Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Malicious Code
Showing posts in English
Black Friday, Cyber Monday, and now AV Friday!
Peter Coogan | 25 Nov 2009 12:54:56 GMT | 0 comments

Okay, I did just coin the term “AV Friday” as a joke and it’s not to be taken too seriously. So, what is AV Friday all about? Many people living in the U.S. will be familiar with the term Black Friday—the day after Thanksgiving and generally the busiest retail shopping day of the year in the U.S. Some may have heard of the term Cyber Monday, which refers to the Monday immediately after Black Friday and thought to be the ceremonial kick-off, or busiest day, of the holiday online shopping season in the U.S. between Thanksgiving and Christmas. Having both of these days in mind made me wonder—what was the busiest antivirus protection day for Symantec over the last year? For fun, AV Friday was born.

On Friday, April 17, 2009, Symantec antivirus signatures reported protecting over 3.5 million customers. This works out at roughly...

Read more
Zeus' Social Security Statement Spam Campaign
Patrick Fitzgerald | 23 Nov 2009 16:27:01 GMT | 0 comments

Once again Zeus is up to its old tricks with a new twist.  The latest spam run informs users that their latest Social Security statement is available but it may contain errors.  The subject of the mail will be something like “Review annual Social Security statement“ and the body warns of a potential identity theft risk and asks you to review your annual statement at the link they provide.

image1.png
Figure 1. An example of the Spam

If you follow this link you will arrive at the following page:
 
image2.png
...

Read more
Symantec Talks Trends and Looks into the Crystal Ball
Marian Merritt | 20 Nov 2009 14:45:48 GMT | 0 comments

I had the honor recently of moderating a virtual roundtable discussion on the top Internet security trends from 2009 and what we expect to see in the security threat landscape in 2010. Funny thing about security predictions—you hope they won’t come true, but expect them to anyway. The roundtable featured expert panelists Paul Wood (Senior Analyst, MessageLabs Intelligence, Symantec) and Zulfikar Ramzan (Technical Director, Symantec Security Response). They each have unique insights into the world of cybercrime, spam, phishing attacks, and other cyberthreats that plague us all.
 
We want to give a big thanks to everyone who joined in to listen to our experts, and we hope you found it interesting. For those of you who couldn’t make it, please take a few minutes to listen to the podcast of the actual roundtable.

You can read more about...

Read more
This Utility Has Zero Business with Your Mailbox
Mayur Kulkarni | 19 Nov 2009 21:35:04 GMT | 0 comments

We are monitoring new malicious attacks that look similar to the fake "Microsoft Outlook reconfigure" spam campaign messages we have been observing for the last couple of months. That malicious campaign was followed by attacks on social networking sites, transforming from malicious code attacks into URL-based phishing attacks. These new attacks have similar traits, such as the spoofed “From” headers, which aggressively target and baffle enterprise users, and a subject line that is intended to cause panic (for obvious reasons—have a look at the example image below).

thisutility.png

As seen in the message above, the mail attachment is a zipped file named “utility.zip” that extracts an executable detected as Trojan.Dropper by Symantec antivirus. Using...

Read more
Two Arrested in Connection with Zeus Botnet Package
Eric Chien | 18 Nov 2009 19:54:37 GMT | 0 comments

Zeus is a botnet package that allows for the easy creation and command and control of a botnet.  We've discussed Zeus previously in Zeus, King of the Underground Crimeware Toolkits. The main purpose of Zeus is to steal online credentials such as online banking passwords, but it can be configured to steal passwords from any online site. 

Today, the BBC is reporting that police in the UK have arrested two suspects in relation to Zeus. While the details are preliminary, the two likely appear to be users of the Zeus botnet package rather than the actual creators, and thus the prevalence and usage of Zeus is likely to continue.

We've created a research paper providing more in-depth information on Zeus, including how the bot is created, what functionality it has, and additional screenshots on...

Read more
Don’t Read This Blog
Kevin Haley | 17 Nov 2009 20:13:47 GMT | 0 comments

Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need. I expect it to show up in a revision of Maslow’s Hierarchy of Human Needs any day now—behind love, but certainly ahead of safety.

I do have a point to all this. Two actually. As we compiled the Security Trends to Watch in 2010, what occurred to me is that the people who most needed to read this information never will. At least not without some social engineering on my part. And since social engineering plays such a prominent role in future trends, it seemed appropriate. So I’ve decided to use this little trick to get people to...

Read more
Breadth of Security Issues in 2009 = Stunning
Kevin Haley | 17 Nov 2009 19:59:04 GMT | 0 comments

The Security Response team has compiled the top security trends of 2009. We pulled data from the Global Intelligence Network and the experiences of the thousands of analysts and security experts at Symantec to come up with the top trends for the year. While none of these trends will be a surprise to anyone even casually following the threat landscape, when compiled and summarized, it is clear that the breadth of security problems in the past year was pretty stunning.

For example:

•    Toolkits and threat recycling have made malware easier to create than ever
•    Polymorphic technology is being applied to make threats harder to catch
•    Botnets, large and small, are used as the foundation of attacks making most attacks complex
•    All major news events are used for social engineering
•    Major brands are being appropriated by cybercriminals...

Read more
Guide to Scary Internet Stuff
Liam O Murchu | 16 Nov 2009 18:04:49 GMT | 0 comments

Finally, some help with explaining Internet security to my non-geek friends! The Guide to Scary Internet Stuff video series will hopefully make my life a little easier. Explaining the intricacies of Internet security is a challenging task. I often have difficulty explaining to my non-technical friends and relatives why they need to know about risks on the Internet. On top of that, I sometimes discover that my advice has fallen on deaf ears as I inevitably fix their computers after a click on a spam or phishing link, or after they have not run Windows Update or updated their antivirus software in a while.

Although this is not the normal technical type of material that we post here on the Security Response blog, when Dominic Cook from our UK PR team showed me these, I immediately thought they were worth a post. The animations are fun, but most of all I think my friends will understand them, remember some of the advice,...

Read more
When is it OK to Click on OKPS?
Hon Lau | 16 Nov 2009 15:00:47 GMT | 0 comments

When trawling the Web today we came across a website that has been compromised and rigged so that it is returned in search engine results for many different search terms. The site in question belongs to a UK-based company that specializes in hiring out holiday homes and is a legitimate business. However, the site has been compromised and is being used in a major ongoing SEO-based misleading applications attack, and has been for some time now. As you can see in the sample search results below, you may wonder what college football, a Ukraine vs. Greece soccer match, Penn State basketball, and Robin Williams have to do with renting a holiday home—and with good reason, too.

okps_blog_search_results.png

The key to identifying malicious pages in the search results is...

Read more
Another iPhone Attack
Symantec Security Response | 11 Nov 2009 19:11:44 GMT | 0 comments

The first iPhone worm, known as iPhoneOS.Ikee, recently hit the news everywhere. The purpose of this worm was to show that jailbroken iPhones had a flaw that could be easily exploited. The consequences of this worm were minor since the author decided to simply Rickroll users who became victims of this attack. However, there were many warnings that the publicly released code could easily be altered so that consequences were not so benign.

Given the implications—and this being a hot topic—reports are surfacing about a hacktool that can be used to attack jailbroken iPhones. This tool is taking advantage of the same default SSH password that iPhoneOS.Ikee does, but put plainly, this is not another worm. We’re looking at...

Read more