Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Will A Spammer Protect Your Social Security Number?
Takako Yoshida | 31 Mar 2009 | 0 comments

From bank accounts to credit card numbers, personal information is at high risk as spammers are very fond of gathering data that will sell on the underground economy. Therefore, users are advised to be cautious and not expose their information (i.e. don’t submit personal details to questionable sites). So, what would you say if there is a service that protects your personal identification, such as a Social Security number? Would you be interested and want to find out more details? The answer should be “NO” if this offer is from a spammer.

Symantec has recently observed a message that appears to be a direct service promotion from an identity theft protection company, claiming that they can keep Social Security numbers away from risk:

 

 

...

Read more
Countdown to Tax Day Continues—Do Not File the “Spam Expense”
Dermot Harnett | 31 Mar 2009 | 0 comments

If you are a resident of the United States and haven’t already filed your tax returns, maybe you should consider reading the following blog post. The countdown to “tax day” (April 15 in the United States) is currently in full swing, with the IRS offering daily tips for filing.

The run-up to tax day in the United States has traditionally become a time when phishing directed towards the IRS becomes more prevalent. As reported in previous Symantec State of Spam reports, spammers continue to attempt to disguise themselves as the IRS, dangling tax refund offers in front of unsuspecting users.

These “offers” are aimed towards recipients who may be unaware that the IRS “does not initiate communication with taxpayers through email.” The purpose of these attacks is...

Read more
Managed Security in the Enterprise: Threats Equate to Actual Loss
Grant Geyer | 31 Mar 2009 | 0 comments

Editor’s Note: Part two in a four-part series

In part one of our blog series based on Symantec’s new research report, Managed Security in the Enterprise, I provided an overview of the challenges organizations are facing from cyber attacks. While we aren’t surprised that almost all U.S. respondents (88 percent) stated that their organizations have experienced cyber attacks over the past two years, the cyber loss they’ve experienced is staggering.

Incredibly, 97 percent of respondents reported real, tangible loss as a direct result of cyber attacks. When asked about the kind of cyber loss experienced, 46 percent of respondents in the United States claimed that they experienced downtime of their...

Read more
Beware of Spammers Offering Tax Help
Francisco Pardo | 31 Mar 2009 | 0 comments

During hard economic times, people look for ways to save money. Spending money on necessities such as tax preparation is no exception. Recently, spammers have been offering ways to save money on tax preparation as a means to enter a user’s inbox.
 
Below are some examples of subject lines spammers are using to lure users into opening messages:

 

File Your Returns Now!
TaxAct Online Home of the Totally Free federal tax return.
Prepare Free Print Free IRS e-file FREE
Click the link below to start your tax return


These messages are not just limited to taxpayers in the United States. Since spammers are part of  international underground corporations, other countries fall victim to spammers’ tactics as well. Our technicians have monitored emails directed to the people of France using the same principle. Here is an example:


Madame,...

Read more
“愚人节”的病毒“恶作剧”?
Livian Ge | 30 Mar 2009 | 0 comments

    “愚人节”就在明天,大家可能已经做好了整人或被人整的准备。通常,恶作剧的出现都会毫无预警,令人措手不及,以达到最佳“娱乐”效果。不过,今年有人改变了策略,提前通知大家他的“愚人节”计划, 如Downadup病毒编写者宣称4月1日将对现有的Downadup病毒升级。

 

     根据赛门铁克安全响应中心监测显示,Downadup (又名Conficker)可能于近日展开新一轮攻击。Downadup 蠕虫病毒编写者在现有的Downadup病毒脚本中表明,将于2009年4月1日将该病毒升级。

 

     Downadup蠕虫病毒利用微软视窗的MS08-067漏洞,通过将自己复制到共享网络的共享文件夹中,或感染U盘等移动存储设备进行传播。同时, Downadup也可能利用“愚人节”主题的垃圾邮件进入用户计算机中。一旦感染成功,Downadup病毒能够在用户未知情的情况下安装并运行。自2008年11月赛门铁克发现Downadup病毒以来,该病毒已感染上千万台计算机,并利用受感染的计算机发送垃圾邮件,制造钓鱼或垃圾邮件骗局,盗取诸如用户名、密码、证件号码等私人信息,或在用户不知情的情况下运行恶意代码等。若Downadup新变种出现,将给计算机用户带来更多更棘手的安全威胁。

 

    虽然还不能肯定Downadup病毒将在“愚人节”当日升级的消息是真实的,还是一则“愚人节”玩笑,我们仍然想提醒广大计算机用户及时更新计算机中的防病毒软件,并及时安装最新微软Windows Update,防患于未然。若新病毒一旦爆发,未安装或未及时更新防病毒软件的用户计算机系统很可能受到安全威胁的影响。

 

    如果用户的计算机中还未安装有效的防病毒软件,赛门铁克提供诺顿网络安全特警2009和诺顿360试用版供用户下载使用(http://www.symantec.com.cn/trialware)。同时,赛门铁克也提供针对Downadup病毒的免费移除工具Symantec FixDownadup.exe,用户可前往...

