Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Symantec Security Response | 13 Apr 2007 07:00:00 GMT | 0 comments

Facebook is quickly becoming one of themost popular social networking sites for the 20-something crowd. It wasinitially focused on college students, but has since opened up to thewider public. Recent statistics place Facebook among the most popularsocial networking sites on the Internet.

Privacy has become a bigger issue in recent times for socialnetworking sites. People are becoming aware of the danger of placingpersonally identifiable information in plain view on the Internet. Theapproach Facebook has taken towards privacy issues is a granular one.People with profiles on Facebook can join “networks” based on theirschool or workplace. All that is necessary to join a network is anemail account from that organization. Privacy settings can becustomized in many configurations, including maximum visibility, whereanyone can find your limited profile in a search; limited privacy,where only those in one of your networks can see your full profile; anda restrictive setting,...

Andy Cianciotto | 12 Apr 2007 07:00:00 GMT | 0 comments

Security Response has seen a large spam run of what appears to be the latest in the line of Trojan.Peacomm variants. While this is nothing new, this time around the attachments are in the form of password-protected zip files. The recipient is tricked into unzipping the attachment with the included password, then running the unzipped file, to counteract activity related to an unknown worm (with which the recipient has undoubtedly been infected).

We've seen samples arrive in email messages with subjects including, but not limited to, "ATTN!", "Spyware Alert!", "Spyware Detected!", "Trojan Alert!", "Trojan Detected!", "Virus Activity Detected!", "Virus Alert!", "Virus Detected!", "Warning!", and "Worm Activity Detected!". The attachments are generally a .gif image file (...

Andy Cianciotto | 12 Apr 2007 07:00:00 GMT | 0 comments

Security Response has seen a large spam run of what appears to be the latest in the line of Trojan.Peacommvariants. While this is nothing new, this time around the attachmentsare in the form of password-protected zip files. The recipient istricked into unzipping the attachment with the included password, thenrunning the unzipped file, to counteract activity related to an unknownworm (with which the recipient has undoubtedly been infected).

We've seen samples arrive in email messages with subjects including,but not limited to, "ATTN!", "Spyware Alert!", "Spyware Detected!","Trojan Alert!", "Trojan Detected!", "Virus Activity Detected!", "VirusAlert!", "Virus Detected!", "Warning!", and "Worm Activity Detected!".The attachments are generally a .gif image file (this image containsthe zip password) and the executable in the form of patch-[random fourdigits].zip.

...

Hon Lau | 12 Apr 2007 07:00:00 GMT | 0 comments

Just in time to coincide with MicrosoftTuesday Patches, another new vulnerability is released to the world.This time the vulnerability was found in Windows Help (.hlp) files.This flaw enables an attacker to make use of a heap overflow in orderto achieve arbitrary code execution.

Symantec Security Response have analyzed a sample of the proof-of-concept code and have released the Bloodhound.Exploit.135 detection to proactively detect potential threats that utilize the vulnerability.

At this point we have not seen this vulnerability actively exploitedin the wild, but since there is no vendor-supplied patch available, wewould urge that users continue to remain vigilant, keep your securityproducts up to date, follow safe computing guidelines and...

Ollie Whitehouse | 12 Apr 2007 07:00:00 GMT | 0 comments

In May of 2006, for my second blog post for Symantec, I penned an entry entitled, "The Elephant Under the Carpet (and when I say 'carpet' I mean PDA). " The purpose of that post was to dispel the myth that Windows CE (and thus Windows Mobile) doesn't have security issues, and to point out that Microsoft had silently patched a number of security-related bugs. At that time, I couldn't see any Windows CE 5.0 security issues patched by Microsoft. This didn't seem right, so I decided it was time to review the situation. This blog post is an update to cover some issues since then.

If you look at Microsoft's Windows CE Critical Updates and Security site, [1] you'll see that there are no issues listed. It's important to point that, due to Microsoft's restrictions around getting information with regards to Windows Mobile, I will only be...

