Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
Microsoft Windows XP Support Also Ending in the Malware Community!?
Hiroshi Shinotsuka | 26 Apr 2013 12:29:58 GMT | 0 comments

Recently, I discovered a back door Trojan horse program (detected as Backdoor.Trojan) that does not work on Microsoft Windows XP. I would like to present some of the details of this threat, especially as the malware author encoded a special trick into the functionality of the Trojan. The trick appears to have been designed to allow the threat be used in targeted attacks.

The fseek function

In this threat, the author uses the fseek function, which is unusual as it is normally used to process data. For example, if the program reads 100 bytes of data from the top of the file, the fseek function process is used to move the 100 bytes.

Loop-clip_2.png

Figure 1. The fseek code trick used by the malware

However, in the...

Read more
Phishers Campaign for More Votes Against Syrian Regime
Mathew Maniyara | 24 Apr 2013 18:22:36 GMT | 0 comments

Contributor: Avdhoot Patil

Phishers are not letting go of the chaos in Syria. They are using a common phishing template and modifying the messages. In March, phishers mimicked the same website of an organization in the Arab Gulf States observed in a previous phishing site. But instead of promoting the Syrian opposition, phishers impersonated the UN in a scheme meant to show support for the people of Syria. The phishing pages were in Arabic and the phishing site was hosted on servers based in Dallas, Texas, in the United States.

Just recently, phishers have tried to entice users by condemning the Syrian regime. Now, they are citing the Syrian President, Bashar al-Assad, in particular. The phishing site we observed contained a message in Arabic that asked users if they agreed with condemnation of the Syrian President as a war criminal. The message gave options...

Read more
Java Exploit CVE-2013-2423 Coverage
Lionel Payet | 24 Apr 2013 14:56:40 GMT | 0 comments

Java vulnerabilities have always been popular among cybercriminals (exploit kits authors) since they can work across multiple browsers and even multiple operating systems, the potential for infecting large numbers of users is very high.

On April 16, Oracle released its Java Critical Patch Update (CPU) for April 2013 that addressed vulnerabilities found in numerous supported products. Interestingly, one of the vulnerabilities, CVE-2013-2423, was publicly disclosed the following day and this was closely followed by a Metasploit proof of concept on April 20.

It didn’t take long for exploit kit authors to adopt this openly available vulnerability. We are currently seeing cases of Cool EK using this new Java vulnerability and we expect this exploit to be rolled out to other exploit kits.

The...

Read more
UK Government Offers Cash to Small Business to Beef Up Security
John-Paul Power | 23 Apr 2013 20:21:41 GMT | 0 comments

Small and medium enterprises (SMEs) in the UK are being offered up to £5,000 (approximately $7,600 USD) in order to improve their cybersecurity. The Innovation Vouchers scheme, being run by the government’s Technology Strategy Board, is designed to help businesses “innovate and grow” by funding outside expertise. The government has made available £500,000 ($762,600 USD) to SMEs that do not already have internal cybersecurity expertise and who are working with a new technology supplier for the first time.

Attacks targeted towards SMEs are on the increase. According to Symantec’s ...

Read more
2013 First Quarter Zero-Day Vulnerabilities
Dinesh Theerthagiri | 22 Apr 2013 21:39:35 GMT | 0 comments

In the first quarter of 2013, we spotted quite a few zero-day vulnerabilities affecting Oracle Java, Adobe Flash, Adobe Reader, and Microsoft Internet Explorer being exploited in the wild. This blog discusses the details of these zero-days exploited to spread malware in the first quarter of 2013.
 

Java zero-day vulnerabilities

t1.png

During the month of January 2013, we saw some interesting Oracle Java SE zero-day issues being actively exploited in the wild. On January 13, 2013, Oracle released a security alert for Oracle Java Runtime Environment Multiple Remote Code Execution Vulnerabilities (CVE-2013-...

