Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response
Showing posts for September of 2007
Showing posts in English
Vincent Weafer | 28 Sep 2007 07:00:00 GMT | 0 comments

The two most common questions I hear around this time of year are: what do you think the biggest trend of the year was and what do you think the biggest threat next year will be. After outlining a year in review, let’s spend a little time on what we may expect to see in the next 12 months.

Obviously, the debut of a new operating system brings with it new features for both the research community and malicious code authors to scrutinize. It’s simple to expect that we’ll see new attack attempts on Microsoft Vista. What’s more interesting are trends we’re likely to see that don’t even touch the physical hard drive of a computer. Web 2.0 technologies have already begun to capture attacker interest and motivation. As adoption continues to grow and dependence on these Web applications increases, the impact and frequency of these issues will rise.

Consider the...

Ollie Whitehouse | 28 Sep 2007 07:00:00 GMT | 0 comments

Interesting tidbit: I subscribe to the Messaging Newsemail newsletter. (I don’t actually remember signing up for it – buthey ho). I couldn’t find this replicated on their site so I am going toquote the interesting bits of the newsletter.

What caught by eye was the title ‘Cell Phone Users Experience Text Spam’. We’ve discussed this before with the most interesting incident being when one operator took legal action. Anyway back to the Messaging News newsletter, they said the following:


“Across the country this past weekend, many folks received a spammessage for the first time. While a common problem with email, theshear...

Marc Fossi | 27 Sep 2007 07:00:00 GMT | 0 comments

…they just move to new mediums. Waaaay back in 1994, a computervirus hoax known as Good Times was passed around the Internet. Whilenot the first computer virus hoax, it is probably one of the bestknown. Since then there have been many similar hoaxes all promisingcertain destruction of your computer if you open an email originatingfrom a certain address or simply by reading certain words that appearon your monitor. Naturally, when many people receive one of thesehoaxes they decide to forward the message to all their friends andfamily to save them from this fate, thus helping the chain letter tospread (if I tell two friends and they tell two friends…).

In recent years, I noticed that these messages were showing up in myinbox less and less frequently. Did people learn not to believe thesemessages? Well, apparently not. They seem to be making a comeback, butrather than being sent via email they’re now sent through the messagingsystems on various social networking sites, as well...

M.K. Low | 26 Sep 2007 07:00:00 GMT | 0 comments

Recently, I came across a publication by Tews, Weinmann and Pyshkinthat describes an attack, called aircrack-twp, which can recover a104-bit WEP key in less than 60 seconds. WEP (Wired Equivalent Privacy)is a protocol used for securing wireless LANs (WLANs) that use the RC4stream cipher to encrypt transmitted packets under a common key.

The RC4 stream cipher is at the heart of the WEP protocol and is oneof the most widely used stream ciphers in the world due to itssimplicity and compact software implementation. Packets of informationare encrypted using the following method: A 24-bit initializationvector (IV) is chosen for each packet which is concatenated with thesecret 104-bit RC4 common key to form the 128-bit per packet or sessionkey. The per-packet key is encrypted through the RC4 stream cipher toproduce a pseudo-random keystream. Note that, since each packet has...

Joji Hamada | 25 Sep 2007 07:00:00 GMT | 0 comments

Today, a new Prime Minister took over office in Japan. As usual,malware authors are taking full advantage of this big occasion,launching targeted attacks that play upon the event. Symantec SecurityResponse has received an archive file today with the file namemofa.zip, which contains an executable called mofa.exe. This file isdetected as Backdoor.Darkmoon.E.

According to a local news source(in Japanese), an email pretending to be from the newly elected PrimeMinister, Yasuo Fukuda, is hitting some individuals' email boxes. Theemail contains content in regards to Japanese diplomacy in Asia, alongwith the address and phone number of the Prime minister's office – anattempt to make the email look more authentic. The name “MOFA” inmofa.zip is...

