Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Security Risks
Showing posts in English
Josh Harrison | 11 Feb 2008 08:00:00 GMT | 0 comments

With the primaries going on it reminded me of a problem that can putthose of us who have registered to vote at an unnecessary risk ofidentify theft exposure. With everything we are doing to secure theworld electronically, it can still be the old analog means that doom us.

Last fall I received a piece of junk mail, I mean, "US postage paidpolitical glossy information to help inform voters" material. This isthe usual type of glossy, slick advertising mailer that most of us tossinto the garbage can. I decided to open it and inside I saw “Vote forMeasure 123456” and some political marketing info. OK, I still am goingto toss it. And then I noticed the little “Vote by Mail Application”attached. It was nicely pre-printed with name and address and my date of birth (DOB)!Yeesh, why didn’t they just go ahead and post my social security numbertoo?! Some may argue that a DOB is already a matter of public recordand I agree it isn’t as sensitive as your social security...

Mark Kennedy | 08 Feb 2008 08:00:00 GMT | 0 comments

On Monday, February 4th, Symantec and morethan 40 security software technologists and anti-malware testersannounced the first steps in creating the Anti-Malware TestingStandards Organization, or AMTSO. It’s been an interesting road to get here so I thought it would be interesting to chronicle a bit of the back story here.

Last May in Reykjavik, Iceland I gave a presentation on a new, morerelevant, form of anti-malware testing called "dynamic testing"( Thiswas borne out of the fact that even though our security suitescontained numerous protection technologies, only one – static filescanning – was being evaluated in tests. While static file scanning iscertainly an important part of a...

Candid Wueest | 31 Jan 2008 08:00:00 GMT | 0 comments

Many people don’t like flashy advertisementbanners on Web pages. But ads are a necessary thing for some pages tokeep them free and help the owners pay their hosting fees. That mighthave been one of the reasons the bad guys thought of when usingmalicious banner ads as an attack vector. I’m not talking about theannoying banners that will overlay half of your screen so that you haveto click them away manually. I’m talking about malicious ads, sometimesreferred to as "malvertisement" or "badvertisement," which contain amalicious script or a hidden redirector. Most of the time it’s a flashobject that contains an obfuscated action script which redirects theuser to a malicious site after performing some user client checks. Ifthe IP address of the requester falls into the desired geographiclocation and the IP address was not yet served, then it will beredirected to the bad site. This site can then either use one of thewell known Web attacking toolkits to exploit a vulnerability in...

M.K. Low | 29 Jan 2008 08:00:00 GMT | 0 comments

Go on any security Web site and their bestpractices state that you should “never view, open, or execute any emailattachment unless the attachment is expected and the purpose of theattachment is known.” But what if it’s your job to open attachments?

In this day and age, human resources (HR) managers post job openingsonline to get the widest possible distribution. Gone are the days ofnewspaper ads and window postings; managers want to attract as manyqualified applicants as possible and Web postings are inexpensive andeffective. This may be one reason why HR is a weak link in the securityof a company. Many companies prompt applicants to email their resumeand cover letter directly to the HR department or a specific manager. Iwent to a dozen international company sites and found that half of themhad the same application process.

To apply for positions on our team, respond by email tojane.doe@xxxxx-...

khaley | 25 Jan 2008 08:00:00 GMT | 0 comments

I just signed up for a MySpace page. I’vebecome very interested in social networking and it was time to join thefun. Once you create an account the next step is to add some friends toyour network. So the first thing I decided to do was send an invite myfriend Bill Gates. (Now I don’t expect you to believe that Bill Gatesand I are friends. I admit that I’ve never met the man, but I'm tryingto make a bigger point, so bear with me.)

A quick search on MySpace for Bill or William Gates returned 192pages of search results. They couldn’t all be my Bill. I narrowed mysearch. I know what Bill looks like, so I searched just for profilesthat contained a picture. I gave up after finding over a 100 profileswith a picture of Bill Gates and I had only reviewed half the profilepictures. I will say that the number of profiles with Bill in a sweaterwere about even with those of him in a suit. Only a few choose to dragup that old mug shot of him from his teenage years.

