Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts for July of 2013
Showing posts in English
Hon Lau | 31 Jul 2013 13:51:24 GMT


Companies in our field of business have long wished for a better way of discovering and describing malware capabilities than the current system. Such a system would be of great benefit to everyone who has to deal with malware and the damage they can cause. While there is currently a whole spectrum of techniques used to discover the functionality of malware, ranging from the most basic to the more advanced, most fall short because they don’t describe the malware in a very complete way.

Many either rely on manual decomposition and analysis or may run samples in physical or virtual machine (VM) environments, then record changes made to the system and report them as side effects of the malware. Each method has its own benefits and drawbacks. Manual analysis is a slow and cumbersome task and prone to human error. Automated side effects...

John-Paul Power | 30 Jul 2013 20:23:25 GMT


Kashmir Hill, a reporter for Forbes, found out just how easy it is to hack a smart home. By “Googling a very simple phrase,” Hill was presented with a list of homes with automation systems from a well-known company. “[The] systems had been made crawl-able by search engines,” says Hill, and because the now discontinued systems didn’t require users to have a username or password the search engine results, once clicked, allowed her full control of the system. Hill contacted two of the homes she found online and, once she had asked for permission, demonstrated her ability to switch on and off lights in the homes. Hill also had the ability to control a range of other devices in the homes. This is just one example of...

Symantec Security Response | 30 Jul 2013 17:31:07 GMT


In a recent blog entry we covered how scammers continue to publish malicious apps on Google Play and how the Android app market is struggling to keep itself clean.

In many cases it is difficult to quickly identify any malicious intent of applications and in-depth analysis is often required to be truly safe—a challenge for Google Play’s publishing process to prevent malicious apps from slipping through.

Symantec Security Response has discovered 14 applications, all published by the same developer, that allow the developer to create connections to any website of their choosing...

Joji Hamada | 26 Jul 2013 22:00:05 GMT

Since the beginning of the year, Japanese one-click fraud scammers have continued to pump new apps onto Google Play and the market has struggled to keep itself clean. Though many are removed on the day they are published, some remain for a few days. Although they have short lives, the apps must provide ample profit for the scammers as they show no signs of halting their development of new ones. Their tactic of abusing the search function on Google Play allows their apps to be easily bumped to the top of keyword searches. A test search carried out by Symantec resulted in 21 out of 24 top hits being malicious apps.

One Click 1.png

Figure 1. Search with only 3 out of 24 results not malicious

The scammers have been persistent as well, publishing apps almost daily...

Candid Wueest | 25 Jul 2013 21:39:23 GMT


Modern cars contain a lot of nifty electronic gadgets, as well as more than one kilometer of cable wired to all kinds of sensors, processing units, and electronic control units. The cars themselves have become large computers, and as history shows, wherever there is a computer, there is someone trying to attack it. Over the past few years various studies have been conducted on how feasible it would be to attack a car through its onboard network. Most researchers focused on attacks with full physical access to the car, but some also explored external attack vectors.

If attackers have physical access to a car they can, for...

Darragh Cotter | 25 Jul 2013 19:31:07 GMT

Symantec’s Internet Security Threat Report (ISTR) is an annual report which provides an overview and in-depth analysis of the online security landscape over the previous year. The report is based on data from Symantec’s Global Intelligence Network, which Symantec analysts use to identify, analyze, and provide commentary on emerging trends in cyberattacks, malicious code activity, phishing, and spam as well as the wider threat landscape trends in general.

The latest release, ISTR volume 18, may be considered the most comprehensive and detailed to date. Among other findings, the report incorporated up-to-date data and analysis on targeted attacks, data breaches, malware, spam, vulnerabilities, and mobile malware.

Everyone in Symantec is extremely proud of the ISTR; however, this is no time to rest on our laurels. We are constantly looking to improve the quality of our...

Joji Hamada | 25 Jul 2013 12:25:33 GMT


Earlier this week, the Chiba Prefectural Police in Japan arrested nine individuals for distributing spam that included emails with links to download Android.Enesoluty - a malware used to collect contact details stored on the owner’s device. The arrested men include Masaaki Kagawa, the 50-year-old president of the Koei Planning, an IT firm located in Shibuya, Tokyo. He is also apparently known as an avid poker player who participates in poker tournaments worldwide and has earned over a million US dollars in these competitions. He appears to be the main player running the operation. His passion for taking chances and risks has paid off in the game of Poker, but it’s not looking good for his gambling with Android malware. Kagawa and his associates now await...

Pavlo Prodanchuk | 25 Jul 2013 08:28:48 GMT

Last month Symantec posted few blogs (here and here) on an increase in spam messages with .pw URLs.

Since then the volume of URLs with .pw domains has considerably decreased. At the beginning of May the peak volume .pw domains accounted for about 50 percent of all spam URLs. Currently, .pw domains account for less than 2 percent for the last seven days.


Figure 1. .pw TLD appearance in spam messages

The decrease in .pw domains is the result of a close collaboration between Symantec and Directi in reporting and taking down the .pw domains associated with spam.

The latest evidence from the Global Intelligence Network shows that even with such a small presence of...

John-Paul Power | 24 Jul 2013 19:01:19 GMT

Security consultant Fran Brown has created a hacking tool that can capture data from RFID badges from up to three feet away—a worrying development considering that up to 80 percent of US companies that use RFID access control systems still employ the vulnerable technology hacked by Brown.

What is RFID?

Radio frequency identification, or RFID for short, is used in a wide variety of everyday applications from the tracking of animals and humans to motorway toll collection and contactless payment systems. While some people may not know much about RFID, the chances are they have more than likely used it at one stage or another without even knowing it. If your dog has a microchip implant or you...

Symantec Security Response | 23 Jul 2013 20:48:04 GMT

Earlier this month, we discussed the discovery of the Master Key vulnerability that allows attackers to inject malicious code into legitimate Android applications without invalidating the digital signature. We expected the vulnerability to be leveraged quickly due to ease of exploitation, and it has.

Norton Mobile Insight—our system for harvesting and automatically analyzing Android applications from hundreds of marketplaces—has discovered the first examples of the exploit being used in the wild. Symantec detects these applications as Android.Skullkey.

We found two applications infected by a malicious actor. They are legitimate applications distributed on Android marketplaces in China to help find and make doctor appointments.