Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Security Response

Showing posts for September of 2008
Showing posts in English
Antonio Forzieri | 30 Sep 2008 17:49:01 GMT | 0 comments

A "phishing kit" is small piece of software usually written in PHP, HTML, and JavaScript that mimics legitimate portals (for example, financial institution websites) in order to acquire sensitive information such as usernames, passwords, and credit card details. The phishing kits of the first generation were quite simple; the fraudster would build a login page to collect stolen information on local files, saved on the compromised web servers. As shown in the picture below, after the credentials have been saved, users are redirected to the legitimate website.

 

This approach has an obvious drawback: if the directory-listing feature is enabled on the web server, other Internet users (including the compromised financial institutions) would be able to read those files. The countermeasure that was adopted by the fraudsters was the usage of...

Davide Veneziano | 29 Sep 2008 23:22:15 GMT | 0 comments

The evolution of a phishing attack is quite straightforward. At first, the fraudsters compromise a vulnerable server and deploy a package called a "phishing kit," which contains a clone application of the targeted institution. Then, mass mailing activities, with the aim of reaching a large number of recipients, are accomplished. Finally, the fraudsters use social engineering techniques to entice victims to submit their credentials, from which the fraudsters attempt to derive valid credentials. This will only happen if the fraudsters are able to convince users that they should trust the phishing website, or at least be tricked into believing it is a legitimate site and not raise any suspicion. Of course, this is not always a painless task.

Symantec has carried out several forensics analyses in order to evaluate the distribution of phished users over the different phases described above. Specifically, I want to focus my attention on the portion of users submitting...

TimBurlowski | 18 Sep 2008 15:02:56 GMT | 0 comments

"Only when the tide goes out do you discover who's been swimming naked."

Warren Buffet

The idea of risk management is in the news lately, given the turmoil in the financial markets. Working in data protection, we think long and hard about risk management. Our data protection products give an enterprise significant protection in the case of an actual disaster, man-made or otherwise. Disasters, while an important factor when considering data protection in an enterprise, are in actuality low probability/high impact events. The 2007 Symantec State of the Data Center report shows that datacenter managers know that downtime is not generally caused by a disaster.

 

 ...

Andrea Lelli | 17 Sep 2008 16:21:10 GMT | 0 comments

Modern SQL databases are flexible, efficient, and can run commands at an OS level easily-a perfect target from a malicious code perspective! Our honeypot servers are full of worms that spread by email, IM, file-sharing, or network vulnerabilities, so finding a Trojan that targets SQL databases is always an unusual surprise for a virus researcher.

Some of you may remember the W32.SQLExp.Worm back in 2003—it was a bad worm that tried to exploit a vulnerability in SQL servers in order to spread. Similar threats exist, such as Hacktool.SQLck and various security assessment tools like SQL Ninja.

This time we have found a new SQL threat:...

Sean Hittel | 15 Sep 2008 19:30:44 GMT | 0 comments

Not surprisingly, attackers are again targeting vulnerabilities from the latest set of Microsoft Security Bulletins. This time around, it is the Microsoft Media Encoder ActiveX overflow patched in MS08-053. This attack chronology is another example of the rapid adoption of public exploits into widely deployed exploit toolkits. The vulnerability was disclosed by Microsoft on Tuesday, September 9. A public exploit was released on September 13 (although the exploit itself is dated September 10). Our honeypots began picking variants of this exploit up in the wild soon thereafter on September 13.
 
The exploits that we have been finding so far are distributed in two major ways. One is that they are simply cleartext. That is, they are not obfuscated in any way, but are effectively the same as the public exploit, with attacker-supplied shellcode substituted for the...

JasonFisher | 12 Sep 2008 19:00:10 GMT | 0 comments

Myth #6: Backing up Virtual Machines Require Multiple Point Products

Just in time for VMworld this week, I'd like to debunk one last myth around data protection-the myth that virtual machines automatically require an additional set of tools to properly protect them. The move to virtual environments and all of the benefits they afford has been widely addressed. However, a recent Symantec survey found that of all the customers planning a move to virtual environments, over 65% were re-examining their data protection strategy.

Sounds like increased complexity, doesn't it? Isn't the potential for less complexity one of the major value propositions of moving to a virtual server infrastructure? We think that with the right strategy, IT groups can implement a data...

JasonFisher | 11 Sep 2008 19:36:17 GMT | 0 comments

 Myth #5: Data Protection is Just Backup

 

As we make our way through common data protection myths, we have talked quite a bit about how innovation has advanced data protection technologies over the last few years. In fact, until fairly recently data protection was all about backup. How fast can we backup our data? What is the success rate of backups? These were the primary concerns for IT administrators.

Now, recovery is the star of the show. It's not simply about backing up the data. The data must be recoverable-usually quickly and at the right granularity. Therefore, recovery is largely viewed as the most important aspect of data protection. If an organization cannot recover the data when they need it, what is the point of backing it up in the first place?

Here's an example. Imagine that you are a small business that relies heavily on IT functions for sales, operations, and day-to-day communication. Perhaps you run a law firm...

JasonFisher | 10 Sep 2008 21:16:17 GMT | 0 comments

Myth 4:  Granular Level Recovery Takes Too Long  

 

In Myth #2 we talked about granular recovery as a main driver for implementing disk into the backup infrastructure and a good way to help IT meet today’s RPOs and RTOs. As I mentioned, granular level recovery is one technology that enables IT to meet those RTOs and RPOs. However, I didn’t talk about some of the perceived challenges of granular level recovery, so I’d like to debunk the myth that it takes too long to restore data at this level.

Advanced granular recovery technology enables businesses to quickly restore individual emails, files, or documents from one backup pass, saving significant time and money.  Up until now, backup and recovery procedures have been arduous, requiring multiple agents and multiple backups. For...

Kelly Conley | 10 Sep 2008 16:34:38 GMT | 0 comments

We have observed a fraudulent spam attack masquerading as an email from Symantec. This email is in Portuguese and contains the Symantec logo and coloring, which make it appear as a legitimate email from Symantec. The “From” line is forged to add further credibility. The “Subject” and “From” lines appear as follows:

 

Subject:  Security Check
From: SYMANTEC <Worm@bda.267>

Needless to say, this is not from Symantec. The body of the message contains text that indicates that the Symantec Security Check System has tested your computer and found “X” number of dangerous imperfections. The email goes on to say that your computer is infected with the virus “Worm@bda.267.” Users are encouraged to click the provided link to download updates to protect their systems from further damage from this worm. Incidentally, there is no such virus as Worm@bda.267.

If the...

JasonFisher | 09 Sep 2008 22:36:14 GMT | 0 comments

Myth 3: Upgrading to a New Data Protection Solution is Painful and Expensive

 

In part three of our series on data protection myths, I thought we could take a look at the dreaded upgrade. Upgrading your data protection software is generally perceived as a painful process among the IT crowd. At the same time, that crowd is seeing the need to upgrade. Gartner research from July 2008 proved this. In a survey of 70 IT managers, 66% of respondents said they were planning major redesigns of backup and recovery systems within 12 months, according to analyst Alan Dayley. That is a lot of frustrated IT managers.

Fortunately, we think this is yet another data protection myth. While the process might seem daunting, in actuality, upgrading to the right solution will eliminate headaches in the long run. Today's data protection technology will save time and...