Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Candid Wueest | 16 Aug 2007 07:00:00 GMT | 0 comments

Well, we all know that playing games can influence your real life,even if it’s just the lack of sleep you get from spending whole nightsplaying online games. But there’s more to it. There are several crucialpoints that have to be considered when running around virtual fieldswith your character. Unfortunately, as in life, some people don't playby the rules.

Sometimes those virtual worlds are not as peaceful as one mightthink or hope. You, or more precisely your avatar, might getblackmailed for protection money or bullied by others. Destruction ofvirtual goods can happen if you don’t pay. The discovery of weapons ofmass destruction in Second Life confirms this point. (Yes, they doexist; search for “Jessie Massacre” if you don’t believe it.)

But, there are other entrapments to watch out for. We already reported on gold farming and the problem with in-game spam in a...

Candid Wueest | 16 Aug 2007 07:00:00 GMT | 0 comments

Have you ever “ego-Googled” yourself? That is, looked yourself up onGoogle? Chances are, if you haven’t, others have. Your employerprobably did it before hiring you, so it can’t be that bad, right? Butare you really aware of all the information that is available onlineabout you?

Nowadays, of course, one of the easiest ways to data-mine somebodyis to look them up on the many social networking sites that have sprungup over the past few years. These sites are hugely popular and you findthem for nearly every user group. You can find old buddies from schoolthat you’ve lost touch with, connect with people that listen to thesame music as you, or post your CV to attract a new employer.

For sure, they can be useful. And I admit that I, too, have usedthem several times. Sometimes it can even be very amusing. For example,I once received an email from a headhunter. Besides offering me aposition, she complained she couldn’t reach me on my listed phonenumber: ++1 234 567 890. What...

Carey Nachenberg | 15 Aug 2007 07:00:00 GMT | 0 comments

Back in June of 1992, I joined Symantec’s nascent antivirus team as a scruffy intern after a brief stint with the Norton Commander and Norton Desktop teams. At the time, Norton AntiVirus was a third-tier product with virtually no market-share. But that was about to change. That summer, Symantec hired over a dozen contractors to drastically improve Symantec’s detection rate and make us a world-class product. To give you an idea, back in 1993, top-notch products detected about 1,400 virus strains.

Over the course of that summer, and during my follow-up internships over the next few years, my teammates and I quickly realized that viruses were evolving at an extremely rapid pace, and would soon prove impossible for NAV’s core detection engines to detect. A detection engine is the heart and brains of the antivirus product; it performs all of the actual virus fingerprint scanning, and ours was quickly becoming obsolete.

Clearly the word was getting up to our...

Ollie Whitehouse | 14 Aug 2007 07:00:00 GMT | 0 comments

So, in the Future Watch section of the last Internet Security ThreatReport and in our Windows Vista research, we stated that drivers wereincreasingly being attacked and that we would expect this trend tocontinue. We also stated that these third-party drivers posed one ofthe greater areas of exposure to technologies such as driver signing,PatchGuard and general kernel integrity on Windows Vista 64bit. I recently blogged about an example of one third-party hardware driver from ATI and the issues it was causing Microsoft. Before that, I discussed a third-party driver which was specifically designed to allow the loading of arbitrary unsigned kernel drivers.

Anyway, before these came another example, though I've...

David McKinney | 14 Aug 2007 07:00:00 GMT | 0 comments

This month Microsoft has released nine security bulletins. All ofthese vulnerabilities could let an attacker execute arbitrary code onan affected computer. All of the issues are also classified as“client-side vulnerabilities”, meaning that they require someinteraction on the part of the user for exploitation to occur. Thiswill usually entail visiting a malicious Web page or opening amalicious file that is sent through email or other means.

Microsoft’s summary of the bulletins can be found here.

  1. MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)

    This bulletin consists of a code execution vulnerability(CVE-2007-2223/BID 25301) affecting Microsoft XML Core Services.Attackers could exploit this issue through a malicious Web page.

