Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Eric Chien | 26 Feb 2007 08:00:00 GMT | 0 comments

A variety of bulletin boards are being spammed with the message to visit mailfreepostcards.com (don't visit that domain!) for a fun video. However, when visiting that site, users are prompted to download an executable. Message board spam is nothing new, but what is different about this message board spam is the spam text is actually integrated into legitimate messages posted by real users.

Posters are infected with an updated version of Trojan.Mespam, which is downloaded by Trojan.Peacomm. This threat has the ability to watch all your network traffic via a layered service provider (LSP) and when it notices you posting to a bulletin board, it modifies your posting to include the spam text.

Trojan.Mespam can not only inject text into your outgoing...

Luis Navarro | 26 Feb 2007 08:00:00 GMT | 0 comments

I recently received a call from a friend who had set up an online payment reception service with a well-known provider so he could receive payments through his Web site. "I’ve got a question – there is a charge for $300 for some computer equipment that I did not order, what’s happening?" After going through the more obvious questions, I asked him: "What is your password?" It turns out his password was, literally, “password.” Someone just entered his account name, guessed the password, and now could use his account for online shopping. This is a rather extreme example, but it illustrates very well the need for strong passwords.

Adherence to stated password policies is something I get asked about quite a bit by clients looking to implement a Security Awareness Program. A weak password can disable a reasonable security infrastructure, effectively bypassing other security measures that have been implemented. Although other methods for user authentication...

Shunichi Imano | 24 Feb 2007 08:00:00 GMT | 0 comments

In last Friday's blog titled Hello Screen Saver, Sayonara Files, we reported about Trojan.Pirlames, which can be obtained through peer-to-peer file-sharing networks.

Today, we found a couple of similar Japanese Trojans; Trojan.Haradong.B and Trojan.Pirlames.B.

Trojan.Haradong.B masquerades as a Windows screen saver file or .avi file with the following file names:

...

Liam O Murchu | 23 Feb 2007 08:00:00 GMT | 0 comments

Mirror, mirror on the wall, who is the lamest of them all? The attacker behind this scheme hopes to find out where all the l4m3rs are (his words not mine). In a classic social engineering attack, customers have been reporting that they have received an unusual piece of spam recently.

The mail is supposedly from a hosting or collocation company and says something along the lines of this:

Dear COMPANYNAME Inc. Valued Members,

Regarding our new security regulations, as a part of our yearly maintenance we have provided a security guard script in the attachment.

So, to secure your Web sites, please use the attached file and (for UNIX/Linux Based servers) upload the file "guard.php" in: "./public_html"
or (for Windows Based servers which use ASP) upload the file "guard.asp" in: "./wwwroot" in your site.
[instructionsincluded]
Thank you for using our services and products. We look...

Hon Lau | 23 Feb 2007 08:00:00 GMT | 0 comments

Today we received samples of a Japanese Trojan called Trojan.Pirlames, which masquerades as a Windows screen saver file. This Trojan is likely to be spread through file-sharing networks such as Winny, which is highly popular in Japan. We have seen the following file name being used so far:

Master of epic the animation age OP∩+ Miracle Episode I (MP3 128kbps ⌠-⌠TΓWΓΓΓPΓbΓg≥t).zip[MANY SPACE CHARACTERS].SCR

When executed, the Trojan will display an image that warns the user against the use of Winny. One example contains a message that roughly says: "Even though Mr Kaneko (Creator of Winny) was found guilty, you are still using Winny. I really hate these kinds of people."

p2.jpg

In another example, the "...

Liam O Murchu | 23 Feb 2007 08:00:00 GMT | 0 comments

Mirror, mirror on the wall, who is the lamest of them all? Theattacker behind this scheme hopes to find out where all the l4m3rs are(his words not mine). In a classic social engineering attack, customershave been reporting that they have received an unusual piece of spamrecently.

The mail is supposedly from a hosting or collocation company and says something along the lines of this:

Dear COMPANYNAME Inc. Valued Members,

Regarding our new security regulations, as a part of our yearlymaintenance we have provided a security guard script in the attachment.

So, to secure your Web sites, please use the attached file and (forUNIX/Linux Based servers) upload the file "guard.php" in:"./public_html"
or (for Windows Based servers which use ASP) upload the file "guard.asp" in: "./wwwroot" in your site.
[instructionsincluded]
Thank you for using our services and products. We look forward to providing you with a unique and high quality...

Zulfikar Ramzan | 23 Feb 2007 08:00:00 GMT | 0 comments

The “Emperor’s New Security Indicators” is new well-written researchpaper on the effectiveness of security indicators authored by StuartSchechter (MIT Lincoln Labs), Rachna Dhamija (Harvard University &CommerceNet), Andy Ozment (MIT Lincoln Labs & University ofCambridge), and Ian Fischer (Harvard University). The study describedin the paper finds that several well-known security indicators usuallyfail to help end users make correct security decisions.

In a general sense, it’s accepted and widely acknowledged thatdesigning security indicators and communicating the results is far fromeasy. There have been a number of studies that point out theshortcomings of security tools from a usability perspective.Nonetheless, such published studies are valuable since they really helpquantify how dire the situation is. Also, each of these studies isnaturally unique with respect to the exact conditions used. Since theoutcome can be very sensitive to the underlying conditions, it...

Liam O Murchu | 23 Feb 2007 08:00:00 GMT | 0 comments

Mirror, mirror on the wall, who is the lamest of them all? Theattacker behind this scheme hopes to find out where all the l4m3rs are(his words not mine). In a classic social engineering attack, customershave been reporting that they have received an unusual piece of spamrecently.

The mail is supposedly from a hosting or collocation company and says something along the lines of this:

Dear COMPANYNAME Inc. Valued Members,

Regarding our new security regulations, as a part of our yearlymaintenance we have provided a security guard script in the attachment.

So, to secure your Web sites, please use the attached file and (forUNIX/Linux Based servers) upload the file "guard.php" in:"./public_html"
or (for Windows Based servers which use ASP) upload the file "guard.asp" in: "./wwwroot" in your site.
[instructionsincluded]
Thank you for using our services and products. We look forward to providing you with a unique and high quality...

TWoodward | 22 Feb 2007 08:00:00 GMT | 0 comments

While Microsoft has chosen a scheduled update approach, Apple Inc.releases updates on an "as-needed" basis. While each approach isarguably valid, during Apple's World Wide Developer Conference lastyear, Bud Tribble, VP of Software Technology at Apple addressed whyApple decided on its approach: "There is some controversy in IT shopsasking 'Wouldn’t it be easier if [Apple] could have their securityupdates scheduled on a monthly basis?' We think it’s better to getthose security updates out as soon as we can get them out and not waitfor the next month to roll around."

First out of the gate is "Security Update 2007-002" containing four patches against vulnerabilities discovered during the "Month of Apple Bugs" campaign. (See Aaron Adams' "...

Jeremy Ward | 22 Feb 2007 08:00:00 GMT | 0 comments

If 2006 was the year of NAC, then 2007 is already shaping up to be the year of Risk Management. Perhaps you missed many of the analyst and expert New Year’s predictions of information security evolving into IT Risk Management this year, but a brief walk through RSA’s show floor and a perusal of the product news coverage would have only confirmed 2007’s focus on IT risk.

Similar to NAC’s challenges, there seems to be a good deal of confusion regarding the definition of IT Risk Management and how it is practiced. Fortunately—nearly one year later and after 500+ in-depth interviews with IT executives and business professionals worldwide—Symantec released the results of a new study, the IT Risk Management Report. The report is designed to cut through some of the industry noise and help organizations understand the fundamental elements of IT...