Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Security remove filter
Showing posts by John Canavan remove filter
VB2006: l33t Skillz of the Virus Writer
John Canavan | 20 Nov 2006 | 0 comments

VB-Oct06_small.jpg

In the early part of this year, W32.Blackmal.E@mm and OSX.Leap.A received near blanket coverage from the technical media. W32.Blackmal.E@mm was a mass-mailing worm with two particular features that ensured it quickly became a focus of attention. When run, the worm would execute a Web-based php script, which was intended to function as an infection counter. Cue the daily tech-blog updates: "Clock ticking for Nyxem virus" (Slashdot), "Blackworm worm over 1.8 million infestations and climbing" (Sunbelt). Even the fancy animated .gifs of a counter shot up from 398,000 to 440,000 in seconds (F-Secure). Couple this with the fact that the worm was programmed to delete files with a number of common extensions on the third of the next month, and there's a storm a brewin': "Kama Sutra...

Read more
VB2006: l33t Skillz of the Virus Writer
John Canavan | 20 Nov 2006 | 0 comments

VB-Oct06_small.jpg

In the early part of this year, W32.Blackmal.E@mm and OSX.Leap.Areceived near blanket coverage from the technical media.W32.Blackmal.E@mm was a mass-mailing worm with two particular featuresthat ensured it quickly became a focus of attention. When run, the wormwould execute a Web-based php script, which was intended to function asan infection counter. Cue the daily tech-blog updates: "Clock tickingfor Nyxem virus" (Slashdot), "Blackworm worm over 1.8 millioninfestations and climbing" (Sunbelt). Even the fancy animated .gifs ofa counter shot up from 398,000 to 440,000 in seconds (F-Secure). Couplethis with the fact that the worm was programmed to delete files with anumber of common extensions on the third of the next month, and there'sa storm a brewin': "Kama Sutra worm seduces PC users" (cnet),"...

Read more
Justsystem's Ichitaro zero-day used to propogate Trojan
John Canavan | 15 Aug 2006 | 0 comments

In recent months, we have seen a number of zero-day Microsoft Office exploits used to drop Trojan horses on affected systems. The release of the exploits had been timed so that when Microsoft released their patches, a zero-day exploit surfaced the next day. The timing of these releases was noted by Symantec Security Response and it was speculated that the people behind these exploits had discovered multiple vulnerabilities in Microsoft Office and were holding back on releasing them, in order to maximize the time-to-patch for each of their finds.

Today, we have seen another targeted attack on a document editing suite; however, this time around it is Justsystem's Ichitaro. Ichitaro is a word processing program widely used in Japan.

The malicious document uses a unicode stack overflow to execute its code on the system, dropping and executing a Trojan horse named Backdoor.Papi. When run, Backdoor.Papi copies itself to the %system% directory, creates a service named CAPAPI...

Read more
Justsystem's Ichitaro zero-day used to propogate Trojan
John Canavan | 15 Aug 2006 | 0 comments

In recent months, we have seen a number of zero-day Microsoft Officeexploits used to drop Trojan horses on affected systems. The release ofthe exploits had been timed so that when Microsoft released theirpatches, a zero-day exploit surfaced the next day. The timing of thesereleases was noted by Symantec Security Response and it was speculatedthat the people behind these exploits had discovered multiplevulnerabilities in Microsoft Office and were holding back on releasingthem, in order to maximize the time-to-patch for each of their finds.

Today,we have seen another targeted attack on a document editing suite;however, this time around it is Justsystem's Ichitaro. Ichitaro is aword processing program widely used in Japan.

The malicious document uses a unicode stack overflow to execute itscode on the system, dropping and executing a Trojan horse namedBackdoor.Papi. When run, Backdoor.Papi copies itself to the %system%directory, creates a service named CAPAPI, and drops...

Read more
Vulnerabilities of the Skype API
John Canavan | 10 May 2006 | 0 comments

With a landmark of six million concurrent online users set last month, Skype’s active user base is growing quickly. With many worms now targeting other IM platforms, it looks to be only a matter of time before Skype becomes targeted as an infection vector. The presence of functionally strong features in the Skype API makes it a prime target for malicious code.

Towards the end of last year, Skype introduced a programming API with the intention of fostering a growing development community. Applications providing useful add-ons to Skype functionality and many hardware interfaces had been springing up over the previous months. Hoping to make development for these programmers less painful, introduce new add-ons to the product, and ultimately increase their market share in the face of the threats from Google Talk and Yahoo IM talk services, the Skype API was launched to capitalize on developer interest.

The Skype API allowed for stand-alone applications...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,794