Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts for August of 2008
Showing posts in English
Eric Schou | 29 Aug 2008 19:43:44 GMT | 0 comments

Symantec has just released its 2008 Disaster Recovery (DR) research report. This is the fourth year that Symantec has issued this report and the overall results are compelling-a real wake up call for enterprise customers who believe disasters only happen to other companies. There'll be more to come on that later, but the press release for the report can be found here.

One big addition to the survey for this year was virtualization. Well, great timing. This is a technology that impacts many aspects of a company's business. It didn't surprise me to see some of the actual results regarding virtualization: 55% of respondents said that virtualization in and of itself would cause them to re-evaluate their DR plan. And, in North America specifically, the number was 64%. Again, I was not too surprised-more validation than anything. In the backup and recovery I see the enterprise...

Kelly Conley | 29 Aug 2008 17:58:32 GMT | 0 comments

Notice! The virus-spreading spammer doesn't have your baby but is claiming to. In recent emails observed by Symantec, malicious code is being spread by hoax emails claiming to have pictures of your hijacked [sic] baby. The Subject line makes the claim that someone has  "hijacked" your baby and the attachment on the message is not a photo, but rather a zip file containing a downloader:


Subject: We have hijacked your baby
Content-Type: application/zip;        name="photo.zip"


The body will look similar to the following:


"Hey We have hijacked your baby but you must pay once to us $50 000. The details we will send later...
We has attached photo of your fume"


The email comes with an attached zip file called "photo.zip," which...

Jesse Gough | 28 Aug 2008 17:29:02 GMT | 0 comments

There has been much debate recently that stems from discussions related to Linux kernel development, over whether or not security vulnerabilities should be treated differently than regular software bugs. This has meant there has been a slight departure from the exhausted “full disclosure” debate, in that some believe that the problem with the disclosure process isn't whether or not it best protects users, but that it unfairly praises those that uncover and fix security issues more than those that fix regular bugs. Personally, I think that there are two important distinctions that are not being made.

Security vs. Availability

Security and availability are two different things and should be treated as such. Some are quick to argue this, pointing out that a denial-of-service attack against a life support system would obviously be a drastic security problem. They would be right—I am not suggesting that the two are mutually exclusive. If we depend...

Candid Wueest | 27 Aug 2008 17:59:48 GMT | 0 comments

I must admit that I was puzzled for a second when I saw an email with a suicide note as a subject line in my spam inbox. I wondered what product they might try to sell with that note or which drive-by download site might be hidden behind it. So, I opened it. The email was actually written like a real suicide note.

In the text of the message, a young Swiss guy explains that he has had enough with the world and that he has given up his painful fight against the Russian cyber-criminals. With some side notes, he explains that he had at least profited a little from their own tricks and was able to transfer some cash for himself from Swiss online banking accounts. Of course, he explains, all in the name of the greater good.

The mail then takes a tangent and tells a story about him catching his girlfriend red-handed with another guy, which finalized his...

Jesse Gough | 26 Aug 2008 18:53:35 GMT | 0 comments

The PCI Security Standards Council has released a summary of changes and clarifications for version 1.2 of the PCI-DSS standard, which is scheduled for release on October 1, 2008. In an effort to combat the growing problem of card theft, the Payment Card Industry Data Security Standard has been established to ensure that through the use of imposed regulations, compromises of customer card data will not be easily possible. Virtually anyone wishing to handle or process customer card data is familiar with these regulations and probably equally aware of the costs associated with achieving and maintaining PCI compliance. For some people, security is difficult to invest in. You spend a lot of money on something, and you may feel like you don't receive any tangible or perceptible benefit afterwards. You may have even been forced to change some aspects of your business in order to adopt processes that feel less efficient. However, several retailers are now facing serious repercussions from...

Sean Hittel | 23 Aug 2008 02:08:34 GMT | 0 comments

On August 20, our honeypots began to receive attacks against the Cisco WebEx Meeting Manager vulnerability. This August 6 vulnerability exists in the ActiveX control used by WebEx to permit users to participate in meetings via Internet Explorer. Users running the vulnerable version of the Webex control who happened upon a Web site distributing the exploit would become infected. The first exploits that we have seen so far have been served via gaming sites that have had the exploit package injected on to them.

While WebEx will automatically patch each user when they join a meeting hosted on a patched server, this vulnerability is only two weeks old. Many vulnerable users may have been on holidays, making it reasonably likely that some users will become infected by visiting day-to-day Web sites before their next WebEx meeting.

This particular...

Joe Pfeiffer | 21 Aug 2008 18:23:02 GMT | 0 comments

Every person that looks at backup reporting has different requirements. Usually the first requirements that people want to see are what the most common errors are, what their success rate, is or how much data is being protected. However, it seems that more and more people are looking at storage costs that are associated with backup. This goes a little bit deeper than the basic activity information. It looks at things like how much data is being stored in the backup environment, when it will expire and how it gets moved around (often called the lifecycle).

The better the storage and backup environment is understood, the more informed the decisions about what and how much to purchase. The ultimate goal of all of this is to have just enough storage to do what is needed—no more, no less. Luckily, a theory has already been developed to meet this challenge called “just-in-time.” Just-in-time has been used to match the supply and demand in lots of industries, from automobile...

Kelly Conley | 21 Aug 2008 07:20:52 GMT | 0 comments

In the past few days Symantec has observed virus spam masquerading as news articles regarding the current Georgia-Russia conflict. We felt it was important to blog about this because this particular event is garnering a lot of media attention and holds a very high profile. Because of this, there is an extremely high potential for the spreading of malicious code by spam email using information on this event as a lure.

The messages themselves contain an attachment, along with instructions and passwords for the download of the attachment. The subject line appears to be a legitimate news story about the Russia/Georgia conflict. One subject line that has been seen reads: “Subject: Journalists Shot in Georgia.” A short description of a “news event” related to the Russia-Georgia conflict is contained within the body of the message.

The use of the attention-grabbing subject line seems to be intended as a social engineering tactic to entice recipients to click the link...

Henry Bell | 20 Aug 2008 17:20:52 GMT | 0 comments
There’s nothing like coffee one-upmanship to make the blood boil.
 
“You’re still drinking lattes? With actual milk from a cow? Good grief, where have you been?”
 
Nowadays though, it seems that coffee one-upmanship is no longer enough to secure the seemingly coveted “hippest person in the café” crown. Now that portable devices are actually portable, cafés and other public spaces seem to be prime territory for people keen to show off their technological gadgetry.
 
I’ve been keeping an eye out during my recent café trips – doppio, natch – and usually around half of the customers are tapping away on notebooks, ultra-portables and tablet devices. This is, admittedly, in tech-enamored Tokyo, but the use of truly portable and network-capable machines is clearly going to increase as specs go up and costs come down. Cafés are...
Hon Lau | 19 Aug 2008 15:58:50 GMT | 0 comments

Back in the 90's, Jamiroquai had a hit album named "Travelling without Moving." The title gives an apt description of some of the fantastic things that you can now do on the Internet. For example, we can now literally travel the world without moving beyond the comfort of the armchair. Applications such as Google Earth and Google Maps (with its Street View feature) enable anybody with a decent Internet connection to literally drop in to virtually any location on this planet.

These applications are great for planning visits-you can see exactly how far your hotel is from the train station, where there is parking, or even plot your full itinerary. You can also use these applications to get a feel for an area before you go there; for example, if you were visiting an unfamiliar area it's really useful to see what the building or location you are going to actually looks like before you get there. Addresses are sometimes hard to recognize and as the saying goes, a...