Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Online Fraud
Showing posts in English
Phishing Attacks: Industry Segmentation of Spoofed Brands
Zulfikar Ramzan | 22 Dec 2006 08:00:00 GMT | 0 comments

As part of the look at phishing statistics that I’ve blogged about recently, we analyzed the industry segmentation of the brands spoofed in a phishing attack. We divided the spoofed brands into the following categories:
• Financial - sites associated with online banking, brokerage, lending, and similar financial services or sites that directly support such a brand
• Service provider - sites that provide some common Internet-related services, including one or more of the following: Internet access, email accounts, or information portals
• General retail - sites that are associated with the sale of merchandise online
• Computer hardware - sites that are associated almost exclusively with the sale of computer hardware and peripherals
• Government - sites whose common URL ends in the .gov extension
• Social networking - sites whose exclusive purpose is to facilitate connection, collaboration, and communication among members,...

Read more
Phishers Target the Elderly
Zulfikar Ramzan | 21 Dec 2006 08:00:00 GMT | 0 comments

As mentioned in one of my previous blog entries, I’ve been looking at some of the phishing data Symantec collects. As part of this effort, I looked at data associated with a recent Symantec offering called Norton Confidential (this product, which is geared towards providing transaction security, can detect phishing sites, among other things). The Norton Confidential back-end servers collect a tremendous amount of data associated with existing phishing sites.

Within these phishing sites, I decided to look a little more carefully at the distribution of spoofed brands that represent local US banks (for example, credit unions that are local to a specific state). For this purpose I considered a brand to be local if all the branch locations were in a specific state (or in states that directly bordered that state). I...

Read more
Phishers Take Summers and Weekends Off, Too
Zulfikar Ramzan | 05 Dec 2006 08:00:00 GMT | 0 comments

I recently had the opportunity to look at some phishing data generated from the Symantec Brightmail AntiSpam system from April through September 2006, inclusive. The data included both the number of unique phishing messages that Symantec discovered per day, as well as the total number of blocked phishing messages. Note that a given phishing email might be blocked in multiple places, so the number of blocked messages exceeds the number of unique ones. (Also, several unique phishing emails may correspond to the same phishing site.) Our data for this period supports some interesting seasonal- and weekend-type effects in terms of phishing activity.

First, let’s look at the overall numbers. According to the tenth edition of the Symantec Internet Security Threat Report, from January 2006 to June 2006, Symantec blocked 1.3 billion phishing attempts and recognized 157,477 unique phishing emails. Since then, during the July 2006 to September 2006 time period,...

Read more
A Dollar Figure on Online Fraud
Zulfikar Ramzan | 16 Nov 2006 08:00:00 GMT | 0 comments

A few weeks ago, two well-known online discount brokers, E-trade and TD Ameritrade, revealed that online fraud had cost them a combined $22 million. The amount of money here is clearly substantial and what is probably even scarier is that it only represents what two firms experienced from one set of attacks.

The purported mechanism by which the financial loss took place was a “pump-and-dump” scheme; the details of which are as follows. The perpetrators first managed to steal the passwords for a victim’s online brokerage account. (We’ll get into how they accomplished this step shortly.) The perpetrators then purchased a large number of small-cap low-volume stocks through an already existing brokerage account. Next, they logged into the compromised account, liquidated the account holder’s assets, and used the proceeds to purchase these same stocks—thereby driving up the price. The perpetrators heavily profited by dumping the previously acquired shares.

...
Read more
Welcome to the Phish Market: The PRN Grows Again
Dave Cole | 13 Nov 2006 08:00:00 GMT | 0 comments

This past spring we announced that Phish Report Network (PRN) was officially open for any organization who wanted to have phishing attacks against their brand blocked through the PRN’s community of solution providers, including Yahoo, Netscape, Symantec and others. This was (and still is) completely free of charge to the organization sending the data. We’re now pleased to announce that anyone, from Grandma Jones in Topeka to Uncle Jack in Melbourne, can now submit their fresh phish to the PRN. It’s a piece of cake to do and mostly consists of copying the URL of the fraudulent Web site into a submission form at the following location: https://submit.symantec.com/antifraud/phish.cgi

Once we receive the suspicious URLs, we vet them both programmatically as well as manually to make sure it is indeed a fraudulent...

