Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Malware
Showing posts in English
Candid Wueest | 12 Aug 2014 15:58:36 GMT

VMserver_concept.png

In the security field, virtual machines (VM) have been used for many years and are popular among researchers because malware can be executed and analyzed on them without having to reinstall production systems every time. As we previously discussed, these tests can be done manually or on automated systems, with each method providing different benefits or drawbacks. Every artifact is recorded and a conclusion is made to block or allow the application. For similar reasons, sandbox technology and virtualization technology have become a common component in many network security solutions. The aim is to find previously unknown malware by executing the samples and analyzing their behavior. 

However, there is an even bigger...

Shunichi Imano | 19 Jun 2014 10:53:19 GMT

Nico Nico, meaning “smile” in Japanese, is one of the biggest video sharing sites in Japan, with more than 30 million free members and over 2 million paid subscribers.

Rumors surfaced earlier today, claiming that some users who were watching videos on Nico Nico saw a strange pop-up message, asking them to update Flash Player to the latest version.

Niconico_5_LOB.png
Figure 1. The suspicious pop-up message, which says “This page cannot be displayed! Update to the latest version of Flash Player!”

The domain that the pop-up message appears from, downloads.[REMOVED].biz, does not look like it belongs to Adobe or Nico Nico.

If the user clicks “OK” on the pop-up message, they will be redirected a fake Flash Player download site, which mimics the appearance of the legitimate Adobe website.

...

Symantec Security Response | 20 May 2014 15:58:24 GMT

3509155_-_mobile_device_iBanking.png

Powerful Russian cybercrime gangs have begun to use premium Android malware to broaden their attacks on financial institutions. The tool, known as iBanking, is one of the most expensive pieces of malware Symantec has seen on the underground market and its creator has a polished, Software-as-a-Service business model. 

Operating under the handle GFF, its owner sells subscriptions to the software, complete with updates and technical support for up to US$5,000. For attackers unable to raise the subscription fee, GFF is also prepared to strike a deal, offering leases in exchange for a share of the profits. 

iBanking often masquerades as legitimate social networking, banking or security applications and is mainly being used to defeat out-of-band security measures employed by banks, intercepting one-time passwords sent...

Andrea Lelli | 08 May 2014 13:14:11 GMT

Symantec has spotted a recent surge of infections of Trojan.Viknok, which can gain elevated operating system privileges in order to add compromised computers to a botnet. Trojan.Viknok, first observed in April 2013, infects dll files with a malicious payload. Since its initial discovery, the malware has evolved into a sophisticated threat, capable of obtaining elevated operating system privileges in order to infect system files on multiple Windows operating systems, such as the 32 and 64-bit versions of Windows XP, Vista and 7. 

Attackers have been observed using Viknok-infected computers to carry out Adclick fraud. While click-fraud activity has been prevalent for years, it still seems to be an effective way for scammers to make money. The scammers behind the current Viknok campaign have gone to a lot of...

Lionel Payet | 23 Apr 2014 08:23:21 GMT

Contributor: Andrea Lelli

Operation Francophoned, first uncovered by Symantec in May 2013, involved organizations receiving direct phone calls and spear phishing emails impersonating a known telecommunication provider in France, all in an effort to install malware and steal information and ultimately money from targets. 

This highly targeted dual-pronged attack has proven to be very persistent in the French speaking world. Keeping a close eye on the Francophoned campaign, Symantec observed a resurgence in October 2013 and, early this year, witnessed some changes to the social engineering attack including the use of new malware.
 

Figure1.png...

Joji Hamada | 03 Apr 2014 09:08:58 GMT

bankeiya_concept.png
In recent years, the Japanese Internet community has faced difficult times trying to combat financial Trojans such as SpyEye (Trojan.Spyeye) and Zeus (Trojan.Zbot). The number of victims affected and the amount of funds withdrawn from bank accounts due to compromises is increasing at an alarming rate. Just to give you an idea, according to the Japanese National Police Agency, the number of reported illegal Internet banking withdrawals jumped from 64 incidents in 2012 to 1,315 incidents in 2013. The loss in savings amounted to approximately 1.4 billion yen (US$ 14 million) in 2013, up from 48 million yen (US$ 480,000) in 2012.

More recently, the nation has also...

Daniel Regalado | 24 Mar 2014 12:57:46 GMT

daniel_blof_header_image_cropped.png

There is a growing chorus of voices calling for businesses and home users to upgrade existing Windows XP installations to newer versions of Windows, if not for the features, then at least for the improved security and support. ATMs are basically computers that control access to cash, and as it turns out, almost 95 percent of them run on versions of Windows XP. With the looming end-of-life for Windows XP slated for April 8, 2014, the banking industry is facing a serious risk of cyberattacks aimed at their ATM fleet. This risk is not hypothetical — it is already happening. Cybercriminals are targeting ATMs with increasingly sophisticated techniques. 

In late 2013, we...

Joji Hamada | 11 Mar 2014 15:22:59 GMT
A new spam campaign with an information-stealing malware attachment has been circulating since March 7, 2014. While spam emails are typically sent to many people, in this campaign, the spammer has limited their targets to administrators of online Japanese shopping sites.
 
The attacker may have targeted these recipients for various reasons. As most online stores provide contact details on their Web page, they become easy targets since their email addresses can be easily harvested by crawling sites. The attacker could also have targeted the recipients to get the companies’ account details in order to steal data maintained by the stores. The attacker may have also wanted to compromise the shopping sites in order to carry out further attacks against the store’s visitors.
 
The malware, detected as Infostealer.Ayufos, is a basic...
Dick O'Brien | 26 Feb 2014 09:57:19 GMT
3442719_-_mobile_device_grayware_concept.png
One of the most problematic areas in mobile security today is “grayware.” The dividing line between legitimate software and malware is not clearly drawn and grayware often occupies this murky middle ground. Grayware is applications that may not have any recognizable malware concealed within them but can nevertheless be in some way harmful or annoying to the user. For example, it might track their location, Web browsing habits or serve up unwanted ads. In many cases, grayware authors often maintain a veneer of legitimacy by outlining the application’s capabilities in the small print of the software license agreement. 
 
Grayware is not a new phenomenon and it first began to attract attention well over a decade ago when unwanted extras, such as spyware, were often packaged with free...
Candid Wueest | 25 Feb 2014 09:57:34 GMT
mwc_10years_tube_map_infographic.png
Figure. A brief history of mobile malware
 
2014 marks the tenth anniversary of mobile malware. It all began in 2004, when the first variant of SymbOS.Cabir was submitted to security researchers. The analysis revealed that this worm targeted Symbian OS, which was a very popular mobile operating system at the time. Infected phones would search for nearby Bluetooth devices that had activated discovery mode and then the worm would try to push itself onto them. The user had to manually accept the file transfer and also had to agree to the worm’s installation before the malware could infect the device. This limited the spread of the worm, as the victim had to be in close proximity to...