Video Screencast Help
Security Response
Showing posts tagged with Security Risks
Showing posts in English
Peter Ferrie | 16 Aug 2006 07:00:00 GMT | 0 comments

In February of this year, Virus Bulletin published one of my articlesin which I was speculating about the meaning of a message that acertain virus was displaying. My questions were in regard to the W32.Idonus virusand more specifically, the word "Genetix" that was displayed. Whenexecuted, the virus randomly (a one in 1,983 chance) chose whether ornot to display the message “GeNeTiX is EVIL!”

In the VirusBulletin article I suggested that “Genetix” could be referring to aparticular molecular biology company, an anti-GMO food organization, orperhaps something else entirely. Well, as it turned out, the term“Genetix” was actually referring to a person. Not just any person, itseems, but the actual virus writer. In an attempt to make this clear,the virus writer has created a new virus (...

TWoodward | 13 Jul 2006 07:00:00 GMT | 0 comments

Researchers and engineers who are working in the security field musthave strong constitutions—especially when it comes to weatheringnegative backlash and tired conspiracy theories whenever security andMac OS X are mentioned in the same breath. With that in mind, in aneffort to improve the quality of the dialogue, I would like to discusssome important issues regarding Mac OS X and security.

Let’sstart with the hot-button issue of Mac OS X viruses. Simply put, at thetime of writing this article, there are no file-infecting viruses thatcan infect Mac OS X. I see some of you raising a hand or two, wantingto ask me some “but, what about…” types of questions. Indeed, inFebruary of this year, when OSX.Leap.Awas discovered the news headlines declared that it was the “First evervirus for Mac OS X!” Long before the digital ink dried on thosesimplistic and sensational headlines our Security...

Zulfikar Ramzan | 12 Jul 2006 07:00:00 GMT | 0 comments

In many cases we use passwords toauthenticate ourselves on Web sites where we make transactions, andpasswords represent only one mechanism for authentication. Passwordsare “something we know” (and something that, hopefully, no one elseknows). However, there are other ways of authenticating ourselves. Forexample, we can use “something we are”, such as a fingerprint or otherbiometric, or even “something we have”, such as an access control card.“Two-factor authentication” refers to the concept of using twoinstances of “something we know”, “something we are”, or “something wehave”. Two-factor authentication provides much stronger guarantees whencompared to using just one of these means of authentication.

Oneof the most popular forms of two-factor authentication involves the useof a hardware token that displays a sequence of digits that changes atset intervals. To authenticate ourselves on a network using thismethod, we provide our regular password in conjunction with...

Dave Cole | 03 Jul 2006 07:00:00 GMT | 0 comments

Since the early days of e-commerce,businesses have recognized the potential for the Internet to streamlinehow they interact with their customers. Oftentimes this meantdiminishing or eliminating the role of the businesses that were sittingin the middle, brokering the brick and mortar transaction. Goingstraight to the customer with a snazzy online store or auction Web sitecut these middle players (and their costs) out of the mix. This allowedthe business to take back profit margin, offer lower costs, andincrease transaction volume.

The benefits of gettingcloser to the customer haven’t been lost on those who peddle misleadingapplications. Misleading applications are programs that intentionallymisrepresent the security status of a computer by working to convincethe user that he or she must remove risks (usually nonexistent or fake)from the computer. The application will hold the user hostage byrefusing to allow him or her to remove or fix the phantom problemsuntil the “...

Symantec Security Response | 30 Jun 2006 07:00:00 GMT | 0 comments

We are seeing signs of worm activity over instant messaging (IM) andwanted to warn you not to let your curiosity get the better of you.You’ve heard the saying about curiosity killing the cat, right?

Ina nutshell, IM users are receiving messages that say "check out thesepics of us!", with a link provided in the IM window to either "p1392.pic-myspace .info" or "p1377. pic-myspace .info". When unsuspectingvictims click on the link, thinking that they are going to the MySpaceWeb site, they are instead transported to another Web site at whichpoint a malicious downloader gets installed on the victim's machine.From what we can tell, this particular downloader tries to install abunch of applications, presumably with the intent to earn the site'sowner some commission. While this is probably more of an annoyance thananything else, if you ask me, the good news is that Symantec customershave been protected from this type of attack since December 2005.

