Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Lionel Payet | 19 Sep 2014 11:37:02 GMT


Contributor: Andrea Lelli

Every day, many different targeted attacks occur using various social engineering themes. Social engineering is a critical first stage of a spear-phishing email attack, as it lays the ground work to the eventual compromise of a victim's computer. The social engineering theme is usually related to the victim’s business or current news, but occasionally, unusual social engineering themes show up. Despite their strange nature, these peculiar social engineering themes may be enough to arouse your curiosity. This basic human emotion is difficult to ‘control’ – “Curiosity is the lust of the mind,” as the English philosopher Thomas Hobbes once said.

Last month, we observed a spear-phishing email that claimed to contain classified information in the form of a report [...

Symantec Security Response | 17 Sep 2014 10:34:22 GMT


For years now, malware has attempted to evade detection by security software using many different methods. Functions such as ending processes and services and deleting files and registry keys related to security products are commonly included in many of today’s malware. We recently noticed a simple, but interesting, trick used in an attempt to prevent the installation of a security product.

A group of scammers, using a certain set of variants of Trojan.Snifula customized to target Japanese online banks and credit card companies, is now attempting to figure out ways to avoid detection from a security product local to Japan. A recent configuration file used by this variant includes JavaScript that attempts to stop a specific image file from appearing on a...

Dick O'Brien | 11 Sep 2014 17:07:13 GMT


Apple is moving into the payments market with the announcement of a contactless payments service for its new iPhone 6. The company yesterday announced two new iPhone models and an accompanying Apple Watch and also unveiled details of Apple Pay, which will allow users to make payments using near field communication (NFC) wireless technology.

Rather than creating its own payments infrastructure, Apple has inked deals with Visa, MasterCard, American Express, and a number of major card-issuing banks, which will see payments made using the new iPhone routed through existing payment card networks.

One touch payments
Users of the new iPhone 6 will...

himanshu_mehta | 09 Sep 2014 20:53:11 GMT


Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing four bulletins covering a total of 42 vulnerabilities. Thirty-six of this month's issues are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the September releases can be found here:

Dick O'Brien | 08 Sep 2014 12:57:37 GMT


The United States National Highway Traffic Safety Administration (NHTSA) is planning to create an official standard for Vehicle-to-Vehicle (V2V) communications and the agency recently published an Advance Notice of Proposed Rulemaking (ANPRM) on V2V—effectively a notice that the standard and a requirement to implement it is on the way—along with a progress report on the development of this new technology.

Why is the US government getting involved in creating new technology standards? It doesn’t believe that the market would agree on a standard itself in a timely fashion if left to its own devices.  “NHTSA...

Symantec Security Response | 05 Sep 2014 16:46:11 GMT

Days after numerous celebrities were found to have their iCloud accounts compromised, a major botnet has turned its attention to Apple customers, launching a phishing email campaign aimed at luring victims into disclosing their Apple ID’s and passwords.

Symantec has observed Kelihos (also known as Waledac) being used to send spam emails purporting to be from Apple, informing the victim that a purchase has been made using their account on the iTunes Store. Samples of the emails discovered by Symantec bear the subject line “Pending Authorisation Notification.” The email says that the victim’s account has been used to purchase the film “Lane Splitter” on a computer or device that hadn’t previously been linked to their Apple ID. The email gives an IP address that was used to make the alleged purchase and claims the address is located in Volgograd, Russia.


Nick Johnston | 04 Sep 2014 16:03:29 GMT

Obfuscated phishing sites are nothing new. Various techniques such as JavaScript encryption tools (which offer very primitive obfuscation), data URIs (where the page content is mostly Base64-encoded), and character escaping are often used. However, recently we have seen a phishing site using the Advanced Encryption Standard (AES).


Figure 1. Page source of phishing site using AES

The page includes a JavaScript AES implementation, which it calls with the embedded password (used to generate the key) and embedded encrypted data (ciphertext). The decrypted phishing content is then dynamically written to the page using document.write().

This process happens almost instantly, so users are unlikely to notice anything unusual. Once decryption is complete, the phishing site is shown as normal.


Satnam Narang | 01 Sep 2014 20:41:48 GMT

It’s all over the news—private photographs of celebrities, including Jennifer Lawrence and Kate Upton, were posted online over the weekend. As for how they were obtained, various reports have suggested the attacker gained access to the celebrities’ Apple iCloud accounts. Based on the widespread interest in this story, we are warning users about scams around this narrative.

Apple ID phishing
Whether or not iCloud was the point of compromise in this incident, scammers have been interested in stealing these credentials for some time. We previously wrote about email scams claiming to be from Apple support asking users to update or verify their Apple IDs (Apple IDs are used for setting up an iCloud account). These emails contain links to phishing websites that...

Avdhoot Patil | 26 Aug 2014 08:40:29 GMT

Celebrity lures continue in the world of phishing. We have seen several phishing sites in the past that used altered celebrity images to get users’ attention. Today, we have a couple of examples in which phishers continued their celebrity  promotion campaigns with glamour models Martisha and Denise Milani. These phishing sites are typically developed for the purpose of stealing personal information from a large number of these celebrities’ fans.

In one campaign, the phishing page spoofed Facebook’s branding and contained an image of glamour model Martisha along with a message in the Arabic language. This message translates to “Chat with Arab boys and girls on Facebook”. The phishing site gave the impression that the user could get involved in adult chats when they entered their login credentials. In reality, after the user inputted their login credentials, they were redirected to the legitimate Facebook login page while their information was sent to the phishers. The...

Symantec Security Response | 25 Aug 2014 18:21:25 GMT

Trojan Backoff 1.png

A recently discovered point-of-sale (PoS) threat known as Trojan.Backoff has affected more than 1,000 US businesses and is capable of stealing credit and debit card information from infected terminals. The threat posed by Backoff has prompted the US Department of Homeland Security to issue an advisory, encouraging all organizations, regardless of size, to check their equipment for PoS malware infections.

The warning follows an earlier bulletin from US-CERT on July 31, which said that seven PoS system providers and vendors had confirmed that they have...