Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Emerging Threats
Showing posts in English
Peter Coogan | 16 Jun 2011 17:49:11 GMT

A digital currency known as Bitcoin (BTC) has been causing a bit of a media stir of late due to its use for illicit purposes. Some readers of this blog will be familiar with and have used a digital currency of some form in the past to purchase goods online. Some may even remember failed digital currencies such as e-gold, which had operations suspended by US authorities after its proprietors were indicted on four counts of violating money laundering regulations back in 2007. With Bitcoin, we now have another multi-million dollar digital currency market without any central authority for regulation. (An in-depth explanation of Bitcoins is...

Andrea Lelli | 01 Sep 2010 10:24:18 GMT

In previous blogs we have discussed how malware can exploit a search engine’s indexing features in order to spread malicious content. Recently we have observed a massive compromise of websites under the .ch and .nl top-level domains, aimed at performing a massive search engine optimization (SEO) attack to spread fake antivirus applications.

To keep track of pages on the Internet, search engines use automated web scanners, called crawlers or spiders. Their purpose is to find every possible Web page on the net, read its content, and then index it for future user searches. Attackers often try to exploit this feature in order to trick a search engine into associating a malicious Web page with very common...

Vincent Weafer | 27 Jul 2010 13:18:56 GMT

As 2009 came to a close, we at Symantec looked into our crystal ball and made a few predictions regarding what online security trends we expected to see in 2010. Now that we’re halfway through the year, we’re taking a look back and evaluating ourselves based on how our forecasts are panning out thus far.

Here’s a brief recap of how we think our trend predictions are fairing. We’ve rated each of them as either “on track,” “mostly on track,” “still possible,” or “more likely next year.”

To view an interactive version of this graphic that provides more detail, please click here. Once you do, you can click on each of our predictions and the corresponding mid-year statuses to read more.


khaley | 14 May 2010 12:41:18 GMT

Last week I wrote about The Ghosts of Facebook; Facebook accounts whose owner didn’t appear to be a real person (in this case someone named Chong Loris). I got quite a bit of reaction to the blog. Some people registered with real concerns. Others wondered what the fuss was all about. In other words, was I truly shocked that some people are not who they say they are on Facebook?

I must admit I felt a little bit like Claude Rains in Casablanca. At one point in the classic Humphrey Bogart movie he shuts down Rick’s Café, saying he is “Shocked, shocked to find that gambling is going on at this establishment.” At that moment he is interrupted by an employee and given his winnings from the roulette table.

So no, I’m not shocked about phony Facebook accounts. And there are a few scenarios where it’s not a big deal. Certainly a violation of Facebook policy, but not...

Karthik Selvaraj | 03 May 2010 20:35:39 GMT

Zeus/Zbot is one of the most widely known Internet threats today. It’s been around since 2007 and has evolved over time, and is still in a constant state of being developed into a stronger, more prolific Trojan.
A few weeks ago we came across a variant of Zbot representing the fact that it has undergone code refactoring and some functional changes in the Trojan's infection technique and behavior. The variant is now known as version 2.0 (named after the Trojan builder kit version).
In overview, for the common PC user, new changes mean that:

  • Your PC could have multiple infections of Zbot, thereby sending your personal information to multiple Zbot controllers.
  • Zbot is aiming for information from different browsers, including Firefox.
  • Zbot is expanding its ability to run in newer operating systems such as Windows 7.
  • Zbot is in constant development, so it might be around for...
Dermot Harnett | 09 Apr 2010 23:07:51 GMT

...and some of it masquerades as “marketing” and “newsletter” emails.

In March 2010, spam continued to account for a high percentage of all email traffic, peaking at 93.6% of all messages. The majority of this spam email was sent using certain tactics that were deployed to hijack unsecured computers and hide the senders’ identity. Recently, however, there has been an uptick in spam “marketing” and “newsletter” emails. These spam marketing and newsletter emails share one significant commonality with “regular” spam emails, which is that they are unwanted email messages sent to individuals who have no formal relationship with the message sender.

The distinction between the spam marketing and newsletter email and regular spam email includes the following:

•    The sender of the spam marketing and newsletter email may not go to extraordinary...

Symantec Security Response | 09 Apr 2010 21:46:07 GMT

We have discovered a threat affecting the Windows Mobile platform that dials several high-cost international phone numbers. The threat is bundled within a .cab installation file that contains a legitimate game called “3D Anti-terrorist action” and a malicious dialer that we call Trojan.Terred.

While there is no smoking gun, we don’t believe that the makers of the game are bundling the threat, but rather one of the distributors. The threat itself is a binary created with the .Net Compact Framework and therefore requires this specific framework for it to be installed. The threat will therefore not run on any device that does not have the framework installed; however, the game will install without any problems either way.

Ashwin Athalye | 09 Apr 2010 07:44:43 GMT

Do you want to earn a few extra bucks by spreading malware? A lot of users have been doing just that, especially when they are welcomed by the profitable malware world to share their revenue! Malware is no longer written for fame and notoriety. It is all about money these days and guess what—it is also covered by a strong business model.

Malware distribution techniques have undergone a major transformation over the years. In the early days, worms self-propagated while exploiting server-side vulnerabilities that would allow propagation without any user interaction—simply requiring the computers to be on and connected to the network. Once the worm infected the computer using the vulnerability, it would scan for other vulnerable computers on the network and the process would start all over again.

Over the years these types of server-side vulnerabilities dried up and the focus quickly turned to client-side attacks and classic social engineering. Most client-...

Karthik Selvaraj | 27 Mar 2010 17:52:53 GMT

Malware authors use numerous unconventional techniques in their attempts to create malicious code that is not detected by antivirus software. As malicious code analysts, though, it is our job to analyze their creations, and as such we have to be constantly vigilant for the latest tricks that the malware authors employ.

While looking at some PDFs yesterday, something suspicious caught my eye. The PDF file format supports compression and encoding of embedded data, and also allows multiple cascading filters to be specified so that multi-level compression and encoding of that data is possible. The PDF stream filters usually look something like this:

However, in the particular file being analyzed I spotted the use of no fewer than nine JavaScript compression and encoding filters applied to a single stream, which is an unusually large number:


khaley | 26 Feb 2010 16:02:56 GMT

It’s been ten years already; can you believe it? I’m talking about the U.S. Census. It’s been ten years since the last one. Time to do it again. No, it wasn’t on my calendar either. To remind all of us and to encourage us to participate, the U.S. Census Bureau is spending $340 million to get the word out. There was even a Super Bowl ad.  
The Census Bureau will not be the only ones trying to get our attention and encouraging us to help them collect data. Cybercriminals will be doing the same thing. But they’ll be trying to fool us into thinking they are the Census Bureau. And the data they’ll be collecting will be a little different. It will be personal information they can use to rip us off.
How do I know this? First, the census is a perfect dodge for cybercriminals. After all, people are already expecting to have to reveal personal information about themselves, and with a little bit of social...