Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Security Risks
Showing posts in English
Silas Barnes | 15 May 2008 21:20:35 GMT | 0 comments

The term "hacktivism" often conjures up images of small groups of left-wing hackers defacing Web sites of political parties in an expression of outrage, coupled with demands of truth and justice for the down-trodden. This may have been the case ten years ago, but more recently hacktivism has broken the predefined mold in more ways than one.

The features of the Internet that make it such an invaluable tool for communicating with the global population also provide an avenue for disgruntled groups to voice their options, send messages of unity to the like-minded at great speed, and coordinate electronic attacks. The development of distributed denial-of-service kits, combined with their ease of use and the ability to globally distribute them in minutes, effectively means that an entire country can mobilize a group of dedicated attackers, numbering in the millions, in a relatively short time. Though a vast proportion of these 'net warriors are not security...

Liam O Murchu | 25 Apr 2008 23:25:31 GMT | 0 comments

The problem: You develop a software package that you want to sell in the underground community. However, your buyers are not the most reputable/trustworthy people. How do you prevent your product from being purchased once and then distributed freely afterwards? How do you enforce your “copyright”?

The solution: Ask the antivirus companies to help you out.

Here is a perfect example. The screen shot below is taken from a typical underground software package. Shown in the screen shot are the terms and conditions of the sale—the “licensing agreement.” Yes, that’s right; some underground packages come with a licensing agreement. The document is written in Russian, but a translation is provided below.


Zulfikar Ramzan | 18 Apr 2008 20:15:41 GMT | 0 comments

For some time now, Symantec has stressed that the online threat landscape shifted a few years back, away from hobbyist-driven threats towards financially driven threats. This trend has given rise to a class of malicious software known as "crimeware."

I recently had the pleasure of collaborating with Markus Jakobsson on a book, "Crimeware: Understanding New Attacks and Defenses," which studies the problem and where it seems to be heading. The book is an edited volume in which we were fortunate to include contributions that were received from top experts across industry and academia all over the world.

We worked on the book to bring to light the fact that the game has changed considerably. The book covers the following topics:

- A general overview of Crimeware, including taxonomy of well known threats, such as keyloggers, screenscrapers, rootkits, botnets, and the like.
- A more detailed study of well...

Vikram Thakur | 25 Mar 2008 07:00:00 GMT | 0 comments

A couple of weekends ago, I was doing
exactly what most computer users do in their free time. I was sitting
front of the computer, visiting sites that I have no business with. One
site led to another and I eventually started looking for some old
friends I had lost contact with over the years. One such search led me
to, a business networking site. Using the Spoke search box
soon had me believing that my computer might be infected and I would
soon need to scan it for malicious programs. OK, I didn't really
believe it because I was laughing a bit too much, trying to understand
what the "warning" was trying to tell me:


Alfredo Pesoli | 21 Mar 2008 07:00:00 GMT | 0 comments

This week, our friends at Trend blogged
about a new misleading application for the Mac. We decided to take a
look at it as well. The application, named iMunizator, is a variant of
the well known rogue antivirus product called Macsweeper, which we have blogged about previously.

When launched, iMunizator performs a full scan of the system and
soon after it reports the “problems” that it found. Worryingly, some of
the files detected by iMunizator are actually safe system binaries that
should never be removed—files with "app" extensions. See the screenshot


Candid Wueest | 13 Mar 2008 07:00:00 GMT | 0 comments

We all know that you should back up your data periodically if you don't want to lose it in the case of an incident. This is not as trivial as it used to be. You might have some information stored remotely in online services. Most likely you will have an online email account and may want to have those emails archived on your local backup drive.

So I wasn't surprised when I saw an article last week on Jeff Atwood's blog about someone searching for a way to archive emails from Gmail. By the way, any IMAP client might be a good way. The sad part of the story was that the guy stumbled on a shareware tool called G-Archiver. After playing around with the software, he discovered that there is a hard-coded Gmail account with a password in this application. After doing some more analysis, it was evident that this tool does not only archive your emails locally, it will...

John Park | 07 Mar 2008 08:00:00 GMT | 0 comments

If you search for the word "antivirus" on major search engines like Google, Yahoo, or MSN there is a possibility you will end up with "" or "" with a link name like "Top 10 Antivirus for 2008" as one of top sponsored ads. The Star Reviews is basically a Web-only review site that covers everything from blog services to online banking. Perhaps the site is a bit heavy on affiliate links, but nothing out of the ordinary. No pop-ups. No browser exploits. All in all, it looks legit.


Symantec Security Response | 06 Mar 2008 08:00:00 GMT | 0 comments

29A is a well known underground virus research group. It had many notorious members, such as Benny, VirusBuster, Super, ValleZ who were prominent in the virus-writing circles. This group published a virus magazine in order to spread the know how to create viruses. Up until now they have published seven full versions of the magazine on their Web site.

The content of the magazine discusses new technologies and techniques of use to virus and malware creators; in particular it also contains virus source code and tutorials on how to write viruses. 29A achieved many firsts in the virus world, such as the first 64 bit virus and other creations including W32.Peelf.2132, W2k.Stream,...

Peter Coogan | 20 Feb 2008 08:00:00 GMT | 0 comments

Social networking Web sites have become apopular pastime and are a means of staying in touch with friends formany people. Yesterday, Websensereported on a Trojan keylogger aimed at users of Habbo, a popularsocial networking site for teenagers. This is not the first timeteenagers and children have been targeted. One of the first instanceswas a worm called W32.Pokey that used the Pikachu character from Pokemon as a social engineering tactic.

In the Habbo case, users are duped into believing they are gettingtools that will give them the opportunity to make a name for themselvesin Habbo without having to fork out the costs. In fact what they aregetting is a malicious Trojan horse program that logs keystrokes on thecompromised computer and sends the logs...

M.K. Low | 18 Feb 2008 08:00:00 GMT | 0 comments

It is very easy to post your public information onto socialnetworking sites. It took me less than five minutes to create andactivate my account and half an hour to populate the data with mybirthday, my home town, my status, my education, and my likes (puppies)and dislikes (chicken balls with red sauce). In another half hour, Iwas able to upload pictures of my Asia trip, my friends and family, andeven my Hello Kitty small kitchen appliance collection.

But, it's not so easy to remove personal information off these sites. In a recent BBC articleit was shown that users on a popular social networking site who, afterterminating their accounts, found it difficult to delete personalinformation. A popular social networking site states that "Deactivationwill completely...