Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts for July of 2008
Showing posts in English
Ben Nahorney | 18 Jul 2008 14:41:31 GMT | 0 comments

Tell me if this sounds like a familiar scenario. You’ve come up with a brilliant password – it’s strong, easy to remember, and you’ve finally mastered the finger gymnastics required to type it in quickly – only to find that the usage window, mandated by IT password policy, is up. So you come up with a new one, double it, add 32, and then subtract the letters from your mother’s maiden name. Only now IT requires you to include at least two punctuation characters, but that just throws the logic of your method right off.


Password creation is a constant dance between security and convenience, where good passwords that bridge the gap are hard to come by. On the one hand, strong passwords, changed on a regular basis, do reduce the likelihood of success for a wide range of attacks. On the other hand, if you make something too complex, you run the risk of forgetting it–somewhat ironic evidence of its security.


So, the ultimate question is, how do you come up...

Silas Barnes | 11 Jul 2008 16:40:35 GMT | 0 comments

Everyone knows that in a matter of hours, hype can turn a small event into something much larger in the minds of society. Enter the latest round of malicious spam we have seen here at Symantec—the death of the Internet.


The following spam subject lines have been seen:


Secret Plan To Kill Internet By 2012: Leaked?


2012: The year the Internet as we know it dies...

2012: The Year The Internet Ends


This certainly sounds devastating because many of us spend a rather large amount of our time, both as part of work and as part of life, online. Addition information on this apocalyptic event continues in the various body texts we have seen, including:


Every significant Internet provider around the...

M.K. Low | 10 Jul 2008 15:14:29 GMT | 0 comments

The costs of most goods are so much higher than they were 30 years ago. Back then, cars were under $10,000 (I remember this because the Price is Right only had four missing digits in their Lucky Seven game). You could feed a family of four for $10 and even have change left over to buy a 25 cent candy bar. But what can you buy for $10 in 2008? I could buy just under three gallons of gas for my car, which would probably last me a couple of days. I could buy lunch at the local sushi place but only lunch since there wouldn't be enough left to buy something to drink. Or, I could buy 10 United States identities.


On underground economy servers, criminals sell a variety of illegal goods and services including bank account credentials, credit card numbers, and full identities. Typically, these goods are used for identity theft related activities. In the...

Sean Hittel | 09 Jul 2008 17:38:26 GMT | 0 comments

On July 7, Microsoft released a Security Bulletin outlining a vulnerability in the Access Snapshot Viewer ActiveX control. On or about this date, our honeypots began detecting this vulnerability exploited in what I can only describe as a Neosploit wrapper.

I have not managed to confirm that this is a completely new version of Neosploit, but in effect the attack consists of an encrypted block that is similar to some of the Mpack variants. This primary encoder serves the Access Snapshot exploit. Once this exploit has been attempted, the user is presented with a malicious iframe, which redirects the user to a copy of Neosploit. This adds an Access Snapshot exploit to the Neosploit repertoire, albeit in an unusual way. I can only speculate that this method of adding an exploit to Neosploit was chosen because the author does not control the source of Neosploit. Symantec...

Robert Keith | 08 Jul 2008 19:57:35 GMT | 0 comments

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a relatively light month; the vendor is releasing four bulletins that cover a total of nine vulnerabilities.

All nine of the issues are rated “important” this month. Although none of the issues jump out and say, “This is a severe or critical vulnerability,” a couple of the issues have the potential to become widespread. Two of the four SQL Server issues, while local in nature, could be exploited remotely if an attacker can exploit a latent SQL-injection issue in an application that uses the vulnerable server as a backend. Also, the DNS Server and Client issues could help attackers spoof legitimate sites, greatly enhancing their ability to phish sensitive information from unsuspecting victims.


Microsoft’s summary of the July releases can be found here:

Symantec Security Response | 04 Jul 2008 07:28:00 GMT | 0 comments

Well, its that time of year again and as to be expected, malicious code authors are using the occasion to try to lure unsuspecting folks (are there still any around?) into installing their wares. Two examples of spammed emails we have seen so far have these subject lines:

God bless America
Fabulous Independence Day firework
The email body contains a link that follows such enticing phrases as "America for You and Me" and "Happy birthday, America!" The links lead to Web pages containing an image of a video of fireworks. Clicking on the image unsurprisingly results in a Trojan.Peacomm.D (a.k.a. Storm) detection, as well as an iframe leading to another file detected as Downloader. Two "bangers " for the price of...
Kelly Conley | 02 Jul 2008 13:49:52 GMT | 0 comments

The July State of Spam Reportopens with optimistic words from 2004, from one Bill Gates: “Two yearsfrom now, spam will be solved.” While we wish that we could say theoptimistic words came to fruition, the reality is that ithas continued to increase and is now accounting for 80% of all email.Over the past month spammers have shown in a variety of ways how theyare still trying to best antispam filters. Some of the spam attacksseen in June include:

- Hacked personal email account used to scam contacts

- Spammers simplify email harvesting technique

- China Earthquake tragedy used to spread viruses

- Olympics-related lottery scam emerges

- Bogus news events continue to be used by spammers to net...

Yazan Gable | 01 Jul 2008 17:19:04 GMT | 0 comments

Network processing units (NPUs) are likely the next biggest thing in computer networking. NPUs are computer processors specifically designed to handle network-related functions. These little processors are typically found on embedded systems, but recently there have been moves to bring them into the realm of personal computers (PCs). One notable example is a network card (called KillerNIC) that's designed to make gaming over the Internet faster. It's specifically designed to handle user datagram protocol (UDP) communications that are most often deployed in highly interactive computer games. Given that computer games were a large driver in video card technology, it is reasonable to assume that NPU network cards will become common in the near future.

But what are the security implications of deploying NPUs on PCs? Each network card would need to have embedded software to run it; so basically, your network...