Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
Phishers Spoof Bank’s Security Guidance Web Page
Mathew Maniyara | 16 Apr 2013 17:15:29 GMT | 0 comments

Contributor: Sandeep Ingale

When it comes to financial organizations, being informed about best security practices is every customer’s right. Many organizations provide this information on their websites to help their customers learn how to take full advantage of the services available to them while staying secure. Interestingly, these Web pages, meant for the guidance and protection of customers, were mimicked by phishers with the intent of tricking people into handing over personal information.

In March, we discovered a phishing site spoofing a popular credit card services company that asked users for confidential information, allegedly for additional security. It should be kept in mind that a legitimate site will never ask for confidential information for this reason.

The phishing site prompts users through a three-step procedure for activating their card and adding higher security. The first step asks users for personal and card-related...

Read more
2013 ISTR Shows Changing Cybercriminal Tactics
Symantec Security Response | 16 Apr 2013 04:00:11 GMT | 0 comments

The Symantec Internet Security Threat Report (ISTR) 2013 reveals how the threat landscape is evolving, compiling information from more than 69 million attack sensors in 157 countries around the world. This year’s report shows more targeted attacks, an increasing focus on smaller businesses, and the continued development of new threats.

Targeted attacks, hacktivism, and data breaches

Targeted attacks saw a 42 percent increase in 2012, bringing the average number up to 116 per day, with a corresponding increase in data theft and incidents of industrial espionage. Attackers appear to be changing their targets as well. Small businesses make up a larger percentage of those targeted for attack than in 2011—a threefold increase—with 31 percent of all targeted attacks directed at companies with fewer than 250 employees. Attackers are evidently finding valuable data to steal from such small companies and fewer defenses in place to stop them....

Read more
Indian Online Users Enticed to Take the Bitter Red Pill of Truth
Roberto Sponchioni | 11 Apr 2013 10:37:13 GMT | 0 comments

We recently observed a small spam campaign that was targeting random users. The campaign focused on users in India.  

Figure1_map.png

Figure 1. Heatmap of compromised computers related to the spam campaign

The emails contained a malicious attachment, detected as Spyware.Redpill, which is used by the bad guys to steal confidential information.

Spyware.Redpill is not new by any means; back in 2008 we created a signature for Spyware.Redpill to protect users. Redpill was designed to collect information for people wishing to know if their partner had been cheating on them. The name “red pill” was a nod to the Matrix film franchise, the red pill and its opposite, the blue pill were the choice between the blissful...

Read more
Microsoft Patch Tuesday – April 2013
Candid Wueest | 09 Apr 2013 17:54:13 GMT | 0 comments

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 14 vulnerabilities. Four of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Apr

The following is a breakdown of the issues...

Read more
Shylock Beefing Up and Looking for New Business Opportunities
Symantec Security Response | 05 Apr 2013 10:27:07 GMT | 0 comments

Shylock (a.k.a. The Merchant of Malice) is one of the most sophisticated banking Trojan horse programs presently occupying the financial fraud threat landscape. From its humble beginnings in 2011, it has seen increased infections in the United Kingdom, Italy, and the United States. This is consistent with the increased number of targeted financial institutions over that time period. Shylock is currently targeting over 60 financial institutions with the majority of them operating in the United Kingdom.

The main purpose of Shylock is to perform a man-in-the-browser (MITB) attack against a configured list of target organization websites. The attack is used to steal user credentials and apply social engineering tactics in order to convince the user to perform...

Read more
Social Scams - Part 2: How to Clean Up Your Browser and Facebook Timeline
Satnam Narang | 03 Apr 2013 19:36:40 GMT | 0 comments

During recent weeks, I have seen different scams on Facebook attempt to convince users to install Google Chrome extensions. I have noticed some conversations taking place around the scams; people not sure how to get rid of the scammer photos or how to prevent the scams from spreading further. Some users have unfortunately  gone as far as creating new Facebook profiles for themselves. This is not necessary.

If you have been tricked by one of these scams, here is how you can clean up your browser and Facebook timeline:
 

Remove bad browser extensions

If you have installed the Chrome extension for Facebook Black, Profile Spy ("See Your Profile Viewers"), or Free PS4, you will need to uninstall it from your...

Read more
Social Scams - Part 1: Reusing Old Scams to Push Browser Extensions
Satnam Narang | 03 Apr 2013 19:35:53 GMT | 0 comments

Last year, we talked about scams and spam circulating on Facebook in our whitepaper. Social networking scammers often reuse common lures to trick users, such as offering free products or additional features that are not available on their network of choice. What these scammers do differently is find new ways to get more eyeballs to view their specific links. Whether it is likejacking or even convincing users to paste code (an external JavaScript file) into the browser address bar, these scammers are relentless.

Just recently, we published a blog about the Facebook Black scam that has been spreading. While that scam continued to spread, we found two old lures being reused,...

Read more
Japanese One-Click Fraud Campaign Comes to Google Play
Joji Hamada | 01 Apr 2013 13:40:49 GMT | 0 comments

One-click fraud refers to a scam that attempts to lure users interested in adult-related video to a site that attempts to trick them into registering for a paid service. For many years, it has been common to see this type of fraud on computers. As smartphone usage has increased, so has the number of these types of scams on smartphone devices. People typically come across these scam sites by searching for things that they are interested in or by clicking on links contained in spam messages. We also witnessed the advent of one-click fraud Android apps just over a year ago and those apps can now be found on Google Play.

dev7.png

...
Read more
Are the 2011 and 2013 South Korean Cyber Attacks Related?
Symantec Security Response | 29 Mar 2013 15:19:03 GMT | 0 comments

Overview
In the past four years there have been several major cyber attacks against South Korea. We have identified a particular back door (Backdoor.Prioxer) that surfaced during the 2011 attacks. A modified version of this back door was also discovered during the 2013 attacks. The back door is based on publicly available code, but there are some indications that the same individuals are responsible for the 2011 and 2013 versions, pointing towards a possible connection between the two attacks.

Background
The first documented major attack was in July, 2009. The attacks began on July 4, Independence Day in the United States, and consisted of a distributed denial-of-service (DDoS) attack against various Korean and US government and financial websites. A...

Read more
Bogus Asian Chat App Steals Login Information
Mathew Maniyara | 28 Mar 2013 15:07:04 GMT | 0 comments

Contributor: Avdhoot Patil

New methods to entice victims into handing over their personal information are always being devised by the people behind phishing websites and the use of fake social networking applications is always popular.

During the past month, phishing on social media sites consisted of 8.6 percent of all phishing activity. Among the phishing sites targeting social media, 0.8 percent consisted of fake applications offering features such as free cell phone airtime, adult videos, video chatting, adult chatting, etc.

In March 2013, phishers used a fake Asian chat application on a phishing site hosted on a free web hosting site.

fig1.jpg

Figure 1. Phishing page spoofing a social networking site

The phishing site spoofs a popular social networking site and is titled “Pakistani chat room - Pakistani girls...

Read more