Video Screencast Help
Security Response
Showing posts in English
Liam O Murchu | 19 Nov 2013 01:09:56 GMT

It was with quite some skepticism that I accepted Peter Szor's invitation to go surfing with him five years ago. I had tried surfing several times before but had been disappointed by the lack of adrenalin. I came from a snowboarding background and everyone had told me to try surfing because it was so similar. I had tried it, several times, and I was not impressed. It was mostly about sitting around waiting for something to happen. Where is the adrenalin? Where is the rush?

PeterSzor.jpg

Peter Szor holding his book The Art of Computer Virus Research and Defense, I was looking for a picture of him out surfing but I realized that sadly I don’t have any pictures with him at all.

At first Peter wanted to take me (a true novice) to his secret spot* in Malibu, a point break with a rocky bottom that would cut you to pieces if you fell the...

Satnam Narang | 18 Nov 2013 23:04:38 GMT

Last week, the United Kingdom’s National Crime Agency (NCA) warned that tens of millions of customers were being targeted by the Cryptolocker malware through a mass spam campaign.

According to the alert, millions of UK customers received malicious emails, but the primary targets seem to have been small and medium businesses.

A recent Symantec blog examined a threat named Trojan.Cryptolocker and how it is an aggressive evolution of the ransomware family of threats. Cryptolocker thrives by encrypting files on a victim’s computer and holding the decryption key for ransom. Interestingly, Symantec...

Symantec Security Response | 14 Nov 2013 14:03:17 GMT

The security industry, as well as IT administrators across the globe, has been busy recently dealing with multiple zero-day vulnerabilities emerging in quick succession. Before anyone has time to draw a breath after the barrage, yet another zero-day has appeared, ready to cause people problems. Well, for people in Japan at least, since the vulnerability is in the Japanese word-processing software Ichitaro.

Ichitaro developer JustSystems recently announced that the Multiple Ichitaro Products Unspecified Remote Code Execution Vulnerability (CVE-2013-5990), allowing the execution of arbitrary code, exists in Ichitaro products. In September 2013, Symantec discovered attacks in the wild attempting to exploit this vulnerability; however, the exploits did not properly work to compromise the system in our testing environment. As always, we...

Symantec Security Response | 13 Nov 2013 16:54:16 GMT

 

In May of this year, sophisticated attackers breached a large Internet hosting provider and gained access to internal administrative systems. The attackers appear to have been after customer record information such as usernames, emails, and passwords. While these internal administrative systems had access to customer records, discovery of the attack and certain security implementations mitigated the scope of the breach. Customer passwords were accessible, but these passwords were hashed and salted making mass password cracking difficult. Customer financial information was also accessible, but encrypted. Unfortunately, access to the encryption key cannot be ruled out. While breaches of organizations and mass customer record dumps are posted almost daily, this particular attack was more sophisticated than we have seen in the past.

The attackers understood the target environment was generally well protected. In particular, the attackers needed a means to avoid...

Satnam Narang | 12 Nov 2013 20:48:34 GMT

Symantec Security Response has discovered many Instagram users have willingly shared their usernames and passwords to a bot-like app in order to increase likes and followers.
 

image1_15.png

Figure 1. InstLike application welcome and login
 

The application known as InstLike was available for iOS and Android devices. It could be found in both Apple App Store and Google Play Store. Google and Apple have since removed the applications from their respective stores. There is also a mobile version of the application online.

InstLike claims users will receive likes and followers for free. But as we have warned previously, these kind of “free” services for social networks are not actually...

Dinesh Theerthagiri | 12 Nov 2013 20:13:13 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 19 vulnerabilities. Nine of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the November releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Nov

The following is a breakdown of the...

Symantec Security Response | 12 Nov 2013 16:13:12 GMT

On November 11, Microsoft published a blog post about a new zero-day Microsoft Internet Explorer Unspecified Information Disclosure Vulnerability (CVE-2013-3918) affecting an Internet Explorer Active X Control, that had been publically disclosed on November 8. The blog states that this vulnerability is scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090 today through Windows Update at approximately 10:00AM PDT. As Symantec is part of the Microsoft Active Protections Program (MAPP), we are aware of this vulnerability and have the following protection in place for our customers:

Antivirus:
...

Samir_Patil | 12 Nov 2013 08:34:49 GMT

Contributor: Vijay Thawre

Typhoon Haiyan, one of the strongest tropical cyclones on record struck the Philippines this week, leaving behind a trail of mass destruction. With more than 10,000 people dead, call for help has been raised by several NGOs and organizations worldwide. Donation requests have been posted on different social networks as well as some popular websites. Meanwhile, spammers have started taking advantage of the situation by sending email containing fake donation requests.

Figure_0.png

Figure. Philippines Typhoon Haiyan scam email

In the the example shown in this blog, the spammer has sent an email that seems perfectly fine at first glance, but when you take a closer look, you can see the email is sent from a different email ID with the subject line "HELP PHILIPPINES".

The spammer disguises himself as a...

Symantec Security Response | 09 Nov 2013 01:01:52 GMT

South Korea has not been too far from media attention lately, with reports of cyberattacks involving zero-day vulnerabilities, banking Trojans, gaming Trojans, back doors and distributed denial-of-service (DDoS) attacks targeting the nation. Symantec has uncovered a recent attack campaign revolving around Downloader.Tandfuy that incorporates all of these elements.

In a recent Symantec blog entitled ‘New Internet Explorer Zero-day Targeted in Attacks Against Korea and Japan’, Symantec covered the use of the Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3897) in attacks against South Korea. Our research into this campaign has shown that the attacker has...

Symantec Security Response | 06 Nov 2013 15:13:57 GMT
On November 5, Microsoft issued an advisory and a blog post to report a new zero-day vulnerability in the Microsoft Graphics component that affects Windows, Microsoft Office and Microsoft Lync: the Multiple Microsoft Products Remote Code Execution Vulnerability (CVE-2013-3906). The advisory states that the vulnerability exists in the way that certain components handle specially crafted TIFF images, potentially allowing an attacker to remotely execute code on the affected computer. 
 
While Microsoft has yet to release a patch for this vulnerability, it has provided a temporary "...