Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Candid Wueest | 27 Jun 2014 16:07:09 GMT

android_tablet_security.png

 

At this year’s Google I/O developer conference, the technology giant shared its vision of a connected world where smart watches, smartphones, cars, laptops, televisions, and thermostats all interact seamlessly with one another. Of course, central to this vision was one of the conference’s main themes, the idea of Android everywhere and on every device. However, while all this is very exciting and filled with possibility, this new wave of devices and capabilities will spur on a race to develop more contextually aware and voice-enabled apps on the Android operating system (OS) – which, as a platform, has been a popular target for attackers. 

 

Android L
Google’s next version of Android to be released, referred to as Android L, comes with many new features and capabilities. There are also a few...

Sammy Chu | 26 Jun 2014 19:49:01 GMT

Image spam has been around for a longtime and peaked in January 2007 when Symantec estimated that image spam accounted for nearly 52 percent of all spam. Pump-and-dump image stock spam made up a significant portion of that 52 percent. Image spam has been in hibernation mode for a long time until recently when Symantec detected a significant increase in these attacks from our global Intelligence network.

Between June 20 and June 23, 52.25 percent of spam messages contained an image, compared to just 2.23 percent between June 13 and June 19. As with the last wave of image spam, image stock spam made up a significant portion of image spam messages. 

Image Stock 1 edit.jpg

Figure 1. Significant increase in image spam

Pump-and-dump image stock spam’s main problem stems from how it can cause financial...

Candid Wueest | 24 Jun 2014 18:38:29 GMT

Fire Phone 1.png

Everyone has heard stories about smartphones with malfunctioning battery packs bursting into flames, but the new Amazon Fire Phone, despite its name, could pose a different kind of danger. Amazon’s recently announced device is due to be released in July and may present some potential security concerns for users.

Fire OS

Amazon’s Fire Phone runs on Fire OS 3.5, which is based on Android 4.2 (Jelly Bean) and Amazon says they are working on upgrading to Android 4.4 (KitKat). Since the Fire OS is a fork of the Android OS, it is unclear how Amazon will react to major Android updates or patches in the future. Even with updates and patches, most users never consider upgrading the OS on their mobile device anyway, which can increase the attack surface of the device.

3D illusion...

Sean Butler | 23 Jun 2014 21:05:36 GMT

On June 19, we came across an interesting e-card spam campaign. E-card spam typically distributes malware; however this campaign simply redirects the user to a “get rich quick” website.

This campaign’s emails are very basic. The messages are sent from a spoofed 123greetings.com email address and contain one sentence and a link.

ecard spam 1.png

Figure 1. E-card spam campaign email

After looking at the header for one of the emails, we saw that the email appears to have been sent from an Amazon IP address. This is most likely an attempt to trick anyone that reads the header into thinking the email is legitimate. However, the IP address actually resolves to a DNS name that is not associated with Amazon.

In the body of the emails, the spammers use URL shorteners to redirect victims to their site...

Shunichi Imano | 19 Jun 2014 10:53:19 GMT

Nico Nico, meaning “smile” in Japanese, is one of the biggest video sharing sites in Japan, with more than 30 million free members and over 2 million paid subscribers.

Rumors surfaced earlier today, claiming that some users who were watching videos on Nico Nico saw a strange pop-up message, asking them to update Flash Player to the latest version.

Niconico_5_LOB.png
Figure 1. The suspicious pop-up message, which says “This page cannot be displayed! Update to the latest version of Flash Player!”

The domain that the pop-up message appears from, downloads.[REMOVED].biz, does not look like it belongs to Adobe or Nico Nico.

If the user clicks “OK” on the pop-up message, they will be redirected a fake Flash Player download site, which mimics the appearance of the legitimate Adobe website.

...

Satnam Narang | 17 Jun 2014 19:36:05 GMT

Over the weekend, a large number of Pinterest accounts were compromised and used to pin links to a miracle diet pill spam called Garcinia Cambogia Extract. Since most of the compromised accounts were linked to Twitter, these spam “pins” on Pinterest were also cross-posted to Twitter.

Pinterest and Tumblr 1 edit.png

Figure 1. Pinterest miracle diet spam cross-posted to Twitter

Back in April, we published a blog on compromised Twitter accounts used to promote the same miracle diet pill spam. During our investigation, we made a connection to the Pinterest hack reported by TechCrunch in late March.

...

Symantec Security Response | 17 Jun 2014 18:10:10 GMT

In March 2014, the Zorenium bot (W32.Zorenium) made headlines after the malware’s author claimed that the information-stealing threat had been updated with some advanced new features. According to the malware author, known as Rex, these features included the ability to run on iOS and Android devices, steal banking credentials, support peer-to-peer (P2P) communications, and spread over Skype and Facebook.

The malware originally appeared in 2013 and Symantec has observed how it has evolved over time. If Rex’ claims were true, then the update could have made Zorenium a major threat. While this update’s full feature set was never proven, Rex stood by the iOS claim and later stated that the iOS code came from a third party. In this...

Candid Wueest | 13 Jun 2014 09:57:42 GMT

ios8_features_concept.png

Last week, Apple introduced the new version of its mobile operating system, iOS 8, at its Worldwide Developers Conference. Apple unveiled many new features for iOS 8 in different categories and some of them were security related. Now that iOS 8’s new features have been revealed, it’s time to take a look at the possible security implications surrounding these enhancements. 

Since iOS 8 has not yet been released, it is unclear how exactly these features will be implemented. Based on the information currently available, there is a handful of security features that should enhance iOS devices’ protection levels.

iOS app extensions – More than just third-party keyboards
One of iOS 8’s most discussed enhancements is its app extensions, which will allow third-party apps to communicate with each other. With app extensions,...

Sammy Chu | 12 Jun 2014 21:23:05 GMT

The Symantec Global Intelligence network has detected a significant increase in hit-and-run spam attacks (sometimes referred to as ‘snowshoe’ spam attacks) from .club domains in the last 24 hours. Earlier this year the Internet Corporation for Assigned Names and Numbers (ICANN) released a number of generic top-level domains (gTLD), with .club among them. Spammers have taken to abusing gTLDs, and specifically, the .club gTLD to perform hit-and-run spam attacks. Hit-and-run spam attacks quickly cycle through domains and IP addresses with unknown reputation to avoid detection. In this case they are using domains with the .club gTLD because of their lack of reputation.

We have observed the following “From:” header lines in these attacks:

  • From: "CarClearanceLot" <CarClearanceLot@[REMOVED].club>
  • From: "CarSavingsEvents" <CarSavingsEvents@[REMOVED].club>
  • From: "PriceNewCar" <PriceNewCar@[REMOVED].club>
  • From: Gift Cards <...
Binny Kuriakose | 12 Jun 2014 08:56:56 GMT

Many countries around the world will celebrate Father’s Day this year on June 15. With only a few days remaining, people are busy planning and purchasing gifts for the greatest hero in their life. Unfortunately, this is also when Father’s Day spam and fraud emails are at their height and many unsuspecting users could get conned by these campaigns. 

We have observed a gradual increase in the amount of spam taking advantage of Father’s Day since the end of May. Most of the spam shares similarities with Mother’s Day spam, as observed last month. The campaigns are not so different from the ones seen in previous years. In fact, this year, we have observed spam with the exact same products and offers as last year.

fathersdayspam_1.png
Figure 1. Product spam related to Father’s...