Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
Instagram Spam Leads to Premium Mobile Services
Ben Nahorney | 14 Nov 2012 16:04:40 GMT | 0 comments

Spammers have long been leveraging social networking sites to pull off scams. Generally speaking, as the popularity of a service increases, so too do the illicit activities of scammers. It seems that the popular photo-sharing service Instagram is the latest social networking site to catch the attention of these scammers.

I discovered this first-hand when I received an Instagram photo comment, from an unfamiliar account, which had nothing to do with the photo:

"Hi there, Get a FREE Game in my Profile, OPEN it up, Get 85.90$ :-) xx"

I went to check out the user, who appeared to be a rather attractive woman with followers in the thousands, but surprisingly for a photo-sharing service, not a single photo.

Figure 1. Scammer’s Instagram profile

Who was...

Read more
Windows 8 Not Immune to Ransomware
Symantec Security Response | 13 Nov 2012 21:49:39 GMT | 0 comments

Cybercriminals have for some time now recognized that ransomware can be a highly profitable endeavor. This has led to a significant increase of different ransomware in the wild with no sign of it leaving the threat landscape anytime soon.

So, how effective is ransomware on Windows 8 compared to other operating systems? To answer this question, Symantec ran several prevalent ransomware samples currently found in the wild in a default Windows 8 environment. While some samples ran poorly on Windows 8, it did not take long to find a ransomware variant (Trojan.Ransomlock.U) that successfully locked a Windows 8 system, effectively holding it to ransom.
 

...

Read more
Christmas Would Not Text You That Early
Candid Wueest | 13 Nov 2012 21:39:34 GMT | 0 comments

Even with mobile phones now being an essential part of our lives, I am still not used to receiving text message spam. Hence, I was kind of excited when I recently received one on my private number. The claim was that I had won something from Apple. The spam was sent from a number in Virginia, +1 540 514 [REMOVED], and it looks like the scam is currently run in a few different countries.
 

Figure 1. Swiss German version of scam text message
 

If you click on the link, which you obviously should not do, you will end up at a site that tells you that your gift is a brand new iPhone 5. All you have to do is enter the winning code that you received in the text message. The text is badly written with several spelling errors, just like in the old...

Read more
Microsoft Patch Tuesday - November 2012
Candid Wueest | 13 Nov 2012 18:25:50 GMT | 0 comments

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing six bulletins covering a total of 19 vulnerabilities. Seven of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the November releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-Nov

The following is a breakdown of the issues...

Read more
You Have Received a Christmas Card
Anand Muralidharan | 08 Nov 2012 23:03:41 GMT | 0 comments

It is more than a month until Christmas, but spammers are all set to spam the vacation season. We have observed Christmas related spam messages flowing into the Symantec Probe Network.

For greeting card spam, spammers used a legitimate look and feel in the email with headers (Subject & From) and flash animations that included a message to open the "Christmas Card.zip" attachment. After opening the attachment, the malicious code is downloaded on to the user's system. Symantec detects the attachment as W32/AutoRun.BBC!worm.
 

Figure 1. Christmas card example
 

As expected, spammers are promoting fake offers by targeting specific categories, including:

  • Products
  • Health
  • Internet
  • Finances
  • Replicas
...
Read more
Top 5 Security Predictions for 2013 from Symantec
Kevin Haley | 08 Nov 2012 14:01:41 GMT | 0 comments

With this year quickly coming to an end, it’s time for us at Symantec to publish our predictions on what we expect will happen in the world of cybersecurity for the coming year.

Most of us at Symantec tend to be fact-based, data-driven individuals. However, predicting the future always involves a bit of speculation. To derive our predictions for 2013, we began by talking to hundreds of security experts at Symantec to gather their thoughts and ideas. Then, we peer-reviewed these ideas, argued a lot, and boiled it all down to a handful of predictions that we felt would provide real insight into where we believe the threat landscape is going.

While these predictions are based on what we see today, they also reflect where we think things are going based on our years of expertise, our understanding of threat evolution, and our experience in previous cybersecurity trends.
 

  1. Cyber conflict becomes the norm
    In 2013...
Read more
Ransomware: A Growing Menace
Symantec Security Response | 08 Nov 2012 14:00:42 GMT | 0 comments

We regularly access computers in order to help with all manner of our daily activities. Indeed, many of us have come to depend on them, storing important files and documents for work and leisure. Imagine a scenario where you find that you can no longer use your computer, or imagine you are coming up to an important deadline and find that you are denied access to that important document you were working on. Suppose that a solution is offered to restore access, but for a fee. Would you pay? Should you pay?

Ransomware is a problem that has been with us for several years, but this year Symantec has seen a substantial growth in the sheer number and variety of this particular type of malware. This recent explosion in ransomware is most likely the result of existing cyber-criminal gangs realizing the revenue-generating power of the ransomware business model. The premise is simple and straightforward, take away something important to a user and demand cash for its return.

To...

Read more
Ransomware: How to Earn $33,000 Daily
Symantec Security Response | 08 Nov 2012 14:00:22 GMT | 0 comments

Ransomware is a type of malicious software that disables the functionality of a computer in some way and demands a ransom in order to restore the computer to its original state. Recent variants use law enforcement imagery to add legitimacy to the warning messages. The malware uses geo-location services to determine the location of the computer it is running on and then, after locking the computer displays a message appropriate to that country. The message usually claims that the user has broken the law by browsing some illegal material. Figure 1 is an example of a ransomware variant that displays a message claiming to be from the FBI.

Figure 1. An example of a ransomware message

The message states that in order to unlock the computer, “a fine” must be paid using one of...

Read more
Millions Download SMS Spoofing Code Found on Google Play
Mario Ballano | 05 Nov 2012 19:52:59 GMT | 0 comments

A few days ago, researchers from North Carolina State University published a video demonstrating how an app can simulate the reception of a text message from a spoofed source. SMS spoofing can be used for a number of malicious intentions, including SMS phishing attacks (SMSishing), which could trick someone into providing banking credentials or subscribing to paid services.

The code to perform this action has been publicly documented and in use since August, 2010. However, we have not yet found any instances that use the code for an SMSishing attack. Instead, the vast majority of apps use the code to deliver advertisements, including a couple hundred applications hosted on Google Play.

To send a spoofed SMS message there is no need to send a text message over the air. In fact, a...

Read more
Airpush Begins Obfuscating Ad Modules
Costin Ionescu | 02 Nov 2012 17:15:52 GMT | 0 comments

Many Android apps contain advertising modules provided by third parties in order to monetize their development efforts. Airpush is a company that produces one of the more aggressive advertising modules. Their advertising modules can place ads in the Android notification bar where users are alerted to events such as missed messages or missed phone calls.

Unfortunately, in the most common versions of Android, the notification bar fails to show the user which app actually generated the advertisement. Since these advertisements can appear when the user is not actively using the app, there may be confusion on how to stop the advertisements from appearing in the notification bar. It is worth noting that changes have since been made by both Google and Airpush to better link advertisements directly to apps.

Many users disapprove of this model of advertising which has resulted in a controversy causing waves of not-so-good ratings and comments for some apps. This has prompted...

Read more