Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts by Zulfikar Ramzan remove filter
Trying to Rely on the Right Platform Provides the Wrong Protection
Zulfikar Ramzan | 01 Jun 2010 | 0 comments

There has been a considerable amount of news activity purporting that Google is looking to do a full-scale migration away from using Microsoft products, citing security as the primary impetus. While I can’t say whether or not these reports are indeed true, the story does raise a couple of important issues when it comes to reasoning about how effective your IT security policies are.
 
The first misconception is that the main security risks are rooted in the underlying platform, whether it is Windows, Mac OS, Linux, etc. That might have been true five to seven years ago. The reality today, however, is that much of the attack activity we see is aimed “higher up in the stack.” The targets include applications that run on top of platforms (e.g., Web browsers), third-party add-ons that run on top of applications (e.g., browser extensions or plug-ins), and ultimately the human beings who operate the platform—who, unbeknownst even to themselves,...

Read more
Twitter Filter Aimed at Killing Malicious Links
Zulfikar Ramzan | 20 Aug 2009 | 0 comments

Recently, Twitter implemented technology to help stem the threat of malicious URLs being propagated though its service. This approach seems to be a great effort on the part of Twitter to prevent attackers from tweeting malicious links.

It appears as if the tool is filtering tweets and comparing any embedded URL to their list of known malicious sites. Trying to determine whether a URL points to a malicious website in a large-scale automated fashion, especially in today’s threat landscape, is a challenging problem. From my perspective, there are a few issues that need to be worked out. Twitter is likely in the nascent stages of addressing these types of issues and we expect they will try to overcome the associated limitations.

To date we've only seen a relatively small number of attack attempts involving malicious URLs on Twitter. URL-shortening services are often at the heart of these types of attacks as bad guys try to take advantage of the system to disguise...

Read more
The Rise of Low-Tech Attacks
Zulfikar Ramzan | 22 May 2009 | 0 comments

While many forms of online mischief require some degree of technical sophistication on the part of the miscreant, we often see forms of attack that are quite simple. One case in point is the phishing attack. In many ways, phishing attacks are at the low end of the totem pole from a technical sophistication standpoint. In fact, ready-made phishing kits can be purchased in the underground economy (though the buyer should beware!), and many aspects of the attack can effectively be outsourced.
 
For a while, banking and other financial services sites bore the brunt of the phishers’ attention spans. It’s not surprising. Phishing is a financially motivated crime, so to understand the modus operandi of a phisher, all you have to do is follow the money. During the last year and a half or so we have noticed an interesting trend, in that social networking sites have become a much more popular target for phishers.
 
In some cases, social networking...

Read more
Online Miscreants Swept Away by Obamania
Zulfikar Ramzan | 19 Jan 2009 | 0 comments

In previous blog postings, I talked about politically themed online malicious activity, focusing on what we observed during the recent U.S. presidential election cycle. Even though the election itself has long since been over, we are continuing to see similar political themes in today’s attacks.

As anticipation builds around President Elect Barack Obama’s upcoming inauguration ceremony, Symantec’s Threat Intelligence team analyzed a new wave of malicious spam messages with a “Presidential theme” that found their way into one of our vast number of global sensors.

The corresponding emails have subjects and bodies similar to the following:

Subject: You must look at this!
 
Our new president has gone

Yours truly,
Dan Harrison
---

Subject: Breaking news
 
Barack Obama refused to be the president of...

Read more
The BlackHat 2008 Attendee Survey Results Are In!
Zulfikar Ramzan | 08 Aug 2008 | 0 comments

On the opening day of BlackHat 2008, Symantec commissioned an anonymous survey among the attendees to learn about contemporary views on security related topics, such as vulnerability research, future threats and trends, and what types of challenges we as security professionals will collectively face in the coming year.

 

We received exactly 500 responses, 21% of which coming from IT managers. The field also represented security researchers (17% independent and 11% employed by a vendor) and executives (11%). These respondents represented several industry sectors, including high tech (40%), government (25%), banking (10%), and healthcare (2%). Also, the demographic varied, with 18% of respondents attending from regions outside of the United States (Canada - 4%, EMEA - 7%, AsiaPac - 4%, Latin America - 1%) – a clear indication that information security issues are truly an international concern and that we share common...