Aaron Adams | 25 Sep 2007 07:00:00 GMT | 0 comments

As little as three years ago, the concept of remote kernelexploitation remained arcane for most people in the security industryand was believed in some circles to be practically impossible, mostlydue to reliability issues. However, things in the security realm changequickly. Reliable exploit techniques come and go, new securitymechanisms are introduced, and arcane exploitation concepts arerevisited. Sometimes an exploitation concept that was once brushed offas too unreliable is reconsidered, bringing it again into focus as auseful and feasible attack vector.

Kernel vulnerabilities themselves are nothing new, of course. Theexploitation of local kernel flaws has been a popular pastime for manyresearchers and hackers over the years, and in many cases these flawswere shown to be exploited just as reliably as a local flaw in userlandsoftware. However, being local to the system has its advantages; thelevel of interactivity with the system and the data that is availablemake for...

Kelly Conley | 24 Sep 2007 07:00:00 GMT | 0 comments

Pump-and-dump stock, or penny stock, spam has been around for a longtime. Most memorably it has the distinction of being the maindeliverable of image spam. Regardless of the morphing or variations itis still pump-and-dump stock and while we're not stock advisors wewould advise against it, unless you like parting from your money.

The most recent morphing we've observed over the past few daysincludes highly obfuscated messages with a few distinctive features.For starters, none of the message headers in the attack contain asubject line. This means that when it lands in your inbox there will beno subject line for the message. Spammers may be utilizing this tacticas a means to entice end users to open the message by banking on thecuriosity of an end user to open the mysterious message. There is asubject line in the body of the message. The spammer is most likelydoing this for obfuscation purposes.

Other features of this pump and dump attack are the inclusion ofrandom,...

Ron Bowes | 21 Sep 2007 07:00:00 GMT | 0 comments

The Future Watch section of the latest Symantec Internet Security Threat Reportdiscusses the changing threat landscape, and presents some issues thatSymantec believes will emerge in the next six to eighteen months. Fourkey points were made this time: malicious activity in virtual worlds,evasion processes used by malicious code, hiding the origin of attacks,and new uses for bots.

Massively multiplayer online games (MMOGs) are becoming increasinglypopular. Originally, these types of games were mainly populated by moreexperienced computer users, but as they grow in popularity, more andmore casual users are beginning to participate. These types of usersare more likely to be exploited by scammers due to their lack ofexperience. As more of these kinds of players participate in MMOGs,scammers may increasingly target them.

Moreover, some online games allow "real money...

Vikram Thakur | 21 Sep 2007 07:00:00 GMT | 0 comments

If you've recently received an email with an attachment or link,asking you to install a patch or an update from Microsoft, pleasebeware as this is in all probability a hoax and could transfer controlof your computer to some unknown entity anywhere in the world.

Recently, we received samples of emails which prompted users toinstall patches for Windows, via fake Security Bulletins. The patcheswere either linked from the email or attached to the mail itself.Symantec products detect the linked file as Trojan.Dropper.

Patch-1sm.JPG
Click image for larger view


In this case, the installer distributed via this...

Ron Bowes | 20 Sep 2007 07:00:00 GMT | 0 comments

Volume XII of Symantec's Internet Security Threat Reportlooks at a variety of trends that were seen in phishing and spam.Although spammers' and phishers' techniques and targets constantlyvary, one thing remains the same: they're trying to make money – andthey're getting better at it.

Phishing attacks targeting financial services remained the mostpopular target than any other sector, making up 79 percent of uniquebrands phished, and 72 percent of all phishing Web sites. The reasonfor this is obvious: phishers want money, and stealing bank account orcredit card information is one of the quickest ways to make it. Andwith credit cards commonly selling for less than ten dollars on theblack market, and bulk rates offered on credit card sales, the phishersneed a lot of them to turn a profit.

In an attempt to get more bang for their buck, phishers have starteddeveloping...