Symantec Connect
  • Login
  • Register
  • All of Connect
    • All of Connect
    • Backup and Archiving
    • Endpoint Management & Virtualization
    • Storage and Clustering
    • Security
    • Inside Symantec
    • Vision User Conference
    • Partners
    • Developers
    •  
  • Overview
  • Forums
  • Articles
  • Blogs
  • Downloads
  • Events
  • Videos
  • Groups
  • Ideas

Security Response: Showing posts by Stuart SmithSyndicate content

Login to participate
Bad Bunny
Stuart Smith | June 6, 2007
0 comments

…was the case that they gave me. Specifically, SB.Badbunny, a fairlynovel OpenOffice macro virus that attempts to spread via IRC. Thenovelty comes partly from the attention-grabbing trendiness of workingon OpenOffice and many Unix-based operating systems (Linux andMacintosh included), but also with its use of a variety of scriptinglanguages to improve portability. Badbunny doesn't just use theOpenOffice macro language, but has components written in Ruby,JavaScript, Python and Perl.

What makes this virus worth mentioning is that it illustrates howeasily scripting platforms, extensibility, plug-ins, ActiveX, etc, canbe abused. All too often, this is forgotten in the pursuit to matchfeatures with another vendor. Fortunately, in this case the ease-of-useof these scripting languages attracted an amateur developer who wrotemultiple critical bugs in the code, causing Badbunny to barelyreplicate.

Given that Web servers are an area where operating systems are stillvery much...

Read more
Tags: Endpoint Protection (AntiVirus), Emerging Threats, Security, Security Response
Another Big Thing, Part 2
Stuart Smith | May 24, 2007
0 comments

As with my last blog, the topic this time is behavioral detection, and the various trade-offs involved. We already covered some of the issues in the use of virtual environments for the detection of threats, and this time we’ll cover some of the issues involved in classifying behavior and mitigating damage.

Whatever your approach is to generating and tracking behavior, you need the ability to classify it. There are challenges to tracking behavior, but once you have a profile of behavior, determining what is malicious is a harder problem. Some security products solve this by handing off the problem to the user. Most don’t. The real problem in profiling is that the definition of what is malicious has changed over time. Is tracking your activity as you surf a web page malicious? If you say yes, what about the wonderful “suggest” features that use historical data? Is any program that downloads silently with no GUI malicious? What about Windows Update or Live Update? Something...

Read more
Tags: Endpoint Protection (AntiVirus), IT Risk Management, Security, Security Response
Another Big Thing, Part 1
Stuart Smith | May 23, 2007
0 comments

The amount of new malware in the wild is growing quickly. While this is not a new observation, I have seen some claims that behavioral detection may be the answer to this ever-increasing amount of malware. Unlike more traditional types of detection that look at static attributes inherent in a piece of software, such as unique data, code, etc., behavioral detection involves running a possible threat, tracking its behavior with various monitors, and then using the information gathered to determine if it is malicious. As more behavioral detection products emerge, one article asked “Is Desktop Antivirus Dead?” [1]. Hardly, but it is worth a look at why the question even comes up.

Behavioral detection holds out the promise of more zero-day detections, and it reduces the number of updates you need to make to your antivirus software. Note that you cannot safely eliminate updates, since the definition of malicious behavior changes over time. The history of malware, from viruses and...

Read more
Tags: Endpoint Protection (AntiVirus), IT Risk Management, Security, Security Response
Making Money in the New Old-Fashioned Way
Stuart Smith | March 5, 2007
0 comments

Larry Wall once said, “Three great virtues of programming arelaziness, impatience, and hubris.” It appears the authors of aW32.Darksnow have taken this saying to heart. It also appears that theywere too impatient to read the other virtues he lists – diligence,patience, and humility. And they’ve mainly focused on the virtue oflaziness, by trying to find a way to make money using other people’scomputers (and electricity and bandwidth). Specifically, they wanted tomake money using other people’s computers to spoof “impressions” ofadvertising links. Without asking the people, of course. That would betoo much work. And they’d probably say no.

Of course, you can’t just set up a computer, and let a program sitthere and pretend to view Web pages. You’d need a lot of computers toreally make money. And the ad networks are smart enough to figure outthat someone probably isn’t sitting on their computer all dayrefreshing a Web page, so the virus writers couldn’t get any money forthis....

Read more
Tags: Endpoint Protection (AntiVirus), Security, Vulnerabilities & Exploits, Security Response

About Security Response Blog

Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.
Filter by:

Blog Tags

10.x 11.x 9.x and Earlier Antivirus2010 Backdoor.Tidserv Brightmail Gateway Emerging Threats Endpoint Encryption Endpoint Protection (AntiVirus) Endpoint Protection Small Business Enterprise Security Manager Evolution of Security General Symantec IT Healthcare Landscape IT Risk Management Internet Security Threat Report Live PC Care Malicious Code Misleading Applications Mobile & Wireless Online Fraud Password Management Restore Security Security Risks Spam Sykipot SymbOS.Exy Symbian Trojan.FakeAV Trojan.Zbot VirusDoctor Vulnerabilities & Exploits Windows Zeus
© 2010
  • Symantec Corporation
  • Contact Us
  • Get RSS
  • Privacy Policy
  • Symantec.com