Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Candid Wueest | 16 Feb 2007 08:00:00 GMT | 0 comments

Another Valentine’s Day has passed and everyone knows that there are certain guidelines that should be followed on this day of love. Over the years, I've developed a top three list of recommendations:
• Don’t forget Valentine’s Day.
• Don’t forget to get in touch with your loved ones.
• Don’t open any strange email attachments, not even if they seem to come from a secret admirer and have a special greeting card attached.

But after the stories I heard this year around Valentine’s Day, it appears I'll need to add new advice to my top three list. Apparently many people received a suspicious text message on their mobile phone this Valentine’s Day. The text message came from an online love message service, which lets you record a message onto a central voice recording machine that can be dialed into. The service then sends a timed SMS to your friend, who can collect the recorded message by calling a number. Of course you have to pay around US$ 4 per minute for...

James O'Connor | 16 Feb 2007 08:00:00 GMT | 0 comments

There has been much talk recently about thelaunch of Windows Vista, and one feature in particular: SpeechRecognition. Speech Recognition allows the user to dictate arbitrarytext to the computer (a letter for example) using speech instead of thekeyboard. It also allows the user to carry out normal computing tasksvia a choice of pre-defined commands. There are commands such as"delete that," "press escape key," and "what can I say?" This last oneshows the user what kinds of command they can use in the currentsituation. If Speech Recognition is running, but sleeping, the usersays "start listening" to activate it.

It has been suggested that Speech Recognition could be subverted fornefarious purposes using malicious audio clips. The scenario would beas follows:

• The user is browsing the Web, with Speech Recognition enabled.
• They visit a Web site, with a background audio clip that plays as soon as the site is opened.
• The audio clip contains commands that...

Zulfikar Ramzan | 15 Feb 2007 08:00:00 GMT | 0 comments

I wanted to talk about a recent new attack, called Drive-ByPharming, which I co-developed with Sid Stamm and Markus Jakobsson ofthe Indiana University School of Informatics. It allows attackers tocreate a Web page that, simply when viewed, results insubstantive configuration changes to your home broadband router orwireless access point. As a result, attackers gain complete controlover the conduit by which you surf the Web, allowing them to direct youto sites they designed (no matter what Web address you direct your Webbrowser to).

I believe this attack has serious widespread implications andaffects many millions of users worldwide. Fortunately, this attack iseasy to defend against as well. In this blog entry, I’ll describe theattack, mention some prior related work, and then go over bestpractices.

How the attack works:

I’ll start with a high-level real-world analogy of this attack.Imagine that whenever you wanted to go to your bank,...

Symantec Security Response | 14 Feb 2007 08:00:00 GMT | 0 comments

Anyone who has something to say now hasaccess to media and the means to distribute his or her message. Folkshave discovered that their fifteen minutes of fame can easily beachieved through the Internet with video clips, blogs, and vlogs(a blog that contains video). User-generated content opens the door tonew opportunities. We can learn about a day in the life of a soldier atwar, showing first hand what we have only been able to see in themovies. "Lookie loos" (or casual observers) now record events happeningin real time using only their cell phones, thus becoming amateur journalists. People are demonstrating their unique talents, effectively becoming ...

Kelly Conley | 13 Feb 2007 08:00:00 GMT | 0 comments

It seems like only yesterday I was blogging about a new spam report that Symantec Messaging and the Web Security team have published regarding the state of spam. Now, the February report is online, which gives a good overview of spam activity in January of 2007.

This issue highlights several interesting trends. While spam continues to be a high percentage of all email, there was a slight reduction of spam in January to approximately 69 percent. The technique du jour, image spam, reached a high in January, but ended the month around 30 percent. It's amazing to think that 30 percent of the total spam volume is image spam. We look at it every day, and still it continues to arrive, most notably in emails for penny stock and fake Rolex.

Have you noticed a decline in adult-oriented email lately? So have we. Once consistently in the top categories of...

