Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with ISTR XV remove filter
A Rise in Java Vulnerabilities
Greg Ahmad | 30 Apr 2010 | 0 comments

Web browsers are an integral part of home and business computing environments and one of the most popular and ubiquitous applications on computer systems. Due to their popularity, the exploitation of security vulnerabilities in browsers is a common method for attackers to compromise computers. Vulnerabilities in browsers and browser plug-ins facilitate the propagation of malware, as well as aid in other attacks such as fraud and the theft of sensitive information. Not only are these issues used to compromise computers in targeted attacks, but vulnerabilities affecting browser applications are also exploited en masse by malware, bot networks, and exploit toolkits. Nowadays, attacks that take advantage of vulnerabilities in browsers and other associated applications such as browser plug-ins are very common. According the recent Symantec Global...

Read more
“Perfect” Client-Side Vulnerabilities
Adrian Pisarczyk | 27 Apr 2010 | 0 comments

Far gone are the times when truly remote server-side vulnerabilities were the most popular vectors for compromising machines and attacking organizations. More than 93 percent of vulnerabilities exploited in recent years have been client-side security flaws, as discussed in the Symantec Global Internet Security Threat Report. They are used in both targeted attacks and massively widespread drive-by attacks to create botnets. One type of these sorts of vulnerabilities is browser and browser-related issues. In many cases they merely require a victim to follow a single link to become compromised. There is a continuous race between browser developers, vulnerability researchers, and exploit writers. In this year’s Pwn2Own contest at the CanSecWest Applied Security Conference, all of the most popular browsers except Google Chrome were successfully exploited on the first day. The list included Apple...

Read more
The Interesting Case of the Induc Virus
Brent Graveland | 23 Apr 2010 | 0 comments

In 2009, the Induc virus was the top new malicious code sample observed by Symantec worldwide. Notably, Induc does not actually do anything strictly malicious; all it does is propagate. No keystroke logging, no spam sending abilities, no ad clicking, and no destruction of data.

So what makes this virus interesting? All Induc does is propagate, but only on developer’s computers. Specifically, it does not do anything unless it detects an installation of versions 4 thru 7 of the Delphi® development environment. Delphi is a variant of the Pascal programming language originally developed by Borland and is meant to facilitate the development of applications for the Microsoft Windows platform. The targeted versions of Delphi were released between 1998 and 2002, but are still in wide use throughout the developer community....

Read more
Dirty Jobs: Cybermule
Ben Nahorney | 22 Apr 2010 | 0 comments

In this day and age we’re all aware of the threat cybercriminals pose to our personal information. If you’re not careful, items such as your credit card number could fall into the wrong hands, resulting in unauthorized goods and services being purchased in your name. What may come as a surprise is not everyone participating in these activities is a full-blown cybercrimial. Some are ordinary citizens—just like you and me—that unintentionally get caught up in illegal activity.

How does this happen? Let’s say you’ve recently lost your job and are desperate to find new work. So, you post your resume on a job recruitment website. A short time later you receive an email from a recruiter:

Acme Inc. is opening a vacancy for the Correspondence Manager position.

What luck—the job is done entirely from home, receiving and reshipping packages. It’s easy work that pays quite well:

Base Payment Mail handling...

Read more
Symantec Global ISTR XV Vulnerability Highlights
David McKinney | 21 Apr 2010 | 0 comments

I am proud to announce the release of Volume 15 of the Symantec Global Internet Security Threat Report. I would like to take this opportunity to give a preview of the some of the findings in the vulnerabilities section of this report.

In previous years, we observed that ActiveX vulnerabilities were on the rise. This trend was largely driven by security researchers employing various fuzzing tools to audit ActiveX controls for vulnerabilities. In 2008, 70 percent of all browser plug-in vulnerabilities could be attributed to vulnerable ActiveX controls. In 2009 there was a significant decline in the proportion of ActiveX vulnerabilities when compared to other browser plug-in technologies. In the report we observed that only 42 percent of browser plug-in vulnerabilities affected ActiveX controls. Vulnerabilities in other browser plug-ins increased as a result. In particular, Java SE accounted for 11 percent of browser plug-in vulnerabilities in 2008 but rose to 26...

Read more
Taking the Podium Isn’t Always a Call for Celebration
Téo Adams | 20 Apr 2010 | 0 comments

Ranks and podium finishes are no doubt one of the key highlights of the recently concluded 2010 Olympic winter games. Likewise, rankings are an aspect of many metrics used for analysis in the Symantec Global Internet Security Threat Report and there was a somewhat surprising change in the top ranks of malicious activity by country in 2009.

Beginning in 2006, Symantec began measuring, analyzing, and reporting the amount of malicious activity occurring in, or originating from, countries around the globe. In every report since, the top three countries have been the United States, China, and Germany. Although the country ranking below the top three has changed every year—with, in some cases, the amount of their malicious activity increasing significantly—there was little indication that the top three countries would change.

That said, previous editions of the report have observed and discussed indications that emerging countries such as India, Russia...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,905