Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts for January of 2008
Showing posts in English
Candid Wueest | 31 Jan 2008 08:00:00 GMT | 0 comments

Many people don’t like flashy advertisementbanners on Web pages. But ads are a necessary thing for some pages tokeep them free and help the owners pay their hosting fees. That mighthave been one of the reasons the bad guys thought of when usingmalicious banner ads as an attack vector. I’m not talking about theannoying banners that will overlay half of your screen so that you haveto click them away manually. I’m talking about malicious ads, sometimesreferred to as "malvertisement" or "badvertisement," which contain amalicious script or a hidden redirector. Most of the time it’s a flashobject that contains an obfuscated action script which redirects theuser to a malicious site after performing some user client checks. Ifthe IP address of the requester falls into the desired geographiclocation and the IP address was not yet served, then it will beredirected to the bad site. This site can then either use one of thewell known Web attacking toolkits to exploit a vulnerability in...

Jeremy Ward | 30 Jan 2008 08:00:00 GMT | 0 comments

Today Symantec launched Volume II of the IT Risk Management Report, entitled “IT Risk Management – From Myth to Reality.” It analyzes the results of interviews with more than 400 IT executives and professionals from around the world during 2007. As the title implies, the report takes a look at the truth behind four common myths around IT Risk Management.

Myth One: IT Risk = Security Risk

The report clearly demonstrates that people really don’t believe this myth any more. In fact, most (78 percent) of those participating in the survey thought that availability was the most important aspect of IT risk. While more than half of the participants rated every risk element serious or business-critical, only 15 percentage points separated the highest and lowest elements.

Myth Two: IT Risk Management is a Project

Well, anyone who...

M.K. Low | 29 Jan 2008 08:00:00 GMT | 0 comments

Go on any security Web site and their bestpractices state that you should “never view, open, or execute any emailattachment unless the attachment is expected and the purpose of theattachment is known.” But what if it’s your job to open attachments?

In this day and age, human resources (HR) managers post job openingsonline to get the widest possible distribution. Gone are the days ofnewspaper ads and window postings; managers want to attract as manyqualified applicants as possible and Web postings are inexpensive andeffective. This may be one reason why HR is a weak link in the securityof a company. Many companies prompt applicants to email their resumeand cover letter directly to the HR department or a specific manager. Iwent to a dozen international company sites and found that half of themhad the same application process.

To apply for positions on our team, respond by email tojane.doe@xxxxx-...

khaley | 28 Jan 2008 08:00:00 GMT | 0 comments

It’s not very far into 2008 and sadly we are already seeing some of our predictions on the security trends of 2008come true. I blogged earlier that our security analyses expected to seeold style cybercrimes turn up in virtual worlds. While it’s not clearif any crime occurred, they did experience an old fashion run on banks.Unfortunately, unlike in the movie “It’s a Wonderful Life” there was noGeorge Bailey to stop the bank run.

There is a highly developed economy in Second Life and manybank-like businesses virtualized to handle people’s money. Like socialnetworks, virtual worlds create a sense of trust in their users. Sowhen offered interest rates as preposterously high as 40 percent, manySecond Lifers didn’t give it a Second Thought (apologies, that pun wasunavoidable). To Second Life’s credit they tried to get on top of theproblem by...

khaley | 25 Jan 2008 08:00:00 GMT | 0 comments

I just signed up for a MySpace page. I’vebecome very interested in social networking and it was time to join thefun. Once you create an account the next step is to add some friends toyour network. So the first thing I decided to do was send an invite myfriend Bill Gates. (Now I don’t expect you to believe that Bill Gatesand I are friends. I admit that I’ve never met the man, but I'm tryingto make a bigger point, so bear with me.)

A quick search on MySpace for Bill or William Gates returned 192pages of search results. They couldn’t all be my Bill. I narrowed mysearch. I know what Bill looks like, so I searched just for profilesthat contained a picture. I gave up after finding over a 100 profileswith a picture of Bill Gates and I had only reviewed half the profilepictures. I will say that the number of profiles with Bill in a sweaterwere about even with those of him in a suit. Only a few choose to dragup that old mug shot of him from his teenage years.

