Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts for March of 2009
Showing posts in English
Takako Yoshida | 31 Mar 2009 18:04:42 GMT | 0 comments

From bank accounts to credit card numbers, personal information is at high risk as spammers are very fond of gathering data that will sell on the underground economy. Therefore, users are advised to be cautious and not expose their information (i.e. don’t submit personal details to questionable sites). So, what would you say if there is a service that protects your personal identification, such as a Social Security number? Would you be interested and want to find out more details? The answer should be “NO” if this offer is from a spammer.

Symantec has recently observed a message that appears to be a direct service promotion from an identity theft protection company, claiming that they can keep Social Security numbers away from risk:

The spam message is attempting to collect personal information,...

Dermot Harnett | 31 Mar 2009 17:00:28 GMT | 0 comments

If you are a resident of the United States and haven’t already filed your tax returns, maybe you should consider reading the following blog post. The countdown to “tax day” (April 15 in the United States) is currently in full swing, with the IRS offering daily tips for filing.

The run-up to tax day in the United States has traditionally become a time when phishing directed towards the IRS becomes more prevalent. As reported in previous Symantec State of Spam reports, spammers continue to attempt to disguise themselves as the IRS, dangling tax refund offers in front of unsuspecting users.

These “offers” are aimed towards recipients who may be unaware that the IRS “does not initiate communication with taxpayers through email.” The purpose of...

Grant Geyer | 31 Mar 2009 15:09:41 GMT | 0 comments

Editor’s Note: Part two in a four-part series

In part one of our blog series based on Symantec’s new research report, Managed Security in the Enterprise, I provided an overview of the challenges organizations are facing from cyber attacks. While we aren’t surprised that almost all U.S. respondents (88 percent) stated that their organizations have experienced cyber attacks over the past two years, the cyber loss they’ve experienced is staggering.

Incredibly, 97 percent of respondents reported real, tangible loss as a direct result of cyber attacks. When asked about the kind of cyber loss experienced, 46 percent of respondents in the United States claimed that they experienced downtime of their...

Francisco Pardo | 31 Mar 2009 11:55:53 GMT | 0 comments

During hard economic times, people look for ways to save money. Spending money on necessities such as tax preparation is no exception. Recently, spammers have been offering ways to save money on tax preparation as a means to enter a user’s inbox.
Below are some examples of subject lines spammers are using to lure users into opening messages:


File Your Returns Now!
TaxAct Online Home of the Totally Free federal tax return.
Prepare Free Print Free IRS e-file FREE
Click the link below to start your tax return

These messages are not just limited to taxpayers in the United States. Since spammers are part of  international underground corporations, other countries fall victim to spammers’ tactics as well. Our technicians have monitored emails directed to the people of France using the same principle. Here is an example:


Ben Nahorney | 27 Mar 2009 21:31:08 GMT | 0 comments

If you’re one of those people with a passing knowledge of Linux, you might see it as something used exclusively by network admins, developers, and hobbyists. What you may not realize is that these admins, devs, and hobbyists have taken this versatile OS and ported it to all sorts of devices over the years. While some of these ports were for fun (epitomizing the “because I could” attitude of many hardware enthusiasts), Linux slowly began to appear on everyday devices. Today you can find the operating system on anything from phones to cameras to PVRs. Even if you’re not a gadget geek, you may have Linux-embedded device yourself without even knowing it.

While this swell in usage is great news for open-source advocates, it also brings with it unwanted attention. As we’ve seen time and again—as software gains in popularity it becomes more of a target for malicious code. Over the last few months,...

John Park | 27 Mar 2009 21:08:46 GMT | 0 comments

The pseudo-random domain name generation for the rendezvous point is a clever idea. The common way for a botnet to communicate with its botmaster is usually done via a single rendezvous point. Since this rendezvous point is static, whoever controls this static location owns the botnet. This poses a problem for the botmaster since this rendezvous location is the weakest link of the botnet. The botmaster can lose control of the whole botnet if the server at the rendezvous point is brought down, or if the IP is blacklisted. Fast flux, where the IP address bound to a domain name changes rapidly, was an attempt to foil IP blacklisting, but fast flux cannot protect against domain name blacklisting.

The pseudo-random domain name generation is the measure taken against domain name blacklisting, since blacklisting a large list of non-static domain names is impractical. With this, the current weakest link is eliminated.

One downside of having many rendezvous points is that...

Grant Geyer | 27 Mar 2009 15:33:08 GMT | 0 comments

Editor’s Note: Part one in a four-part series.

Most security practitioners won’t be surprised to hear this: security is tough, and getting tougher. In fact, at times, I’m sure it seems like a perfect storm of problems; the threats are getting worse, losses are mounting, and—in the midst of the global downturn—there are very real concerns around staffing and budgets.

Earlier this week, we announced the findings of a new study, Managed Security in the Enterprise, based on surveys of 1,000 IT managers in U.S. and European enterprises in January 2009. We used this to complement the Symantec Internet Security Threat Report, vol. XIII in order to obtain qualitative data through feedback from security practitioners about changes in the...

Parveen Vashishtha | 26 Mar 2009 17:14:09 GMT | 0 comments

Easter is around the corner and as expected, attackers have already started to poison search engine queries to redirect users to websites that deliver misleading applications. Various search keywords related to Easter have been poisoned in Internet search results so that links to rogue websites are returned in the search listings. Some of the examples of poisoned keywords are:

Easter verse
Popular Easter Bible verse scriptures
Easter greeting card verses
Easter Bible verses
Easter verses poems
Bible Easter verse
Easter Bible quotes

Attackers are using various tricks, such as referrer checking, in order to evade security researchers. If the bogus domains returned in the search listing are visited directly, we will see a page with many Easter-related keywords and links used to bolster the page’s search ranking. However, if the bogus links are clicked on from the search engine results, users will be redirected to...

Greg Ahmad | 26 Mar 2009 12:52:47 GMT | 0 comments

System Management Mode (SMM) is an operating mode available in Intel x86 and x86_64 architectures. SMM is the most privileged CPU operation mode on Intel architectures and facilitates power-management features and other operating-system-independent functions. It resides in a protected region of memory called System Management RAM (SMRAM)—access to which is typically limited to the BIOS. An SMI (system management interrupt) is used to enter SMM mode.

Over the last few years, research reports discussing attacks that target SMM have started to surface. In 2006, Loïc Duflot reported various security issues in SMM and presented an attack that bypassed the Securelevel mechanism in the OpenBSD kernel. In 2008,...

John Park | 26 Mar 2009 00:42:16 GMT

With Downadup/Conficker rising to celebrity status in the computer worm world, Symantec (along with other companies in the security industry) is hard at work, keeping our customers protected. But guess who else is hard at work at the moment? Yes, the authors of misleading applications. It isn’t the first time that they have latched onto popular news to fuel their malicious intent using search engine optimization (SEO).

Let's say you are curious about Conficker, or you think your computer might be infected with Conficker. By simply searching for "Conficker C," page one of the results includes a link to an infected site being used to spread a fake antivirus program:

Following the malicious link eventually leads you to a rogue application installation website, as shown below (Note that this is not a...