Ben Greenbaum | 13 Feb 2007 08:00:00 GMT | 0 comments

Anybody remember when RTF files were just innocent little things?They were like the big brother of the .txt file, or .txt v2, if youwill. Just characters on a screen, but some of them might be differentfonts or colors or sizes – maybe the occasional clipart. Who would haveguessed they are apparently the most hostile files on the Internet thismonth? "When RTFs Go Bad!…" Okay, perhaps I’m exaggerating, but thismonth Microsoft is patching no less than three vulnerabilities, inseparate applications, that can be exploited via malicious RTF filesthat contain OLE objects.

Several of this month’s patches address issues that have beenexploited already in limited-distribution, targeted attacks. Thecombination of target-specific social engineering and privately heldvulnerability information is becoming more and more widely adopted byattackers with political and industrial motivations. While the "newbreed" of cybercriminals wants to cast as wide a net as possible, wecannot forget that...

Symantec Security Response | 12 Feb 2007 08:00:00 GMT | 0 comments

Emperor Entertainment Group: From sex photo scandal to Web site being hacked, key word: protect the data on your hard drive.

It's probably not the best way to advertise privacy protection, butit's indeed something that should ring a bell for those who leave theirportable devices unattended or unsecured.

Rumor has it that Edison Chan, the popular celebrity from Hong Kong,had data stolen from his personal laptop. Now under normalcircumstances, this would be bad enough. However, it turns out Mr. Chanhad taken hundreds of pictures and videos of over 14 female celebritiesin various states of dress and involved in various sexual acts, andstored this data on his computer. The stolen data has since spreadquickly over the Internet.

Earlier today the Emperor Entertainment Group's Web site - the groupthat several of the victims have contracts with - was hacked by someonecalling themselves "blspi" with the following message in Chinese, "Isincerely hope EEG...

Symantec Security Response | 12 Feb 2007 08:00:00 GMT | 0 comments

As I sit here looking for inspiration for my next blogpontification, I realized that I would be remiss if I didn't touch abit on Vista given Microsoft's latest announcement. If you do a searchon Vista in your browser, you’ll see plenty of material out theretouting how “secure” Vista is. But let’s face it, at the most basiclevel, Vista, in and of itself, is just another operating system. So,let’s not confuse an operating system that’s more secure with somethingthat is an actual security solution that provides real protectionagainst the breadth of computer attacks. Perhaps it's just semantics,but it does cause some confusion as illustrated by severalconversations I've been in where people I’ve talked to have made thismistake. So, let's set the record straight.

For the record, and without getting too much into the nitty-grittydetails, Vista is simply an operating system that contains a variety ofnew features that make it less readily hackable and exploitable. That’sit. Although...

Dave Cole | 09 Feb 2007 08:00:00 GMT | 0 comments

We recently hit a big milestone here at Symantec Security Response:30 VB100 awards in a row! This means that for every VB100 test forwhich we have submitted a product, we’ve detected all the threats onthe latest WildList without missing a threat and without triggering afalse positive on a clean file. For a little perspective, this streakstretches all the way back to the last century (OK, 1999) with theNovember 1999 VB100 test for Windows 98. We think this a prettyremarkable achievement in consistency and reliability.

There were a couple other notable items in the latest test, not theleast of which was that it was the first VB100 that covered Microsoft’snew Vista operating system. We were one of several security companieswho notched a win on the inaugural Vista VB100, but there were a few ofus who didn’t quite make the cut.Note that...

Kelly Conley | 08 Feb 2007 08:00:00 GMT | 0 comments

I just received a legitimate e-newsletter from a science gadget company. I'm reading along about robotic arms and hands and the use of these objects in operating rooms. I'm immersed in this email. It's pretty interesting stuff. To imagine the steps that we've made with science and technology in the past 50 years or less, is truly mind boggling. Then I get to the end. Or not.

There it is. A URL. Why is it there and where does it lead? It must have something to do with scientific gadgets. Does it take me back to the main Web site? Does it take me to another reference of robotic use in operating rooms? It isn’t the opt-out, because that URL is just above this one.

I click and it doesn't take me anywhere that I would have guessed. In fact, it is not related to science or technology at all. The URL takes me to an adult-related meds site. What is the correlation? Is there supposed to be one between readers of science newsletters and viagra? I have no idea what the...