Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
Phishers Turn to Social Media for Money
Mathew Maniyara | 07 Dec 2012 00:17:56 GMT | 0 comments

Contributor: Avdhoot Patil

Social media is a common target for phishers for the purposes of identity theft. Phishers are now seeking financial gain from social networking phishing sites. In November 2012, phishing sites spoofed a popular social networking site and asked for financial information as a requirement for to improve user security. The phishing sites were hosted on free web hosting sites.

The phishing site stated that the social networking site had made some improvements in security and required users to verify their identity by completing a security check. After the “Continue” button was clicked, users were asked to enter their personal details.

The personal details required included the user's:

  • First name
  • Last name
  • Email address
  • Password
  • Country
  • Gender
  • Birthday

The phishing pages that followed asked for users’ webmail address with their...

Read more
Football Phishing Fever Continues
Mathew Maniyara | 05 Dec 2012 23:52:35 GMT | 0 comments

Contributor: Avdhoot Patil

Several phishing attacks using football have been observed during 2012. Phishers have shown their interest in football clubs, football celebrities, and the 2014 FIFA World Cup. In November 2012, the trend continued with phishers spoofing the 2014 FIFA World Cup in Brazilian Portuguese on a free web hosting site.

In one example, a phishing site prompted users to sign up for a  daily offer to win prizes worth hundreds of dollars, including trips to the World Cup. The phishing page featured the World Cup mascot Fuleco on the right hand side. While signing up for the offer, the user is asked to select from three Brazilian electronic payment brands. After the brand is selected, the phishing site requests the user’s confidential information.

The information required includes the user's:

  • Card number
  • Electronic signature
  • Card holder name
  • Password
  • Email address...
Read more
Chicken or Egg: Where Does W32.Changeup Come From?
Symantec Security Response | 04 Dec 2012 02:12:57 GMT | 0 comments

­Throughout history, philosophers and scientists have pondered the question of which came first: the chicken or the egg. Over the last week, Security Response has seen an increase in the number of W32.Changeup detections. We know that Changeup can download a bevy of other threats onto a compromised computer. But an unanswered question is how does W32.Changeup compromise a computer in the first place?

While other vend­­­­ors have indicated the latest round of Changeup has spread through social networking websites, Symantec Security Response has managed to identify one source of the worm.

In recent malicious spam claiming to contain a secure message from banking...

Read more
Android Malware Continues to Thrive in Japan
Joji Hamada | 03 Dec 2012 23:52:47 GMT | 0 comments

2012 will be remembered as the year in which Android malware spread widely in Japan and may also be known as the year when some of the developers of the malware escaped punishment for performing the malicious activities.

On October 30, the Tokyo Metropolitan Police arrested a group of five individuals for their involvement in developing and distributing Android.Dougalek. Their goal was to collect personal information stored on Android devices. Coincidently, the Kyoto Prefectural Police also arrested two men on the same day, and then two more at a later date, for the development and distribution of Android.Ackposts, which was also used to steal personal information. Symantec welcomes this news and applauds the police for their efforts.

Symantec was able to assist the Tokyo...

Read more
W32.Changeup – A Worm By Any Other Name
Symantec Security Response | 01 Dec 2012 01:19:03 GMT | 0 comments

Whether a Montague or a Capulet, it never mattered to Juliet, as she made the case in Shakespeare's “Romeo and Juliet” when she says one of her most famous lines, “What’s in a name? That which we call a rose by any other name would smell as sweet.”

Earlier this week, we wrote about the increase in detections of a threat named W32.Changeup. Other vendors have written about it as well. However, each security vendor’s naming conventions are different. For Symantec, we named the threat W32.Changeup when we first discovered it.

Sampling of vendor detection names for W32.Changeup:

  • Microsoft: Worm:Win32/Vobfus.MD
  • McAfee: W32/Autorun.worm.aaeh
  • Trend Micro: WORM_VOBFUS
  • Sophos: W32/VBNA-X
  • Kaspersky: Worm....
Read more
Ransomware: The Couch-Potato Vs The Backpacker
Lionel Payet | 30 Nov 2012 16:38:00 GMT | 0 comments

Comparing variants of the same malware family can sometimes uncover interesting results. Trojan.Ransomlock, the highly profitable and prevalent malware, is one of those cases. This threat was originally spotted in Russia in 2009 but since then has been highly active in the wider world, particularly in the past few months.

An in-depth analysis of this month's AV detection stats for the Trojan.Ransomlock family of threats reveals two top variants: Trojan.Ransomlock.T and Trojan.Ransomlock.G.

Figure 1. Trojan....

Read more
Crisis: The Advanced Malware
Takashi Katsuki | 30 Nov 2012 06:50:46 GMT | 0 comments

Over the past few months, we have blogged several times about OSX.Crisis and W32.Crisis. The Crisis malware is a highly advanced malware that has multiple infection vectors and a variety of information-stealing functions.

Figure 1. The Crisis infection routine

 

It targets Windows and Mac operating systems as well as devices running Windows Mobile. It can also sneak onto virtual machines if the compromised computer has a specific VMware virtual machine image installed on it and we believe that this is the first malware that can perform host-to-guest virtual machine infections.

Some...

Read more
Browser Add-ons Add Fraudulent Data
Mathew Maniyara | 29 Nov 2012 06:53:37 GMT | 0 comments

Contributor: Wahengbam RobinSingh

Phishers continue to devise diverse strategies to improve their chances of harvesting users’ confidential information. Symantec constantly monitors and keeps track of these phishing trends. In November 2012, Symantec observed a phishing site that loaded a malicious browser add-on. The malicious add-on, if installed, would lead users to phishing sites even when a legitimate website is entered in the address bar. Phishers utilized a typosquatting domain to host the phishing site and their primary motive in this strategy was financial gain. The phishing site spoofed a popular e-commerce website.

Figure 1. Browser prevents automatic installation of the malicious add-on

 

The phishing site detects the...

Read more
Instaspam 2: Electric Boogaloo
Satnam Narang | 28 Nov 2012 22:14:57 GMT | 0 comments

While death and taxes may be certainties in our lives, in the digital world—especially in social networking—one certainty is spam.

I recently wrote about gift card spam targeting the popular photo-sharing application Instagram. The service now has over 100 million users and it recently surpassed Twitter with more average daily visitors (Figure 1). As the number of users of Instagram continues to increase, we expect to see a corresponding increase in Instagram spam.

Figure 1. Instagram daily visitor growth
 

Cash Rules Everything Around Me (C.R.E.A.M.)

While gift cards work quite...

Read more
W32.Changeup – A Malicious Gift That Keeps On Giving
Satnam Narang | 27 Nov 2012 23:26:24 GMT | 0 comments

In mid-2009 W32.Changeup, a polymorphic worm written in Visual Basic, was first discovered on systems around the world. Over the last few years, we have profiled this threat, explained why it spreads, and shown how it was created.

In the last week there has been an increase in the number of W32.Changeup detections. The increase in detections is a result of an updated version of W32.Changeup now circulating in the wild:
 

Figure....

Read more