Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts by Sai Narayan Nambiar remove filter
Flash Phishing
Sai Narayan Nambiar | 30 Jan 2009 | 0 comments

Phishers always try to come up with new tricks to bypass phishing toolbars. So, it’s not really surprising that we've now seen several phishing websites that are using Flash-based content instead of normal HTML. The main objective for the use of Flash-based content is to avoid phishing detection by toolbars that analyze page content.

Symantec has observed some recent examples all targeting reputable brands. These sites look like genuine front pages, but they are actually Flash recreations.

 

 

 

 

As shown in the above snapshot, if we right click on the Web page it reveals some program options such as "Zoom In," "Show All," and "play" options in the menu instead of the normal options you would see on an HTML page. When you type...

Read more
Phishing Attacks Utilizing Port Numbers
Sai Narayan Nambiar | 23 Dec 2008 | 0 comments

There are varying types of technologies used by online attackers these days. There are old tricks and of course new ones, but it is the newer ones that make it even more difficult to handle the dilemmas faced in the world of Internet security. One of the trends of attack that was noticed a little while ago was an attack based on a website’s “port number.” A port number is a way to identify a specific process to which an Internet or other network message is to be forwarded when it arrives at a server. We can identify a port number after a colon (“:”) following the host name. For example, consider http://1.1.1.1:8080/, in which the port number in the URL is 8080.

According to the IANA (Internet Assigned Numbers Authority), the port numbers are divided into three ranges: well known ports, registered ports and the dynamic and/or private ports.

 

1.    The...

Read more
Getting Acquainted With Rock Phishing
Sai Narayan Nambiar | 18 Dec 2007 | 0 comments

Antiphishing filters basically work eitheron block listing or on heuristics. "Rock phish" attacks are quite arecent phenomenon that has posed a major challenge to both of the abovementioned antiphishing filters, simply because the unique structure ofa Rock phish attack circumvents antiphishing filters. This phishingtechnique can be traced back to somewhere around August 2006. The URLstructure was comparatively simpler then, consisting of a randomizedroot domain and three sub folders. But the principle cause in therecent surge in the number of such attacks is traced to the botnetphenomenon. So, what then is so special about Rock phish? Well, thistechnique has a trademark method of striking naïve targets.

The URLs that navigate to the fraudulent Web sites have a uniquestructure. For example, the structure of this URL is Rock phishingspecific: http://www.xxx.xxx.user123990.com/login/challange/2b593cba/login.php.As a matter of fact,...

Read more
Getting Acquainted With Rock Phishing
Sai Narayan Nambiar | 18 Dec 2007 | 0 comments

Antiphishing filters basically work eitheron block listing or on heuristics. "Rock phish" attacks are quite arecent phenomenon that has posed a major challenge to both of the abovementioned antiphishing filters, simply because the unique structure ofa Rock phish attack circumvents antiphishing filters. This phishingtechnique can be traced back to somewhere around August 2006. The URLstructure was comparatively simpler then, consisting of a randomizedroot domain and three sub folders. But the principle cause in therecent surge in the number of such attacks is traced to the botnetphenomenon. So, what then is so special about Rock phish? Well, thistechnique has a trademark method of striking naïve targets.

The URLs that navigate to the fraudulent Web sites have a uniquestructure. For example, the structure of this URL is Rock phishingspecific: http://www.xxx.xxx.user123990.com/login/challange/2b593cba/login.php.As a matter of fact,...

Read more
Attacks on Credit Unions and Community Banks
Sai Narayan Nambiar | 11 Dec 2007 | 0 comments

The second half of 2007 has seen a suddensurge in the number of phishing attacks on financial puddles likeregional banks, credit unions, and small- to mid-sized credit unions.But why are fraudsters focusing on localized financial institutions?The answer is simple; they are highly profitable and have lessresources to protect them from phishing when compared to largerinstitutions. Larger institutions have secured themselves byimplementing stronger Internet security measures. Even the customersfrom larger financial institutions are quite familiar with phishing.

Furthermore, credit unions have always been major competitors withlarger financial institutions. The sub-prime problem in the UnitedStates has triggered a financial stress. To give some respite to thisdifficult situation the Feds had planned out cuts in interest rates.These cuts in interest rates have become a blessing in disguise forcredit unions because valuations of the first three quarters of...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,810