Dave Cole | 11 Apr 2007 07:00:00 GMT | 0 comments

Alright, I’ll fess up: spam has never been just for email, in spite of our cluttered inboxes that loudly protest to the contrary. Spam’s early commercial origins point back to a message to 6,000 recipients on Usenet by a couple of immigration attorneys named Canter & Siegel from Phoenix, Arizona back in 1994 who were promoting their services to enroll people in the national green card lottery. From these roots, spam moved on to its dominant format today: email. Nonetheless, the flood of SMTP-based spam we see today may obscure the other flavors of spam that have popped up, including IM spam, SMS spam, and the Web 2.0 buzzword-friendly “splog”.

I’ll spare you all the gory details on IM and SMS spam, they’re pretty straightforward. IM spam has yet to reach major proportions, but it’s certainly out there, plugging spy software, ringtones, and other services. SMS spam has been highly visible overseas since 2001, especially in Asia where SMS has been used heavily for some...

Kelly Conley | 10 Apr 2007 07:00:00 GMT | 0 comments

The Symantec “State of Spam” report for April 2007 is now online. This month’s report includes a spotlight on spam trends in the Europe, Middle East, and Africa (EMEA) region. One of the highlights is a discussion on the categories of spam detected in EMEA. I found this particularly interesting because there were some marked differences between worldwide spam and EMEA-specific spam. The most notable instances were the financial and scam categories.

Whereas spam related to financial goods and services accounted for 20 percent of worldwide spam, it accounted for 31 percent of spam detected in EMEA. Spam messages detected in the EMEA region that were categorized as scams were double the number reported worldwide. While only six percent of all messages globally were scams, 12 percent of spam in EMEA included scam messages...

David McKinney | 10 Apr 2007 07:00:00 GMT | 0 comments

Microsoft Patch Tuesday: April 2007

April was unique for Microsoft because it consisted of two MicrosoftTuesdays. Last week, we saw the release of patches for the .ANIzero-day vulnerability. This patch was consistent with Microsoft’spolicy of releasing out-of-band security patches (in other words,patches on days other than patch Tuesday) for vulnerabilities that areexperiencing widespread exploitation in the wild. From my experience,if the issue is significant enough to merit third-party patches fromDetermina, ZERT, etc., then in all likelihood Microsoft will do anout-of-band security patch release for the vulnerability.

Today Microsoft released an additional five security bulletins. Fourof the bulletins affect Microsoft Windows and the one affects MicrosoftContent Management Server.

• MS07-018 Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (KB925939)

This bulletin addresses two...

Christopher Covert | 09 Apr 2007 07:00:00 GMT | 0 comments

Webmail has become ubiquitous - most people have at least one account and some people use several. As the folks at Google pointed out this April Fool’s Day, we’ve gotten to the point where the idea of relying on postal mail for communication is almost completely absurd. Services like Google’s Gmail, Microsoft’s Hotmail, and Yahoo! Mail all offer an incredibly large amount of storage and can be accessed from almost any internet-connected machine.

This weekend I got an email from a friend, arriving from her Hotmail address. It was actually an auto-generated invitation link to a social networking service called ‘Tagged’. Tagged is employing some very sketchy tactics in expanding their user base. While the whole idea behind Web 2.0 is the combination of existing Web services/technologies to make them more useful, when a user signs up for Tagged, they’re practically forced to put in...

John McDonald | 09 Apr 2007 07:00:00 GMT | 0 comments

Over the weekend Security Response receivedsamples of the latest variants of Trojan.Peacomm and W32.Mixor doingthe rounds. The social engineering trick employed this time is inappealing to people's sense of fear as well as natural curiosity of apossible Middle East war involving the United States, Iran and Israel.

Subjects include "USA Just Have Started World War III" / "MissleStrike: The USA kills more then 20000 Iranian citizens" / "Israel JustHave Started World War III" / "USA Missile Strike: Iran War just havestarted". From the sample emails that we have seen to date, the actualemail body is blank, and the attached files have various names such as"video.exe", "movie.exe", "click here.exe", "clickme.exe", "readme.exe"and "read more.exe".

Proactively detected by Symantec antivirus software asTrojan.Packed.13, the underlying threats are actually nothing new. Theyare simply minor variants of Trojan.Peacomm and W32.Mixor (namedW32.Mixor.AR@mm in this instance)...