Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Security remove filter
Showing posts by Parveen Vashishtha remove filter
ブラウザの偽セキュリティアップデートによるミスリーディングアプリケーションの投下手口
Parveen Vashishtha | 05 Oct 2010 | 0 comments

以前のブログで、ソーシャルエンジニアリングの手法を駆使した攻撃者が、ユーザーを脅してミスリーディングアプリケーションを購入させようとする手口について報告しました。そして今度は、少し異なる手口でユーザーを欺く複数の Web サイトが見つかりました。

これらの Web サイトは、ユーザーを騙すために、悪意のあるページにアクセスしようとしたときにセキュリティ機能やセキュリティ技術によって返されるページによく似た偽のページを表示します。ただし、たとえば Google では[Get me out of here]ボタンが表示されるのに対して、偽のページでは、[Download Updates!!]ボタンが表示されます。
 

 

ユーザーがどのブラウザを使用しているかに関係なく、一見したところ Firefox および Chrome の更新版のダウンロードを強制しているように見える、同じ偽のダイアログボックスが表示されます。ユーザーが[Cancel]ボタンをクリックしても、この偽のダイアログボックスが画面から消えることはありません。

 
ダウンロードされる実行可能ファイルは、Security Tool という悪名高いミスリーディングアプリケーションの亜種のようです。これを実行すると、ユーザーを脅すための大げさなポップアップが表示されます。
 

...

Read more
Misleading Apps Push Browser Security Update Trick
Parveen Vashishtha | 04 Oct 2010 | 0 comments

In a previous blog we reported on how attackers use social engineering techniques to scare users into purchasing a misleading application. This time around, we have come across a couple of websites that are using a slightly different trick to mislead users.

In order to trick users, these websites used bogus pages that look similar to those presented by security features or technologies when one is about to visit a malicious page. However, it presented a “Download Updates!!” button, unlike Google’s “Get me out of here” button, for example.
 

 

Regardless of what browser is used, the user is presented with the same misleading dialog box that seemingly...

Read more
“Google Sponsored Links” Websites Blacklisted by Google
Parveen Vashishtha | 28 Jan 2010 | 0 comments

The use of search engines to deliver malware is well known. Previously we reported that attackers were using Google-sponsored search results to promote malicious websites. Instead of using techniques such as search engine optimization (SEO) poisoning to get the optimum listing in the search engine results, attackers recently managed to compromise well known site autonagar.com, which is promoted by Google’s sponsored links. Interestingly, up until late last week, autonagar.com was hosting malicious exploits and was blacklisted by Google SafeBrowse. However, at the time of posting this blog the malicious code has been removed from autonagar.com and Google is no longer blocking it.

In this specific example, users who rely on Google’s sponsored links run the risk of their computers being...

Read more
“Google Sponsored Links” Sponsor Misleading Websites Blacklisted By Google
Parveen Vashishtha | 11 Jun 2009 | 0 comments

Attackers often use search engines to deliver malware. Earlier we reported that Yahoo-sponsored search results were used to promote misleading applications. Also, attackers reportedly abused Google advertisement services in order to push out misleading applications.

Instead of using techniques like search engine optimization (SEO) poisoning to get the optimum listing in the search engine results, attackers have recently been using Google’s sponsored links. In this situation the attackers’ advertisements would have been displayed on all websites that use Google’s sponsored links. For example, when a user searches for Adobe Flash player 9, Google-sponsored links might display one particular download link as flashplayer.9-downloadcenter.com. (Please do not...

Read more
Easter Surprise For You
Parveen Vashishtha | 26 Mar 2009 | 0 comments

Easter is around the corner and as expected, attackers have already started to poison search engine queries to redirect users to websites that deliver misleading applications. Various search keywords related to Easter have been poisoned in Internet search results so that links to rogue websites are returned in the search listings. Some of the examples of poisoned keywords are:

Easter verse
Popular Easter Bible verse scriptures
Easter greeting card verses
Easter Bible verses
Easter verses poems
Bible Easter verse
Easter-Bible
Easter Bible quotes

Attackers are using various tricks, such as referrer checking, in order to evade security researchers. If the bogus domains returned in the search listing are visited directly, we will see a page with many Easter-related keywords and links used to bolster the page’s search ranking. However, if the bogus links are clicked on from the search engine results, users will be redirected to...

Read more
Yahoo! Sponsored Search Results Leads to Misleading Websites
Parveen Vashishtha | 10 Mar 2009 | 0 comments

Search engines are often used by attackers as platforms from which to deliver malicious code. A while ago it was reported that Google was serving up advertisements that led to misleading applications (also known as rogue antispyware products).

This time, the malicious code authors are using “Yahoo! Sponsored Search” listings as a means to promote a misleading product called ”Antivirus & Security.” Antivirus-2009-new.com and Antivirus-pro-download.com are returned in Yahoo! Sponsored Search results as the latest version of AVG antivirus; however, the website actually claims that it is better than AVG and is an alternative to AVG antivirus. The sponsored search result leads to antivirus-2009-new.com and antivirus-pro-download.com, where users are asked to make a payment to buy a membership in order to obtain the product.

Instead of using techniques like search engine...

Read more
ActiveX File Overwrite/Delete Vulnerabilities - Continued
Parveen Vashishtha | 28 Oct 2008 | 0 comments

In a blog article from last year, I discussed the rise in popularity of exploits using ActiveX overwrite/delete vulnerabilities due to their ease of use. Since that time, we have seen over 100 such vulnerabilities.

Microsoft requires developers of ActiveX controls to mark their controls “not safe for scripting” if they can arbitrarily write or delete files. However, developers not realizing the security implications or the full capabilities of their ActiveX control often fail to do so, allowing unauthorized remote users to arbitrarily write files to disk. In some cases, the ActiveX control does not even need to be installed by the user—as was the case with the Access Snapshot Viewer ActiveX Vulnerability.

Recently we’ve seen a sharp rise in these types...

Read more
ActiveX File Overwrite/Delete Vulnerabilities
Parveen Vashishtha | 22 Oct 2007 | 0 comments

A new type of vulnerability isbecoming more popular these days. It is an arbitrary file overwrite/deletevulnerability that can be exploited by attackers to overwrite or deletearbitrary files on an affected computer. These vulnerabilities existparticularly because of a registered ActiveX control failing torestrict which domains may load the control for execution. An attackexploiting this vuln can lead to arbitrary code execution by a remoteattacker.

 

Successful exploitation of this vulnerability allows attackers tocreate, or append to, arbitrary files. An attacker can write to a startupfolder to execute arbitrary code during the next reboot or logonsession. A user will not be required to authorize the objectinstantiation since the object is within a signed ActiveX control. Atypical exploitation scenario would require an attacker to convince atargeted user to visit a malicious website.

 

We have come across approximately 40...

Read more
MPack: Getting More Dangerous
Parveen Vashishtha | 15 Aug 2007 | 0 comments

In our previous analysis we discussed ‘What is Mpack and how it works.’ We had reviewed MPackversion 0.84 in our previous blog; this time we will compare it with an updated version, MPack v 0.91.

1. The exploits include the existing ones present in v0.84. The list of exploits is present at the end of this blog.

2. There have been some changes to the management and reporting interface. A new file, admin.php, is introduced and stats.php has been removed.

The developers of the toolkit have provided admin.php for secure control and configuration of the Mpack installation. The Mpack owner can set username and password protection by using settings.php. There have been changes in the user interface, cosmetic changes such as better styles used to view, and a copyright logo: (c) 2007 DreamCoders– Logo.

MPack...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,916