Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Emerging Threats
Showing posts in English
Joshua Talbot | 27 Mar 2008 07:00:00 GMT | 0 comments

Building on the Cold Boot research that was released in February of 2008, Tom Liston and Sherri Davidoff of Intelguardians presented “Cold Memory Forensics Work Shop” at CanSecWest 2008. When a system is cold booted, research discovered that the supposed volatility of conventional RAM is a half truth. In many cases memory will continue to hold state for seconds and sometimes even minutes after a system has been powered off.

In a Cold Boot attack, an attacker with physical access to a system reboots the computer and dumps the contents of RAM for forensic analysis, recovering sensitive information (passwords, encryption keys, documents etc). In the Cold Memory Forensics Work Shop, Tom and Sherri discussed their findings in leveraging the Cold Boot techniques to harvest information from systems exposed during penetration testing, as well as their work in developing tools that will help quickly identify passwords that were stored in memory. Their goal is to be able retrieve...

Hon Lau | 25 Feb 2008 08:00:00 GMT | 0 comments

Today, Adobe officially launched their newinfrastructure for delivering rich Internet applications to yourdesktop- Adobe Integrated Runtime, or "AIR" for short. At first glance,Adobe AIR looks like a mash up of many of the existing Web and Adobetechnologies such as HTML, AJAX, ActionScript, Flash, and Flex. Bycombining rich media and user interface features, and leveraging theexisting expertise in these technologies, Adobe hopes to bring highlyinteractive and engaging Web applications to the desktop.

Technologies provided by Adobe, such as Flash, enable a multimediadeveloper to easily create fantastic-looking and engaging applicationsand deploy them across various platforms by operating within a browserenvironment. Adobe AIR takes it a step further by liberating thesetechnologies and placing them within their own desktop-basedenvironment in a similar fashion to Java or .NET. Using this approach,it can achieve a number of aims:

• Impose its own security...

Symantec Security Response | 12 Feb 2008 08:00:00 GMT | 0 comments

Emperor Entertainment Group: From sex photo scandal to Web site being hacked, key word: protect the data on your hard drive.

It's probably not the best way to advertise privacy protection, butit's indeed something that should ring a bell for those who leave theirportable devices unattended or unsecured.

Rumor has it that Edison Chan, the popular celebrity from Hong Kong,had data stolen from his personal laptop. Now under normalcircumstances, this would be bad enough. However, it turns out Mr. Chanhad taken hundreds of pictures and videos of over 14 female celebritiesin various states of dress and involved in various sexual acts, andstored this data on his computer. The stolen data has since spreadquickly over the Internet.

Earlier today the Emperor Entertainment Group's Web site - the groupthat several of the victims have contracts with - was hacked by someonecalling themselves "blspi" with the following message in Chinese, "Isincerely hope EEG...

Silas Barnes | 12 Feb 2008 08:00:00 GMT | 0 comments

Following on from yesterday's EEG Web site hack,a collection of recently registered sites, hosted on,claim to have obtained an explicit video featuring Hong Kong actorEdison Chen and actress Cecilia Cheung.

When a user visits one of these sites, they are prompted to download"a new version of Video ActiveX Object" to play the video. Needless tosay, the file setup.exe is not an update as claimed. Rather, it is amalicious file detected as Trojan.Zlob by Symantec antivirus products.


The malicious sites we have seen to date:

Silas Barnes | 11 Feb 2008 08:00:00 GMT | 0 comments

As Valentines Day approaches, we see theStorm team have made yet another change in an effort to furtherpopulate their army of bots. A subsection of their herd that have beenhosting the Valentines-related content now presents the visitor withone of eight randomly themed images and bestows upon them the gift of"valentine.exe," detected as eitherTrojan.Peacomm.D or Trojan.Peacomm.

The page serves up a random image file per visit (or refresh of thepage), probably via some server-side scripting. A five second delayusing a meta-refresh tag provides enough time to enjoy the image beforebeing prompted to save the executable on the local system. A recentperusal of our spam trap continues to catch a large number of emailswith a Valentines Day theme...

khaley | 28 Jan 2008 08:00:00 GMT | 0 comments

It’s not very far into 2008 and sadly we are already seeing some of our predictions on the security trends of 2008come true. I blogged earlier that our security analyses expected to seeold style cybercrimes turn up in virtual worlds. While it’s not clearif any crime occurred, they did experience an old fashion run on banks.Unfortunately, unlike in the movie “It’s a Wonderful Life” there was noGeorge Bailey to stop the bank run.

There is a highly developed economy in Second Life and manybank-like businesses virtualized to handle people’s money. Like socialnetworks, virtual worlds create a sense of trust in their users. Sowhen offered interest rates as preposterously high as 40 percent, manySecond Lifers didn’t give it a Second Thought (apologies, that pun wasunavoidable). To Second Life’s credit they tried to get on top of theproblem by...

Zulfikar Ramzan | 22 Jan 2008 08:00:00 GMT | 0 comments

In a previous blog entryposted almost a year ago, I talked about the concept of a drive-bypharming attack. With this sort of attack, all a victim would have todo to be susceptible is simply view the attacker’s malicious HTML orJavaScript code, which could be placed on a Web page or embedded in anemail. The attacker’s malicious code could change the DNS serversettings on the victim’s home broadband router (whether or not it’s awireless router). From then on, all future DNS requests would beresolved by the attacker’s DNS server, which meant that the attackereffectively could control the victim’s Internet connection.

At the time we described the attack concept, it was theoretical inthe sense that we had not seen an example of it “in the wild.” That’sno longer the case.

We recently saw instances of actual attackers attempting a...

Zulfikar Ramzan | 21 Jan 2008 08:00:00 GMT | 0 comments

In a recent blog posting ( GNUCITIZEN security think tank published some new research on thesecurity of home routers – specifically on how to modify routersettings from an external location using Adobe Flash. The techniques,if I understand them correctly, are quite powerful and have widespreadimplications, so I wanted to describe them here.

Home broadband routers have a management configuration interfacethat allows users to change settings on the device. Typically, routersare configured through a Web interface. For example, the router’s ownerwould go to the administrative page for the router (which would belocated on an internal network host, such as,authenticate by entering a username and password, and then log in....

Silas Barnes | 15 Jan 2008 08:00:00 GMT | 0 comments

Well, the holidays are over and people are now back working. Including the controllers of the Storm botnet.

Steven Adair of Shadowserverhas confirmed that the recently festive Storm domains have now hadtheir DNS records deactivated. This means that for those of us who haveyet to go back to work, the malicious Christmas and New Year themedemails we may see in our inboxes are now less of a threat. However, wehave seen this sort of behavior in the past and we should prepareourselves for the next "infection run", as the deactivation of domainsis often the result of the shifting of a threat rather than itscessation.

Security Researcher Nicholas Albright of the Digital Intelligence and Strategic Operations Groupbelieves that the next infection wave will...

M.K. Low | 09 Jan 2008 08:00:00 GMT | 0 comments

Personal information is very easy to steal.Names, addresses, dates of birth, credit card numbers, social securitynumbers - they’re all easy to find using the Internet. Once thatinformation is in the hands of criminals, it’s very easy for them touse. They can wipe out your bank account, run up your credit cards, andsteal your identity.

How easy is it to steal personal information? A recent studyconducted to test the security of wireless perimeters of stores inmajor malls across the globe revealed that 25% of the stores werecompletely insecure and 85% would have been easy to crack. Even thoughthe attackers in the TJX breachused insecurities in the wireless networks to obtain millions ofpersonal data and that this breach has cost TJX...