Video Screencast Help
Security Response
Showing posts in English
Marc Fossi | 13 Jul 2007 07:00:00 GMT | 0 comments

Same thing we do every night – try to take over the world…

Morris and Brain. The average person doesn’t know these names very well in comparison to Melissa, CodeRed, Nimda, Slammer, and Funlove. They all had their day and are burned in the memories of the users who were infected and those who cleaned up after them. Without Morris and Brain, though, the current “superstars” wouldn’t exist.

Brain (also known as...

Symantec Security Response | 12 Jul 2007 07:00:00 GMT | 0 comments

In recent months, Symantec has detected a number of phishing sitesthat have been hosted on government URLs. In June alone, phishing siteswere identified on government sites from the following countries:Thailand (.go.th), Indonesia (.go.id), Hungary (.gov.hu), Bangladesh(.gov.bd), Argentina (.gov.ar), Sri Lanka (.gov.lk), Ukraine (.gov.ua),China (.gov.cn), Brazil (.gov.br), Bosnia and Herzegovina (.gov.ba),Columbia (.gov.co), and Malaysia (.gov.my).

This might come as a surprise to some people, as governments arethought to have very secure computer systems. However, the quantity ofphishing sites hosted on government domains around the world seems tosuggest otherwise. These fraudulent sites look like legitimate Websites and are designed to trick users into divulging personalinformation such as government-issued identity numbers, bank password,or credit card numbers. Most phishing sites are placed on governmentWeb servers by hackers who have gained access to the server...

Elia Florio | 11 Jul 2007 07:00:00 GMT | 0 comments

The early years of the 1980s were marked by great technological advancements, particularly the release of the first integrated and powerful personal computers. Apple introduced the “Apple II” microcomputer in 1977, and by the early 80s it was one of the most popular personal computers for business users, families, and schools. In 1981, computing giant IBM purchased the license to distribute the DOS operating system for their PC machines from an obscure company called Microsoft. At that time, computing companies were popping up quickly. The early 80s saw numerous home computers for sale, such as the Commodore 64 (1982) and the Atari ST (1985).

It sounds funny now thinking of those “extraordinary” computers of 80s while sitting on a desk with a modern hyper-threading CPU, gigabytes of memory, and wireless connection. Still, the 80s were the years during which personal computers established their foothold in homes and offices. For the first time people start...

Jim Hoagland | 10 Jul 2007 07:00:00 GMT | 0 comments

Symantec Security Advisory SYMSA-2007-005[1]is now available. This covers a Teredo-related vulnerability in theVista version of Windows Firewall (BID 24779, CVE-2007-3038). (To beclear, this vulnerability is not connected to any of the nine Vistaissues I discussed in my last blog[2].)

Last fall, when Ollie Whitehouse[3] was analyzing whatTCP ports were open over a Teredo interface in a freshly installedWindows Vista RC2, he discovered that port 5357 was open over Teredo.We thought this odd since there is no functional reason this port,which corresponds to Web Services on Devices (WSD)[4], should beremotely accessible. When the release version of Vista becameavailable, we verified that this port was still open. (Details on...

Jim Hoagland | 10 Jul 2007 07:00:00 GMT | 0 comments

Symantec Security Advisory SYMSA-2007-005[1]is now available. This covers a Teredo-related vulnerability in theVista version of Windows Firewall (BID 24779, CVE-2007-3038). (To beclear, this vulnerability is not connected to any of the nine Vistaissues I discussed in my last blog[2].)

Last fall, when Ollie Whitehouse[3] was analyzing whatTCP ports were open over a Teredo interface in a freshly installedWindows Vista RC2, he discovered that port 5357 was open over Teredo.We thought this odd since there is no functional reason this port,which corresponds to Web Services on Devices (WSD)[4], should beremotely accessible. When the release version of Vista becameavailable, we verified that this port was still open. (Details on...

Ben Greenbaum | 10 Jul 2007 07:00:00 GMT | 0 comments

This month's Microsoft patch releaseincludes six bulletins, addressing 12 vulnerabilities in common clientand server software, including four in a popular developmentenvironment. Topping the heap in terms of urgency is a remotelyexploitable, server side code execution vulnerability in IIS, andthat's where we'll start:

MS07-041;KB939373Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution

This bulletin addresses a previously known issue in IIS 5.1 onWindows XP that was reported in late 2005 as a denial-of-serviceproblem. It is now known to be exploitable to run attacker code. IIS isnot running or installed by default on Windows XP.

  • Microsoft Internet Information Server 5.1 DLL Request Remote Code Execution Vulnerability...
  • Eric Chien | 10 Jul 2007 07:00:00 GMT | 0 comments

    Some of us (Ollie Whitehouse, Eduardo Tang, and myself) are happy owners of the iPhone. However, not because we are constantly listening to music or using a pinching motion with our fingers to see pictures zoom and shrink, but because we get to analyze the attack surface. While the iPhone itself will surely evolve via new models, software, and patches, this blog will consist of a rundown of our initial thoughts.

    In the default out-of-the-box configuration for the average user, you can not run code on the device. This makes the platform less risky than other mobile platforms and desktop operating systems like Windows. If you can't run code, you can't run malicious code. Further, the AJAX/Web 2.0 applications that can utilize the phone's services (such as the ability to make calls) normally prompts the user before the action takes place. This prevents automatic dialing and things like SMS worms.

    These factors greatly limit the attack surface. However,...

    Kelly Conley | 09 Jul 2007 07:00:00 GMT | 0 comments

    As image spam continues its decline, the July State of Spam Report highlights more new techniques for delivering spam images, including PDF spam. This is spam that contains no real text in the body of the message (although it may contain word salad), but that has a PDF attachment. When opened, the PDF file is an ad or some other spam message.

    The PDF attachments result in messages that are very large in size. We have been monitoring this throughout the past month, but it has really heated up this past week. So far, we have observed over 25 million messages that were categorized as PDF spam.

    We have seen a few different variants of this type of spam type thus far. The first one is the newsletter variant, in which a PDF attachment is made to resemble a legitimate newsletter. The second variant is one in which the PDF attachment resembles the more familiar images...

    Yazan Gable | 06 Jul 2007 07:00:00 GMT | 0 comments

    Symantec has observed an interesting trendin the world of Internet-based credit card fraud: fraudsters aredonating money to charity. How could this happen? In the world ofcarding, where stolen credit card information is bought and sold,carders need to know if the credit cards they are buying or selling canactually be used. It is sometimes difficult for them to verify thiswithout raising any alarm bells and risking that their cards will beidentified as stolen and disabled. As a consequence, a new trend isappearing.

    Carders attempting to verify that a stolen credit card is legitimateand active have begun donating money to charity. By attempting to paysmall amounts of money to various charities, including well knowncharities such as the Red Cross, carders can determine if a stolencredit card is valid depending on the success or failure of thetransaction.

    There are likely a number of reasons that this method may bebecoming more popular. For instance, bank behavior...

    Sarah Gordon | 06 Jul 2007 07:00:00 GMT | 0 comments

    Steal this book! F@&! the System! Do those phrases bring back any memories? For me, they conjure up images of Chicago’s Old Towne & New York’s Greenwich Village in the late '60s and early '70s. And that seems like a fitting start for a blog entry on computer security because…well, it’s a long story.

    In the 1960s, some rather interesting people gained more than a little attention based on their innate ability to understand how things work and their desire to use that knowledge to help rebel against the perceived “authority system” of the day. One group of such people, the Youth International Party, or yippies as they were more commonly known, was frequently in the news. They were self-proclaimed representatives of the youth of the nation and were...