Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Security Risks
Showing posts in English
Joseph Blackbird | 01 Feb 2007 08:00:00 GMT | 0 comments

What better time than January to review last year's security issuesand discuss predictions for the coming months of 2007. This issue ofSymantec's Home and Home Office Security Report looks into this, aswell as discussing current potential risks and threats that couldimpact home and home office users.

On January 20, 2007, a critical security flaw in Apple iChat wasreported. Hackers could use the flaw to break into your computer,allowing them to read your email messages and address books, steal yourfiles and software, and use your computer to carry out further hackingattempts. A hacker could also take advantage of the flaw by enticingyou to visit a malicious Web site or open a malicious file. When theWeb site is loaded or the file is opened, the malicious content willtake advantage of the flaw and allow the attacker to gain control ofyour computer. At the time of this writing, Apple had not yet releasedsolutions for all of these problems, but you can protect yourself...

Peter Ferrie | 29 Jan 2007 08:00:00 GMT | 0 comments

The latest news (as of January 23rd) is that the virus writing group29A is reforming, but with most of the coders missing. Gone are GriYo,Vecna, and Zombie. We knewthat Vecna had left, but that GriYo and Zombie have left as wellsuggests that the "internal issues" are a difference of opinion aboutwho should do what. A coup in a virus writing group? It's all sopolitical.

So that leaves VirusBuster, who has come out of retirement, andpresumably Vallez. It is unclear if roy g biv will join them, giventhat today he placed W32.Stutter on a popular VX website, under theDefjam label.

Ultimately, though, the point is "who cares"? A virus writing group that doesn't write viruses—that’s always a good thing.

Liam O Murchu | 25 Jan 2007 08:00:00 GMT | 0 comments

Spoke is a community for sales andmarketing professionals (home users would probably not have much usefor the site or software). Spoke makes a sales/marketing tool thathelps find contacts in companies across North America. For example, asales team can search for a company in the Spoke database and find thenames and titles of different employees in the company. This makes itclearer who to contact within that company in order to sell/market aproduct.

The Spoke database cuts down on the amount of time spent searchingonline, cold calling, and searching the phone book to find a useful andcorrect contact in a company. As well as providing information aboutcontacts within a company, Spoke also calculates relationships that youand other users have to each other, so that you can perhaps find acontact of yours who already has a relationship with someone at yourtarget company and who could possibly provide a friendly introduction.Spoke is essentially a data aggregator; the...

Dave Cole | 25 Jan 2007 08:00:00 GMT | 0 comments

We’re happy to report that so far today, Peacomm and Mixor.Qactivity is lighter than the maelstrom of activity we’ve seen inprevious days. We’ve noted no new spam runs today, with the malwaresubmissions and activity levels tapering off a bit as well. Phew! OurSecurity Response team in Pune, India, has pulled together a slickFlash-based run through of the attack, which can be viewed using thefollowing URL:
http://www.symantec.com/content/en/us/home_homeoffice/media/flash/peacomm.html

Just a little more info on this threat you may have not heardbefore—it is communicating over peer-to-peer using the Overnet protocoland network (of eDonkey fame). After connecting to the network, thethreat then searches for some particular hashes (searches are done byhash, not by specific filename) and eventually it receives a reply thatincludes some 'meta tag' information. The meta...

Amado Hidalgo | 19 Jan 2007 08:00:00 GMT | 0 comments

Symantec Security Response has seen some moderate spamming of a new Trojan horse. The threat arrived in an email with an empty body and a variety of subjects such as:

A killer at 11, he's free at 21 and kill again!
U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
British Muslims Genocide
Naked teens attack home director.
230 dead as storm batters Europe.
Re: Your text

The attachments may have any of the following filenames:
FullVideo.exe
Full Story.exe
Video.exe
Read More.exe
FullClip.exe

The attachment is not a video clip, but a Trojan horse program, which Symantec heuristic technology already detected as...

