Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response
Showing posts in English
Pavlo Prodanchuk | 11 Dec 2013 08:53:49 GMT

The latest trend in Russian language spam shows that spammers have started promoting Make Money Fast (MMF) schemes where users are told that money can be easily made with the use of binary options trading.

The sample observed by Symantec has the usual spam traits including a catchy subject, which highlights a large sum of money someone is making every month, to grab the attention of the recipient.

The spam is sent from mail.ru, the largest free email service in Russia, with the account name stating the age of the person linking it to the subject line. The following is a translation of the email header: 

Subject: $3700 a month – this retiree making more than you?
From: pensioner.vladimir@mail.ru

This is an effective trick, especially during the festive season when many peoples’ finances are stretched.

figure_0.jpg

...

Dinesh Theerthagiri | 10 Dec 2013 19:53:34 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eleven bulletins covering a total of 24 vulnerabilities. Ten of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the December releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Dec

The following is a breakdown of the...

Symantec Security Response | 10 Dec 2013 14:19:40 GMT

creepware_title_banner.png

Some people stick a piece of tape over the webcam on their laptop, maybe you even do it yourself. Are they over cautious, paranoid, a little strange? Are you? Or is there reason behind this madness? Many of us have heard the stories about people being spied on using their own computer or people being blackmailed using embarrassing or incriminating video footage unknowingly recorded from compromised webcams. But are these stories true and are some people’s seemingly paranoid precautions justified? Unfortunately the answer is yes, precaution against this type of activity is necessary and there are a multitude of programs out there that can be used for this type of malicious activity…and more. Remote access Trojans (RATs), or what we are calling creepware, are programs that are installed without the victim’s knowledge and allow an attacker to have access and...

Symantec Security Response | 06 Dec 2013 22:34:41 GMT

Cybercriminals are constantly looking for ways to evolve their malware. Evolution is the key for survival because antivirus research, analysis, countermeasures, and public awareness thwart the efficacy of malware and its spread. During the past year, Ransomware has received a lot of news coverage which has decreased the number of uninformed victims and lowered the impact and effectiveness of the malware along with the percentage of return to the criminal.

Due to this increased public awareness, in the last quarter of 2013 we have seen cybercriminals reorganize around a new type of extortion: Cryptolocker. This threat is pervasive and preys on a victim's biggest fear: losing their valuable data. Unlike previous Ransomware that locked operating systems and left data files alone and usually recoverable, Cryptolocker makes extortion of victims more effective because there is no way to...

Symantec Security Response | 04 Dec 2013 11:25:59 GMT
There has been recent media coverage around a new online banking Trojan, publicly known as Neverquest. Once Neverquest infects a computer, the malware can modify content on banking websites opened in certain Internet browsers and can inject rogue forms into these sites. This allows attackers to steal login credentials from users. The threat can also let attackers take control of a compromised computer through a Virtual Network Computing (VNC) server. Neverquest can replicate itself by stealing login details and spamming out the Neverquest dropper, by accessing FTP servers to take credentials in order to distribute the malware with the Neutrino Exploit Kit and by obtaining social networking credentials to spread links to infected websites...
Satnam Narang | 03 Dec 2013 23:29:52 GMT

Yesterday, a number of Twitter users were duped into following fake Twitter accounts known as @VerifiedReport and @MagicReports. Both accounts claimed to be part of a Twitter experiment between users, news organizations, and journalists, and followed a number of Twitter users while tweeting the following, “This is a Twitter experiment. We are changing the way users interact with journalists and news organizations.”
 

Twitter Exp 1.png

Figure 1. MagicRecs notification about @VerifiedReport
 

Many users who discovered these accounts did so through a legitimate Twitter account known as @MagicRecs.
 

Twitter Exp 2.png

...
Dick O'Brien | 03 Dec 2013 21:42:50 GMT

The value of Bitcoin has surged dramatically in recent weeks, fuelling fears that a bubble is forming around the virtual currency. As investors pile in, a crash in Bitcoin prices isn’t the only thing they have to worry about. There has been a spate of incidents in recent weeks in which Bitcoin wallet and banking services have been attacked and millions of dollars worth of the currency stolen.
 

Bitcoin Thefts 1.png

Figure 1. Size of recent Bitcoin heists (US$ value on November 29)
 

Multi-million dollar heists

The current round of attacks began on November 7, when Australian Bitcoin wallet service Inputs.io announced that it had closed its doors after two attacks resulted in around 4,100 Bitcoins (US $4.34 million at the time of...

Satnam Narang | 03 Dec 2013 16:49:11 GMT
Over the past week, users of the photo messaging application Snapchat have seen an increase in the number of spam snaps (Snapchat pictures). The service is now being infiltrated by a myriad of fake accounts sending spam snaps of topless women.
 
figure1_4.png
Figure 1. Spam accounts on Snapchat
 
Snapchat users are currently receiving requests from accounts named similarly, using the following format: “[GIRL'S NAME]snap_####”. Each request features a pending snap from these spam accounts. Despite the app offering privacy settings to only allow snaps from friends, users can still receive add requests from unknown users. Some Snapchat users we spoke to have noticed an increase in these requests over the last week.
...
Binny Kuriakose | 03 Dec 2013 08:16:47 GMT

Word Salad, a workaround method invented by spammers to counter Bayesian spam filtering, is an old trick in the spammer’s manual, but cutting edge anti-spam filtering technology has made this ploy blunt.

As a form of Bayesian poisoning, Word Salad is an incongruous string of words. It uses words that are very legitimate and can be seen in any form of legit prose. From the perspective of Bayesian filtering, there is a large volume of legit data in emails which employs Word Salad. The word salad are often seen in the form of HTML, where nonsensical tags are used to break  URLs up so analysers will have a hard time tracking down the spammy URL. The latest trend in word salad is to add the most current keywords, like the hottest news or an upcoming event.

The demise of Paul Walker, the ‘Fast and Furious’ franchise star, in a fiery car accident on Saturday, is the latest example exploited by spammers. Within hours of this breaking news, Symantec...

Christopher Mendes | 02 Dec 2013 08:10:34 GMT

The Christmas season is a time to loosen up a few strings.  The ‘how’ is obvious, and the ‘where’ is situated in your pocket.

Now that’s no joke. You draw your plans and fix your expenditure. After all, you know the frontiers of your funds. But, the one who values it the most after you is the one who pries on you! It’s amazing to see how easily they do it. All it takes is a little bit of greed, a little bit of fear and a little bit of urgency and you lose your resolutions.  It’s only moments after you have allowed yourself to be cheated that you feel the remorse. After all, you have struggled for months to build your bank account balance to spend for Christmas only to have it burgled in an instance. If this detour does not bring you goosebumps, a little analysis on one such phishing sample should do the needful.

The header of the phishing email reads:

Subject: [Brand name] is giving...