Read more
Telugu Movies Continue to be Fraudster’s Favorites
Ashish Diwakar | 22 Apr 2013 18:18:15 GMT | 0 comments

Contributor: Avdhoot Patil

Promotion for Telugu movies has gained momentum in the world of phishing as they continue to be targeted with phishing scams. The phishing site featuring the movie “Brindavanam” is one example. In a more recent case, phishers used a captivating song from the Telugu movie, “Saitan” as bait.
 

Telugu Movies 1 edit.jpg
 

The phishing site displayed a picture from a captivating musical number from the movie “Saitan” starring Telugu actress, Santosh Samrat, and Sri Lankan film and teledrama actress, Akarsha, on the left side of the phishing page. The picture from the musical number was taken from the legitimate movie website. The phishing...

Read more
Mobile Scam: Winning Without Playing
Candid Wueest | 19 Apr 2013 08:18:05 GMT | 0 comments

We have blogged before about mobile spam messages, and while email spam declined in the past year to around 66%, mobile spam—although not yet that prevalent—is now gaining ground.

Currently the “winning ticket” theme is making its rounds through central Europe. Eight friends of mine received it over the space of a few days and I am proud that none of them fell for it, even though some were sorely tempted. The message states that you have won two million pounds sterling with some numbers that you never selected, in a non-specified lottery that you have certainly never played. There are a lot of variations of this particular scam that we have observed over the years, with a range of different prizes including cars and holidays. Unfortunately, there is no money behind it—at least not for you—as of course if you never play the lottery, you will definitely...

Read more
Former Egyptian Prime Minister Featured in Phishing Attack
Mathew Maniyara | 18 Apr 2013 15:03:02 GMT | 0 comments

Contributor: Avdhoot Patil

Phishers have already shown interest in the violence that erupted recently in various parts of the Arab world. The phishing attack involving Syria is a good example. Phishers are now taking advantage of the political unrest in Egypt as protests in the country continue. In March 2013, phishers promoted former Egyptian Prime Minister Ahmed Shafik in a phishing site. The phishing site was hosted on servers based in North Carolina, USA. The name “Ahmed Shafik” was used in the domain name of the phishing site.

blurred_website_600px.png

Figure 1. Phishing site designed as a fake official website of Ahmed Shafik

The phishing site was designed to look like an official page of the politician. It...

Read more
Boston Marathon Bombing Used in Malicious Spam Campaign
Samir_Patil | 17 Apr 2013 12:04:02 GMT | 0 comments

Contributor: Christopher Mendes

On the afternoon of April 15, 2013, just when many people were on the cusp of conquering another personal milestone by completing the Boston Marathon, they were hit hard by an act of cowardice. Two bombs struck near the finish line of the Marathon on Monday. Within hours of the bomb blast, large malware-laden spam emails started doing the rounds.

Symantec customers are protected from this attack. Symantec blocks the attack by multi-level detection using Antispam, Intrusion Prevention System technology (IPS), and antivirus (AV). The AV detects the downloaded file as Packed.Generic.402. IPS detects the attack as Web Attack: Red Exploit Kit Website.

The spam email is very simple. The...

Read more
Telugu Movie "Brindavanam" Featured in Phishing Attempt
Ashish Diwakar | 17 Apr 2013 03:41:34 GMT | 0 comments

Contributor: Avdhoot Patil

Phishers continue to target Indian movies with phishing scams. The phishing site featuring the movie “Bodyguard” is one example, and this month Symantec observed a phishing attack in which phishers used a song from the Telugu movie “Brindavanam” as bait.

image1.jpg

The phishing site displayed a picture of a musical number from the movie “Brindavanam” starring Telugu actresses Samantha and Kajal Aggarwal in the left side of the phishing page. There is also a plot summary of the movie below the image. The phishing page then encouraged users to enter their login credentials stating that, after logging in, they could watch the video. The pictured musical number from the movie was taken from the legitimate movie website. After...

Read more