At the end of the day, if...

Liam O Murchu | 14 Jun 2006 07:00:00 GMT | 0 comments

I would never associate the phrase "good ethics" with rogue anti-spyware. Maybe "questionable ethics" or, indeed, "no ethics" are phrases that would be more appropriate! We encounter questionable ethics everyday in the lab, especially when dealing with rogue applications. I will provide some information below on one of the best examples of rogue anti-spyware we have seen in the lab, called "Punisher".

Symantec detects this rogue application as Punisher, but it is also known as Remedy AntiSpy, SystemStable, HitVirus, and Adware Bazooka in the industry. Rogue applications often employ a technique of using various guises, where the application will be advertised and distributed using seemingly different software applications that all turn out to be exactly the same (except, perhaps, a different skin).

We made observations on...

Dave Stahl | 05 Jun 2006 07:00:00 GMT | 0 comments

"Your password will expire in six days." Upon receiving thisnotification, I grimaced. What could be more fun than coming up withyet another password—particularly one that meets the increasinglyludicrous password policies that are ever present in the industry?

"Yourpassword will expire in one day." Well, shoot. I guess I'd better go onand take care of it. A small modification to my current 23 characterpass phrase, and hopefully I'll be done with this for another month ortwo. Nope. It seems that more rules have been added since I lastchanged my password; specifically, the requirement that they be betweeneight and 14 characters. No shorter, no longer. The password changetool helpfully suggests a few possible passwords:

sYdid,5jag
glip*4esO
e&6fLogi
fam,1hYo
tar,7yePy
nib,2duenK
kEt1%geuck
yaLal7#yas
neTec7#jin
pEa+8hegju

Great, thanks! I'll be able to memorize one of those shortly beforethe next ice age. I'm now in...

Liam O Murchu | 22 May 2006 07:00:00 GMT | 0 comments

It is so great to now have the opportunity to choose how to receive your adware. In the past, drive-by downloads were targeted exclusively towards Internet Explorer (IE) users and indeed, many people changed to Firefox or Safari browsers specifically because of this fact. But now you can choose which browser you want to use to be hit with your least favourite adware!

When people contemplated moving from IE to Firefox, it didn’t matter if Firefox was measurably safer than IE or not, the simple fact that the bad guys weren’t targeting it made it far more secure in practice. Those heydays have long since disappeared. In the Symantec labs we still see a greater number of drive-by downloads solely targeting IE; however, we often see sites that will detect which browser you are using and then serve you your specific poison. Moreover, there have been several vulnerabilities discovered that can affect applications that are common across all Internet browsers (such as those...

Eric Chien | 17 May 2006 07:00:00 GMT | 0 comments

When we talk to customers about the future malware landscape, many often wonder when mobile device threats are going to arrive. They are surprised to learn that threats for mobile devices already exist, aren't just proof of concepts, and are actively spreading. Commwarrior, for example, infects Symbian Series 60 devices (for example, many Nokia smartphones) and has been reported worldwide. According to news reports, telephony companies have stated that Commwarrior has accounted for more than ten percent of all of their MMS traffic. Other telephony companies that Symantec has spoken to have specifically implemented filters to block Commwarrior at their gateways due to the amount of traffic it was generating.

While threats exist and are actively spreading, we are probably still years away from the situation we have with the Microsoft Windows operating system. We hope we can take a lesson from history and prevent such a situation, but some lessons seem to be hard to learn...

Patrick Martin | 10 May 2006 07:00:00 GMT | 0 comments

People often ask me about the best way toconfigure their computer to protect against threats, such as worms andTrojan horses. They say they have installed antivirus protection andnever open unexpected email attachments. But they wonder if that isenough. Antivirus protection is certainly an important part of aneffective protection solution. It has the ability to detect knownthreats as well as many new ones via heuristic technologies. But thereis a second technology that can be added to help complete the picture:a firewall.

While antivirus software helps to protect thefile system against unwanted programs, a firewall helps to keepattackers or external threats from getting access to your system in thefirst place. Most people are aware that worms often travel throughemail. They generally arrive as an attachment to an email that the useris enticed to click on by the text of the email itself. We call thesethreats “mass-mailing worms.” The best thing to do with these...