Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Emerging Threats
Showing posts in English
Kaoru Hayashi | 15 May 2007 07:00:00 GMT | 0 comments

Recently we found a new malware called Infostealer.Snifula.C. Themain purpose of malware is to steal confidential information from acompromised computer and send it to a certain web site. The author ofthe malware can obtain the information from the site and make moneywith it. To make matters worse, the web site has no access control andanyone can access the information there.


As I'm writing this, more than 300MB logs are at the site and we cansee a huge collection of confidential information such as names,addresses, phone and credit card numbers, and login information foremail, online banking, MySpace, or eBay. And all of this informationcan be accessed through search engines.


Aaron Adams | 14 May 2007 07:00:00 GMT | 0 comments

The DeepSight Threat Analyst Team is constantly monitoring honeypotstermed “crawlers”, which are designed to crawl the Internet looking formaliciously-crafted web pages. These crawlers emulate users surfing theInternet with various browsers that may be susceptible to client-sideexploits hosted on Webpages. With the crawlers, we capture a lot of therun-of-the-mill malicious code using legacy web vulnerabilities.Malware authors especially like to spread using the (Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability BID 17462).

But among the legacy attacks, we run into much more interestingcompromises that ironically still install some of the same old malwarevariants. One of these interesting compromises was encountered on May8, 2007. A URL was distributed that was designed to look like itbelonged to the Halifax Online financial institute. However, theresulting site...

Gary Sabala | 11 May 2007 07:00:00 GMT | 0 comments

A quick Google search on the term “virtualization” returns nearly 19million results. The subject has graced the cover of nearly every majorIT trade publication in the past year in probably the past six months.In contrast, search the term “virtual security,” and you’ll be lucky tosee a meager 150,000 hits. Mark my words though—that limited attentionis about to change. As virtualization technology continues to emerge asa viable option for moving from development to production environments,the focus on the security implications of this new IT frontier willreach a tipping point.

With the security threat landscape in an enterprise changing on adaily basis, IT requires more innovative ways to protect desktopendpoints. Evolutionary security enhancements have just managed to keeppace with threats, but it is clear that more revolutionary securitymodels will be needed to protect the desktop in the future.Virtualization may hold the key.

Virtualization changes how IT thinks...

Hon Lau | 30 Apr 2007 07:00:00 GMT | 0 comments

Since late yesterday we have seen a marked increase in the activity of a new Sober variant doing the rounds.
A new variant of Sober named W32.Sober.AA@mm is currently being spammed out to many users around the world.
The spam can be either in English or German and uses classic socialengineering techniques to trick users into opening and running theattachments.

The emails sent have the following characteristics:

Ihr Passwort wurde geaendert!
Fehlerhafte Mailzustellung
Ihr Account wurde eingerichtet!
Your Updated Password!
Error in your eMail

Ihr Passwort wurde erfolgreich geaendert.
Ihre neuen Account-Daten und Passwort befinden sich gesichert im Anhang!


Diese Nachricht wurde Automatisch generiert.
- Ihre...

Shunichi Imano | 16 Apr 2007 07:00:00 GMT | 0 comments

It has been reported that a worm that exploits the Microsoft Windows Domain Name Server Service Remote Procedure Call Interface Vulnerability is in the wild. Symantec Security Response has obtained a sample of the worm and we detect the threat as W32.Rinbot.BC.

We have seen an increase in activity over TCP port 1025 as a result ofW32.Rinbot.BC scanning the port in search of vulnerable computers.W32.Rinbot.BC is the first worm that exploits the Microsoft DNSvulnerability and the exploit code was only made public a few days ago.If you have not done so already, Symantec suggests that you block TCPport 1025 in order to avoid the attack.

Blaster, Sasser, W32.Rinbot.BC
We have observed that the time taken from exploit code...

Symantec Security Response | 26 Mar 2007 07:00:00 GMT | 0 comments

Twice a year, Symantec produces the Internet Security Threat Report,a comprehensive report outlining the major trends in Internet securityover the previous six-month period. One security concern that is ofinterest to many people is the growth of spam and spam-related issues.Symantec monitors the source and volume of spam from around the worldand uses this information to discuss the major trends in thespam-related landscape.

