Video Screencast Help
Security Response
Showing posts in English
Satnam Narang | 04 Apr 2014 14:56:45 GMT

Earlier this week, a large number of Twitter accounts were compromised and used by spammers to spread “miracle diet” spam. The compromised accounts included public figures, as well as average users of the social networking service.

Figure1_10.png
Figure 1. Twitter miracle diet spam

Déjà vu
Diet spam is quite common and can been found on various social networking sites and Twitter is no stranger to this problem. Over the years, we’ve seen many different campaigns try to capitalize on the latest miracle diet craze. In this particular case, spammers are trying to peddle garcinia cambogia extract through a page designed to look identical to the real Women’s Health website.

...

Joji Hamada | 03 Apr 2014 09:08:58 GMT

bankeiya_concept.png
In recent years, the Japanese Internet community has faced difficult times trying to combat financial Trojans such as SpyEye (Trojan.Spyeye) and Zeus (Trojan.Zbot). The number of victims affected and the amount of funds withdrawn from bank accounts due to compromises is increasing at an alarming rate. Just to give you an idea, according to the Japanese National Police Agency, the number of reported illegal Internet banking withdrawals jumped from 64 incidents in 2012 to 1,315 incidents in 2013. The loss in savings amounted to approximately 1.4 billion yen (US$ 14 million) in 2013, up from 48 million yen (US$ 480,000) in 2012.

More recently, the nation has also...

Orla Cox | 02 Apr 2014 13:59:50 GMT

Attacks are getting bigger and bolder and this calls for a new approach to cybersecurity. Cybercriminals have broadened their scope beyond conventional computer systems and now almost every connected device can be a target. 2013 was the year of the megabreach, where we witnessed some of the biggest data breaches of all time with over 500 million records exposed. Point of Sale terminals have been infected with malware in order to siphon off millions of credit card records. Attackers are even going one step further and using malicious code to steal cold hard cash. A recent piece of malware, Ploutus, allows criminals to use a mobile phone to get an ATM to spit out cash by sending a...

Symantec Security Response | 31 Mar 2014 14:41:18 GMT

On the back of Cryptolocker’s (Trojan.Cryptolocker) perceived success, malware authors have been turning their attention to writing new ransomcrypt malware. The sophisticated CryptoDefense (Trojan.Cryptodefense) is one such malware. CryptoDefense appeared in late February 2014 and since that time Symantec telemetry shows that we have blocked over 11,000 unique CryptoDefense infections. Using the Bitcoin addresses provided by the malware authors for payment of the ransom and looking at the publicly available Bitcoin blockchain information, we can estimate that this malware earned cybercriminals over $34,000 in one month alone (according to Bitcoin value at time of writing).

Imitation
Imitation is not...

Symantec Security Response | 31 Mar 2014 03:48:11 GMT

Symantec has observed the growth of indigenous groups of attackers in the Middle East, centered around a simple piece of malware known as njRAT. While njRAT is similar in capability to many other remote access tools (RATs), what is interesting about this malware is that it is developed and supported by Arabic speakers, resulting in its popularity among attackers in the region.

The malware can be used to control networks of computers, known as botnets. While most attackers using njRAT appear to be engaged in ordinary cybercriminal activity, there is also evidence that several groups have used the malware to target governments in the region.

Symantec analyzed 721 samples of njRAT and uncovered a fairly large number of infections, with 542 control-and-command (C&C) server domain names found and 24,000 infected computers worldwide. Nearly 80 percent of the C&C servers...

Satnam Narang | 26 Mar 2014 08:37:40 GMT

In late January this year, eager fans purchased tickets for Coachella, an annual two-weekend, three-day music festival but were later targeted by scammers in a phishing campaign that persisted up till the end of February.

Front Gate Tickets, the company responsible for handling the festival’s ticketing had sent an email to ticket buyers at the end of February warning users on the phishing campaign stating:

“The phishing involved a fraudulent website designed to look like the login page for Coachella ticket buyers to access their Front Gate accounts, built in an attempt to capture username and password information.”

The email went on to explain that the phishing links were circulated on message boards and email campaigns, and that the perpetrators had harvested the email addresses of ticket buyers who posted them publicly on message...

Symantec Security Response | 25 Mar 2014 12:25:44 GMT

Microsoft posted a security advisory today for a newly discovered, unpatched vulnerability affecting Microsoft Word. An attacker could take advantage of the Microsoft Word Remote Memory Corruption Vulnerability (CVE-2014-1761) to gain remote access to the targeted computer. The advisory indicates that the vulnerability was exploited in limited, targeted attacks. 

Users should not only be cautious about opening unknown RTF documents, but they should also avoid previewing these files in Outlook, as doing so could let the attackers exploit the vulnerability. Be aware that the default viewer for RTF documents attached to emails in several versions of Outlook is Microsoft Word. 

While patches have not yet been made available, users can apply several workarounds to minimize the risk of exploitation. Microsoft...

Daniel Regalado | 24 Mar 2014 12:57:46 GMT

daniel_blof_header_image_cropped.png

There is a growing chorus of voices calling for businesses and home users to upgrade existing Windows XP installations to newer versions of Windows, if not for the features, then at least for the improved security and support. ATMs are basically computers that control access to cash, and as it turns out, almost 95 percent of them run on versions of Windows XP. With the looming end-of-life for Windows XP slated for April 8, 2014, the banking industry is facing a serious risk of cyberattacks aimed at their ATM fleet. This risk is not hypothetical — it is already happening. Cybercriminals are targeting ATMs with increasingly sophisticated techniques. 

In late 2013, we...

Symantec Security Response | 20 Mar 2014 12:59:29 GMT

Last year, security reporter Brian Krebs discovered that a group of attackers managed to compromise multiple companies, steal sensitive customer data and sell the details through an online identity theft store known as SSNDOB. The attackers broke into the networks of a number of major consumer and business data aggregators as well as a software development firm. Krebs revealed that the attackers then put the stolen data for sale on SSNDOB, allowing their customers to buy personal details belonging to US and UK citizens.

Symantec looked into the attacks conducted by the group behind SSNDOB, who we call the Cyclosa gang. During our investigations, we managed to identify one of the owners of the service who claims in online forums to be Armand Arturovich Ayakimyan, a 24-year-old man from Abkhazia. As we looked further into this case, we learned how he started as a...

Kaoru Hayashi | 19 Mar 2014 12:58:54 GMT

DarllozConcept.png

Last November, we found an Internet of Things (IoT) worm named Linux.Darlloz. The worm targets computers running Intel x86 architectures. Not only that, but the worm also focuses on devices running the ARM, MIPS and PowerPC architectures, which are usually found on routers and set-top boxes. Since the initial discovery of Linux.Darlloz, we have found a new variant of the worm in mid-January. According to our analysis, the author of the worm continuously updates the code and adds new features, particularly focusing on making money with the worm.

By scanning the entire Internet IP address space in February, we found that there were more than 31,000 devices infected with Linux.Darlloz.

Coin mining
In addition, we have discovered the current...