Being Bill’...

Silas Barnes | 25 Jan 2008 08:00:00 GMT | 0 comments

We all know that there is a certain amountof risk we have to accept when we place personal information on a Website, including the possibility that someone may use that informationwithout our explicit permission. We also know that social networkingsites are becoming increasingly popular as more and more people enjoythe convenience with which to re-establish and maintain contact withlong lost friends, distant relatives, and work colleagues. Well, now itseems as though you don't even have to go to the trouble of signing upfor a profile with one social networking site or even provide content -they can do it for you!

Douglas Rushkoff, an author and documentarian from the UnitedStates, was momentarily confused when he started receiving a suddenburst of NDR (non-delivery report) emails informing him that a numberof emails he had previously sent could not be delivered - particularlywhen he did not remember sending any such emails. And these particularemails all appeared to...

Joji Hamada | 24 Jan 2008 08:00:00 GMT | 0 comments

The Trojan.Haradong author and hisaccomplices have been arrested, not for creating the so-called "Haradavirus," but for unauthorized use of copyrighted materials.Unfortunately in Japan, there is no law prohibiting people fromcreating malware. There is a bill that was submitted to the NationalDiet several years ago but is still in its deliberation process and hasyet to be passed. Hopefully, this arrest will raise the priority forlegislators to pass a law banning the development and/or use of malwarefor malicious purposes. The law authorities sure can use the lawbecause at the moment they are having to brainstorm ideas on whatcharges to arrest these type of criminals on.

Let me first give you some background on Winny, which has been usedas a vehicle to spread this malware. Due to the characteristic ofmalware such as W32.Antinny, Winny and the malware lurking in thefile-sharing network has been a widely discussed topic in Japan thelast few years. The main characteristic...

khaley | 24 Jan 2008 08:00:00 GMT | 0 comments

Social networking sites are an increasingly popular way for people to keep in contact with friends, family and business colleagues. These sites offer a rich set of features that enable users to share personal information as well as videos, music, and images with members of their network—all in the name of keeping their contacts updated with what goes on in their lives. Although the ability to share information and multimedia files are among social networking sites’ greatest strengths, hackers see these assets as new vectors to attack unsuspecting users.

With the increased use of these sites in the workplace, businesses should examine and understand the risks social networking sites pose to the enterprise. We developed this short Ask the Expert document to provide an introduction to the topic,...

Marc Fossi | 23 Jan 2008 08:00:00 GMT | 0 comments

News of the Silentbanker Trojan seems tohave (rightfully) caused quite a few people to wonder if the computersthey use to access their online banking are secure. I’ve gotten someinteresting questions about the security of online banking since LiamO’Murchu’s blog about Silentbankerwas published last week.

Some people I talked to said that they’llnever use online banking again, but I don’t think that’s the answer(just ask anyone who has ever had their bank card skimmed). Instead, I think people are better off securing their computers andusing a few best practices to ensure that their transactions are safe.

So, here are a few tips for online banking:

• Use a strong password to access your online banking and change itoften. Strong passwords are always good to use, but remember that akeylogger can...

Zulfikar Ramzan | 22 Jan 2008 08:00:00 GMT | 0 comments

In a previous blog entryposted almost a year ago, I talked about the concept of a drive-bypharming attack. With this sort of attack, all a victim would have todo to be susceptible is simply view the attacker’s malicious HTML orJavaScript code, which could be placed on a Web page or embedded in anemail. The attacker’s malicious code could change the DNS serversettings on the victim’s home broadband router (whether or not it’s awireless router). From then on, all future DNS requests would beresolved by the attacker’s DNS server, which meant that the attackereffectively could control the victim’s Internet connection.

At the time we described the attack concept, it was theoretical inthe sense that we had not seen an example of it “in the wild.” That’sno longer the case.

We recently saw instances of actual attackers attempting a...