Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
Mobile Scam: Winning Without Playing
Candid Wueest | 19 Apr 2013 08:18:05 GMT | 0 comments

We have blogged before about mobile spam messages, and while email spam declined in the past year to around 66%, mobile spam—although not yet that prevalent—is now gaining ground.

Currently the “winning ticket” theme is making its rounds through central Europe. Eight friends of mine received it over the space of a few days and I am proud that none of them fell for it, even though some were sorely tempted. The message states that you have won two million pounds sterling with some numbers that you never selected, in a non-specified lottery that you have certainly never played. There are a lot of variations of this particular scam that we have observed over the years, with a range of different prizes including cars and holidays. Unfortunately, there is no money behind it—at least not for you—as of course if you never play the lottery, you will definitely...

Read more
Former Egyptian Prime Minister Featured in Phishing Attack
Mathew Maniyara | 18 Apr 2013 15:03:02 GMT | 0 comments

Contributor: Avdhoot Patil

Phishers have already shown interest in the violence that erupted recently in various parts of the Arab world. The phishing attack involving Syria is a good example. Phishers are now taking advantage of the political unrest in Egypt as protests in the country continue. In March 2013, phishers promoted former Egyptian Prime Minister Ahmed Shafik in a phishing site. The phishing site was hosted on servers based in North Carolina, USA. The name “Ahmed Shafik” was used in the domain name of the phishing site.

blurred_website_600px.png

Figure 1. Phishing site designed as a fake official website of Ahmed Shafik

The phishing site was designed to look like an official page of the politician. It...

Read more
Boston Marathon Bombing Used in Malicious Spam Campaign
Samir_Patil | 17 Apr 2013 12:04:02 GMT | 0 comments

Contributor: Christopher Mendes

On the afternoon of April 15, 2013, just when many people were on the cusp of conquering another personal milestone by completing the Boston Marathon, they were hit hard by an act of cowardice. Two bombs struck near the finish line of the Marathon on Monday. Within hours of the bomb blast, large malware-laden spam emails started doing the rounds.

Symantec customers are protected from this attack. Symantec blocks the attack by multi-level detection using Antispam, Intrusion Prevention System technology (IPS), and antivirus (AV). The AV detects the downloaded file as Packed.Generic.402. IPS detects the attack as Web Attack: Red Exploit Kit Website.

The spam email is very simple. The...

Read more
Telugu Movie "Brindavanam" Featured in Phishing Attempt
Ashish Diwakar | 17 Apr 2013 03:41:34 GMT | 0 comments

Contributor: Avdhoot Patil

Phishers continue to target Indian movies with phishing scams. The phishing site featuring the movie “Bodyguard” is one example, and this month Symantec observed a phishing attack in which phishers used a song from the Telugu movie “Brindavanam” as bait.

image1.jpg

The phishing site displayed a picture of a musical number from the movie “Brindavanam” starring Telugu actresses Samantha and Kajal Aggarwal in the left side of the phishing page. There is also a plot summary of the movie below the image. The phishing page then encouraged users to enter their login credentials stating that, after logging in, they could watch the video. The pictured musical number from the movie was taken from the legitimate movie website. After...

Read more
Phishers Spoof Bank’s Security Guidance Web Page
Mathew Maniyara | 16 Apr 2013 17:15:29 GMT | 0 comments

Contributor: Sandeep Ingale

When it comes to financial organizations, being informed about best security practices is every customer’s right. Many organizations provide this information on their websites to help their customers learn how to take full advantage of the services available to them while staying secure. Interestingly, these Web pages, meant for the guidance and protection of customers, were mimicked by phishers with the intent of tricking people into handing over personal information.

In March, we discovered a phishing site spoofing a popular credit card services company that asked users for confidential information, allegedly for additional security. It should be kept in mind that a legitimate site will never ask for confidential information for this reason.

The phishing site prompts users through a three-step procedure for activating their card and adding higher security. The first step asks users for personal and card-related...

Read more
2013 ISTR Shows Changing Cybercriminal Tactics
Symantec Security Response | 16 Apr 2013 04:00:11 GMT | 0 comments

The Symantec Internet Security Threat Report (ISTR) 2013 reveals how the threat landscape is evolving, compiling information from more than 69 million attack sensors in 157 countries around the world. This year’s report shows more targeted attacks, an increasing focus on smaller businesses, and the continued development of new threats.

Targeted attacks, hacktivism, and data breaches

Targeted attacks saw a 42 percent increase in 2012, bringing the average number up to 116 per day, with a corresponding increase in data theft and incidents of industrial espionage. Attackers appear to be changing their targets as well. Small businesses make up a larger percentage of those targeted for attack than in 2011—a threefold increase—with 31 percent of all targeted attacks directed at companies with fewer than 250 employees. Attackers are evidently finding valuable data to steal from such small companies and fewer defenses in place to stop them....

Read more
Indian Online Users Enticed to Take the Bitter Red Pill of Truth
Roberto Sponchioni | 11 Apr 2013 10:37:13 GMT | 0 comments

We recently observed a small spam campaign that was targeting random users. The campaign focused on users in India.  

Figure1_map.png

Figure 1. Heatmap of compromised computers related to the spam campaign

The emails contained a malicious attachment, detected as Spyware.Redpill, which is used by the bad guys to steal confidential information.

Spyware.Redpill is not new by any means; back in 2008 we created a signature for Spyware.Redpill to protect users. Redpill was designed to collect information for people wishing to know if their partner had been cheating on them. The name “red pill” was a nod to the Matrix film franchise, the red pill and its opposite, the blue pill were the choice between the blissful...

Read more
Microsoft Patch Tuesday – April 2013
Candid Wueest | 09 Apr 2013 17:54:13 GMT | 0 comments

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 14 vulnerabilities. Four of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Apr

The following is a breakdown of the issues...

Read more
Shylock Beefing Up and Looking for New Business Opportunities
Symantec Security Response | 05 Apr 2013 10:27:07 GMT | 0 comments

Shylock (a.k.a. The Merchant of Malice) is one of the most sophisticated banking Trojan horse programs presently occupying the financial fraud threat landscape. From its humble beginnings in 2011, it has seen increased infections in the United Kingdom, Italy, and the United States. This is consistent with the increased number of targeted financial institutions over that time period. Shylock is currently targeting over 60 financial institutions with the majority of them operating in the United Kingdom.

The main purpose of Shylock is to perform a man-in-the-browser (MITB) attack against a configured list of target organization websites. The attack is used to steal user credentials and apply social engineering tactics in order to convince the user to perform...

Read more
Social Scams - Part 2: How to Clean Up Your Browser and Facebook Timeline
Satnam Narang | 03 Apr 2013 19:36:40 GMT | 0 comments

During recent weeks, I have seen different scams on Facebook attempt to convince users to install Google Chrome extensions. I have noticed some conversations taking place around the scams; people not sure how to get rid of the scammer photos or how to prevent the scams from spreading further. Some users have unfortunately  gone as far as creating new Facebook profiles for themselves. This is not necessary.

If you have been tricked by one of these scams, here is how you can clean up your browser and Facebook timeline:
 

Remove bad browser extensions

If you have installed the Chrome extension for Facebook Black, Profile Spy ("See Your Profile Viewers"), or Free PS4, you will need to uninstall it from your...

Read more