Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Evolution of Security
Showing posts in English
khaley | 20 Jun 2011 23:57:14 GMT

Troy Hunt, a Microsoft MVP, has done some terrific analysis of the passwords people use. Unfortunately, what has made this possible is the recent trend in hacktivism whereby it is common for hackivists to post the spoils of their attacks online to generate publicity and shame the company being attacked. While this has been bad news for the companies and their customers, it has provided a rich data set for researchers to analyze. The results from Troy’s research are pretty interesting. Rather than rehash the results here, I’ll let you read them yourself:

What struck me while reading the blog is how much we know about what kind of passwords people create and how little we’ve been able to make practical use of any of this knowledge. Sure we all run off and write blogs about how people need to make their...

Stephen Doherty | 16 Jun 2011 19:13:35 GMT

Malware authors move fast. Following on from the previous blog post on Bitcoin botnet mining, we have seen a recent Trojan in the wild targeting Bitcoin wallets. The Trojan is Infostealer.Coinbit and it has one motive: to locate your Bitcoin wallet.dat file and email it to the attacker. This is not surprising considering the potential values in a Bitcoin wallet. We have also discovered source code on underground forums which locates the wallet and, using FTP, uploads it to the attacker's servers.

infostealer.coinbit code to send Bitcoin wallet info to attacker
Figure 1. Code snippet found on underground forums to steal...

Peter Coogan | 16 Jun 2011 17:49:11 GMT

A digital currency known as Bitcoin (BTC) has been causing a bit of a media stir of late due to its use for illicit purposes. Some readers of this blog will be familiar with and have used a digital currency of some form in the past to purchase goods online. Some may even remember failed digital currencies such as e-gold, which had operations suspended by US authorities after its proprietors were indicted on four counts of violating money laundering regulations back in 2007. With Bitcoin, we now have another multi-million dollar digital currency market without any central authority for regulation. (An in-depth explanation of Bitcoins is...

khaley | 10 Jun 2011 15:37:42 GMT

I believe that we have reached a saturation point.  You know how, after heavy rain, the ground can’t absorb any more water and it begins to pool on the ground? We’ve reached that point with security incidents.  

The bad guys just can’t pump out new malware any faster. Check out the Norton Cybercrime Index.  The trends for 2011 are pretty much flat. The explosive growth in malware we’ve seen in the previous 10 years is just not sustainable. Maybe new hacker tools will come along, new propagation methods, or more platforms, or more people to infect.  But for now, things are beginning to stagnate.  
This is not to say the problem is going away.  There were 286M new malware variants in 2010. 286 million! But even that mind-...
Candid Wueest | 18 Oct 2010 16:24:05 GMT

On Tuesday, September 21 a cross-site scripting (XSS) vulnerability in Twitter became publicly known and was exploited by attackers, as well as many curious copycats with non-malicious intentions. An issue surrounding the parsing of attributes of posted links allowed JavaScript code to be executed whenever a user hovered over a link with the mouse. According to Twitter, the vulnerability had been patched a month ago, but resurfaced with a recent code change. Some users started to misuse the vulnerability as a new feature, adding things like rainbow-colored text boxes or harmless pop-up boxes to their tweets.

It comes as no surprise that this vulnerability was also used for malicious purposes. You can’t really blame users for getting infected, as they didn’t even click on the suspicious links. Rolling over any of the specially crafted links was sufficient to start the...

Andrea Lelli | 01 Sep 2010 10:24:18 GMT

In previous blogs we have discussed how malware can exploit a search engine’s indexing features in order to spread malicious content. Recently we have observed a massive compromise of websites under the .ch and .nl top-level domains, aimed at performing a massive search engine optimization (SEO) attack to spread fake antivirus applications.

To keep track of pages on the Internet, search engines use automated web scanners, called crawlers or spiders. Their purpose is to find every possible Web page on the net, read its content, and then index it for future user searches. Attackers often try to exploit this feature in order to trick a search engine into associating a malicious Web page with very common...

Gary Phillips | 13 Aug 2010 13:49:04 GMT

Following an industry conference, I find it a good practice for me to reflect back on what I learned and observed and see how I can apply it to my current work. At the conference there is so much to learn and take in, so I find it helps to let it all marinate for a bit of time and then I can start to uncover the new learning once I’m back at my desk and away from the conference buzz. It’s now been nearly two weeks since BlackHat wrapped up and these are the topics and observations from the conference that have been swilling around in my head. I hope to explore these thoughts more with my industry colleagues and find my way to contribute to improving security industry best practices.
Cyber security professionals need an education

Education remains an area of concern for cyber security professionals. The perception is that universities are graduating computer scientists and other degreed professionals inadequately prepared to...

Vincent Weafer | 27 Jul 2010 13:18:56 GMT

As 2009 came to a close, we at Symantec looked into our crystal ball and made a few predictions regarding what online security trends we expected to see in 2010. Now that we’re halfway through the year, we’re taking a look back and evaluating ourselves based on how our forecasts are panning out thus far.

Here’s a brief recap of how we think our trend predictions are fairing. We’ve rated each of them as either “on track,” “mostly on track,” “still possible,” or “more likely next year.”

To view an interactive version of this graphic that provides more detail, please click here. Once you do, you can click on each of our predictions and the corresponding mid-year statuses to read more.


Zulfikar Ramzan | 01 Jun 2010 22:54:56 GMT

There has been a considerable amount of news activity purporting that Google is looking to do a full-scale migration away from using Microsoft products, citing security as the primary impetus. While I can’t say whether or not these reports are indeed true, the story does raise a couple of important issues when it comes to reasoning about how effective your IT security policies are.
The first misconception is that the main security risks are rooted in the underlying platform, whether it is Windows, Mac OS, Linux, etc. That might have been true five to seven years ago. The reality today, however, is that much of the attack activity we see is aimed “higher up in the stack.” The targets include applications that run on top of platforms (e.g., Web browsers), third-party add-ons that run on top of applications (e.g., browser extensions or plug-ins), and ultimately the human beings who operate the platform—who, unbeknownst even to themselves,...

Security Intel Analysis Team | 30 Mar 2010 19:25:41 GMT

At the recent Pwn2Own contest held during the CanSecWest 2010 security conference, the Web browser targets were the latest versions of Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari. All of the targeted browser platforms were patched up to date and included the latest anti-exploitation technologies. In spite of this, Peter Vreugdenhil succeeded in leveraging two vulnerabilities in Internet Explorer 8 on Windows 7 64-bit to execute and reliably run arbitrary code, bypassing Microsoft’s latest security defenses. Internet Explorer 8 was not the only browser to fall—Charlie Miller exploited the Safari browser on OSX, and Nils exploited Mozilla Firefox on Windows 7.  

So, why do Web browsers make such good targets for exploit developers? First off, the Web browser handles untrusted and therefore unpredictable data, and this data often passes through several security boundaries before the processing of the data is complete. The Web...