Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts by Marc Fossi remove filter
Symantec Partners with Microsoft on Digital Crimes Consortium
Marc Fossi | 13 Oct 2009 | 0 comments

In the fight against cybercrime, cooperation between security industry leaders, law enforcement, and Internet technology providers is becoming ever-more important; case in point, Conficker, which received so much attention earlier this year. To address this threat, the Conficker Working Group—a large-scale collaborative effort among security vendors, law enforcement agencies, and ISPs—was formed with successful results.

This week, technology industry, government, and law enforcement leaders from around the globe have converged upon Microsoft’s Redmond, WA campus for the first-ever meeting of the Digital Crimes Consortium. Symantec is a platinum sponsor of the Digital Crimes Consortium and is partnering with Microsoft on this important initiative. In addition, myself and fellow Symantec Security Technology and Response expert Jeff Wilhelm are presenting on key security topics at the event.

The consortium is intended to be a foundation for building a...

Read more
ISTR XIII: Malicious Code—Who Do You Trust?
Marc Fossi | 10 Apr 2008 | 0 comments

In late May 2007, the MPack attack kit was first observed in the wild. This kit relied on compromised Web pages to redirect users to an MPack server that attempted to exploit Web browser and plug-in vulnerabilities in order to install malicious code on computers. MPack experienced great success because it took advantage of the trust many users place in certain Web sites. Since the Web browser is the primary gateway to the Internet for most users, Web pages that they visit frequently—such as online forums and other Internet communities—are a useful means of compromising computers for attackers.

Because of the success of kits like MPack and Ice-Pack, it seems that malicious code authors have begun to incorporate similar features in the threats they create. In the current period, seven percent of the volume of the top 50 malicious...

Read more
Banking with Confidence
Marc Fossi | 23 Jan 2008 | 0 comments

News of the Silentbanker Trojan seems tohave (rightfully) caused quite a few people to wonder if the computersthey use to access their online banking are secure. I’ve gotten someinteresting questions about the security of online banking since LiamO’Murchu’s blog about Silentbankerwas published last week.

 

Some people I talked to said that they’llnever use online banking again, but I don’t think that’s the answer(just ask anyone who has ever had their bank card skimmed). Instead, I think people are better off securing their computers andusing a few best practices to ensure that their transactions are safe.

 

So, here are a few tips for online banking:

 

• Use a strong password to access your online banking and change itoften. Strong passwords are...

Read more
Wetware Hacks
Marc Fossi | 22 Nov 2007 | 0 comments

Your hardware is well secured. You’ve got agood perimeter firewall in place that only allows communication onauthorized ports, an IDS to scan for suspicious activity, WPA2encryption set on wireless devices, and so on. Your software is secureas well. Patches up to date, good password policy enforcement, etc.

So where is the weak point in your network? I think there’s a commonexpression used to describe it – the problem exists between keyboardand chair.

Lately, more attacks have relied upon social engineering to infectusers rather than automated exploitation of vulnerabilities in networkservices. Social engineering is nothing new, but the sophistication ofsome of these attacks has been increasing. Three prime examples of thiscome to mind.

Earlier this year, there was a large-scale attack using the MPack kitin...

Read more
Old hoaxes don’t die…
Marc Fossi | 26 Sep 2007 | 0 comments

…they just move to new mediums. Waaaay back in 1994, a computervirus hoax known as Good Times was passed around the Internet. Whilenot the first computer virus hoax, it is probably one of the bestknown. Since then there have been many similar hoaxes all promisingcertain destruction of your computer if you open an email originatingfrom a certain address or simply by reading certain words that appearon your monitor. Naturally, when many people receive one of thesehoaxes they decide to forward the message to all their friends andfamily to save them from this fate, thus helping the chain letter tospread (if I tell two friends and they tell two friends…).

In recent years, I noticed that these messages were showing up in myinbox less and less frequently. Did people learn not to believe thesemessages? Well, apparently not. They seem to be making a comeback, butrather than being sent via email they’re now sent through the messagingsystems on various social networking sites, as well...

Read more
Hit the beaches: ISTR XII
Marc Fossi | 16 Sep 2007 | 0 comments

In a military operation, a beachhead is a point where an attackingforce landing by sea reaches a beach and defends it untilreinforcements arrive. At this point, the reinforcements will expandthe attack. What can this possibly have to do with malicious code? Inthe last six months, we’ve seen a large shift towards multistageattacks as described in Volume XII of the Symantec Internet Security Threat Report.The first stage of a typical multistage malicious code attack consistsof a small and quiet initial downloader Trojan being installed on acomputer. This initial stage may disable security applications on thecomputer, then download other malicious code as part of a secondarystage attack (expanding the beachhead).

Of great concern is that the secondary stages usually allow theattackers to perform a wider variety of attacks against the user. Thelater stages are often back doors that...

Read more
Hit the beaches: ISTR XII
Marc Fossi | 16 Sep 2007 | 0 comments

In a military operation, a beachhead is a point where an attacking force landing by sea reaches a beach and defends it until reinforcements arrive. At this point, the reinforcements will expand the attack. What can this possibly have to do with malicious code? In the last six months, we’ve seen a large shift towards multistage attacks as described in Volume XII of the Symantec Internet Security Threat Report. The first stage of a typical multistage malicious code attack consists of a small and quiet initial downloader Trojan being installed on a computer. This initial stage may disable security applications on the computer, then download other malicious code as part of a secondary stage attack (expanding the beachhead).

Of great concern is that the secondary stages usually allow the attackers to perform a wider variety of attacks against the user. The later stages are often back...

Read more
Hacking the Bubble
Marc Fossi | 24 Jul 2007 | 0 comments

Hacking has existed in one form or another for quite some time. Just as the Internet grew by leaps and bounds in the '90s, so did the hacking community. While the dot-com bubble thrust the Internet into the general public’s conscience, it also brought hacking into the limelight. Web site defacements and denial of service attacks quickly became commonplace. Naturally, with the rapid growth of the Internet population, a rise in the number of people looking to take advantage of neophyte users also took place.

More hacking groups began forming in the '90s, such as the L0pht. In 1998 members of the L0pht testified before congress that they could shut down the Internet in 30 minutes. In 1992, five members of the Masters of Deception group were indicted in federal court and later plead guilty. The...

Read more
Morris and the Brain
Marc Fossi | 12 Jul 2007 | 0 comments

Same thing we do every night – try to take over the world…

Morris and Brain. The average person doesn’t know these names very well in comparison to Melissa, CodeRed, Nimda, Slammer, and Funlove. They all had their day and are burned in the memories of the users who were infected and those who cleaned up after them. Without Morris and Brain, though, the current “superstars” wouldn’t exist.

Brain (also known as...

Read more
Dialing for Trojans
Marc Fossi | 24 Jun 2007 | 0 comments

Many people have said that the lack of attacks upon Apple’s operating systems and devices can be attributed to a lower market share than Microsoft Windows-based PCs. With the shift towards malicious code being written for financial gain, it makes more economic sense. (I know that there are other arguments to be made, but bear with me.) Why write a Trojan that only runs on about 10% of computers when you can write one that is capable of affecting closer to 90% of them? Far more bang for the buck.

At the same time, there haven’t been many attacks on cellular phones and mobile devices. There have been several proof of concept Trojans, worms, and viruses for Symbian Smart Phones as well as a few for the Windows Mobile platform. Some of these have even resulted in small, localized outbreaks. Again, the lack of attacks on these devices has been attributed to a smaller user base.

On June 29th, however, these two platforms will converge when Apple’s iPhone is released in the...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,843