Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Security remove filter
Showing posts by John H remove filter
ルートキットにご注意
John H | 19 Jan 2012 | 0 comments

 

最近、主要メディアでルートキットの話題がよく登場します。メディアに取り上げられることで、多くの人に悪質な行為が知られるようになってきてはいますが、気が付かないうちに自宅や職場のコンピュータに脅威が感染するのを防ぐ方法は、まだあまり浸透していません。
広い意味でルートキットとは、通常のオペレーティングシステム(OS)の動作を妨害することによって、自身の存在を隠しながら、OS への特権アクセスを取得、維持するソフトウェア全般を指します。一般に、ルートキットには以下の 3 つの目的があります。
 
  1. 標的のコンピュータ上で、ルートキットが制限なしで動作できるようにする。
  2. コンピュータやインストール済みのセキュリティ製品によってルートキットが検出されないようにする。
  3. (パスワードやネットワーク帯域幅の盗用、他の悪質なソフトウェアのインストールなどを実行する)ペイロードを転送する。
 
では、感染が疑われる場合には、(その都度コンピュータを復元するのではなく)何をすればよいのでしょうか。また、自分のコンピュータに問題はないと思われる場合でも(そのように装うのがルートキット作成者の目的です)、悪質なコードが潜んでいないことを確認するにはどうすればよいのでしょうか。この種の脅威に関するニュースでは大抵、セキュリティソフトウェアが実行され、最新の状態になっていることを確認するよう呼びかけられますが、そもそもすでにルートキットがセキュリティソフトウェアから身を隠して動作している場合、セキュリティソフトウェアを最新の状態に保つことがどのように役立つのでしょうか。
 
ノートン インターネットセキュリティや Symantec Endpoint Protection など、シマンテックのセキュリティ製品には、ルートキットが身を隠すためのトリックにだまされることなく、ルートキットの予防、検出、駆除を行うための技術が多く組み込まれています。これらの製品では、さまざまな技術が個別に機能したり互いに連携したりすることで、...
Read more
A Reminder about Rootkits
John H | 18 Jan 2012 | 0 comments

 

Rootkit stories show up in the mainstream media on a regular basis these days. While these stories raise public awareness about what the bad guys are doing, they usually leave readers wondering what they can do to protect themselves from silent threats infecting their computers at home and in the office. 
Broadly defined, a rootkit is any software that acquires and maintains privileged access to the operating system (OS) while hiding its presence by subverting normal OS behavior. A rootkit typically has three goals: 
 
  1. A rootkit wants to be able to run without restriction on a target computer. 
  2. It wants to elude being detected by the computer or an installed security product. 
  3. It wants to deliver its payload, such as stealing passwords or network bandwidth, or installing other malicious software.
 
So what can you do (other than re-build your computer...
Read more
Malware Whac-a-Mole: Gumblar is down, Martuz is up. Next?!
John H | 19 May 2009 | 0 comments

The malicious code Whac-a-Mole game continues. Just as security vendors start detecting the domains and malware associated with the drive-by download attacks coming from the malicious Gumblar domains, the bad guys are changing the game and popping up from Martuz dot cn, which, according to Who.is, is located in the UK with a 95.129.x.x IP Address. The JavaScript appearing on the websites has also become more obfuscated, making the attacks slightly harder for IT managers and Web administrators to detect. The attackers are easily able to change the obfuscation by substituting portions of the domain name with variables instead of spelling out the domain all at once. The updated malicious JavaScript also performs a test to deliver a different payload for users of Google Chrome browsers, since Chrome has a blacklist of suspicious and malicious domains.

The drive-by download tries to exploit a number of underlying vulnerabilities, including some...

Read more
Viral Web Infections using Malware? Gumblar is, Unfortunately, Just Another Day on the Web
John H | 15 May 2009 | 0 comments

Symantec Security Response has been monitoring a recent spate of Web-based attacks and drive-by downloads from compromised websites that are infecting end-users’ computers. This latest round of attacks has a payload that maliciously alters Web search engine results on the compromised machines. There have also been some recent blog posts and articles written about compromised websites rendering drive-by downloads, including malware, with obfuscated attacks coming from a malicious Gumblar domain in China. Yes, we have seen a short-term increase in attacks, but the reality is, this is unfortunately just another day on the Web and it reflects what we have seen in our Web Based Attacks: February 2009 whitepaper. For instance, Symantec documented attacks from more than 800,000 unique domains last year.

We have been proactively blocking these latest attacks with our network IPS in...

Read more
The Latest in the Threat Landscape—Web-based Attacks: February 2009
John H | 24 Mar 2009 | 0 comments

As we talk to enterprise and consumer customers, we are finding that many don’t understand the risks of the Internet today, why their computers have been compromised, or how the threat landscape has really changed. The fact that simply visiting your favorite website can either lead to malware silently being installed on your computer without ever clicking on anything, or being plagued by misleading applications, such as fake antivirus software, seems to be a surprise to many users and IT managers alike.

 

 

 

 

 

 

 

With the increase in Web-...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,880