Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Andy Cianciotto | 30 Mar 2007 07:00:00 GMT | 0 comments

Microsoft has released an out-of-band advisory today for a new exploit targeting a vulnerability in the way that Microsoft Windows handles animated cursor (.ani) files.

The vulnerability is caused by insufficient format validation, priorto rendering cursors, animated cursors, and icons. If successfullyexploited, it will allow an attacker to perform remote code executionon the victim machine. In order to carry out an attack, the attackerwould need to convince potential victims to either visit a Web sitethat contains a Web page that is used to exploit the vulnerability, orview a specially crafted email message or email attachment. Theattacker could enable an affected system to execute code once a userhas viewed a malicious Web page, previewed or read a specially craftedmessage, or opened a specially crafted email attachment.

While it is similar to the vulnerability described in...

Orla Cox | 29 Mar 2007 07:00:00 GMT | 0 comments

Technologies come and go, but socialengineering remains the most popular technique used to propagatemalware. This tried and trusted method has been around since theLoveletter days, and malware authors don't seem to be giving up on itjust yet. This year we've seen Trojan.Peacommin a number of guises – from videos of current news stories topostcards from loved ones. However, the one "disguise" that we see mostconsistently is in the form of the humble invoice.

Recently, we've seen a spate of malware circulating (in Germany inparticular), masquerading as various invoices. The year started with aspam run of Trojan.Schoeberl.Epurporting to be a bill from German ISP 1&1. Since then, we've seenmalware disguised as bills from a variety of firms such as Ebay...

Hon Lau | 28 Mar 2007 07:00:00 GMT | 0 comments

Following the arrest of Jun Li (creator ofthe W32.Fujacks or "Panda" worm) by the Hubei Police on February 3rd,the police promised to make an example of the virus author. To thatend, the police announced in early February that they were going tohave the virus creator write a program to remove this virus and repairthe damage done by it.

On March 27th we obtained a copy of the removal tool created by Li.Naturally we were curious about the effectiveness of the tool againstthe variants of the threat that were found in the wild.

When the tool is executed, the user is presented with a message from Li himself:

FujacksFixtool.jpg

The message contains an apology and an explanation that he createdthe worm for research. He ends with a warning to beware of futurethreats (from others), and to take the necessary precautions. Li alsoacknowledges that...

David McKinney | 28 Mar 2007 07:00:00 GMT | 0 comments

Google hacking is a well-known phenomenon.It consists of using Google’s advanced operators to search forsensitive files or other security issues in content that Google hasindexed. Various techniques and examples have been developed to findsuch things as password files, web-cam management interfaces, etc.Ultimately, Google hacking has revealed data management issues thatcause sensitive information to be exposed to the public. This is stillan ongoing issue for many organizations.

Of course, Google’s advanced operators were initially intended formore benevolent purposes. I like to think of this as another form ofGoogle hacking. Searching Google without fine-tuning your search termsis like drinking from the fire hose. Many people never bother to learnthe advanced search operators that really let you nail down results.Therefore, I thought I would throw together some examples of how I usethe advanced operators every day to query SecurityFocus.

Explanations of the...

Zulfikar Ramzan | 27 Mar 2007 07:00:00 GMT | 0 comments

In a previous blog entry,I talked about the concept of a "drive-by pharming" attack. The conceptreceived significant traction, and in this blog entry, I wanted tofollow up on some of the commentary.

Recall that in a drive-by pharming attack, the attacker sets up aWeb page that simply when viewed attempts to connect to the victim’shome broadband router and change its DNS settings. If successful,future DNS requests made by the victim will be resolved by theattacker’s DNS server. As a result, the attacker controls the victim’sInternet connection, which allows the attacker to choose which sitesthe victim sees when he or she surfs the Web. The victim is nowsusceptible to phishing, identity theft, and a whole host of othersecurity issues.

Wired versus wireless
A number of people incorrectly thought that the...

