Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

2008—Ending With a Bang
Security Intel Analysis Team | 30 Dec 2008 | 0 comments

This has been an interesting year for high-profile vulnerabilities and security research. In 2008, awareness has been raised about a number of high impact, remote code-execution vulnerabilities affecting both server- and client-side applications. Published attacks targeted important protocols used by critical Internet infrastructure. A number of flaws in the implementation of a number of cryptographic implementations have also been made public. In addition to the aforementioned issues, new exploitation techniques were demonstrated that emphasized the growing trend toward application-specific attacks targeting Web technologies. 

Let's begin with a few high-profile memory corruption flaws on the Microsoft Windows front. The year started with a bang, MS08-001, which is a remotely exploitable memory-corruption vulnerability affecting the Microsoft Windows kernel. Then, in October we saw in-the-wild exploitation of a previously undisclosed RPC vulnerability affecting...

Read more
Merry Christmas from Arnold Schwarzenegger! (?)
Liam O Murchu | 29 Dec 2008 | 0 comments

While investigating the worm W32.Waledac recently, we got a shock (and a few laughs) from what popped up on ours screens (yes, unfortunately this is what passes for kicks in the virus lab during the holiday season):

(to see how we received this – skip to “Arnold Surprise” below)

First, I’ll tell you a little bit about the worm. W32.Waledac is a worm that sends emails containing a link to an apparent Christmas e-card that you have received. However, when the link for the e-card in the email is visited, you receive a copy of the worm instead of a greeting card. The file name used by the worm is ecard.exe and the links are all Christmas related, such as:

hxxp://[...

Read more
Phishing Attacks Utilizing Port Numbers
Sai Narayan Nambiar | 23 Dec 2008 | 0 comments

There are varying types of technologies used by online attackers these days. There are old tricks and of course new ones, but it is the newer ones that make it even more difficult to handle the dilemmas faced in the world of Internet security. One of the trends of attack that was noticed a little while ago was an attack based on a website’s “port number.” A port number is a way to identify a specific process to which an Internet or other network message is to be forwarded when it arrives at a server. We can identify a port number after a colon (“:”) following the host name. For example, consider http://1.1.1.1:8080/, in which the port number in the URL is 8080.

According to the IANA (Internet Assigned Numbers Authority), the port numbers are divided into three ranges: well known ports, registered ports and the dynamic and/or private ports.

 

1.    The...

Read more
An Early Holiday Gift—The Return of Spam
Dylan Morss | 19 Dec 2008 | 0 comments

After the shutdown of McColo, which was aiding the distribution of about half of all spam on the internet globally, spam volumes dropped. However, since mid-November, spam volumes have been slowly inching their way back up as old botnets are being brought back online and potential new botnets are being created.

At this point, spam volumes have slowly crept back up to 80 percent of their pre-McColo shutdown levels (when reviewing daily averages):

 

 

The types of spam being seen in new attacks are similar to what was being sent around the Internet prior to the shutdown. The spam messages can be categorized into the following groups:

  • Replica watches
  • Generic pharmacy
  • Erectile dysfunction drugs
  • Weight loss
  • Software

The spam is...

Read more
Missing Email Headers? Find Them in the Body.
Mayur Kulkarni | 18 Dec 2008 | 0 comments

Spammers always try to come up with new tricks to bypass antispam filters. This time, they have shown an ability to partly (or sometimes completely) hide essential headers, ruling filters on headers out of picture. Except for the "Received" lines, we do not find any headers in the message.

 

Analyzing the samples, we see very few SMTP commands before the actual message. We think that spammers may be using a slamming technique where all of the SMTP commands necessary to transmit an email message to another mail server are fired without waiting for the normal SMTP responses from the remote machine. Most of the time the remote server will end up accepting the message, although this clearly disobeys SMTP behavior as per various Internet standards. Slamming is primarily done to send unsolicited emails as rapidly as possible or, in this case possibly to hide all of the headers.

 

...

Read more
A Caution During the Season of Giving
Mayur Kulkarni | 18 Dec 2008 | 0 comments

Like so many forms of donations today, contributions to cancer research and treatment can be made online. Unfortunately, any online business or charity can be prone to phishing attacks against unsuspecting users. We have come across messages posing as though they have been sent from a legitimate cancer institute, but with spoofed URLs inside. These spoofed URLs redirect users to fake websites where online donations can be made. When a user enters their email address and password for making payments, an error is shown and they are redirected to the legitimate site. This is common behavior seen with such attacks. The actual intention of these phishing websites is to harvest email addresses and steal confidential information.

Simple preventive measures such as manually typing legitimate URLs directly in the browser can...

Read more
微软发布Internet Explorer 新补丁
Livian Ge | 17 Dec 2008 | 0 comments

    12月17日,微软发布Security Update for Internet Explorer (960714) 。 新发布的补丁不仅适用于近期受 IE 漏洞攻击影响最大的 Internet Explorer 7, 也同样适用于 Internet Explorer 5 和 Internet Explorer 6。因为随着针对此漏洞的病毒攻击的变种升级,其他 Internet Explorer 7 版本用户也面临着潜在的互联网病毒威胁。建议尽快运行Windows Update, 安装此补丁。

 

Message Edited by Livian Ge on 01-21-2009 01:49 AM
Read more
IE zero-day漏洞攻击激增
Livian Ge | 16 Dec 2008 | 0 comments

    从12月9日IE漏洞发布至今,赛门铁克密切监测可能针对此漏洞的计算机威胁,并陆续发布漏洞分析和IE zero-day漏洞警示, 帮助用户了解此漏洞的潜在威胁,提高防范意识。与此同时,赛门铁克迅速更新病毒特征库。针对此漏洞的 Bloodhound.Exploit.219 和 IPS 特征 23241 - HTTP MSIE Malformed XML BO 能够使用户计算机得到有效的安全防范。截至目前,根据赛门铁克的监测,针对此漏洞的攻击十分活跃,并已迅速跃居病毒攻击排行的前列。其中,中国用户受攻击数量居全球之首,美国,韩国和中国香港地区次之。

 

 

   

    亚洲是受此次漏洞影响的“重灾区”,因为目前利用比较广泛的针对该漏洞的SQL注入式攻击主要针对亚洲地区的用户。该攻击将计算机重新定向到含有恶意代码的网站,并自动下载 ...

Read more
Rise of IE Zero-Day Through SQL Injection
Peter Coogan | 15 Dec 2008 | 0 comments

Since our blog Yes, There’s a Zero-Day Exploit for Internet Explorer Out There was posted in relation to the now known Microsoft Security Advisory (961051) for IE, we have been closely monitoring the
uptake of this vulnerability. Symantec provides the antivirus signature Bloodhound.Exploit.219 and IPS signature 23241 - HTTP MSIE Malformed XML BO to protect users againstthis exploit. To date, since the release of our antivirus signature for this vulnerability, we have observed over 33,000 hits on Symantec customers. Abreakdown of the...

Read more
Just a Reminder
Steve Trilling | 12 Dec 2008 | 0 comments

You may have seen an article in the New York Times on December 6, 2008, by John Markoff, entitled "Thieves Winning Online War, Maybe Even in Your Computer." As we've previously discussed here, we're exploring an exciting new reputation-based security approach to protect against the continuing proliferation of the types of threats described in the article.

 

For more detail, please take a look at these two previous blog articles by Carey Nachenberg:

 

It's All About Reputation, and Losing Touch with Fingerprinting

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,850