Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts for April of 2011
Showing posts in English
khaley | 29 Apr 2011 22:43:22 GMT

On Tuesday, April 26, Symantec hosted a live Twitter chat centered around our latest Internet Security Threat Report and the changing threat landscape. We’d like to extend a big thank you to those who participated and joined the conversation.

 Using the #SecChat hash tag in Twitter, we were able to guide a lively discussion around what’s top of mind with regard to the current security threat landscape for those of you in the security industry.

One aspect of the discussion focused on end-user security education and its importance, while others questioned whether dollars spent toward user education made any difference at all. We certainly heard all sides to the story. If there is anything people agree on it’s that the “user is like water, following the path of least resistance to their end goal,” in the words of one tweeter.

Those in support...

Suyog Sainkar | 28 Apr 2011 08:30:17 GMT

As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software through black hat search engine optimization (SEO) techniques.
 

Spam campaigns

We have blogged previously about “snowshoe” spammers targeting the upcoming British Royal Wedding of Prince William and Kate Middleton. Spam email messages advertising a replica of Princess Diana’s engagement ring that were observed in February are still making the rounds on the Internet, and the eve of the royal wedding is now upon us. Furthermore, as we had anticipated, we have recently observed additional spam campaigns making use of this significant event to promote various products.

In one such recent spam campaign, email promoting a "...

Mayur Kulkarni | 26 Apr 2011 16:06:13 GMT

Communication in the today’s world is dominated by email, instant messaging, and social networking. However, for making any formal statement or announcement, hard-copy letters are still sent using postal services. In both mediums, unwanted, unsolicited letters are not new; however, it may still be surprising if a spam message is sent over using postal services - somewhat low tech, but perhaps most effective way to bypass all kinds of online security. In a letter shared by a recipient, we found familiar text seen in emails associated with scams. We confirmed the hard-copy letter to be a 419 scam.

Here is the scanned copy of the letter (where the identity and address of the recipient have been blurred):

Text inside the letter has everything that we commonly see with email scams, except that we do not find any reply-to email addresses. Also, the scammer stresses that recipients must only fax the...

Dermot Harnett | 20 Apr 2011 21:44:04 GMT

On April 20, for the first time ever, gold rose above $1,500 an ounce as worries over the U.S. economic outlook boosted demand for the metal as a haven. Within hours, Symantec observed this spammer’s response: a hit-and-run spam attack with the Subject line “Subject: Is Gold Your Ticket To A Golden Future?”

Hit-and-run spam (or snow-shoe spam) is a threat known for its large volumes of spam messages in short bursts, where domains are quickly rotating and the sending IP hops within a certain /24 IP range.

Key characteristics include:

  • The message is in HTML
  • There is some type of word salad or word obfuscation injected between various tags and/or in the URL by means of multiple directories
  • The message is typically sent within the same /24 IP range
  • Domains are rotated quickly

The call to action for this particular attack is a URL in the message body which directs the recipient to a Web site where the...

khaley | 20 Apr 2011 20:28:37 GMT

The Internet is now a veritable minefield of malware, and it’s becoming more and more difficult to navigate. Every year, hundreds of millions of new threats appear and cybercriminals are constantly changing tactics hoping to catch users off-guard.

On Tuesday, April 26 at 10 a.m. PST, join me and Marc Fossi for a live Twitter discussion on the latest Internet Security Threat Report. We will discuss the report and answer your questions using the #SecChat hash tag.

This year’s report notes that Symantec detected more than 286 million new threats in 2010. This number grows every year, and in 2011, some of these threats will be pointed toward you. Many companies found that to be the case last year. The ISTR covers the trends and tricks used in targeted and massive attacks by cybercriminals. Among the trends from the report to be discussed will be the proliferation of attack kits - pre-written...

Spencer Parkinson | 20 Apr 2011 07:50:45 GMT

More than ever before, smartphones are keeping us connected both personally and professionally. Because most of us have a preference as to the ideal smartphone, IT departments are increasingly being tasked with managing a mix of business-liable and employee-liable devices. This trend has become known as the consumerization of IT.

Symantec has developed a short survey to get smartphone end users’ perspectives on this trend. We’d also like to learn more about how your employer is managing the growing use of smartphones, especially those being purchased and brought into the organization by employees. The quick five minute survey can be found here: http://bit.ly/gsdgmX

Once you’ve taken the survey, please stay tuned to the original post that resides in the...

Samir_Patil | 18 Apr 2011 22:14:14 GMT

Easter is a Christian holiday centered on the death of Jesus Christ and his subsequent resurrection several days later. Hence Easter is an important holiday for Christians. But what gets associated with Easter is beautifully decorated Easter eggs found on every decorated shop window this season, and of course the Easter Bunny! To celebrate Easter, people exchange Easter eggs and, with the evolution of time, today we have personalized e-cards and personalized gifts. Spammers have begun to exploit the season by sending personalized e-cards, gift cards, and replica-spam emails.

Here is a screenshot of a personalized Easter e-card:

Here are some of the headers used in Easter e-card spam:

Subject: Give your child the gift of amazement A Package from The Easter Bunny.

Subject: The Most Popular Gift for Kids this Easter 2011

Subject: Send A Personalized Easter Bunny Letter...

Nicolas Falliere | 14 Apr 2011 03:17:50 GMT

A few months ago, at least prior to February 7th, Sality operators pushed a new malware onto their P2P network of infected bots. The malware in question hooks into Internet Explorer using its standard COM interface, and gathers credentials submitted via web forms. February’s variant treated Facebook, Blogger, and Myspace logon information differently: on top of stealing and sending the username/password to a Command and Control (C&C) server, the information was also dumped to an encrypted file, onto the user’s compromised computer. At that time, the plausible guess was that these credentials would be used by upcoming malware – the Sality programmers are very imaginative.

This was confirmed last weekend. The newest Sality package contained a new malware, on top of their usual spam/web relays. The...

Dylan Morss | 12 Apr 2011 21:05:25 GMT

As I recently have sent off my tax forms in preparation for the US Federal tax deadline on April 18 this year, a recent phishing scam piqued my interest. This attack is taking advantage of the new tax year beginning for folks in the UK on April 6, 2011.

The message in question was being sent in the name of the HMRC, Her Majesty’s Revenue and Customs, in an attempt to lure users into divulging bank account information with the lure of unclaimed tax overpayment money.

The path of the message had an international flavor, beginning at what looks like a computer at a hotel business center based in the US, then going through servers in New Zealand, then back to the US through the mail servers of a large free email service, and then presumably into the inbox of a user based in the UK.

The URLs in the message also contributed to this internationalized scam by utilizing a domain based in Serbia which would redirect users when they unsuspectingly clicked on the...

Robert Keith | 12 Apr 2011 20:21:55 GMT

Hello and welcome to this month’s blog on the Microsoft patch release. This is by far the largest month —the vendor is releasing 17 bulletins covering a total of 64 vulnerabilities.

Thirteen of the issues are rated ‘Critical’ and they affect Internet Explorer, SMB Server, SMB Client, the OpenType Compact File format, and GDI+. One of the bulletins this month addresses a record 30 local privilege-escalation vulnerabilities in the Windows kernel-mode drivers.

 As always, customers are advised to follow these security best practices:

-     Install vendor patches as soon as they are available.

-     Run all software with the least privileges required while still maintaining functionality.

-     Avoid handling files from unknown or questionable sources.

-     Never visit sites of unknown or questionable integrity.

-  ...