Read more
Safe Summer Travels on the Information Superhighway
Zulfikar Ramzan | 01 Aug 2008 | 0 comments

With the Olympics right around the corner and being that we are in the heart of the summer, I’m sure many of you will find yourselves travelling quite extensively. Nowadays, it’s almost impossible to go cold turkey from the Internet. It’s equally impossible to find a place that doesn’t offer some ability to get you online – whether you’re in the heart of the Serengeti or even on a cruise ship in the middle of the Atlantic (I have actually seen Internet kiosks in both of these places!).

 

With that, we wanted to offer some tips to keep your online travels safe, even when you are away from home:

 

1. Don’t let your laptop or PDA sprout mysterious legs. Leaving your laptop out in the open in your hotel room can often prove irresistible to a thief. Many thieves are even known to scour popular vacation or...

Read more
Crimeware Book Chat on Network World (Wednesday 28-May-2008 from 2-3pm ET)
Zulfikar Ramzan | 27 May 2008 | 0 comments

In my most recent blog entry, I mentioned that Markus Jakobsson and I recently collaborated on a new book:  “Crimeware:  Understanding New Attacks and Defenses.” Network World is hosting a live chat session, and attendees will be eligible to win one of ten copies of the book.

To attend the chat, please go to:  http://www.networkworld.com/chat/ on Wednesday, May 28, 2008 from 2:00 – 3:00 PM Eastern.

We’ll be happy to answer any questions you have about the book or about crimeware and the threat landscape in general. I hope you’ll be able to join!



Message Edited by SR Blog Moderator on 05-27-2008 02:46 PM...

Read more
Political Implications of Cross-Site Scripting
Zulfikar Ramzan | 21 Apr 2008 | 0 comments

On the eve of the much anticipated Pennsylvania Democratic Primary, we received public reports of a series of cross-site scripting vulnerabilities that affected Barack Obama's campaign Web site. We also saw reports of these vulnerabilities being disclosed publicly on the XSSed.com Web site. The corresponding code to exploit the vulnerabilities was used to redirect users to Hillary Clinton’s Web site.

Who says attackers don’t have a sense of humor? While a couple of these vulnerabilities were shored up before we could investigate them, we were able to examine some for validity.

At a high level, what appears to have happened is that an attacker took advantage of the fact that certain parts of the Obama campaign site allows users to post content, for example, in the form of community blog postings. While most users take advantage of such features to post political commentary, at least one user decided to try posting something more insidious.

Here’s how such...

Read more
Crimeware Book Now Available
Zulfikar Ramzan | 18 Apr 2008 | 0 comments

For some time now, Symantec has stressed that the online threat landscape shifted a few years back, away from hobbyist-driven threats towards financially driven threats. This trend has given rise to a class of malicious software known as "crimeware."

I recently had the pleasure of collaborating with Markus Jakobsson on a book, "Crimeware: Understanding New Attacks and Defenses," which studies the problem and where it seems to be heading. The book is an edited volume in which we were fortunate to include contributions that were received from top experts across industry and academia all over the world.

We worked on the book to bring to light the fact that the game has changed considerably. The book covers the following topics:

- A general overview of Crimeware, including taxonomy of well known threats, such as keyloggers, screenscrapers, rootkits, botnets, and the like.
- A more detailed study of well...

Read more
Drive-by Pharming in the Wild
Zulfikar Ramzan | 22 Jan 2008 | 0 comments

In a previous blog entryposted almost a year ago, I talked about the concept of a drive-bypharming attack. With this sort of attack, all a victim would have todo to be susceptible is simply view the attacker’s malicious HTML orJavaScript code, which could be placed on a Web page or embedded in anemail. The attacker’s malicious code could change the DNS serversettings on the victim’s home broadband router (whether or not it’s awireless router). From then on, all future DNS requests would beresolved by the attacker’s DNS server, which meant that the attackereffectively could control the victim’s Internet connection.

At the time we described the attack concept, it was theoretical inthe sense that we had not seen an example of it “in the wild.” That’sno longer the case.

We recently saw instances of actual attackers...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,797