Video Screencast Help

Security Response

Showing posts for June of 2013
Showing posts in English
Symantec Security Response | 28 Jun 2013 13:47:18 GMT

On June 26 2013, browser manufacturer Opera announced that they had been breached as a result of a targeted attack against their infrastructure. However, this was no ordinary targeted attack. The attackers in this case weren't looking to steal intellectual property. They wanted to use Opera's auto-update mechanism in order to propagate a piece of malware normally associated with financial Trojans.

When attackers breached the Opera network sometime around June 19 2013, they first stole an expired Opera code signing certificate to sign a piece of malware. Signing the malware allowed them to distribute it via Opera's auto-update mechanism. Users would receive the malware as part of a browser update. The malware in question is Downloader.Ponik, a downloader Trojan...

Symantec Security Response | 27 Jun 2013 20:04:25 GMT

Yesterday, Symantec published details about a new distributed denial-of-service (DDoS) attack carried out by a gang dubbed "DarkSeoul" against South Korean websites. We identified their previous attacks against South Korea, including the devastating Jokra attacks in March 2013 that wiped numerous computer hard drives at South Korean banks and television broadcasters. As a result of our continued investigations into attacks against South Korea, we have come across a new threat—detected as Trojan.Korhigh—that attempts to perform a similar wiping action.

Similar to previous...

Ashish Diwakar | 27 Jun 2013 15:55:35 GMT

Contributor: Avdhoot Patil

As usual, phishers continue to focus on social networking as a platform for their phishing activities. Fake social networking applications on phishing sites are not uncommon. Phishers continue to come up with new fake applications for the purpose of harvesting sensitive information.

In the past six months, phishing on social media sites consisted of 6.9 percent of all phishing activity. Among the phishing sites targeting social media, 0.9 percent consisted of fake applications offering features such as adult videos, video chatting, adult chatting, free mobile recharge etc.

In May 2013, phishers implemented a fake security application on a phishing site that claimed to secure Facebook Fan Pages and thereby increase the “social security” of the user profile. A Facebook Fan Page is important, as it is a public profile on Facebook that can be used by celebrities, companies, and also by  regular Facebook users who...

Symantec Security Response | 26 Jun 2013 23:05:46 GMT

Today we released a new version of Norton Mobile Security for Android devices that contains our new Norton Mobile Insight technology. Mobile Insight has analyzed over 4 million Android applications and processes tens of thousands of new applications every day. Through automatic and proprietary static and dynamic analysis techniques, Mobile Insight is able to automatically discover malicious applications, privacy risks, and potentially intrusive behavior. Further, Mobile Insight will tell you exactly what risky behavior an application will perform and give you specific, relevant, and actionable information.

The ability of Mobile Insight to automatically provide granular information on the behavior of any Android application even surprised us when we reviewed the most popular applications exhibiting privacy leaks. 

Of particular note, Mobile Insight automatically flagged the...

Symantec Security Response | 26 Jun 2013 22:33:21 GMT

Yesterday, June 25, the Korean peninsula observed a series of cyberattacks coinciding with the 63rd anniversary of the start of the Korean War. While multiple attacks were conducted by multiple perpetrators, one of the distributed denial-of-service (DDoS) attacks observed yesterday against South Korean government websites can be directly linked to the DarkSeoul gang and Trojan.Castov.

We can now attribute multiple previous high-profile attacks to the DarkSeoul gang over the last 4 years against South Korea, in addition to yesterday’s attack. These attacks include the devastating Jokra attacks in March 2013 that wiped numerous computer hard drives at South Korean banks and television broadcasters, as well as the...

Candid Wueest | 26 Jun 2013 15:55:36 GMT

Google has started to scan newly uploaded applications and extensions in its Chrome Web Store, similar to what they already do in the Android Play Market.

We have written about quite a few cases where malicious extensions were pushed on social network users. Usually they claim to add a new functionality to the social network, like seeing who visited your profile. Not all of them are hosted on the official Chrome Web Store, so the new process will not stop all malicious extensions finding their way to the user. That being said, Symantec welcomes Google’s effort to remove malicious Chrome extensions as soon as possible and the improvements that were made to their automated system to help them detect items containing malware.

Malicious extensions for browsers...

Candid Wueest | 26 Jun 2013 15:24:17 GMT

The federal Office for Information Security in Germany (BSI) together with the “Fraunhofer SIT” and “]init[ AG” released a study on the risk with common content management systems (CMS) for websites. A CMS is typically used to administrate websites and helps to update text and other content in a simple way, making this task doable for non-IT professionals. Unfortunately, it is also often a focus point for attackers who attempt to gain access to the Web server. When an attacker controls the CMS, it is possible for them to modify the website. In the past, many websites have been compromised through vulnerabilities in un-patched CMS and were then turned into drive-by download sites by inserting malicious iFrames into the...

Mathew Maniyara | 25 Jun 2013 15:57:38 GMT

Contributor: Avdhoot Patil

Digital currency, a form of electronic money, is a relatively new concept to the world. Many of these currencies have arisen during the past decade and digital currency in general has always been a subject of controversy. In recent years, the world witnessed the suspension of some digital currencies due to legal issues such as money laundering. However, phishers are not concerned about the controversies; instead they are busy seeking opportunities to steal digital currency or money in any form whatsoever. In May 2013, we found a phishing site that spoofed a popular digital currency company.

The phishing site alerted users of an account security update. According to the notice, the company wanted to ensure the integrity of their transaction system by reviewing user accounts. Users were notified that their accounts might be restricted due to multiple failed login attempts. The alert message instructed users to enter their confidential...

Satnam Narang | 24 Jun 2013 21:57:26 GMT

In late January of this year, Twitter released Vine, a social video-sharing service that it acquired in late 2012. Initially launched on iOS, Vine has similar characteristics to Twitter as videos are intentionally short (users are only allowed six seconds) and to the point. Earlier this month, an Android version of Vine was released and it was reported that the service had amassed over 13 million users on iOS alone.

With its increasing popularity, it comes as no surprise that spammers are targeting Vine and its users. Last year, we reported on the rise of Instaspam as a result of the mobile photo sharing application’s soaring popularity.
 

...

Candid Wueest | 24 Jun 2013 08:35:48 GMT

Last week a purple unicorn (a stuffed one, not a real one) generated some confusion at a border station in Turkey. According to this article, a family including their nine year old daughter, travelling across the Turkish border accidentally used the stuffed unicorn's toy passport instead of the daughter's real passport. The officer checked the passport, officially stamped it, and then let them through. At this point, the story deviates based on the source. Immigration said that the officer just wanted to be kind to the girl and forgot to stamp the real passport too. The family reports that there was no hesitation and that their daughter may have just have slipped through.

This story serves as a good reminder that security measures are only as good as their implementation. From crypto-graphical functions implemented...