Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Malware
Showing posts in English
Jo Hurcombe | 16 Dec 2014 15:06:05 GMT

link_spam_increase.jpg

Contributor: Satnam Narang 

Attackers behind malicious spam campaigns have shifted their tactics in recent months and are increasingly attempting to infect victims by luring them into clicking on links rather than sending them malicious attachments.

Since late November, Symantec Security Response has seen a spike in the number of malicious emails using this tactic. Over the last six months, there were relatively few spam emails containing malicious links. For example, in October, only seven percent of malicious spam emails contained links. That number jumped to 41 percent in November and has continued to climb in early December.

While many malicious emails come with an attachment, organizations can block and filter these types of messages. Symantec believes that the Cutwail botnet (...

Symantec Security Response | 23 Nov 2014 16:58:23 GMT

Code_tunnel_concept.png

An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals.

It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state....

Symantec Security Response | 20 Nov 2014 17:14:00 GMT | 0 comments

As Americans gear up for another holiday shopping season, the threat posed by point-of-sale malware remains high. More than a year after the discovery of the first major attacks against POS networks, many US retailers are still vulnerable to this type of attack and are likely to remain so until the complete transition to more secure payment card technologies in 2015. 

While some retailers have enhanced security by implementing encryption on their POS terminals, others have not and retailers will continue to be a low-hanging fruit for some time. While the introduction of new technologies will help stem the flow of attacks, it will not eliminate fraud completely and attackers have a track record of adapting their methods. 

Point-of-sale malware is now one of the biggest sources of stolen payment cards for cybercriminals. Although it hit the headlines over the past year, the POS malware threat has been slowly germinating since 2005 and the retail industry...

Ankit Singh | 04 Nov 2014 11:02:49 GMT

Toolbox_concept.png

On October 27, while tracking exploit kits (EKs) and infected domains, Symantec discovered that the popular music news and reviews website spin.com was redirecting visitors to the Rig exploit kit. This exploit kit was discovered earlier this year and is known to be the successor of another once popular EK, Redkit. The Rig EK takes advantage of vulnerabilities in Internet Explorer, Java, Adobe Flash, and Silverlight and was also one of the EKs associated with the askmen.com compromise back in June.

At the time of writing, the spin.com website was no longer compromised....

Candid Wueest | 12 Aug 2014 15:58:36 GMT

VMserver_concept.png

In the security field, virtual machines (VM) have been used for many years and are popular among researchers because malware can be executed and analyzed on them without having to reinstall production systems every time. As we previously discussed, these tests can be done manually or on automated systems, with each method providing different benefits or drawbacks. Every artifact is recorded and a conclusion is made to block or allow the application. For similar reasons, sandbox technology and virtualization technology have become a common component in many network security solutions. The aim is to find previously unknown malware by executing the samples and analyzing their behavior. 

However, there is an even bigger...

Shunichi Imano | 19 Jun 2014 10:53:19 GMT

Nico Nico, meaning “smile” in Japanese, is one of the biggest video sharing sites in Japan, with more than 30 million free members and over 2 million paid subscribers.

Rumors surfaced earlier today, claiming that some users who were watching videos on Nico Nico saw a strange pop-up message, asking them to update Flash Player to the latest version.

Niconico_5_LOB.png
Figure 1. The suspicious pop-up message, which says “This page cannot be displayed! Update to the latest version of Flash Player!”

The domain that the pop-up message appears from, downloads.[REMOVED].biz, does not look like it belongs to Adobe or Nico Nico.

If the user clicks “OK” on the pop-up message, they will be redirected a fake Flash Player download site, which mimics the appearance of the legitimate Adobe website.

...

Symantec Security Response | 20 May 2014 15:58:24 GMT

3509155_-_mobile_device_iBanking.png

Powerful Russian cybercrime gangs have begun to use premium Android malware to broaden their attacks on financial institutions. The tool, known as iBanking, is one of the most expensive pieces of malware Symantec has seen on the underground market and its creator has a polished, Software-as-a-Service business model. 

Operating under the handle GFF, its owner sells subscriptions to the software, complete with updates and technical support for up to US$5,000. For attackers unable to raise the subscription fee, GFF is also prepared to strike a deal, offering leases in exchange for a share of the profits. 

iBanking often masquerades as legitimate social networking, banking or security applications and is mainly being used to defeat out-of-band security measures employed by banks, intercepting one-time passwords sent...

Andrea Lelli | 08 May 2014 13:14:11 GMT

Symantec has spotted a recent surge of infections of Trojan.Viknok, which can gain elevated operating system privileges in order to add compromised computers to a botnet. Trojan.Viknok, first observed in April 2013, infects dll files with a malicious payload. Since its initial discovery, the malware has evolved into a sophisticated threat, capable of obtaining elevated operating system privileges in order to infect system files on multiple Windows operating systems, such as the 32 and 64-bit versions of Windows XP, Vista and 7. 

Attackers have been observed using Viknok-infected computers to carry out Adclick fraud. While click-fraud activity has been prevalent for years, it still seems to be an effective way for scammers to make money. The scammers behind the current Viknok campaign have gone to a lot of...

Lionel Payet | 23 Apr 2014 08:23:21 GMT

Contributor: Andrea Lelli

Operation Francophoned, first uncovered by Symantec in May 2013, involved organizations receiving direct phone calls and spear phishing emails impersonating a known telecommunication provider in France, all in an effort to install malware and steal information and ultimately money from targets. 

This highly targeted dual-pronged attack has proven to be very persistent in the French speaking world. Keeping a close eye on the Francophoned campaign, Symantec observed a resurgence in October 2013 and, early this year, witnessed some changes to the social engineering attack including the use of new malware.
 

Figure1.png...

Joji Hamada | 03 Apr 2014 09:08:58 GMT

bankeiya_concept.png
In recent years, the Japanese Internet community has faced difficult times trying to combat financial Trojans such as SpyEye (Trojan.Spyeye) and Zeus (Trojan.Zbot). The number of victims affected and the amount of funds withdrawn from bank accounts due to compromises is increasing at an alarming rate. Just to give you an idea, according to the Japanese National Police Agency, the number of reported illegal Internet banking withdrawals jumped from 64 incidents in 2012 to 1,315 incidents in 2013. The loss in savings amounted to approximately 1.4 billion yen (US$ 14 million) in 2013, up from 48 million yen (US$ 480,000) in 2012.

More recently, the nation has also...