Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Emerging Threats
Showing posts in English
Liam O Murchu | 14 Nov 2007 08:00:00 GMT | 0 comments

We have previously discussed Trojan.Bayrob without describing theentire attack from end to end. This article will show how the entirescam works from initial contact right through to the actual sale.Security experts at eBay are already well aware of it and working toprotect their customers.

Tip: It should be noted from the outset thatpotential buyers should read safety tips and follow preventativemeasures provided by their service provider.

To start with, take a look at this video for a walk-through of our analysis:

In order to attract potential victims the scammers first list carsfor sale on various auction sites. These auctions are not scams per se,but they are "legit" auctions that are used solely to attract potentialvictims—whoever asks a question or bids on these auctions becomes apotential victim. Once these auctions have expired the scammers get towork emailing each potential victim. These emails explain that thewinner of the original...

Erik Kamerling | 12 Nov 2007 08:00:00 GMT | 0 comments

On October 25, 2007, Elcomsoft Co Ltd. inMoscow, Russia filed for a US patent on a reportedly new passwordrecovery method that makes use of a video card's graphics processingunit (GPU). Elcomsoft credits the February 2007 release of the NVIDIACUDA C-Compiler and developer's kit for providing the necessarylow-level GPU access they needed to make this cryptographicadvancement. The newest NVIDIA GPUs act as multiprocessors that utilizeshared memory, cache, and multiple registers. The newest graphics cardsutilize fixed point calculations, relatively massive amounts of memory,and multiple processing units. They differ significantly from acomputer's central processing unit (CPU) in terms of theircryptanalytic processing capabilities and Elcomsoft claims to haveleveraged newer GPU architectures to improve brute force passwordcracking by a factor of 25.

Statistics from Elcomsoft state that the new method can be used toexhaustively crack an eight character pseudo-random...

Joji Hamada | 01 Nov 2007 07:00:00 GMT | 0 comments

Many Internet surfers learned a lesson whentheir computers were infected by visiting questionable Web sites. Thesesurfers began using Macs as most malware target the Windows operatingsystem. Well, soon enough, it may not matter which OS you are using.

According to Intego's press release,a Trojan horse has been found on several pornography sites that claimsto install a video codec required to view the content on Macs.

Symantec Security Response has also confirmed this, and added detection for the threat as OSX.RSPlug.A.It appears that the Mac is becoming popular enough that the "bad guys"think it is worth spending time and effort in developing malware forthe Mac OS. If we see a rise in Mac malware, then we will have toassume that there are profits to be made in...

Liam O Murchu | 01 Nov 2007 07:00:00 GMT | 0 comments

Recent reports have shown thatTrojan.Bayrob is scamming people again. The latest victim lost over€5,000 to the scam but luckily was able to track down where the moneyhad been sent. Unfortunately the final destination for the money was aWestern Union outlet in Greece, after having been first sent through amoney mule in the US.

Once Trojan.Bayrob is executed on a user’s system it can interceptall traffic to eBay. It can then show the infected user any contentthat it chooses instead of the real pages and it can also alterinformation that is shown to the user from the real pages.Trojan.Bayrob is used to scam people who are trying to buy cars oneBay.

The attack is a targeted attack and as such it is difficult toestablish the exact methods that are used to distribute the Trojan;however, from evidence gathered thus far the attack works in a mannersimilar to the following:
• The attacker posts an auction on eBay.
• This auction is used to gain information...

Vikram Thakur | 01 Nov 2007 07:00:00 GMT | 0 comments

A few days ago our good friends at SANS posted an entry in their diaryabout a possible IRS scam about to happen. Well, it happened. We wereable to acquire a copy of the spammed email and analyze the maliciousbehavior—we believed that the email itself had to be included in ouranalysis.

The email was very detailed and included the recipient’s completename with a message, allegedly from the Internal Revenue Service (IRS).The spammed email talked about some supposed IRS e-File issues andasked the email recipient to download and print the correct PDF fileusing a link. As you might have guessed, the link wasn't to a sitehosted by the real IRS.

