Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts for December of 2010
Showing posts in English
Mathew Maniyara | 27 Dec 2010 22:28:00 GMT

In the past couple of months, Symantec observed a series of phishing Web sites spoofing social networking brands.  These scams utilized many new baits in an attempt to trick end users in to giving away their confidential information.

In one particular example, the phishing Web site was titled “Webcam” and the phishing page contained an image of a webcam. Here, the phishing Web site gave the impression that the social networking site was providing a webcam facility for end users to interact with one another;  however, the legitimate Web site does not provide any such kind of facility.

The use of fake offers of pornography in social networking scams is now frequently observed. It seems that phishers are relentlessly using pornography as bait to steal user credentials. In this second example, though pornography was the bait, phishers used a different kind of approach in...

Stephen Doherty | 21 Dec 2010 12:46:38 GMT

Following my recent blog on W32.Yimfoca.B, it was clear that W32.Yimfoca also received a facelift (no pun intended). W32.Yimfoca.B spreads through instant messaging applications and once installed will download and install W32.Yimfoca. The latest version of W32.Yimfoca is targeting Facebook users by prompting them to filling out surveys in return for access to their accounts. 

On visiting Facebook, users are prompted with an overlay message, asking them to fill in a survey before gaining access to the site. The message reads:
Complete one of these surveys to gain access this page. Otherwise you will not have access to this page.
khaley | 17 Dec 2010 20:16:10 GMT

Bad predictions are soon forgotten. This can be a blessing for those in the prediction business. The guy on the local news that predicts the weather doesn’t always get it right, but we still tune in the next night for the next prediction. We forgive and we forget.

I’d prefer you forgot about our bad predictions too. But, because we’re trying to provide some help in thinking about and planning for the future, we add some accountability to our predictions. For our 2010 predictions we actually graded ourselves mid-year as you can see here: With our 2011 predictions, we let you, our readers, grade us immediately through an attached survey. For the most part, you agree with us. And in one case we (both Symantec and you) have been proven correct already. We are one for one...

Andrea Lelli | 17 Dec 2010 17:12:30 GMT

We have recently found samples of a new C&C (command-and-control) engine, named Dream Loader, and detected as Trojan.Karagany by Symantec products, that is being used in the wild. The engine comes in a pack that contains both a builder to build your own executable bot, and a Web interface to control all your bots by sending them commands through the Web.

Origins and marketing

The pack, version 0.3, is relatively new and seems to be originating from Russia; it was first found in November and is designed to be modular and load plugins. It has some nice features, although it is not as advanced as other packs, like Zeusbot for example. The pack was being sold for $550 in order to buy the backdoor itself (not the builder) and the Web interface. Every update to the backdoor configuration (e.g. a new url to be used for the C&C server) would require...

Eric Park | 16 Dec 2010 18:17:46 GMT

The volume of spam continues to drop.  We have been monitoring the decline in overall spam volume over the last few months, and the downtrend continued in November.  The average daily volume in November dropped 17.4 percent month-over-month.  Compared to August, spam volume was down over 56 percent.  This drop in overall spam volume also brought down the overall spam percentage.  Spam made up 84.31 percent of all messages in November, compared with 86.61 percent in October.

In addition to discussing the volume decline, this month’s report contains interesting predictions for 2011.

Click here to download the December 2010 State of Spam & Phishing Report, which highlights the following trends:

·         What’s Happening to Spam Volume?


Robert Keith | 14 Dec 2010 19:21:07 GMT

Hello and welcome to this month’s blog on the Microsoft patch release. This is another large release —the vendor is releasing 17 bulletins covering a total of 40 vulnerabilities.

Eight of the issues are rated ‘Critical’ and they affect Internet Explorer and the OpenType Font (OTF) format driver. The remainder of the issues are rated ‘Important’ or ‘Moderate’ and affect Publisher, Office, SharePoint, Windows, Windows kernel, Exchange, and Hyper-V. Included in this patch release is a fix for the last of the vulnerabilities Stuxnet was exploiting, the Windows Task Scheduler issue.

 As always, customers are advised to follow these security best practices:

-     Install vendor patches as soon as they are available.

-     Run all software with the least privileges required while still maintaining functionality.

-     Avoid handling files from...

Samir_Patil | 07 Dec 2010 17:23:16 GMT is in the news after their recent publications linked to leaked government documents. Spammers are now leveraging the current level of interest with social engineering techniques to infect users’ computers. Symantec is observing a wave of spam spoofing WikiLeaks to lure users into becoming infected with a new threat.

The spam email has subject line “IRAN Nuclear BOMB!” and spoofed headers. The “From” header purports to originate from, although this is not in fact the case, and the message body contains a URL. This URL downloads and runs Wikileaks.jar which has a downloader ‘Wikileaks.class’ file. The downloader pulls the threat from http://ugo.file[removed].com/226.exe. Symantec detects this threat as W32.Spyrat.

Below is screenshot of the email and website that downloads the threat:


Hon Lau | 07 Dec 2010 11:05:17 GMT

We have become familiar enough with malware creators poisoning popular search engine terms through SEO techniques in order to deliver their malicious files to a greater pool of unsuspecting users. Other popular services such as Twitter have not escaped the watchful eyes of the miscreants. This attack involves pumping out many of the same tweets with different accounts to push them into the Twitter trending list. That way more people are likely to see them even if the individual user accounts being used to send the tweets don't have that many followers. Incidentally many of the accounts used in this attack don't have that many followers and are quite fresh - meaning they are probably fake accounts set up specifically for the purpose of spamming tweets.

To carry out this kind of attack, the miscreants are clearly following a tried-and-tested recipe, borrowed from SEO-based attacks and tweaked...

Stephen Doherty | 06 Dec 2010 19:37:28 GMT

The latest W32.Yimfoca.B variants can target malicious links in no fewer than 44 countries and nearly 20 different languages. It has also increased the number of instant messaging applications to include most of the popular IM clients.

Here is a code snippet from W32.Yimfoca.B:

This picks the desired messages based on a comparison with the full list of countries listed below:

·         Slovenia

·         Canada

·         Norway

·         Switzerland (German)

·         Switzerland (Romansh)

·    ...

Samir_Patil | 02 Dec 2010 14:48:48 GMT

Come Christmas and everybody begins to bubble with joy and excitement. The season is such that no matter who you are or what you do, there is always some joy to be shared with everyone.

Christmas is particularly remembered for the gifts we give and receive. There is a plethora of gift items available on the Internet, so this is also a season during which e-commerce is at its peak. We at Symantec want to send a friendly reminder to you to be cautious while net-o-shopping this Christmas season. Don’t be misled by spammers’ unrealistic offers created to entice you!

To spread this message, here is a Christmas carol specially adapted and written just for you:


Spammers’ Ploys

Come, they told me Pa rup a pum pum
This is our Christmas treat, Pa rup a pum pum
Freebies and much to see, Pa rup a pum pum
Watches and meds and greets. Pa rup a pum pum, Rup a pum pum, rup a pum...