Liam O Murchu | 11 Jan 2007 08:00:00 GMT | 0 comments

We regularly see Brazilian Bancos samples that try to steal the credentials of Brazilian bank users. These are generally delivered via spam or drive-by downloads. However, recently a different form of threat was spotted that specifically targets Brazilian users.

W32.Selfish is a file infector that checks what your default language pack is and only proceeds to execute its payload if you are using the Brazilian Portuguese Language pack. If you are using a different language pack, W32.Selfish will simply execute the infected host file and exit.

When W32.Selfish is executed on a Brazilian machine, it tries to download a file from the internet and execute it. At the time of writing, this file is not accessible, so it is uncertain whether it will download a Brazilian bank password stealer. However, the emergence of this threat does show that Brazil is being specifically targeted by online criminals. Not only does this show that criminals are targeting Brazil, but it...

Marc Fossi | 08 Jan 2007 08:00:00 GMT | 0 comments

Happy (belated) New Year! It’s safe to say that most people are backinto the full swing of things by now. Although the first week ofJanuary may have been a short one for some, there are many of us whowere kept on our toes in the fledgling days of 2007. We are stillwitnessing the aftermath of some annoying holiday-themed emailscontaining a mass-mailing worm, and even more recently we have beendealing with a cross-site scripting (XSS) problem involving AdobeAcrobat files.

Sadly, given these examples, it seems that the more things changefrom year to year, the more they stay the same (I know it’s a cliché).And in that regard, we have recently published the December 2006version of the Symantec Home and Home Office Security Report. Thereport discusses some of the top security news items in December aswell as a roundup of noteworthy Internet security trends for 2006. Lastmonth, there was a worm discovered to be propagating because ofmalicious URLs being sent as links in instant...

Peter Ferrie | 04 Jan 2007 08:00:00 GMT | 0 comments

While we probably haven't heard the last of virus writer SPTH, hisannouncement about leaving the rRlf (Ready Rangers Liberation Front )is welcome news. Further good news was the "lack of time" cited as hisreason for leaving. This suggests that he's busy doing things otherthan writing viruses, and that is to be encouraged (the "doing thingsother than" part, not the "writing viruses" part, of course).

Even though his viruses were not on the order of complexity of someothers in recent times, there is no question that he had a knack forfinding just the right target to interest the media. With mediaattention comes the associated "coolness" factor that encourages somepeople to start writing viruses in the first place. And once a virusreceives attention from the media, other virus writers will oftentarget the same platform.

In my W64/Bounds article for...

Vincent Weafer | 28 Dec 2006 08:00:00 GMT | 0 comments

The two most common questions I hear around this time of year are:what do you think the biggest trend of the year was and what do youthink the biggest threat next year will be. After outlining a year in review, let’s spend a little time on what we may expect to see in the next 12 months.

Obviously, the debut of a new operating system brings with it newfeatures for both the research community and malicious code authors toscrutinize. It’s simple to expect that we’ll see new attack attempts onMicrosoft Vista. What’s more interesting are trends we’re likely to seethat don’t even touch the physical hard drive of a computer. Web 2.0technologies have already begun to capture attacker interest andmotivation. As adoption continues to grow and dependence on these Webapplications increases, the impact and frequency of these issues willrise.

Consider the...

Vincent Weafer | 27 Dec 2006 08:00:00 GMT | 0 comments

The countdown to December 31 has begun. As 2006 comes to a close,it’s important to review the significant trends and issues observed bySymantec Security Response over the past year. Some of these may relateto what we can expect to see in the New Year.

First and foremost, throughout 2006 we identified that online fraudhas steadily increased and become even more sophisticated. Much of theonline fraud activity we’ve seen has been in the form of phishing –approximately seven million total phishing attempts each day. That’s alot of cybercriminals on the hunt for your personal information! Wehave also witnessed phishers innovating beyond the traditional onlinescam where they may distribute tens of thousands of emails hoping totrick one of you lucky individuals. Today, we are seeing fraudstersembrace new techniques such as vishing and SMishing to solicit andobtain your confidential information. See Zulfikar Ramzan’s blog...