Read more
Linux.Psybot—Is Your Router Secure?
Ben Nahorney | 27 Mar 2009 | 0 comments

If you’re one of those people with a passing knowledge of Linux, you might see it as something used exclusively by network admins, developers, and hobbyists. What you may not realize is that these admins, devs, and hobbyists have taken this versatile OS and ported it to all sorts of devices over the years. While some of these ports were for fun (epitomizing the “because I could” attitude of many hardware enthusiasts), Linux slowly began to appear on everyday devices. Today you can find the operating system on anything from phones to cameras to PVRs. Even if you’re not a gadget geek, you may have Linux-embedded device yourself without even knowing it.

 

While this swell in usage is great news for open-source advocates, it also brings with it unwanted attention. As we’ve seen time and again—as software gains in popularity it becomes more of a target for malicious code. Over the last few months,...

Read more
W32.Downadup.C Pseudo-Random Domain Name Generation
John Park | 27 Mar 2009 | 0 comments

The pseudo-random domain name generation for the rendezvous point is a clever idea. The common way for a botnet to communicate with its botmaster is usually done via a single rendezvous point. Since this rendezvous point is static, whoever controls this static location owns the botnet. This poses a problem for the botmaster since this rendezvous location is the weakest link of the botnet. The botmaster can lose control of the whole botnet if the server at the rendezvous point is brought down, or if the IP is blacklisted. Fast flux, where the IP address bound to a domain name changes rapidly, was an attempt to foil IP blacklisting, but fast flux cannot protect against domain name blacklisting.

The pseudo-random domain name generation is the measure taken against domain name blacklisting, since blacklisting a large list of non-static domain names is impractical. With this, the current weakest link is eliminated.

One downside of having many rendezvous points is that...

Read more
Backdoor.Tidserv—在计算机里开一扇“后门”
Livian Ge | 27 Mar 2009 | 0 comments

    当你看见一个“电影场记板”图样  的文件出现在邮件里,会不会好奇地想要点击一下这个文件,看看它到底会如何运行?如果答案是“肯定”的话,Backdoor.Tidserv木马病毒很可能就会通过这个渠道进入你的电脑。

 

     Backdoor.Tidserv是一个非常“狡猾”的病毒,其传播渠道和隐藏技术都十分多变。从传播渠道来讲,Backdoor.Tidserv可以将自己伪装为令人好奇的图标,作为垃圾邮件的附件进入用户计算机,驱使用户点击而触发病毒的执行;它还可能通过偷渡式下载的方式,在用户浏览某些不安全网页时自动载入用户计算机中。从隐藏技术来讲,Backdoor.Tidserv通常会被加壳,如Packed.Generic.200等。而且这个“壳”变种迅速,增加了防病毒软件查杀该病毒的难度。

 

    Backdoor.Tidserv首先检查互斥量 \TdlStartMutex以确保每次在计算机中只有一个实例在运行。 紧接着,Backdoor.Tidserv会在受感染的计算机中生成并运行以UAC开头的病毒文件。同时,病毒还会释放一个DLL文件,并通过修改msvcrt.dll入口以通过启动系统服务MSISERVER来加载这个DLL文件。该DLL文件运行后,会释放出一个驱动程序,当该驱动程序运行时,将隐藏系统中所有以UAC开头的文件—这不仅包括以UAC开头的病毒文件,还包括其他与该病毒无关却以UAC开头的干净文件。如此以来,所有和病毒命名相似的文件都将被隐藏,增加了防病毒软件对该病毒的检测难度。

 

    以下是我们根据病毒“自我隐藏”的特性所做的演示: 

    图一显示病毒运行前,文件夹的病毒文件Tidserv.exe,及其他以UAC开头的干净文件:

 

...

Read more
Managed Security in the Enterprise: It’s Tough Out There
Grant Geyer | 27 Mar 2009 | 0 comments

Editor’s Note: Part one in a four-part series.

Most security practitioners won’t be surprised to hear this: security is tough, and getting tougher. In fact, at times, I’m sure it seems like a perfect storm of problems; the threats are getting worse, losses are mounting, and—in the midst of the global downturn—there are very real concerns around staffing and budgets.

Earlier this week, we announced the findings of a new study, Managed Security in the Enterprise, based on surveys of 1,000 IT managers in U.S. and European enterprises in January 2009. We used this to complement the Symantec Internet Security Threat Report, vol. XIII in order to obtain qualitative data through feedback from security practitioners about changes in the...

Read more
Easter Surprise For You
Parveen Vashishtha | 26 Mar 2009 | 0 comments

Easter is around the corner and as expected, attackers have already started to poison search engine queries to redirect users to websites that deliver misleading applications. Various search keywords related to Easter have been poisoned in Internet search results so that links to rogue websites are returned in the search listings. Some of the examples of poisoned keywords are:

Easter verse
Popular Easter Bible verse scriptures
Easter greeting card verses
Easter Bible verses
Easter verses poems
Bible Easter verse
Easter-Bible
Easter Bible quotes

Attackers are using various tricks, such as referrer checking, in order to evade security researchers. If the bogus domains returned in the search listing are visited directly, we will see a page with many Easter-related keywords and links used to bolster the page’s search ranking. However, if the bogus links are clicked on from the search engine results, users will be redirected to...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,905