Video Screencast Help
Security Response
Showing posts in English
Dinesh Theerthagiri | 10 Dec 2013 19:53:34 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eleven bulletins covering a total of 24 vulnerabilities. Ten of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the December releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Dec

The following is a breakdown of the...

Symantec Security Response | 10 Dec 2013 14:19:40 GMT

creepware_title_banner.png

Some people stick a piece of tape over the webcam on their laptop, maybe you even do it yourself. Are they over cautious, paranoid, a little strange? Are you? Or is there reason behind this madness? Many of us have heard the stories about people being spied on using their own computer or people being blackmailed using embarrassing or incriminating video footage unknowingly recorded from compromised webcams. But are these stories true and are some people’s seemingly paranoid precautions justified? Unfortunately the answer is yes, precaution against this type of activity is necessary and there are a multitude of programs out there that can be used for this type of malicious activity…and more. Remote access Trojans (RATs), or what we are calling creepware, are programs that are installed without the victim’s knowledge and allow an attacker to have access and...

Symantec Security Response | 06 Dec 2013 22:34:41 GMT

Cybercriminals are constantly looking for ways to evolve their malware. Evolution is the key for survival because antivirus research, analysis, countermeasures, and public awareness thwart the efficacy of malware and its spread. During the past year, Ransomware has received a lot of news coverage which has decreased the number of uninformed victims and lowered the impact and effectiveness of the malware along with the percentage of return to the criminal.

Due to this increased public awareness, in the last quarter of 2013 we have seen cybercriminals reorganize around a new type of extortion: Cryptolocker. This threat is pervasive and preys on a victim's biggest fear: losing their valuable data. Unlike previous Ransomware that locked operating systems and left data files alone and usually recoverable, Cryptolocker makes extortion of victims more effective because there is no way to...

Symantec Security Response | 04 Dec 2013 11:25:59 GMT
There has been recent media coverage around a new online banking Trojan, publicly known as Neverquest. Once Neverquest infects a computer, the malware can modify content on banking websites opened in certain Internet browsers and can inject rogue forms into these sites. This allows attackers to steal login credentials from users. The threat can also let attackers take control of a compromised computer through a Virtual Network Computing (VNC) server. Neverquest can replicate itself by stealing login details and spamming out the Neverquest dropper, by accessing FTP servers to take credentials in order to distribute the malware with the Neutrino Exploit Kit and by obtaining social networking credentials to spread links to infected websites...
Satnam Narang | 03 Dec 2013 23:29:52 GMT

Yesterday, a number of Twitter users were duped into following fake Twitter accounts known as @VerifiedReport and @MagicReports. Both accounts claimed to be part of a Twitter experiment between users, news organizations, and journalists, and followed a number of Twitter users while tweeting the following, “This is a Twitter experiment. We are changing the way users interact with journalists and news organizations.”
 

Twitter Exp 1.png

Figure 1. MagicRecs notification about @VerifiedReport
 

Many users who discovered these accounts did so through a legitimate Twitter account known as @MagicRecs.
 

Twitter Exp 2.png

...
Dick O'Brien | 03 Dec 2013 21:42:50 GMT

The value of Bitcoin has surged dramatically in recent weeks, fuelling fears that a bubble is forming around the virtual currency. As investors pile in, a crash in Bitcoin prices isn’t the only thing they have to worry about. There has been a spate of incidents in recent weeks in which Bitcoin wallet and banking services have been attacked and millions of dollars worth of the currency stolen.
 

Bitcoin Thefts 1.png

Figure 1. Size of recent Bitcoin heists (US$ value on November 29)
 

Multi-million dollar heists

The current round of attacks began on November 7, when Australian Bitcoin wallet service Inputs.io announced that it had closed its doors after two attacks resulted in around 4,100 Bitcoins (US $4.34 million at the time of...

Satnam Narang | 03 Dec 2013 16:49:11 GMT
Over the past week, users of the photo messaging application Snapchat have seen an increase in the number of spam snaps (Snapchat pictures). The service is now being infiltrated by a myriad of fake accounts sending spam snaps of topless women.
 
figure1_4.png
Figure 1. Spam accounts on Snapchat
 
Snapchat users are currently receiving requests from accounts named similarly, using the following format: “[GIRL'S NAME]snap_####”. Each request features a pending snap from these spam accounts. Despite the app offering privacy settings to only allow snaps from friends, users can still receive add requests from unknown users. Some Snapchat users we spoke to have noticed an increase in these requests over the last week.
...
Binny Kuriakose | 03 Dec 2013 08:16:47 GMT

Word Salad, a workaround method invented by spammers to counter Bayesian spam filtering, is an old trick in the spammer’s manual, but cutting edge anti-spam filtering technology has made this ploy blunt.

As a form of Bayesian poisoning, Word Salad is an incongruous string of words. It uses words that are very legitimate and can be seen in any form of legit prose. From the perspective of Bayesian filtering, there is a large volume of legit data in emails which employs Word Salad. The word salad are often seen in the form of HTML, where nonsensical tags are used to break  URLs up so analysers will have a hard time tracking down the spammy URL. The latest trend in word salad is to add the most current keywords, like the hottest news or an upcoming event.

The demise of Paul Walker, the ‘Fast and Furious’ franchise star, in a fiery car accident on Saturday, is the latest example exploited by spammers. Within hours of this breaking news, Symantec...

Christopher Mendes | 02 Dec 2013 08:10:34 GMT

The Christmas season is a time to loosen up a few strings.  The ‘how’ is obvious, and the ‘where’ is situated in your pocket.

Now that’s no joke. You draw your plans and fix your expenditure. After all, you know the frontiers of your funds. But, the one who values it the most after you is the one who pries on you! It’s amazing to see how easily they do it. All it takes is a little bit of greed, a little bit of fear and a little bit of urgency and you lose your resolutions.  It’s only moments after you have allowed yourself to be cheated that you feel the remorse. After all, you have struggled for months to build your bank account balance to spend for Christmas only to have it burgled in an instance. If this detour does not bring you goosebumps, a little analysis on one such phishing sample should do the needful.

The header of the phishing email reads:

Subject: [Brand name] is giving...

Symantec Security Response | 30 Nov 2013 01:35:12 GMT

On November 27, Microsoft issued a security advisory regarding the recent discovery of a zero-day vulnerability in a kernel component of Windows XP and Windows Server 2003. The advisory states that the Microsoft Windows Kernel 'NDProxy.sys' Local Privilege Escalation Vulnerability (CVE-2013-5065) can allow an attacker to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers.

Symantec is aware of the attacks attempting to exploit the vulnerability and confirms the attacks have been active since the beginning of November. The attack arrives as a malicious PDF file with file names such as syria15.10.pdf or Note_№107-41D.pdf, likely by an email attachment, although there is a possibility that targeted users are being enticed to download the malicious file from a...