues me. Standard massively multiplayeronline games (MMOGs) seem boring in comparison to the flexibility of aworld that allows participants to create their own objects within thevirtual environment. These creations are really only limited by theuser’s imagination and the boundaries of the coding language.

Recently, I read an article about residents of Second Life stagingin-world protests against a political party that opened an office inthe world (I won’t get into the details here because this space isn’tabout politics). What really caught my eye were some of the forms theseprotests took, including users strafing the offices with virtualmachine guns and exploding pigs.

So what does any of this have to do with computer security? Well, acouple of things about Second Life are noteworthy. One is that somemiscreants were successful in creating self-replicating code (like avirus) in...