Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts by Eoin Ward remove filter
Showing posts in English remove filter
Trojan Feigns Failures to Increase Rogue Defragger Sales
Eoin Ward | 16 May 2011 | 0 comments

Have you ever had a hard drive failure? I have. It happened to me in my first ever computer job.  I was about six months in, working on a small part of a big project, and we had a milestone in two days when it happened. I can remember the pit in my stomach as I checked our version control software for anything I had submitted. I searched files on drives D through Z, hoping that I may have copied files over. I checked floppy disk after floppy disk for the code I brought home that one weekend. I was petrified. I would have paid a week’s wages to recover those files.

Hard disk failures are a fact of life in the tech world. It’s something many of us have experienced, and not with fond memories. Trojan.FakeAV writers are aware of this, and the end of last year saw a move by some into the creation of fake hard disk scanners and defragmentation tools, which we covered in Fake Disk...

Read more
Cookie Stuffing and W32.Pilleuz
Eoin Ward | 25 Nov 2010 | 0 comments

Over the last year, Symantec has blogged on the rise and fall of the Mariposa botnet. (What we detect as W32.Pilleuz.) Today, we’re going to talk about an interesting aspect of this threat—the ability to perform “cookie stuffing”. 

As delicious as it sounds, cookie stuffing is one of the subtler money spinning techniques used by malware writers. In order to explain the technique, let’s first look at the marketing model upon which it relies—affiliate marketing.

Let’s say I enjoy triathlons and that I’m a member of a “Symantec Triathlon Club” with the Web site symtriclub.com. This club is sponsored by fictional bike store that runs examplebikestore.com. If I see a link to examplebikestore.com while on symtriclub.com, click on it, and then make a...

Read more
44 Million Stolen Gaming Credentials Uncovered
Eoin Ward | 26 May 2010 | 0 comments

In previous blogs, Symantec has highlighted threats that steal user data. We recently analyzed a new sample submitted to Symantec and came across a server hosting the credentials of 44 million stolen gaming accounts. What was interesting about this threat wasn’t just the sheer number of stolen accounts, but that the accounts were being validated by a Trojan distributed to compromised computers. Symantec detects this threat as Trojan.Loginck.

This particular database server we uncovered seems very much to be the heart of the operation—part of a distributed password checker aimed at Chinese gaming websites. The stolen login credentials are not just from particular online games, but also include user login accounts associated with sites that host a variety of online games....

Read more
Trojan.Gpcoder Revisited
Eoin Ward | 13 Jun 2008 | 0 comments

Trojan.Gpcoder is a particularly nasty threat that uses public key cryptography to encrypt files on a person’s computer and subsequently requests payment from the user in order to recover the files. It has had many variants over the years. While analyzing a recent version, I observed that it uses a short key. Would this make it possible to decrypt the infected files?

Public key cryptography uses two keys—a public key and a private key. In Trojan.Gpcoder the public key is encoded into the virus and is used to encrypt files. The author of Trojan.Gpcoder holds the private key which is used to decrypt files.

Last year we detected Trojan.Gpcoder.E. This version of Trojan.Gpcoder claimed to use a public key algorithm called RSA-4096 to encrypt files (in fact, it used a weaker algorithm). More recently we detected a new variant, ...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,797