One trend that has been relatively steady is the largest country oforigin for spam messages. In the second half of 2006, around nine outof 20 spam messages were sent from the United States. This highlightsthat although some other countries are gaining notoriety for being spamhavens, the United States is still the number one spam distributor inthe world. In fact, spam from the United States outnumbers spam fromthe second closest country, China, at a rate of seven to one. Soalthough countries like China, Russia, and Brazil are touted as beingthe...

Joseph Blackbird | 23 Mar 2007 07:00:00 GMT | 0 comments

Given the increase of malicious activity in the current threatlandscape, consumers need to be more cautious when browsing theInternet. Web browsers are now supporting an increasing number oftechnologies. The more a Web browser has to deal with, the more likelya security hole will be inadvertently coded into it. Therefore, it's nowonder attackers are targeting the growing number of vulnerabilities inWeb browsers.

Over the last six months of 2006 we have been tracking thedistribution of attacks targeting Web browsers. The results show thatMicrosoft’s Internet Explorer leads with an extremely large margin inthe number of attackers targeting it. The primary focus of attacksseems to target ActiveX controls; ActiveX controls are not strictly apart of the browser, but simply provide functionality that can be usedby the browser. This brings into question the security viability ofMicrosoft’s latest version of their popular browser Internet Explorer 7.

Internet Explorer 7...

Dean Turner | 22 Mar 2007 07:00:00 GMT | 0 comments

Predicting the future of Internet threat activity is a bit likepredicting the weather; it is primarily accomplished with theapplication of science and technology, but it also includes the skillof human observation. The "Future Watch" section of the recentlyreleased Internet Security Threat Report, Volume XI, uses allof the resources available to Symantec, some of which include theSymantec™ Global Intelligence Network, the BugTraq™ mailing list, theSymantec Probe Network, as well as malicious code data gathered alongwith spyware and adware reports from over 120 million client, server,and gateway systems that have deployed Symantec’s antivirus products.We also consult with our numerous security experts who, like goodweather forecasters, don't have to wait for the clouds to know a stormis coming.

Between July 1 and December 31, 2006, Symantec blocked over 1.5billion phishing messages, an increase of 19 percent over the firsthalf of 2006. One of the predictions...

Joseph Blackbird | 21 Mar 2007 07:00:00 GMT | 0 comments

As spring quickly approaches, the Internet continues to grow into amore and more complex world driven by commerce. Businesses have longsince moved in and millions of dollars change hands every day online.Along with big business comes organized crime. Perhaps not necessarilythe organized crime immortalized in stories like The Godfather or The Sopranos,but Internet crimes are carried out in an organized way designed toconnect the theft of a single person’s user account credentials to abuyer on the mass market for illegal information. Throughout thisorganization, bots play the leading role.

Bots, once used primarily by their owners to carry out denial ofservice attacks driven by grudges, bragging rights, or politicalmotives, have been firmly incorporated into the toolkit of organizedcrime on the Internet. Bots can do pretty much anything: carry outattacks, host spam relays, carry out DoS attacks, host phishing sites,and log keystrokes on the computer they...

Marc Fossi | 20 Mar 2007 07:00:00 GMT | 0 comments

Six months ago, in the previous volume of Symantec's Internet Security Threat Report,I wrote that we were seeing a shift away from “noisy” worms towardstargeted Trojans that attract less attention. In the second half of2006, this trend remained true, as the volume of Trojans reported bySymantec customers increased and the volume of worms decreased. At thesame time, a lot of these Trojans are becoming more sophisticated.

In the latest edition of the Internet Security Threat Report,we note that multi-stage downloaders, also referred to as modularTrojans, are becoming more prevalent most likely because of theirversatility. The first stage of these downloaders is usually a smallTrojan that disables your security and antivirus applications thendownloads a more complex threat. Since the initial stage disablessecurity applications, the second stage can be almost...