Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
2006 in Review
Vincent Weafer | 27 Dec 2006 08:00:00 GMT | 0 comments

The countdown to December 31 has begun. As 2006 comes to a close, it’s important to review the significant trends and issues observed by Symantec Security Response over the past year. Some of these may relate to what we can expect to see in the New Year.

First and foremost, throughout 2006 we identified that online fraud has steadily increased and become even more sophisticated. Much of the online fraud activity we’ve seen has been in the form of phishing – approximately seven million total phishing attempts each day. That’s a lot of cybercriminals on the hunt for your personal information! We have also witnessed phishers innovating beyond the traditional online scam where they may distribute tens of thousands of emails hoping to trick one of you lucky individuals. Today, we are seeing fraudsters embrace new techniques such as vishing and SMishing to solicit and obtain your confidential information. See Zulfikar Ramzan’s blog...

Read more
2006 in Review
Vincent Weafer | 27 Dec 2006 08:00:00 GMT | 0 comments

The countdown to December 31 has begun. As 2006 comes to a close,it’s important to review the significant trends and issues observed bySymantec Security Response over the past year. Some of these may relateto what we can expect to see in the New Year.

First and foremost, throughout 2006 we identified that online fraudhas steadily increased and become even more sophisticated. Much of theonline fraud activity we’ve seen has been in the form of phishing –approximately seven million total phishing attempts each day. That’s alot of cybercriminals on the hunt for your personal information! Wehave also witnessed phishers innovating beyond the traditional onlinescam where they may distribute tens of thousands of emails hoping totrick one of you lucky individuals. Today, we are seeing fraudstersembrace new techniques such as vishing and SMishing to solicit andobtain your confidential information. See Zulfikar Ramzan’s blog...

Read more
2006 in Review
Vincent Weafer | 27 Dec 2006 08:00:00 GMT | 0 comments

The countdown to December 31 has begun. As 2006 comes to a close, it’s important to review the significant trends and issues observed by Symantec Security Response over the past year. Some of these may relate to what we can expect to see in the New Year.

First and foremost, throughout 2006 we identified that online fraud has steadily increased and become even more sophisticated. Much of the online fraud activity we’ve seen has been in the form of phishing – approximately seven million total phishing attempts each day. That’s a lot of cybercriminals on the hunt for your personal information! We have also witnessed phishers innovating beyond the traditional online scam where they may distribute tens of thousands of emails hoping to trick one of you lucky individuals. Today, we are seeing fraudsters embrace new techniques such as vishing and SMishing to solicit and obtain your confidential information. See Zulfikar Ramzan’s blog...

Read more
Phishing 2006: The Year in Review
Zulfikar Ramzan | 26 Dec 2006 08:00:00 GMT | 0 comments

Now that we’re near the end of the year, Ithought I’d spend some time looking back at the phishing threat andreviewing some of the noteworthy trends. There are three high-levelaspects that I’d like to touch upon:
1) The overall increase in phishing activity
2) New phishing attack vectors
3) New antiphishing techniques

Overall activity

First, phishing activity has steadily increased during the course of2006. We’ve seen increases in both the number of phishing Web sitesthat go up as well as the number of unique phishing emails being sentout. Most targets are in financial services, but phishers have expandedtheir scope to include retailers, social networking sites, serviceproviders, government sites, and even certificate authorities.

In addition, we’re seeing semblances of “corporate” behavior inphishing attack patterns. For example, phishers seem to be workingnormal business workdays and, therefore, are less...

Read more
Phishing 2006: The Year in Review
Zulfikar Ramzan | 26 Dec 2006 08:00:00 GMT | 0 comments

Now that we’re near the end of the year, I thought I’d spend some time looking back at the phishing threat and reviewing some of the noteworthy trends. There are three high-level aspects that I’d like to touch upon:
1) The overall increase in phishing activity
2) New phishing attack vectors
3) New antiphishing techniques

Overall activity

First, phishing activity has steadily increased during the course of 2006. We’ve seen increases in both the number of phishing Web sites that go up as well as the number of unique phishing emails being sent out. Most targets are in financial services, but phishers have expanded their scope to include retailers, social networking sites, service providers, government sites, and even certificate authorities.

In addition, we’re seeing semblances of “corporate” behavior in phishing attack patterns. For example, phishers seem to be working normal business workdays and, therefore, are less active during...

