Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts by John Park remove filter
Google Home Biz Kit is NOT endorsed by Google
John Park | 29 Jun 2009 | 0 comments

During one of my recent journeys around the Internet there was a particular ad being displayed on a website that caught my attention. The type of ad I am referring to wasn’t a totally new concept—ads like it have been running on websites for years, and actually found their start in print in the decades previous. You must have seen them. These are the ads that promise incredible monetary returns for working from home, but without doing a lot of work. Recently, this site and many others have been serving "Google pays me $5k a month" ads:

 

 

 

 

These particular ads usually redirect users to one of the following sites:

jamesmakesmoney.com
jasongetsrich.com
jennifersmoneyblog.com
joshmadecash.com
kevinmakesmoola.com...

Read more
W32.Downadup.C Pseudo-Random Domain Name Generation
John Park | 27 Mar 2009 | 0 comments

The pseudo-random domain name generation for the rendezvous point is a clever idea. The common way for a botnet to communicate with its botmaster is usually done via a single rendezvous point. Since this rendezvous point is static, whoever controls this static location owns the botnet. This poses a problem for the botmaster since this rendezvous location is the weakest link of the botnet. The botmaster can lose control of the whole botnet if the server at the rendezvous point is brought down, or if the IP is blacklisted. Fast flux, where the IP address bound to a domain name changes rapidly, was an attempt to foil IP blacklisting, but fast flux cannot protect against domain name blacklisting.

The pseudo-random domain name generation is the measure taken against domain name blacklisting, since blacklisting a large list of non-static domain names is impractical. With this, the current weakest link is eliminated.

One downside of having many rendezvous points is that...

Read more
Downadup-Related Search Indexes Poisoned with Fake AV Sites
John Park | 25 Mar 2009 | 0 comments

With Downadup/Conficker rising to celebrity status in the computer worm world, Symantec (along with other companies in the security industry) is hard at work, keeping our customers protected. But guess who else is hard at work at the moment? Yes, the authors of misleading applications. It isn’t the first time that they have latched onto popular news to fuel their malicious intent using search engine optimization (SEO).

Let's say you are curious about Conficker, or you think your computer might be infected with Conficker. By simply searching for "Conficker C," page one of the results includes a link to an infected site being used to spread a fake antivirus program:

 

 

 

 

Following the malicious link eventually...

Read more
A Crooked Review, or Creative Marketing?
John Park | 07 Mar 2008 | 0 comments

If you search for the word "antivirus" on major search engines like Google, Yahoo, or MSN there is a possibility you will end up with "6StarReview.com" or "StarReviews.com" with a link name like "Top 10 Antivirus for 2008" as one of top sponsored ads. The Star Reviews is basically a Web-only review site that covers everything from blog services to online banking. Perhaps the site is a bit heavy on affiliate links, but nothing out of the ordinary. No pop-ups. No browser exploits. All in all, it looks legit.

...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,915