Here is a picture of what the email looked like (click for a larger image):


Oliver Friedrichs | 08 Oct 2007 07:00:00 GMT | 0 comments

Last Friday I had the opportunity tomoderate a panel - Political Phishing – A Threat to the 2008 Campaign?- held as part of the Anti-Phishing Working Group eCrime Researchers Summit hosted by Carnegie Mellon CyLabin Pittsburgh, PA. Our panelists were Rachna Dhamija from HarvardUniversity, Chris Soghoian from Indiana University , and Pat Clarke ofJackson/Clark Partners. We had some great discussion on the potentialimpact of Internet-borne threats to the upcoming US PresidentialElection. The timing could not have been more appropriate. As theprimaries get closer, and the Internet continues play a central role infundraising and communication, the likelihood of Internet-borne threatsimpacting the election increases.

It also happens that this subject is one that I had myself beenresearching as part of another...

Ron Bowes | 21 Sep 2007 07:00:00 GMT | 0 comments

The Future Watch section of the latest Symantec Internet Security Threat Reportdiscusses the changing threat landscape, and presents some issues thatSymantec believes will emerge in the next six to eighteen months. Fourkey points were made this time: malicious activity in virtual worlds,evasion processes used by malicious code, hiding the origin of attacks,and new uses for bots.

Massively multiplayer online games (MMOGs) are becoming increasinglypopular. Originally, these types of games were mainly populated by moreexperienced computer users, but as they grow in popularity, more andmore casual users are beginning to participate. These types of usersare more likely to be exploited by scammers due to their lack ofexperience. As more of these kinds of players participate in MMOGs,scammers may increasingly target them.

Moreover, some online games allow "real money...

Chen Yu | 13 Sep 2007 07:00:00 GMT | 0 comments

It has recently been discovered thatBaoFeng Storm, a movie player written in Chinese and widely used inChinese-speaking countries, contains multiple buffer-overflowvulnerabilies, some of which are being actively exploited. Thevulnerabilities are related to the ActiveX control used by the softwareand a vulnerable computer simply needs to browse a Web site, whichcontains exploit code, to be compromised. Successful exploitation thenallows remote execution of arbitrary code in the context of theapplication using the ActiveX control (in this case Internet Explorer)and allows the attacker to take full control of the compromisedcomputer. Failed exploit attempts may lead to denial-of-serviceconditions, possibly resulting in the browser crashing.

The vulnerabilities have been confirmed in version and betaversion, although other versions may also be affected, and atthe time of this writing the vulnerabilities remain unpatched. SecurityFocus have also...

John McDonald | 10 Sep 2007 07:00:00 GMT | 0 comments

A new variant in the family of worms Symantec calls "Pykspa" - W32.Pykspa.D- is targeting Skype Instant Messenger. It spreads by using Skype'schat function, sending a message to contacts containing a link to whatappears to be a harmless .jpeg file, but if clicked on actuallydownloads and runs a copy of the worm on the user's computer. In anattempt to mask this innocuous activity the worm displays a legitimateWindows image (if it exists on the victim's machine), the bitmap fileSoap Bubbles.bmp, contained by default in the Windows installationdirectory. So if you saw the below image recently after clicking on alink contained in a Skype message from someone, chances are yourmachine is infected.


To make matters worse the...

Ollie Whitehouse | 30 Aug 2007 07:00:00 GMT | 0 comments

With the airline industry being as competitive as it is, many of today's airlines are in the process of implementing lavish in-flight entertainment systemsthat offer a wide range of options including TV, movies, music andgames. Gone are the days where they tossed you cheap headphones wrappedin plastic and that was it. Of course, to deliver all this rich mediacontent, the underlying embedded systems need to have the power todeliver, so it’s no surprise that several are running on Linux.

Coincidentally, I just put up a rant…er, commentary… around embedded systems securityand how it seems to be down there in the priority list with poshchocolate biscuits and free soda. While we're all waiting for such thisutopia to arrive, in the meantime, I can think...