Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts by Fred Gutierrez remove filter
Showing posts in English remove filter
Are You Ready For Some Football?
Fred Gutierrez | 24 Jan 2012 | 0 comments

Contributor: Masaki Suenaga

We certainly are! It is American football season and the Super Bowl is right around the corner. Apparently, so are the malware authors. It would not be the first time they took advantage of this sporting event. Back in 2007, the Dolphins (hosts for Super Bowl XLI) had their website compromised by links to malicious JavaScript. Several visitors looking up Super Bowl information on this site were hit with an exploit pack designed to attack their Web browsers and install hidden malware. Taking a page out of their playbook, Android malware authors this season bring us a fake version of the popular gaming franchise, Madden NFL 12. Being over 5 MB in size, it certainly looks like a game worth trying! Once installed, it will even display the following icon:

After the user launches the app, there is, unfortunately, no...

Read more
The Rise of PDF Malware
Fred Gutierrez | 17 Sep 2010 | 0 comments

We have seen an ever increasing use of PDFs for malicious purposes over the past two years. During this time, we have tracked the growth and usage and have been constantly improving our detections to handle the different evolutions of these threats. We see new vulnerabilities related to PDF readers discovered on a regular basis, often being exploited in-the-wild before a patch is available. We have created the following report which highlights some of the interesting changes we analyzed. The report can be downloaded here.

In this whitepaper, we discuss the current PDF threat landscape, some current vulnerabilities being exploited in PDF documents, and various methods used by the malware authors. We also discuss various actions malware authors take to avoid detection, as well as offer some preventative measures users can take to protect themselves....

Read more
Zlob.P – DNS Poisoning at Home
Fred Gutierrez | 21 Jul 2010 | 0 comments

We have seen several threats that alter DNS settings in the past; however this Zlob variant will do more than just change DNS settings. It will take advantage of popular search engines and make money for itself using ads and affiliates. In this reincarnation, Zlob has three effective states. The first state is when the Trojan infects the computer and installs itself. This is done partly by calculating a cyclical redundancy check (CRC) of when Windows was installed. The second state discovers network topology and reconfigures settings. If accessible, it will even attempt to log in to your router. The third state deals with browser traffic. The Trojan will perform a man-in-the-middle attack and change what the user sees and does, accordingly. We will take a look under the hood and analyze each of these states more closely. 

State I: Installation

In order to ensure that...

Read more
The Layers of Trojan.Ransompage
Fred Gutierrez | 05 Aug 2009 | 0 comments

Trojan.Ransompage is interesting because it is the first ransom threat that is designed to target three different browser platforms. Not only has the malware author chosen to target the two most popular browsers in Firefox and Internet Explorer, but Opera is also a target. This shows that the malware author wanted to target more than one browser in order to maximize the chances of success in case an infected user decided to change browsers rather than pay the ransom.

To attack Internet Explorer users the Trojan will drop a file called msmedia.dll and install it as a browser helper object (BHO). To target Firefox users the Trojan will install an extension called “informer” that consists of the following files: install.rdf, chrome.manifest, informer.xul, and informer.js. With Opera, the Trojan will drop a file called feeder.js that also acts as an extension and is written in JavaScript. These three different payloads all have the same functionality. They will...

Read more
Browsers and Ransoms
Fred Gutierrez | 24 Jul 2009 | 0 comments

We have already written about threats that can encrypt files or lock victims out of their computers in order to extract a ransom. Today I want to talk about yet another similar threat. It uses scare or nuisance tactics—similar to rogue antivirus programs—in an attempt to demand ransom from its victims.

Once infected with Trojan.Ransompage, a victim’s browser will display a persistent inline ad on every page that the victim visits. The ad will cover part of the original Web page, as shown below.

imagebrowser image

The ad will stay on the screen even if the page is scrolled:

imagebrowser image

This ad is written in...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,794