    Affects: Microsoft XML Core Services 3.0/4.0/6.0 on...

Zulfikar Ramzan | 13 Aug 2007 07:00:00 GMT | 0 comments

Part I on Friday discussed the early days of phishing from relatively harmless spam to targeting the financial sector and then to an increasingly professional operation with serious consequences for both organizations and individuals.

The threat evolves further

In a technical sense, phishing has evolved in a number of ways. Phishers are conscious of the different anti-phishing technologies out there – many of which employ block lists of suspicious Web sites. Block lists work by matching the URL that appears in the address bar of the Web browser with a list of known phishing Web sites. If there is a match, the user is warned. To get around that, in September 2006 many phishers started randomizing the sub-domain portion of the URL. While these URLs lead to the same site, no two are the same, and therefore the technique circumvents basic block lists.

Phishers are also privy to the fact that their pages are being viewed...

Zulfikar Ramzan | 10 Aug 2007 07:00:00 GMT | 0 comments

Symantec is celebrating its 25-year anniversary and, during the course of the company’s history, we’ve seen the threat landscape evolve continuously. Many of the threats we routinely address today were practically unheard of in the early days. While much of the activity back then was centered around viruses and other forms of malicious code designed to wreak havoc on customers' personal computers, today’s landscape now includes new threats that can wreak havoc on customers’ personal lives, stealing their money and also their identity.

One of these emerging threats is phishing. Phishing is a threat whereby attackers use social engineering mechanisms, in a fairly automated way, to trick victims into divulging sensitive data that can later be used to assume a victim’s identity on an online site or in a financial transaction. Throughout 2006, Symantec observed over 300,000 unique phishing emails and blocked these messages in nearly three billion phishing instances. Phishing...

Michael Smith | 09 Aug 2007 07:00:00 GMT | 0 comments

Firewalls, intrusion detection and prevention systems, antivirus – they’re all old tricks of the trade that IT has traditionally deployed to maintain the security of large and complex networks.

But are they enough? Threat volume is rising, propagation speed is increasing, and attacks are becoming more advanced and elusive. Luckily, there are innovative new ways to complement the traditional approach. And security’s bright side may be on the ‘dark’ side.

A growing number of organizations are leveraging darknets to increase their security intelligence and, in turn, enhance their security posture. A darknet is an area of routed IP address space in which no active services reside.

IT is increasingly using this ‘dark’ network as a powerful security tool. Because no legitimate packets should be sent to or from a darknet, the majority are likely sent by malware that scans for vulnerable devices with open ports in order to download, launch, and propagate malicious code...

Ollie Whitehouse | 08 Aug 2007 07:00:00 GMT | 0 comments

The other day, I blogged about the latest happenings in the Atsiv saga. Today I’m providing an update, which I couldn’t have made up even if I tried.

This can only be described as one of those moments that would makeanyone in Microsoft’s situation start to sob. Alex Ionsecu published anentry on his blog (whichsubsequently got pulled) with a supporting tool called Purple Pill.This tool had embedded in it an ATI signed driver that would be droppedto disk and loaded (a similar approach to Atsiv). However it wouldappear that this signed driver contained a design error which allowsyou to use it to load any arbitrary driver even if they are not signed(similar functionality to Atsiv). You can imagine this came about dueto a requirement to extend this core driver with arbitrary...

David McKinney | 08 Aug 2007 07:00:00 GMT | 0 comments

The hacker's place in the pop culture continuum is as anti-hero. This is an image portrayed in movies and novels - the hacker is a wild-card with the power of deus ex machina who can be called upon to cheat technology or exploit a loophole in the system. Since computers don't lie and the system is perfect, the hacker invokes black arts in gross defiance of reality and the law in order to accomplish his (as hackers are overwhelmingly portrayed as male) goals. Yet we often sympathize with the fictional hacker for this exact reason. The system irks us and we often wish we could circumvent it.

The nineties had its own hacker anti-hero: Kevin Mitnick.

Most of Mitnick's story has been told by the media and in a book entitled Takedown...