Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Security
Showing posts in English
Sammy Chu | 12 Jun 2014 21:23:05 GMT

The Symantec Global Intelligence network has detected a significant increase in hit-and-run spam attacks (sometimes referred to as ‘snowshoe’ spam attacks) from .club domains in the last 24 hours. Earlier this year the Internet Corporation for Assigned Names and Numbers (ICANN) released a number of generic top-level domains (gTLD), with .club among them. Spammers have taken to abusing gTLDs, and specifically, the .club gTLD to perform hit-and-run spam attacks. Hit-and-run spam attacks quickly cycle through domains and IP addresses with unknown reputation to avoid detection. In this case they are using domains with the .club gTLD because of their lack of reputation.

We have observed the following “From:” header lines in these attacks:

  • From: "CarClearanceLot" <CarClearanceLot@[REMOVED].club>
  • From: "CarSavingsEvents" <CarSavingsEvents@[REMOVED].club>
  • From: "PriceNewCar" <PriceNewCar@[REMOVED].club>
  • From: Gift Cards <...
Binny Kuriakose | 12 Jun 2014 08:56:56 GMT

Many countries around the world will celebrate Father’s Day this year on June 15. With only a few days remaining, people are busy planning and purchasing gifts for the greatest hero in their life. Unfortunately, this is also when Father’s Day spam and fraud emails are at their height and many unsuspecting users could get conned by these campaigns. 

We have observed a gradual increase in the amount of spam taking advantage of Father’s Day since the end of May. Most of the spam shares similarities with Mother’s Day spam, as observed last month. The campaigns are not so different from the ones seen in previous years. In fact, this year, we have observed spam with the exact same products and offers as last year.

fathersdayspam_1.png
Figure 1. Product spam related to Father’s...

Lionel Payet | 11 Jun 2014 08:16:05 GMT

Contributor: Roberto Sponchioni

It’s well known that hot political topics make enticing lures for cyberattacks and, as such, Symantec is constantly on the lookout for attacks using this tactic. Recent monitoring of the global political landscape led us to observe a malicious campaign piggybacking on the coup d’état that occurred in Thailand three weeks ago (May 19, 2014) after months of turmoil in the country. We have seen the emergence of a limited and targeted spam campaign against government officials in Southeast Asia

The malicious emails claim to be from a well-known media institution based in Myanmar and come in three variations where only the attached Word document’s name changes:

  • The_Military_situation_in_Thailand.doc
  • Thai_Coup_Leader_Says_He_Has_Received_King.doc
  • ...
himanshu_mehta | 10 Jun 2014 20:03:34 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 66 vulnerabilities. Fifty-five of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the June releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/...

Satnam Narang | 09 Jun 2014 17:49:51 GMT

With the 2014 FIFA World Cup in Brazil just around the corner, scammers have kicked off efforts to target fans of the international football event. World Cup fans everywhere should watch out for free ticket scams, news service scams, and online streaming scams. Symantec has already identified several email scams and we expect to see attempts to target fans on social networks.

Free tickets to the World Cup

The most common scam around the World Cup involves free tickets. After all, what fan would not want an all-expenses paid trip to Brazil? Scammers know a dream come true is hard to pass up and circulate emails promising everything imaginable. 

Fifa World Cup 1.png

Figure 1. Scam email offers free tickets to 2014 World Cup in Brazil

Emails Symantec has identified in...

Joji Hamada | 09 Jun 2014 17:07:32 GMT

Just around this time last year, Symantec came across a fake security app called Android Defender (Android.Fakedefender) that held mobile devices hostage until a ransom was paid up. This particular malware locked up the device, making it useless, in order to coerce the user into paying for the app. Now, a year later, a batch of malicious apps that take files stored on mobile devices hostage by encrypting them have been discovered in the wild by security researchers. These variants, which Symantec detects as Android.Simplocker, pretend to be legitimate apps and appear to be hosted on fake Google Play sites aimed at Russian-speaking Android device owners. An example of one of these fake sites can be seen in Figure...

Symantec Security Response | 05 Jun 2014 15:26:17 GMT

OpenSSLVulnsJune2014_small_v2-new.png

Figure. List of the latest patched OpenSSL vulnerabilities

The OpenSSL project recently released patches for several OpenSSL vulnerabilities, two of which are marked as critical. One of the critical vulnerabilities, OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability (CVE-2014-0224), could let an attacker carry out a man-in-the-middle attack, allowing them to intercept traffic between a vulnerable client and a vulnerable server. One way that attackers could exploit this flaw is by setting up a rogue Wi-Fi hotspot in a public area. If a user connects to this rogue access point, the attackers controlling...

Satnam Narang | 05 Jun 2014 10:59:51 GMT

Dating back to last year, Symantec has been following a trend involving adult webcam spam on social networks, dating applications, and photo sharing applications. Our research found that no matter which platform it was found on, most adult webcam spam shared a common thread: it led users to a mobile messaging service called Kik.

What is Kik?
Kik is an instant messaging service available for all smartphone platforms. The service has more than 100 million users and is extremely popular with teenagers.

A recent history of adult webcam spam

Twitter
The first cross advertising for Kik spam made its way to Twitter towards the end of summer 2013. Spam bots would target specific keywords and send a reply when one was found. For instance, tweets with the word “horny” would be met with a response from a spam bot, posing as a female, containing the word “horny.” The message would ask the user to reply back...

Joseph Graziano | 02 Jun 2014 17:31:22 GMT

Everyone hates getting bills, and with each new one it seems like the amount due just keeps getting higher and higher. However, Symantec recently discovered an energy bill currently being emailed to people that will hit more than just your bank account.

A recent spam campaign sending out emails masquerading as an Australian energy company is serving up the Cryptolocker malware…or at least that’s what the spammers want you to think. Once users become infected, they are told they are infected with Cryptolocker (Trojan.Cryptolocker) however, upon further research, Symantec discovered that the malware is not related to the original Cryptolocker virus and is merely a copycat attempting to cash in on the hype and infamy of Cryptolocker.

Energy bill gives users a shock
This particular spam campaign requires a lot of work from the victim to work but once it...

Symantec Security Response | 02 Jun 2014 14:33:16 GMT

The FBI, the UK's National Crime Agency, and a number of international law enforcement agencies have significantly disrupted two of the world’s most dangerous financial fraud operations: the Gameover Zeus botnet and the Cryptolocker ransomware network. Working with a number of private sector partners, including Symantec, the FBI has seized a large amount of infrastructure used by both threats. On the back of this operation, Symantec has released a new tool that victims can use to completely remove Gameover Zeus infections.

fixtool_link.png

Gameover Zeus is responsible for millions of infections worldwide since its inception...