Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts for November of 2009
Showing posts in English
Hon Lau | 30 Nov 2009 23:10:54 GMT

The Koobface gang has been keeping themselves busy of late. Like Santa's little elves, they’re beavering away, creating and checking their fake Facebook and YouTube video sites and packin' it (the worm, that is) twice. The latest campaign involves posting messages on Facebook profiles, which link to either to fake video pages or a fake Facebook page. Either way you will be offered a file named setup.exe, which may be presented as a Flash Player upgrade or some kind of free antivirus to protect you from Koobface.

The lure is put forth in compromised or bogus Facebook postings. The text is largely the same, though the messages appear with duplicate letters in various parts of the posts. For example:

•    I caan't ffall asleepp affter viewwing thiss videeo. I haven'tt seenn aanything liike this
•    I can''t falll aslleep aftter viiewing thhis vvideo. I havven't seeen aanything likee...

Hon Lau | 28 Nov 2009 12:15:34 GMT

The car accident involving Tiger Woods last night outside his home in Windemere, Florida has been generating a lot of heat as far as Web traffic and searches go. Since the news broke, the top web searches on Google has been related to the this story. Even hours after the break of the story, six out of the top ten search items are still related to this event.  Tiger Woods is obviously a huge celebrity from a sport that has a huge worldwide following. The circumstances surrounding this accident are still as yet unclear.   

Search rankings for results relating to Tiger Woods

From an IT security point of view this unfortunate incident is just another fruit ripe for the picking as far as malware writers are concerned. So it comes as no surprise that the creators of rogue antivirus or misleading application software have already jumped on the bandwagon and attempted to poison web search...

Symantec Security Response | 27 Nov 2009 12:38:35 GMT

Security Response has discovered a threat that is being talked about among some members of certain discussion groups in Japan. The threat, named Infostealer.Kenzero, teaches yet another lesson to those using file-sharing networks not to download illegal games. Infostealer.Kenzero primarily arrives in the guise of setup.exe, which in this case is a fake installation file for Japanese pornographic games that are circulating around the file-sharing network “Share.” Several pornographic games have been reported to include this malicious setup.exe file.

Once the setup.exe file is executed it attempts to download image files (.bmp) from a predetermined website. Using these images, the threat brings up a form that asks the user to enter personal information, including his or her full name, password for the game, email address, postal code, residential...

Peter Coogan | 25 Nov 2009 12:54:56 GMT

Okay, I did just coin the term “AV Friday” as a joke and it’s not to be taken too seriously. So, what is AV Friday all about? Many people living in the U.S. will be familiar with the term Black Friday—the day after Thanksgiving and generally the busiest retail shopping day of the year in the U.S. Some may have heard of the term Cyber Monday, which refers to the Monday immediately after Black Friday and thought to be the ceremonial kick-off, or busiest day, of the holiday online shopping season in the U.S. between Thanksgiving and Christmas. Having both of these days in mind made me wonder—what was the busiest antivirus protection day for Symantec over the last year? For fun, AV Friday was born.

On Friday, April 17, 2009, Symantec antivirus signatures reported protecting over 3.5 million...

Samir_Patil | 23 Nov 2009 20:23:30 GMT

Is your wish to spend the upcoming holidays in Hawaii or the Bahamas? With the recent increase in the volume of airline ticket spam, spammers have made it seem easy to grab cheap (or even free) airline tickets to your favorite destinations. During the holiday season many people travel to visit family and friends. In the current economic environment, cheap deals on airfare will attract users’ attention and spammers take full advantage of this fact.

Symantec researchers are observing an increase in spam that is offering cheap airline tickets or gift vouchers to use towards a purchase of airline tickets. Spam messages are originating with spoofed email addresses, such as “AirlineTickets@spam-domain” and “Free.Airline.Tickets@spam-domain.” The link provided in the message redirects the user to an online form where the user’s personal information and credit card details are requested.

The top 20 headlines used in airline ticket spam are...

Suyog Sainkar | 23 Nov 2009 20:13:40 GMT

Phishers are constantly targeting newer brands from diverse industries, with the sole motive of fraudulently acquiring a large amount of users’ confidential information for financial gains. Symantec has observed and followed up with some recent trends in phishing attacks targeting some of the popular online gaming websites. Since the beginning of this year there has been a steady rise in phishing attacks on gaming websites.

Why and How?

The primary motive of fraudsters is to seek out users’ confidential information, such as the login details for online gaming websites. The sample shown below is of a typical phishing Web page created by the fraudsters, which mimics a popular online gaming website. To trick users into trusting the phishing website, the phishers add a widget (to monitor online visitors) that will display some random number of purported online users visiting the site at a given time.  

Patrick Fitzgerald | 23 Nov 2009 16:27:01 GMT

Once again Zeus is up to its old tricks with a new twist.  The latest spam run informs users that their latest Social Security statement is available but it may contain errors.  The subject of the mail will be something like “Review annual Social Security statement“ and the body warns of a potential identity theft risk and asks you to review your annual statement at the link they provide.

Figure 1. An example of the Spam

If you follow this link you will arrive at the following page:
Figure 2. This fake page asks for your social...

John McDonald | 22 Nov 2009 08:20:09 GMT

It's only been a couple of short weeks since the iPhone background-changing incident that took the world by storm (well, parts of Australia at least), but already a Dutch ISP has reported what would be the first malicious iPhone worm to be seen in the wild.

Unfortunate news to be sure, but not exactly surprising. Our two recent blogs relating to iPhone threats warned (and I quote) that 'the publicly released code could easily be altered so that consequences were not so benign'. In case you missed them, the first blog was about the Ikee rickroller, which wasn't really considered malicious in that it only changed the iPhone background to a picture of 80's pop singer Rick Astley and was really more of a warning from the creator that jailbroken iPhones in a certain state could be compromised...

Security Intel Analysis Team | 21 Nov 2009 13:05:59 GMT

A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future.  When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors.  For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer.

The exploit targets a vulnerability in the way Internet Explorer uses cascading style sheet (CSS) information. CSS is...

Marian Merritt | 20 Nov 2009 14:45:48 GMT

I had the honor recently of moderating a virtual roundtable discussion on the top Internet security trends from 2009 and what we expect to see in the security threat landscape in 2010. Funny thing about security predictions—you hope they won’t come true, but expect them to anyway. The roundtable featured expert panelists Paul Wood (Senior Analyst, MessageLabs Intelligence, Symantec) and Zulfikar Ramzan (Technical Director, Symantec Security Response). They each have unique insights into the world of cybercrime, spam, phishing attacks, and other cyberthreats that plague us all.
We want to give a big thanks to everyone who joined in to listen to our experts, and we hope you found it interesting. For those of you who couldn’t make it, please take a few minutes to listen to the podcast of the actual roundtable.

You can read more about...