Being Bill’...

khaley | 18 Jan 2008 08:00:00 GMT | 0 comments

Comparing security software is a difficultproposition. How do you know if a vendor does a good job catchingviruses? Every once in a while I’m approached by someone who wantsadvice on doing some virus testing. What I tell them is “Don't do it!”Please leave it to the professionals. There are a number of really goodreasons for this:

1. Third-party testers focus on malware that is relevant (like whatis in the wild). To make a collection on your own from the Web can bevery random. Organizations like VB100 do an excellent job of findingwhat viruses are “in the wild” and testing security products againstthis list.

2. Third-party testers can create test environments that mirror thereal world; for instance, you can run a file scan to see if thescanning software finds malware lying dormant on a disk. But today goodsecurity products come with IPS, firewall, and heuristic protection.You'll need active attacks and infections to test these technologiesand you’ll need a...

Mateusz Misiewicz | 17 Jan 2008 08:00:00 GMT | 0 comments

AVSystemCare, DriveCleaner, and MalwareAlarm (a clone of AntiSpywareShield)are known rogue antispyware/antivirus application "brands". They arepart of a growing list of misleading applications that deceive users bydisplaying scary warnings about the computer being infected with alarge number of fake threats, and then ask them to buy the softwarebefore they will fix the problems.

We wrote about AVSystemCare clonesa few months ago. Since then, the number of the domain names associatedwith these misleading applications has...

Orla Cox | 07 Jan 2008 08:00:00 GMT | 0 comments

In these “Stormy” times, here at Symantecwe regularly warn users to be wary of following links in unsolicitedemail. Could it be considered a coincidence then that I received thefollowing gem directly to my work email:

(Click for larger image)

Was this a clever use of reverse psychology by phishers or malwareauthors? Or, had I really received an unsolicited (and unsigned) emailfrom the author of a couple of recent whitepapers on "footprinting" andsocial engineering, asking me to click on a link?

It turns out it was the latter. Thankfully the link wasn’t malicious(the lack of misspellings in the mail was one of few clues!), but somepeople need to start practicing what they’re preaching.

Angela Thigpen | 03 Jan 2008 08:00:00 GMT | 0 comments

Social networking sites are currently thehottest spots to hang out on the Internet. Grandma has a MySpace pageand your little sister is on Facebook. People in nightclubs no longergive out phone numbers, they tell you to find them on Friendster. Evencell phones are in on it with the hot features that link you right toyour favorite social spot.

You didn’t think it would remain safe and friendly forever, did you?Facebook allows third party applications to be added and wouldn’t youknow, it didn’t take long for someone to figure out they could makesome cash exploiting that.

Who hasn’t gotten a little excited to know that someone has a crushon them? Taking advantage of the all too human curiosity seems to beall the rage. Signing in to Facebook, seeing that someone has sent youan invitation to find out who your "secret crush" is, you know you’regoing to want to "find out who." That little bit of curiosity is goingto cost you and with quite a few people already on...

Peter Ferrie | 02 Jan 2008 08:00:00 GMT | 0 comments

Recently, a post to the full-disclosuremailing list described an update to the well known MD5 collisionproblem. The authors - Marc Stevens, Arjen K. Lenstra, and Benne deWeger - provided a method whereby they can append only a few thousandbytes to two arbitrary files, with the result that both files have thesame MD5 value. This is known as a "chosen prefix collision." Not onlythat, but they produced their proof-of-concept files using one machinein less than two days. If you distribute the work, you can make it go faster.

While what they have achieved is not the same as producing anidentical MD5 for an existing file, it's still not a good thing. Inparticular it causes serious trouble for application white-listingimplementations. Why? Imagine this scenario:
- malware author creates a harmless application.
- malware author creates a malicious application.
- malware author uses the chosen prefix collision method to alter these two applications to...