Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
South Korean Banks and Broadcasting Organizations Suffer Major Damage from Cyber Attack
Symantec Security Response | 02 May 2013 19:58:39 GMT | 0 comments

It has been reported in the media that several South Korean banks and local broadcasting organizations have been impacted by a cyber attack.

The attack included the defacement of a Korean ISP/telecoms provider and also the crippling of servers belonging to a number of organizations.

The defacement displays an elaborate animated Web page with sound effects, showing three skulls and included a message by the claimed attackers calling themselves the “Whois” team.

The attack was first noticed when a number of websites began to experience problems. Customers of banks could not access their online accounts and reports of other sites being down began to surface. While specific details are not known at this time, it has been reported that a number of sites affected had their hard drives wiped leaving the affected computers in a crippled state.

...

Read more
Blackhole Exploit Kit Takes Advantage of Cypriot Financial Crisis
Nick Johnston | 02 May 2013 19:58:41 GMT | 0 comments

In recent days, the European Union (EU) financial crisis has taken a dramatic turn. Cyprus, one of the EU's smallest member states by population, announced plans to impose a one-off levy of up to 10 percent on ordinary bank deposits. Banks across the island state have been closed while the unprecedented measures are debated in the country's parliament. Meanwhile, anxious bank account holders—ordinary people, not bond holders or investors in Cypriot banks—await news of what will happen to their savings.

The notorious Blackhole Exploit Kit, previously featured in several posts on this blog, has started exploiting the public concern about this situation by sending out emails claiming to be news stories related to the unfolding situation.

...

Read more
The New Black: Facebook Black Scam Spreads on Facebook
Satnam Narang | 02 May 2013 19:58:42 GMT | 0 comments

Yesterday, Facebook users may have noticed an influx of their friends posting about something called Facebook Black.
 

Figure 1. Facebook photo plugging “Faecbook” Black (notice the typo in this image)
 

Similar to previous scams, users are tagged in a picture that contains a link to an external website. In this case, the link is found within the comments instead of the description field (Figure 1).
 

Figure 2. Iframe is used to redirect the user to the landing...

Read more
Pope Themed Spam Attacks Lead to Malware
Samir_Patil | 02 May 2013 19:58:43 GMT | 0 comments

Contributor: Saurabh Farkade

The Vatican City has been in the news a lot in the past few weeks due to Benedict XVI’s resignation and the election of Pope Francis. Spammers have picked up on this opportunity for spreading malware.

Symantec Security Response has observed attackers distributing spam which leads users to a site hosting the Blackhole Exploit Kit. The good news is, Symantec customers are protected and this threat is detected as Blackhole Toolkit Website.

The spam email alleges to be from a well-known news channel. The following subject lines are used in this attack:

  • Subject: Opinion: Can New-Pope Benedict be Sued for the Sex Abuse Cases? - [REMOVED]
  • Subject: Opinion: New Pope, Vatican officials sued over alleged sexual abuse! - [REMOVED]
  • Subject: Opinion: New...
Read more
Android.Uracto Used to Trick Mothers, Anime Fans, Gamers, and More
Joji Hamada | 02 May 2013 19:58:45 GMT | 0 comments

Earlier today, we blogged about Android.Uracto, a malicious app that sends spam SMS messages in an attempt to infect others or scam users into paying a fee for a non-existing service. We continued doing further investigation on the attack and this has led us to discover more apps prepared by the same group of scammers. So far we have been able to find a total of 10 apps hosted on a few dedicated domains believed to be maintained by the group. The servers hosting the domains appear to be located in Singapore and in Georgia in the United States. They are currently still live at the time of this writing.
 

Figure 1....

Read more
Android Malware Spams Victim’s Contacts
Joji Hamada | 02 May 2013 19:58:47 GMT | 0 comments

SMS messages attempting to lure Android device owners to download an app that supposedly allows the camera on the device to see through clothes are circulating in Japan. This type of spam is usually sent by the malware authors themselves, but in this case the authors have developed an app to send the spam messages by SMS to phone numbers stored in the device’s Contacts. This allows the recipients of the spam to be tricked easier because the invitation to download the app is coming from someone they know rather than from an unknown sender. If a friend is recommending an app, why would you not at least try it out, right?

Figure 1. SMS message sent from a person whose device is compromised

The site where the link takes the user to introduces an app called Infrared X-Ray that supposedly allows the...

Read more
Much More Than a Free 50 Pound Bet
Samir_Patil | 02 May 2013 19:58:48 GMT | 0 comments

Contributor: Vivek Krishnamurthi

The Cheltenham Festival, also known as the National Hunt Meeting, is a popular horse racing event that occurs every year in March in the United Kingdom. The festival usually coincides with Saint Patrick's Day. This year, the festival is currently in progress and will end on March 15. A large amount of gambling takes place during the Cheltenham Festival, a fact that spammers seem to be well aware of as we are presently observing an increase in online gambling spam.

One particular sample of spam included instructions on how to register a free bet. The link provided in the message directs the user to a form where they can sign up and get a free bet worth up to £50.

Some of the email header information found in this spam campaign includes the following:

  • Subject: Bet on Cheltenham with the Best Odds!
  • From...
Read more
Spammers Special Feast for St. Patrick’s Day
Anand Muralidharan | 02 May 2013 19:58:50 GMT | 0 comments

St. Patrick’s Day is a global celebration of Irish culture and a religious holiday on March 17, and it is very special to Irish communities and organizations. Recently, we have observed numerous St. Patrick’s Day related spam messages flowing into the Symantec Probe Network. Many of the spam samples observed are encouraging users to take advantage of clearance sales of cars as well as other product offers.

Interestingly, in one spam campaign, we observed a malicious spam email that tries to trick users by using the name of the event in conjunction with a popular site that allows users to send and receive large files. By clicking on the link, the user is redirected to a Web page that downloads some malicious code, which exploits several common vulnerabilities. The main motive of these spam campaigns is to lure recipients by taking advantage of the St. Patrick’s day holiday in the subject line and body of the email, such as: “Patrick[RANDOM NUMBERS]...

Read more
Microsoft Patch Tuesday – March 2013
Candid Wueest | 02 May 2013 19:58:51 GMT | 0 comments

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 20 vulnerabilities. Twelve of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the March releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Mar

The following is a breakdown of the issues...

Read more
Malware Attacks Targeting Hugo Chavez’s Death
Carlos Mejia | 02 May 2013 19:58:53 GMT | 0 comments

Rumors of Venezuelan President Hugo Chavez’s death were rampant on the news and Internet over the past month, and last Tuesday, the Venezuelan Vice President confirmed that Chavez died after a two year battle with cancer. Chavez’s death has triggered reactions worldwide, from world leaders to ordinary citizens, and everyone is talking about his ideas and actions as Venezuelan President. At the same speed as the news is spreading, cybercriminals are using this opportunity to send malicious links related to his death as well as hypothetical theories about the cause of his sickness and death.

All the links that we have seen contain malware. Some domains have been registered recently and others seem to have been hijacked.

Here is an example email used in these attacks:

The following URLs are the malicious links that we...

Read more