Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Internet Security Threat Report
Showing posts in English
M.K. Low | 21 Oct 2009 17:26:34 GMT

Rogue security software programs, also known as misleading applications or scareware, are programs that pretend to be legitimate security software, such as an antivirus scanner or registry cleaner, but which actually provide the user with little or no protection whatsoever. Well known examples of rogue security software include AntiVirus 2009, Malware Defender 2009, and System Guard 2009.

The recently published Symantec Report on Rogue Security Software includes a discussion on a number of servers that Symantec observed hosting these misleading applications from July to August 2009....

David McKinney | 20 Oct 2009 15:12:40 GMT

The Symantec Report on Rogue Security Software includes an in-depth analysis of the methods scammers use to distribute rogue security applications. This blog presents some of the highlights of the research into the distribution of these scams.

In the report, the following distribution and advertising trends were observed:

•    Ninety-three percent of the top 50 most prevalent rogue security applications were distributed as intentional downloads. This means that victims are tricked into believing they are downloading legitimate security software and subsequently installing the rogue application.
•    Seventy-six percent of the top 50 most prevalent rogue security applications were classified as unintentional downloads. This means that the software may be installed unintentionally through drive-by downloads or...

Ben Nahorney | 20 Oct 2009 11:37:29 GMT

Rogue security software scams are everywhere these days. The numbers are quite staggering—over 250 distinct programs racking up 43 million installation attempts, according to our new Report on Rogue Security Software.

Still, when it comes down to functionality and code base, it’s more akin to a few people with really large wardrobes. There might be dozens of variations of the same underlying program, each receiving minor updates and a new software skin. They even use the same fake threat names when attempting to scam you—stuff like “Spyware.Monster” or “Spyware.IEmonster”.

Ultimately what we’re looking at is variety in graphic design rather than functional design. We’ve put together a video to show just that. Our report calls these threats Antivirus200X—a “family” of rogue security...

Téo Adams | 19 Oct 2009 17:06:33 GMT

Given their financial motivations, the distributors of rogue security software scams need to affect a broad number of potential victims. Getting the program onto a victim’s computer is a critical step in rogue security software scams and the scammers use a variety of techniques to do so. While some rogue security software programs rely on just a few specific techniques to achieve this, many of them incorporate multiple techniques to improve the odds of success. The distribution techniques for rogue security software programs can be simplified into two groups: installation methods and advertising methods.

The installation methods for rogue security software can either be intentional or unintentional. Scammers who persuade victims that they need the rogue software to address security concerns lure the victims into downloading the software intentionally. This is a common approach to rogue security software installation that was used by 93 percent of the top rogue security...

khaley | 19 Oct 2009 12:11:08 GMT

In the 80’s I lived in NYC. At the time, enterprising hustlers had re-introduced the old Three Card Monte con game to NYC streets. Like wide ties and frozen yogurt shops, Three Card Monte always seemed to come back into fashion. Before you knew it, the streets were full of grifters running games. Whole blocks would be lined with these low-rent con men, standing behind cardboard boxes, tossing cards and asking the suckers to put their money on the red queen.
How could there be that many bad guys running Three Card Monte scams at one time? Well, there was plenty of money to be made, and it drew the criminal element like flies to honey. Grifters were making a lot of money at the con and every two-bit chiseler wanted their own piece of the action. Plus, there was very little needed to get in on the scam. The barrier to entry was low. You only need three playing cards, a couple of...

khaley | 07 Oct 2009 22:05:29 GMT

Every day when I walk into work I’m greeted by an avalanche of data on new malware and Internet scams. The numbers in the last few years have been staggering. And when you think about the people behind the numbers it can get quite sad—people who’ve had their computers taken over, been scammed, stolen from, and just plain abused by cyberthiefs. It can get to you. A lot of days I don’t feel so good. Today I feel better. The FBI just announced they will arrest nearly 100 people involved in a phishing scheme.

The FBI calls it Operation Phish Fry. Operation Phish Fry means that someone in the FBI loves a bad pun. But the important thing is it means that a whole bunch of bad guys are going to jail. It’s not going to eliminate all phishing attacks (we detected 55,389 phishing Web site hosts in 2008 alone). But this latest move takes a lot of bad guys off the Internet and...

Marika Pauls Laucht | 16 Apr 2009 16:16:08 GMT | 0 comments

Despite the recent economic downturn, phishing and spam scams are still profitable for attackers, possibly because phishers are able to quickly target their scams to match prevailing attitudes. For instance, phishers are enticing potential victims with lures that spoof well-known financial institutions and which promise easy access to low-interest loans and credit. Spammers are also attempting to use the uncertainty of the financial situation to their advantage. While it might be expected that spam offering stock market tips or other financial opportunities would drop off during a period of market uncertainty, it is likely that such a drop-off would be balanced out by an increase in spam offering such recession-related enticements as low-interest loans and easy access to credit.

Many phishing attacks that spoof financial services brands prompt users to enter credit card information or banking credentials into fraudulent sites. If this ruse is successful, phishers can then...

Téo Adams | 15 Apr 2009 15:33:47 GMT | 0 comments

A driving force behind the growing speed and efficiency of malicious code development is the demand for goods and services that facilitate online fraud. This is demonstrated by the flourishing profitability of confidential information sales in the online underground economy. For example, one person who was arrested for computer related credit card fraud in 2008 had possession of a condominium, a luxury vehicle, and over 1.6 million dollars in cash, among other valuable goods. All of which were presumably obtained by fraudulent means.

Malicious code that exposes confidential information is of particular value because the information is critical to several illegal practices, such as identity theft and credit card fraud. In many instances, well-organized programmers are developing this code on a large scale, much as how development occurs in a legitimate software enterprise. The confidential information obtained by the malicious code is then used for fraud or advertised for...

M.K. Low | 14 Apr 2009 12:58:18 GMT | 0 comments

The prevalence of Web-based applications and the ease of which these applications can be exploited using vulnerabilities have contributed to the widespread nature of Web-based attacks. Attackers can successfully reach and compromise a massive number of targets, and this remains as the source of motivation behind Web-based attacks. Attackers who wish to take advantage of client-side vulnerabilities no longer need to actively compromise or break into specific networks to gain access to those computers. Instead, by attacking websites, attackers can use them as means to mount client-side attacks.

An attacker can exploit any number of Web application vulnerabilities, such as SQL injection vulnerabilities, to help mount their Web-based attack. Surprisingly, many of these vulnerabilities are not used to directly compromise enterprise data assets or gain access to sensitive information. They are used simply as a way of injecting malicious content into websites as a means of...

John H | 24 Mar 2009 20:20:23 GMT | 0 comments

As we talk to enterprise and consumer customers, we are finding that many don’t understand the risks of the Internet today, why their computers have been compromised, or how the threat landscape has really changed. The fact that simply visiting your favorite website can either lead to malware silently being installed on your computer without ever clicking on anything, or being plagued by misleading applications, such as fake antivirus software, seems to be a surprise to many users and IT managers alike.

With the increase in Web-based attacks that users are being subjected to every day, we wanted to share timely data on the changing threat landscape and examine some of the factors and...