Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Internet Security Threat Report
Showing posts in English
“Perfect” Client-Side Vulnerabilities
Adrian Pisarczyk | 27 Apr 2010 12:57:12 GMT | 0 comments

Far gone are the times when truly remote server-side vulnerabilities were the most popular vectors for compromising machines and attacking organizations. More than 93 percent of vulnerabilities exploited in recent years have been client-side security flaws, as discussed in the Symantec Global Internet Security Threat Report. They are used in both targeted attacks and massively widespread drive-by attacks to create botnets. One type of these sorts of vulnerabilities is browser and browser-related issues. In many cases they merely require a victim to follow a single link to become compromised. There is a continuous race between browser developers, vulnerability researchers, and exploit writers. In this year’s Pwn2Own contest at the CanSecWest Applied Security Conference, all of the most popular browsers except Google Chrome were successfully exploited on the first day. The list included Apple...

Read more
The Interesting Case of the Induc Virus
Brent Graveland | 23 Apr 2010 10:06:32 GMT | 0 comments

In 2009, the Induc virus was the top new malicious code sample observed by Symantec worldwide. Notably, Induc does not actually do anything strictly malicious; all it does is propagate. No keystroke logging, no spam sending abilities, no ad clicking, and no destruction of data.

So what makes this virus interesting? All Induc does is propagate, but only on developer’s computers. Specifically, it does not do anything unless it detects an installation of versions 4 thru 7 of the Delphi® development environment. Delphi is a variant of the Pascal programming language originally developed by Borland and is meant to facilitate the development of applications for the Microsoft Windows platform. The targeted versions of Delphi were released between 1998 and 2002, but are still in wide use throughout the developer community....

Read more
Dirty Jobs: Cybermule
Ben Nahorney | 22 Apr 2010 12:47:50 GMT | 0 comments

In this day and age we’re all aware of the threat cybercriminals pose to our personal information. If you’re not careful, items such as your credit card number could fall into the wrong hands, resulting in unauthorized goods and services being purchased in your name. What may come as a surprise is not everyone participating in these activities is a full-blown cybercrimial. Some are ordinary citizens—just like you and me—that unintentionally get caught up in illegal activity.

How does this happen? Let’s say you’ve recently lost your job and are desperate to find new work. So, you post your resume on a job recruitment website. A short time later you receive an email from a recruiter:

Acme Inc. is opening a vacancy for the Correspondence Manager position.

What luck—the job is done entirely from home, receiving and reshipping packages. It’s easy work that pays quite well:

Base Payment Mail handling...

Read more
Symantec Global ISTR XV Vulnerability Highlights
David McKinney | 21 Apr 2010 11:53:45 GMT | 0 comments

I am proud to announce the release of Volume 15 of the Symantec Global Internet Security Threat Report. I would like to take this opportunity to give a preview of the some of the findings in the vulnerabilities section of this report.

In previous years, we observed that ActiveX vulnerabilities were on the rise. This trend was largely driven by security researchers employing various fuzzing tools to audit ActiveX controls for vulnerabilities. In 2008, 70 percent of all browser plug-in vulnerabilities could be attributed to vulnerable ActiveX controls. In 2009 there was a significant decline in the proportion of ActiveX vulnerabilities when compared to other browser plug-in technologies. In the report we observed that only 42 percent of browser plug-in vulnerabilities affected ActiveX controls. Vulnerabilities in other browser plug-ins increased as a result. In particular, Java SE accounted for 11 percent of browser plug-in vulnerabilities in 2008 but rose to 26...

Read more
Taking the Podium Isn’t Always a Call for Celebration
Téo Adams | 20 Apr 2010 08:08:15 GMT | 0 comments

Ranks and podium finishes are no doubt one of the key highlights of the recently concluded 2010 Olympic winter games. Likewise, rankings are an aspect of many metrics used for analysis in the Symantec Global Internet Security Threat Report and there was a somewhat surprising change in the top ranks of malicious activity by country in 2009.