Read more
An Imaginative Phishing Attack on MySpace
Zulfikar Ramzan | 09 Nov 2006 08:00:00 GMT | 0 comments

A fairly imaginative phishing attack was live on the MySpace.com site for a few hours on the morning of Friday, October 27, 2006. The attack was interesting not so much because of its technical prowess, but because the attackers were so creative. The attack was initially reported by Netcraft who discovered it when one of their customers encountered the page.

The attackers were able to create a login page located at http://www.myspace.com/login_home_index_html, which solicited the visiting user’s MySpace username and password. When entered, these values would go to a server operated out of France.

How did the attackers manage to pull this off? They tossed the wealth of complex phishing techniques aside and did something that was remarkably simple and yet clever. Like millions before them, they just went to MySpace.com and registered an...

Read more
The Problem with Web 2.0
Hon Lau | 07 Nov 2006 08:00:00 GMT | 0 comments

Many great things have been touted about Web 2.0, such as that it will bring about a richer, freer, and more community-driven experience for all users. Technologies like wikis and blogs, along with services like Flickr and YouTube are prime examples of how the Web has evolved to bring about increased community participation. What these services really do is bring about freedom of speech to the masses. Unfortunately, the masses also include the “bad”.

Wikipedia has long been a target for mischief makers who abuse the ability for anyone to freely create and edit entries in the encyclopedia. Usually the abuses only involve providing false information in articles on the site. Recently, we received reports that the German version of Wikipedia has been used by malware creators to distribute their creations by modifying a page to point to their malicious programs. According to the reports, a Wikipedia entry regarding W32.Blaster was modified to point at fake...

Read more
Virus Bulletin 2006
Marc Fossi | 13 Oct 2006 07:00:00 GMT | 0 comments

VB-Oct06_small.jpg

Back in September, I summed up some of the malicious code and phishing trends from the latest edition of the Symantec Internet Security Threat Report. To sum up that summary, I said that we’re seeing a trend toward profit-driven attacks. Malicious code is being created with financial motivation and is used in conjunction with phishing attacks. Well, after two days of presentations at the Virus Bulletin 2006 conference, it seems that others agree with this conclusion.

From the keynote address by Mikko Hypponen of F-Secure, through to the presentation on phishing Trojan creation kits by Dmitri Alperovitch of...

Read more
Behavioral Vulnerabilities and Trust Abuse in Phishing
Zulfikar Ramzan | 03 Oct 2006 07:00:00 GMT | 0 comments

Markus Jakobsson is a computer science professor at Indiana University and has done some excellent work on understanding phishing attacks. I’ve blogged about some of Markus’ research in the past and I thought I’d share some information about some recent work of his that focuses on the question: What causes people to fall for phishing attacks?

Markus and his group completed a study at Indiana University where the subjects were shown various types of stimuli, such as Web pages and emails. Some of these were legitimate and others were based on phishing attacks. The subject group was asked to rate (on a scale of one to five) how authentic the stimulus was. If a participant marked a score of one, it was thought that the stimulus was taken from a phishing attack. A score of five meant that it appeared legitimate.

To make...

Read more
Microsoft Bake-off Missing Key Ingredients
Symantec Security Response | 29 Sep 2006 07:00:00 GMT | 0 comments

Yesterday, Microsoft announced the results of a commissioned analysis of anti-phishing solutions (http://www.3sharp.com/projects/antiphishing/gone-phishing.pdf). Being an active member of the anti-phishing community, we were surprised that the report did not look at Symantec's new heuristic anti-phishing protection features. These are included in Norton Internet Security 2007 and the upcoming Norton Confidential.

For many reasons, we are excited about these advanced anti-phishing capabilities, but were disappointed that 3Sharp LLC, the company that conducted the analysis on behalf of Microsoft, did not include at least one of our solutions in the comparison mix. Our underlying heuristic detection technology comes from WholeSecurity, a leading innovator of behavioral security solutions that Symantec acquired in October 2005. WholeSecurity learned early on that the...

Read more