Video Screencast Help
Security Response
Showing posts in English
Joji Hamada | 29 Jan 2014 03:23:01 GMT

In 2013, scammers published thousands of apps on Google Play that led to fraudulent sites. This form of scam is typically called “one-click fraud” in Japan.  The very first variant appeared in January and while only a handful of these fraudulent apps survive for a few days at most, we confirmed that, in total, more than 3,000 apps were published on the market in 2013. By October, scammers for the most part have stopped publishing new variants of the fraudulent apps on Google Play for unknown reasons.

figure1_14.png
Figure 1.
Total number of apps leading to one-click fraud sites published on Google Play throughout 2013

While apps that lure victims to fraudulent sites may no longer be available on Google Play, there are currently other vehicles leading victims to these sites, such as spam. 

This scam typically begins with spam...

Paul_Thomas | 23 Jan 2014 22:30:13 GMT

You may have seen media reports based on research by Proofpoint that hundreds of home devices such as entertainment systems and even a refrigerator had been sending spam. We refer to this collection of networked devices as the Internet of Things (IoT). Originally, the reports didn’t provide any evidence so we were unable to validate the claim. However, additional details have now been made available and we can confirm that your IoT devices, including your refrigerator, are not the source of this recent spam run.

From the information that was publicly provided, we have been able to determine that this specific spam run is being sent by a typical botnet resulting from a Windows computer infection. Symantec receives telemetry from a wide variety of sources including our endpoint security products, spam receiving honeypots, and botnet honeypots that await spam-initiating...

Flora Liu | 23 Jan 2014 07:14:03 GMT

We’ve seen Android malware that attempts to infect Windows systems before. Android.Claco, for instance, downloads a malicious PE file along with an autorun.inf file and places them in the root directory of the SD card. When the compromised mobile device is connected to a computer in USB mode, and if the AutoRun feature is enabled on the computer, Windows will automatically execute the malicious PE file.

Interestingly, we recently came across something that works the other way round: a Windows threat that attempts to infect Android devices.

The infection starts with a Trojan named Trojan.Droidpak. It drops a malicious DLL (also detected as Trojan.Droidpak) and registers it as a system service. This DLL then downloads a configuration file from the following remote server:

  • ...
Dick O'Brien | 21 Jan 2014 00:51:42 GMT

Internet of Things Header.jpg

Could your baby monitor be used to spy on you? Is your television keeping tabs on your viewing habits? Is it possible for your car to be hacked by malicious attackers? Or could a perfectly innocent looking device like a set-top box or Internet router be used as the gateway to gain access to your home computer?

A growing number of devices are becoming the focus of security threats as the Internet of Things (IoT) becomes a reality. What is the Internet of Things? Essentially, we are moving into an era when it isn’t just computers that are connected to the Internet. Household appliances, security systems, home heating and lighting, and even cars are all becoming Internet-enabled. The grand vision is of a world where almost anything can be connected—hence the Internet of Things.

Exciting new...

Eric Park | 20 Jan 2014 18:44:19 GMT

Spammer success is dependent on two factors:

  1. Evading spam filters so the spam message arrives in the recipient inbox
  2. Crafting messages so that the recipient is enticed to open and perform desired call-to-actions (click on the link, open attachment, etc.)

Spammers walk a fine line to balance these two aspects; relying heavily on one factor and ignoring the other will make the spam campaign fail. For example, spammers can evade spam filters by randomizing the subject and body of the message, however such randomization is likely to be ignored by even the most unsophisticated user as obvious spam. Similarly, crafting stand-out enticing messages to increase the email open rate often results in spam filters blocking the message. Spammers have a tough challenge.

Rising up to meet this challenge, spammers are now hiding the true content from the user more than ever before. While there are still spam campaigns with links to online pharmacies with...

Satnam Narang | 15 Jan 2014 22:13:49 GMT

A few weeks after our blog post about porn and secret admirer spam targeting Snapchat users, a new spam campaign using sexually suggestive photos and compromised custom URLs is circulating on the photo messaging app.
 

image1_21.png

Figure 1. Snapchat spam
 

Each of these spam messages includes a request to “Add my kik”, along with a specially crafted user name on the Kik instant messaging application for mobile devices.
 

image2_12.png

Figure 2...

Eric Park | 15 Jan 2014 09:29:01 GMT
After a long hiatus, spammers are once again using an old trick, where they attach a .zip file to trick the user into executing the compressed malware. The chart below shows the number of spam messages with .zip attachments over the last 90 days in Symantec’s Global Intelligence Network (GIN).
 
figure1_6.png
Figure 1. Spam messages with .zip attachments over the last 90 days
 
On January 7, 99.81 percent of the .zip attachment spam that came into Symantec’s GIN had the file name “BankDocs-”  followed by 10 hexadecimal characters.
 
figure2_7.png
Figure 2. Email with “BankDocs-” .zip attachment
 
On January 8, 99.34 percent of the .zip...
Christopher Mendes | 15 Jan 2014 07:35:27 GMT

It’s not surprising to see scammers exploiting the laxity of Internet users.

Symantec has observed another malware wave over the past few days following the holiday season. Many users check their utility and other official emails post-vacation to see if they missed out important messages. This is where spammers take a chance and hope that users will click on malicious links in their emails.

In this latest wave of attacks, spammers are taking advantage of users’ desire to open and respond to urgent emails right away. When this happens, the malware infects users’ computers and extracts confidential data.

Last week, I too, received some of these scam emails posing as delivery failure notifications from well-known stores with an online presence, stating that I missed the delivery of a couple of parcels while I was away on vacation.

At first, I wondered how this was possible since I hadn’t placed any orders, and wondered if they might be surprise gifts....

Candid Wueest | 14 Jan 2014 22:40:15 GMT

The rise of “rest in peace” scam messages on social media sites continues. Jackie Chan, Morgan Freeman, Will Smith, Keanu Reeves, and Rihanna are only a few of the celebrities that have been proclaimed dead in recent scams. The sensational messages usually include links to a video. Before the user gets to see the video, they are tricked into manually sharing the bait message with all of their family and friends in order to spread the scam further. Even after sharing the post, the user will still not be able to see the fake video. Rather, they will be redirected to a site with advertisements that asks the user to fill out a survey. The ads and surveys generate revenue for the scammer. Other variants of the scam ask the user to download a malicious browser extension or application. This kind of scam is not new, but as long as they make money, they will continue.

...

Dinesh Theerthagiri | 14 Jan 2014 19:24:29 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing four bulletins covering a total of six vulnerabilities. All six of this month's issues are rated ’Important’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the January releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Jan

The following is a breakdown of the issues being addressed...