Read more
Vista Vulnerable
John McDonald | 22 Dec 2006 08:00:00 GMT | 0 comments

A vulnerability has been discovered in theway the Windows Client/Server Runtime Server Subsystem (CSRSS)processes a type of system message referred to as the HardErrormessage, reportedly allowing a logged on user to execute arbitrary codein the CSRSS.EXE process and elevate their privileges to SYSTEM level.The vulnerable code is present in the new Vista operating system, aswell as Windows 2000, XP and 2003.

When certain events occur within the operating system, a HardErrormessage is sent to CSRSS containing the caption and text of a messagebox to be displayed in order to notify the user of a critical systemerror. The HardError message is handled by a function in WINSRV.DLLwhich returns pointers to the caption and text of the message box. Ifthe caption or text parameters are prefixed with certain characters,the function erroneously frees the buffer holding the text and returnsa pointer to freed memory. After the message box is closed by the user,the same...

Read more
Targeted Phishing Attacks: Unique Brands and Email Reach
Zulfikar Ramzan | 22 Dec 2006 08:00:00 GMT | 0 comments

This entry continues my blog series on some Symantec phishing data I have recently analyzed. I decided to look at data that relates to how phishing attacks are becoming more targeted. During the periods studied, our data does not support the hypothesis that attackers are going after more and more specialized targets. For the periods studied, our data also indicates that targeted phishing campaigns are outweighed by more scattered ones. Again, it’s important to note that the data is specific to a given period of time, so it’s possible (and perhaps quite likely, given how rapidly the landscape is changing) that outside this time frame the picture could change dramatically.

Let’s consider unique brands first. From June through September, 2006, the Symantec Norton Confidential system recorded 154 distinct brands that were spoofed in a phishing attack. Of these 154 brands, 93 of them were spoofed in a phishing attack that occurred during June; this...

Read more
Targeted Phishing Attacks: Unique Brands and Email Reach
Zulfikar Ramzan | 22 Dec 2006 08:00:00 GMT | 0 comments

This entry continues my blog series on some Symantec phishing data I have recently analyzed. I decided to look at data that relates to how phishing attacks are becoming more targeted. During the periods studied, our data does not support the hypothesis that attackers are going after more and more specialized targets. For the periods studied, our data also indicates that targeted phishing campaigns are outweighed by more scattered ones. Again, it’s important to note that the data is specific to a given period of time, so it’s possible (and perhaps quite likely, given how rapidly the landscape is changing) that outside this time frame the picture could change dramatically.

Let’s consider unique brands first. From June through September, 2006, the Symantec Norton Confidential system recorded 154 distinct brands that were spoofed in a phishing attack. Of these 154 brands, 93 of them were spoofed in a phishing attack that occurred during June; this...

Read more
Phishing Attacks: Industry Segmentation of Spoofed Brands
Zulfikar Ramzan | 22 Dec 2006 08:00:00 GMT | 0 comments

As part of the look at phishing statistics that I’ve blogged about recently, we analyzed the industry segmentation of the brands spoofed in a phishing attack. We divided the spoofed brands into the following categories:
• Financial - sites associated with online banking, brokerage, lending, and similar financial services or sites that directly support such a brand
• Service provider - sites that provide some common Internet-related services, including one or more of the following: Internet access, email accounts, or information portals
• General retail - sites that are associated with the sale of merchandise online
• Computer hardware - sites that are associated almost exclusively with the sale of computer hardware and peripherals
• Government - sites whose common URL ends in the .gov extension
• Social networking - sites whose exclusive purpose is to facilitate connection, collaboration, and communication among members,...

Read more
Tricky New Spam Tactic
Kelly Conley | 21 Dec 2006 08:00:00 GMT | 0 comments

We've noticed a tricky new spam tactic occurring recently and thought we'd share it with you. It’s always exciting when a new spamming technique comes along and it’s even more exciting when our filtering capabilities are successful against it. Most users running our product will not have seen this. Spam filtering can still protect you from this “new spam technique,” but, even if you have seen it or even opened it, you probably gave it a one-two glance and wondered “Eh? This isn't what I thought it was.”

The headers are legit – coming from a newsletter or ad that you have signed up for. You should be receiving this mail, right? Nope, it's a spam email. Look closer. There at the top of the page. It's an ad for something entirely different than what you thought was going to be in that email.

It's an online pharmacy ad within a legitimate NFL newsletter. That is really sneaky. It looks legitimate from your Inbox. You did sign up for that NFL...

Read more