Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
When Web Servers Serve Evil
Candid Wueest | 13 May 2013 17:51:23 GMT

In the last few months, we have witnessed a rise in the number of cases of modified Web servers that inject malicious redirections into every website that it hosts. One example was the malicious Apache module (Linux.Chapro and Trojan.Apmod) that we blogged about recently. A newer example is Linux.Cdorked, about which our friends at ESET also wrote.

With Linux.Cdorked, instead of adding a malicious Apache module to the configuration list, the attackers instead replaced the main httpd binary file...

Read more
Fake Promotional Offers Targeting UEFA Champions League 2013
Anand Muralidharan | 10 May 2013 07:40:10 GMT

The 58th season of the UEFA Champions League is coming to an end with the final being played on May 25 at Wembley Stadium in London. Nowadays, cybercriminals are gaining a lot of interest in football, at least inasmuch as how to exploit interest in football to their advantage, and Symantec has recently blogged about cybercriminals continuing to show interest in football.

Spammers are exploiting the latest sporting event by sending spam of fake ticket offers through email. Below is an Italian spam campaign we have observed targeting the UEFA Champions League with a fake ticket offer promotion.

Champions league one.png

The spam can be identified by the following headers:

Subject: Scopri come puoi vincere i biglietti per la Finale UEFA Champions League...

Read more
Escrow Scams Searching New Avenues
Samir_Patil | 09 May 2013 03:10:11 GMT

Contributor: Binny Kuriakose

People dream big when buying expensive items like a car or a property. When those dreams are seen with very affordable price tags it certainly attracts everybody’s interest. There are lots of websites available that allow people to post free classified advertisements online and one of the biggest categories is that of used cars. This is the new breeding ground for the old escrow tricksters.

This blog will discuss an interesting case of how a free classified advertisement and an escrow service turned out to be an online scam.
 

What are escrow services?

Escrow services are essentially mediators in trade that ensure all terms, agreed by both parties, are met. Escrow companies take the payment from the buyer and ‘hold it’ until the seller delivers the goods to the buyer and all the terms of sale are met. If you are buying an item from an unknown party without meeting face-...

Read more
OpUSA Begins Today, Is Your Organization Ready?
Hon Lau | 07 May 2013 21:01:00 GMT

Following on from recent concerted campaigns by Anonymous against Israel on April 7 and Facebook on April 5, the latest target for the online hacktivist collective is the USA and American online interests. Today, hackers and script kiddies of various affiliations are expected to begin a campaign of hack attacks and general online disruption against any target that is related to the USA. From previous activity of this sort, the attackers are generally opportunistic in nature and will aim for the low hanging fruit. Attacks may take various forms including the following:

  • DDoS attacks
  • Hack social media accounts and deface or post fake messages
  • Hack organization websites and deface or steal information and post it as “proof” of breach
  • Hack organization servers and attempt sabotage such as planting disk wiping malware
  • Less likely but plausible scenarios could include attacks against...
Read more
Spammers Continue to Exploit Mother’s Day
Anand Muralidharan | 06 May 2013 08:43:36 GMT

Mother’s Day is celebrated in many countries on May 12 and it’s a day for children, regardless of age, to express their love to their mother by giving her a gift. Spam messages related to Mother’s Day have begun flowing into the Symantec Probe Network. Clicking the URL contained in the spam message automatically redirects the recipient to a website containing a bogus Mother’s Day offer upon completion of a fake survey.

mothers 1.png

Figure 1: Survey spam targeting Mother’s Day

Once the survey is completed, a page is then displayed asking the user to enter their personal information in order to receive the bogus offer.

mothers 2.png

Figure 2...

Read more
New Internet Explorer 8 Zero-Day Used in Watering Hole Attack
Symantec Security Response | 10 May 2013 20:08:22 GMT

Microsoft has issued Security Advisory 2847140 in response to reports regarding public exploitation of a vulnerability affecting Internet Explorer 8. Other versions such as Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected. Initial reports indicate that a website associated with a department of the US government was compromised to host the exploit in what’s known as a watering hole attack. Upon visiting the site a vulnerable victim would have been redirected to download a back door as the payload.  Symantec products detect the exploit code on the vulnerable site as Trojan.Malscript, Bloodhound.Exploit.494, or...

Read more
Google Glass and Tomorrow's Security Concerns
Symantec Security Response | 07 May 2013 23:17:04 GMT

If you haven’t heard, Google Glass, the latest gadget from the Silicon Valley giant, has set the media and tech world abuzz, with both admiration and controversy surrounding the device. Google Glass was released to the public last week and combines smartphone technology with wearable glasses that is reminiscent of something seen on Star Trek. Public, in this case, actually means beta testers (called Glass Explorers) who had to apply for the chance to purchase the spectacles in advance by writing a 50 word essay using the hashtag, #ifihadglass. Those chosen had the opportunity to purchase the device for $1,500 USD.

Along with the admiration of a device that appears to do everything, comes controversy.  The 8,000 individuals who were able to purchase the device were bound to a restrictive end user license agreement, in which the product would be deactivated and rendered...

Read more
.pw URLs in Spam Keep Showing Up
Eric Park | 28 May 2013 22:04:16 GMT

Last week, Symantec posted a blog on an increase in spam messages with .pw URLs. Since then, spam messages with .pw URLs have begun showing up even more.
 

pw TLD blog update.png

Figure 1. .pw TLD spam message increase
 

Symantec conducted some analysis into where these attacks are coming from in terms of IP spaces. As expected, Symantec observed a large quantity of mail being sent from an IP range and then moving to another IP range. While this is an expected behavior, there was an interesting twist. There were multiple companies (with different names) hosting .pw spammers using the same physical address in Nevada. 

Examining messages found in the Global Intelligence Network, Symantec...

Read more
The Hexadecimal URL Obfuscation Resurgence
Sammy Chu | 01 May 2013 23:12:31 GMT

For that past several days, Symantec has observed an increase in spam messages containing hexadecimal obfuscated URLs. Hexadecimal character codes are simply the hexadecimal number to letter representation for the ASCII character set. To a computer, hexadecimal is just one out of the many systems for address expressions on the Internet.

The following samples are different hexadecimal representations for http://www.symantec.com.

Hexadecimal only:

http://www.

symantec.co&#x006d

Hexadecimal and ASCII characters:   

(“http” and “com” are in ASCII characters and the...

Read more
Social Media and Hacktivism: Two Ideas Made for Each Other?
Hon Lau | 01 May 2013 04:17:08 GMT

In today’s connected world, many of us are members of at least one, if not more, social networking services. The influence and reach of social media enterprises, such as Facebook (more than 600M active users per month) and Twitter (more than 140M active users), is staggering and as communications tools they offer a global reach delivering almost instantaneous communications to huge multinational audiences. Social media is attractive for hacktivists because it is a forum for people on the Internet and where big discussions take place. Hijack a forum like this and you have an effective soapbox to get your message across. Hardly a day passes without news of another high profile breach by hacktivists and social media influencers are in the crosshairs. Are...

Read more