Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Internet Security Threat Report
Showing posts in English
Téo Adams | 18 Jan 2011 13:44:52 GMT

Search results and malicious websites

Among the many excuses I’ve heard from people who take computer security too lightly, or who brush off the likelihood of being targeted by Web attacks, are comments such as “I don’t search for anything bad,” or “I only visit sites I know.” I find this sort of attitude very frustrating, if not amusing, and I like coming across bits of information that I can use to educate these people. So, I was especially interested in the results of some related data analysis that I worked on for on the recently released Symantec Report on Attack Kits and Malicious Websites.

One of the metrics we use in the report examines Web search terms and the number of times the use of each search term resulted in a user visiting a malicious website. The range of search terms was unrestricted and consisted of both...

Greg Ahmad | 30 Apr 2010 12:49:13 GMT

Web browsers are an integral part of home and business computing environments and one of the most popular and ubiquitous applications on computer systems. Due to their popularity, the exploitation of security vulnerabilities in browsers is a common method for attackers to compromise computers. Vulnerabilities in browsers and browser plug-ins facilitate the propagation of malware, as well as aid in other attacks such as fraud and the theft of sensitive information. Not only are these issues used to compromise computers in targeted attacks, but vulnerabilities affecting browser applications are also exploited en masse by malware, bot networks, and exploit toolkits. Nowadays, attacks that take advantage of vulnerabilities in browsers and other associated applications such as browser plug-ins are very common. According the recent Symantec Global...

Adrian Pisarczyk | 27 Apr 2010 12:57:12 GMT

Far gone are the times when truly remote server-side vulnerabilities were the most popular vectors for compromising machines and attacking organizations. More than 93 percent of vulnerabilities exploited in recent years have been client-side security flaws, as discussed in the Symantec Global Internet Security Threat Report. They are used in both targeted attacks and massively widespread drive-by attacks to create botnets. One type of these sorts of vulnerabilities is browser and browser-related issues. In many cases they merely require a victim to follow a single link to become compromised. There is a continuous race between browser developers, vulnerability researchers, and exploit writers. In this year’s Pwn2Own contest at the CanSecWest Applied Security Conference, all of the most popular browsers except Google Chrome were successfully exploited on the first day. The list included Apple...

Brent Graveland | 23 Apr 2010 10:06:32 GMT

In 2009, the Induc virus was the top new malicious code sample observed by Symantec worldwide. Notably, Induc does not actually do anything strictly malicious; all it does is propagate. No keystroke logging, no spam sending abilities, no ad clicking, and no destruction of data.

So what makes this virus interesting? All Induc does is propagate, but only on developer’s computers. Specifically, it does not do anything unless it detects an installation of versions 4 thru 7 of the Delphi® development environment. Delphi is a variant of the Pascal programming language originally developed by Borland and is meant to facilitate the development of applications for the Microsoft Windows platform. The targeted versions of Delphi were released between 1998 and 2002, but are still in wide use throughout the...

Ben Nahorney | 22 Apr 2010 12:47:50 GMT

In this day and age we’re all aware of the threat cybercriminals pose to our personal information. If you’re not careful, items such as your credit card number could fall into the wrong hands, resulting in unauthorized goods and services being purchased in your name. What may come as a surprise is not everyone participating in these activities is a full-blown cybercrimial. Some are ordinary citizens—just like you and me—that unintentionally get caught up in illegal activity.

How does this happen? Let’s say you’ve recently lost your job and are desperate to find new work. So, you post your resume on a job recruitment website. A short time later you receive an email from a recruiter:

Acme Inc. is opening a vacancy for the Correspondence Manager position.

What luck—the job is done entirely from home, receiving and reshipping packages. It’s easy work that pays quite well:

Base Payment Mail handling...

David McKinney | 21 Apr 2010 11:53:45 GMT

I am proud to announce the release of Volume 15 of the Symantec Global Internet Security Threat Report. I would like to take this opportunity to give a preview of the some of the findings in the vulnerabilities section of this report.

In previous years, we observed that ActiveX vulnerabilities were on the rise. This trend was largely driven by security researchers employing various fuzzing tools to audit ActiveX controls for vulnerabilities. In 2008, 70 percent of all browser plug-in vulnerabilities could be attributed to vulnerable ActiveX controls. In 2009 there was a significant decline in the proportion of ActiveX vulnerabilities when compared to other browser plug-in technologies. In the report we observed that only 42 percent of browser plug-in vulnerabilities affected ActiveX controls. Vulnerabilities in other browser plug-ins increased as a result. In particular, Java SE accounted for 11 percent of browser plug-in vulnerabilities in 2008 but rose to 26...

Téo Adams | 20 Apr 2010 08:08:15 GMT

Ranks and podium finishes are no doubt one of the key highlights of the recently concluded 2010 Olympic winter games. Likewise, rankings are an aspect of many metrics used for analysis in the Symantec Global Internet Security Threat Report and there was a somewhat surprising change in the top ranks of malicious activity by country in 2009.

Beginning in 2006, Symantec began measuring, analyzing, and reporting the amount of malicious activity occurring in, or originating from, countries around the globe. In every report since, the top three countries have been the United States, China, and Germany. Although the country ranking below the top three has changed every year—with, in some cases, the amount of their malicious activity increasing significantly—there was little indication that the top three countries would change.

That said, previous editions of the report have observed and discussed indications that emerging countries such as India, Russia...

Nishant Doshi | 12 Nov 2009 19:48:52 GMT

If a hacker managed to hack into your blog or website, what could they possibly do? They could insert malicious iframes or JavaScript code into your Web pages. Probably even attempt to steal some data. But most likely they would "search engine optimize" your website. Can this be true? Well, let me explain more.

Search engine optimization (SEO) is a collection of techniques used to achieve higher search rankings for a given website. "Black hat SEO" is the method of using unethical SEO techniques in order to obtain a higher search ranking. These techniques include things like keyword stuffing, cloaking, and link farming, which are used to "game" the search engine algorithms.

So what does a hacker gain from all this? Why would a hacker help you achieve a higher search engine ranking? Quite the contrary; he is helping himself.

What the hacker actually does is add numerous additional Web pages to your website. Let’s call each of...

Jarrad Shearer | 26 Oct 2009 21:54:33 GMT

Misleading application, rogue software, fake AV: call it what you will, it’s everywhere. The authors of these applications are pumping them out by the hundreds, fooling many Internet surfers, and in the process they’re making big bucks out of it. In fact, as many of our readers will be well aware by now, it is the focus of a white paper Symantec has just released entitled Symantec Report on Rogue Security Software.

So if there are so many of these things, why should one called Windows Enterprise Defender be any different from the rest? Firstly, it tries to pass itself off as Windows Defender, which is a legitimate security product released by Microsoft. Obviously the name is similar but so is the GUI:


Notice the castle wall on the top-right hand side of the...

Gaurav Dixit | 22 Oct 2009 16:39:27 GMT

Misleading applications, also known as rogue applications, have always tried to lure users into their traps by using various techniques such as fake security scans, misleading task bar notifications, popup windows, etc. To take this to a new level, developers of these applications are now frequently changing the product name and its associated website name in order to mislead users and antivirus vendors. Clones of the same product—with different names—continue to appear almost every day. Earlier this week Symantec published its Report on Rogue Security Software, which discusses misleading apps in greater detail. A couple of examples of rogue security software are given below. We identify one such family of rogue or misleading applications as WiniGuard:


Those who...