Beginning in 2006, Symantec began measuring, analyzing, and reporting the amount of malicious activity occurring in, or originating from, countries around the globe. In every report since, the top three countries have been the United States, China, and Germany. Although the country ranking below the top three has changed every year—with, in some cases, the amount of their malicious activity increasing significantly—there was little indication that the top three countries would change.

That said, previous editions of the report have observed and discussed indications that emerging countries such as India, Russia...

Read more
Iframes, Please Make Way for SEO Poisoning
Nishant Doshi | 12 Nov 2009 19:48:52 GMT | 0 comments

If a hacker managed to hack into your blog or website, what could they possibly do? They could insert malicious iframes or JavaScript code into your Web pages. Probably even attempt to steal some data. But most likely they would "search engine optimize" your website. Can this be true? Well, let me explain more.

Search engine optimization (SEO) is a collection of techniques used to achieve higher search rankings for a given website. "Black hat SEO" is the method of using unethical SEO techniques in order to obtain a higher search ranking. These techniques include things like keyword stuffing, cloaking, and link farming, which are used to "game" the search engine algorithms.

So what does a hacker gain from all this? Why would a hacker help you achieve a higher search engine ranking? Quite the contrary; he is helping himself.

What the hacker actually does is add numerous additional Web pages to your website. Let’s call each of...

Read more
Honor Among Thieves? Definitely Not.
Jarrad Shearer | 26 Oct 2009 21:54:33 GMT | 0 comments

Misleading application, rogue software, fake AV: call it what you will, it’s everywhere. The authors of these applications are pumping them out by the hundreds, fooling many Internet surfers, and in the process they’re making big bucks out of it. In fact, as many of our readers will be well aware by now, it is the focus of a white paper Symantec has just released entitled Symantec Report on Rogue Security Software.

So if there are so many of these things, why should one called Windows Enterprise Defender be any different from the rest? Firstly, it tries to pass itself off as Windows Defender, which is a legitimate security product released by Microsoft. Obviously the name is similar but so is the GUI:

shot1.JPG

Notice the castle wall on the top-right...

Read more
Rogue Apps – Catch Me if You Can
Gaurav Dixit | 22 Oct 2009 16:39:27 GMT | 0 comments

Misleading applications, also known as rogue applications, have always tried to lure users into their traps by using various techniques such as fake security scans, misleading task bar notifications, popup windows, etc. To take this to a new level, developers of these applications are now frequently changing the product name and its associated website name in order to mislead users and antivirus vendors. Clones of the same product—with different names—continue to appear almost every day. Earlier this week Symantec published its Report on Rogue Security Software, which discusses misleading apps in greater detail. A couple of examples of rogue security software are given below. We identify one such family of rogue or misleading applications as WiniGuard:

wini1.png...

Read more
Server Characteristics: Symantec Report on Rogue Security Software
M.K. Low | 21 Oct 2009 17:26:34 GMT | 0 comments

Rogue security software programs, also known as misleading applications or scareware, are programs that pretend to be legitimate security software, such as an antivirus scanner or registry cleaner, but which actually provide the user with little or no protection whatsoever. Well known examples of rogue security software include AntiVirus 2009, Malware Defender 2009, and System Guard 2009.

The recently published Symantec Report on Rogue Security Software includes a discussion on a number of servers that Symantec observed hosting these misleading applications from July to August 2009....

Read more
Rogue Security Software Distribution Methods: Symantec Report on Rogue Security Software
David McKinney | 20 Oct 2009 15:12:40 GMT | 0 comments

The Symantec Report on Rogue Security Software includes an in-depth analysis of the methods scammers use to distribute rogue security applications. This blog presents some of the highlights of the research into the distribution of these scams.

In the report, the following distribution and advertising trends were observed:

•    Ninety-three percent of the top 50 most prevalent rogue security applications were distributed as intentional downloads. This means that victims are tricked into believing they are downloading legitimate security software and subsequently installing the rogue application.
•    Seventy-six percent of the top 50 most prevalent rogue security applications were classified as unintentional downloads. This means that the software may be installed unintentionally through drive-by downloads or...

Read more