Symantec Security Response | 26 Mar 2007 07:00:00 GMT | 0 comments

Twice a year, Symantec produces the Internet Security Threat Report, a comprehensive report outlining the major trends in Internet security over the previous six-month period. One security concern that is of interest to many people is the growth of spam and spam-related issues. Symantec monitors the source and volume of spam from around the world and uses this information to discuss the major trends in the spam-related landscape.

One trend that has been relatively steady is the largest country of origin for spam messages. In the second half of 2006, around nine out of 20 spam messages were sent from the United States. This highlights that although some other countries are gaining notoriety for being spam havens, the United States is still the number one spam distributor in the world. In fact, spam from the United States outnumbers spam from the second closest country, China, at a rate of seven to one. So although countries like China, Russia, and Brazil are touted...

Symantec Security Response | 26 Mar 2007 07:00:00 GMT | 0 comments

Twice a year, Symantec produces the Internet Security Threat Report,a comprehensive report outlining the major trends in Internet securityover the previous six-month period. One security concern that is ofinterest to many people is the growth of spam and spam-related issues.Symantec monitors the source and volume of spam from around the worldand uses this information to discuss the major trends in thespam-related landscape.

One trend that has been relatively steady is the largest country oforigin for spam messages. In the second half of 2006, around nine outof 20 spam messages were sent from the United States. This highlightsthat although some other countries are gaining notoriety for being spamhavens, the United States is still the number one spam distributor inthe world. In fact, spam from the United States outnumbers spam fromthe second closest country, China, at a rate of seven to one. Soalthough countries like China, Russia, and Brazil are touted as beingthe...

Symantec Security Response | 26 Mar 2007 07:00:00 GMT | 0 comments

Twice a year, Symantec produces the Internet Security Threat Report,a comprehensive report outlining the major trends in Internet securityover the previous six-month period. One security concern that is ofinterest to many people is the growth of spam and spam-related issues.Symantec monitors the source and volume of spam from around the worldand uses this information to discuss the major trends in thespam-related landscape.

One trend that has been relatively steady is the largest country oforigin for spam messages. In the second half of 2006, around nine outof 20 spam messages were sent from the United States. This highlightsthat although some other countries are gaining notoriety for being spamhavens, the United States is still the number one spam distributor inthe world. In fact, spam from the United States outnumbers spam fromthe second closest country, China, at a rate of seven to one. Soalthough countries like China, Russia, and Brazil are touted as beingthe...

Joseph Blackbird | 23 Mar 2007 07:00:00 GMT | 0 comments

Given the increase of malicious activity in the current threatlandscape, consumers need to be more cautious when browsing theInternet. Web browsers are now supporting an increasing number oftechnologies. The more a Web browser has to deal with, the more likelya security hole will be inadvertently coded into it. Therefore, it's nowonder attackers are targeting the growing number of vulnerabilities inWeb browsers.

Over the last six months of 2006 we have been tracking thedistribution of attacks targeting Web browsers. The results show thatMicrosoft’s Internet Explorer leads with an extremely large margin inthe number of attackers targeting it. The primary focus of attacksseems to target ActiveX controls; ActiveX controls are not strictly apart of the browser, but simply provide functionality that can be usedby the browser. This brings into question the security viability ofMicrosoft’s latest version of their popular browser Internet Explorer 7.

Internet Explorer 7...

Joseph Blackbird | 23 Mar 2007 07:00:00 GMT | 0 comments

Given the increase of malicious activity in the current threatlandscape, consumers need to be more cautious when browsing theInternet. Web browsers are now supporting an increasing number oftechnologies. The more a Web browser has to deal with, the more likelya security hole will be inadvertently coded into it. Therefore, it's nowonder attackers are targeting the growing number of vulnerabilities inWeb browsers.

Over the last six months of 2006 we have been tracking thedistribution of attacks targeting Web browsers. The results show thatMicrosoft’s Internet Explorer leads with an extremely large margin inthe number of attackers targeting it. The primary focus of attacksseems to target ActiveX controls; ActiveX controls are not strictly apart of the browser, but simply provide functionality that can be usedby the browser. This brings into question the security viability ofMicrosoft’s latest version of their popular browser Internet Explorer 7.

Internet Explorer 7...