Video Screencast Help
Security Response
Showing posts in English
Gavin O Gorman | 22 Jan 2015 13:57:40 GMT


Contributor: Yi Li

A group of attackers, which we call Scarab, has been performing highly targeted attacks against particular Russian-speaking individuals both inside and outside of Russia since at least January 2012. In each campaign, the attackers typically target a small amount of individuals—rather than enterprises or governments—using economic, military, topical, or generic lures. On average, less than ten unique computers are infected per month and there is no indication that the attackers are trying to spread through the victim’s local network, suggesting that Scarab’s campaigns are extremely targeted in nature.

Many of Scarab’s campaigns focus on distributing the group’s custom malware (Trojan.Scieron and...

Symantec Security Response | 22 Jan 2015 00:22:39 GMT


An unconfirmed Adobe Flash Player zero-day vulnerability was discovered yesterday by security researcher Kafeine. The zero-day bug is reported to affect the latest versions of Adobe Flash Player and has been seen in some versions of the Angler exploit kit. Initial reports indicate that Internet Explorer versions 6 to 10 running on Windows XP, Windows 7, and Windows 8 are affected. Fully patched versions of Windows 8.1 and Google Chrome browsers appear to be unaffected.

Symantec regards this vulnerability as critical because Adobe Flash Player is widely used and the flaw allows an attacker to effectively compromise a computer, which then allows for the unauthorized installation of malware.

Adobe has not confirmed the...

Christian Tripputi | 21 Jan 2015 17:22:59 GMT

Tubrosa 1.jpg

Online video services have offered new ways for people to bring their content to a wider audience and make money from it. Many content creators have managed to make full time jobs out of releasing YouTube videos thanks to the YouTube Partner Program, which lets people monetize their uploaded videos through advertisements. Gaming channels have particularly experienced success on YouTube. For example, PewDiePie’s gaming channel is the most popular on YouTube, and his videos have been watched more than 4.1 billion times in 2014. The 25-year-old content creator is believed to...

Satnam Narang | 14 Jan 2015 15:59:28 GMT

Over the last week, we have observed an increase in phishing emails claiming to be from LinkedIn Support. The body of the email claims that irregular activities have prompted a “compulsory security update” for the recipients’ LinkedIn account. 

“Irregular activities”
The email goes on to say that in order to secure their account, the recipient needs to download the attached form (an HTML attachment) and follow the instructions.

Figure 1. LinkedIn phishing email

The attachment is a copy of the real website. However, the website’s source has been modified, so if the recipient uses this web page to sign in to their LinkedIn account, their credentials will be sent directly to the attacker.


Joji Hamada | 14 Jan 2015 03:06:06 GMT


One-click fraud in Japan typically refers to a type of scam that involves deceiving users into subscribing to adult video services. The fraud has been in existence for over a decade and shows no sign of disappearing. One-click fraud made its debut on smartphones in 2011 and has most heavily affected users of both Android and iOS, but it’s not unique to those operating systems and can affect any smartphone. The scam has developed into one of the most serious cyberfraud issues on the mobile platform. For further details about the scam, you can read my previous blog.

We have observed various tactics used in the scam throughout the years, but most scams simply trick the user into making a click or two in an attempt to view a video in order to falsely register the user. In most cases, the...

Roberto Sponchioni | 13 Jan 2015 22:00:39 GMT


When the source code for the botnet creation kit known as Carberp (Trojan.Carberp) was leaked in June 2013, security experts predicted it would only be a matter of time before the information-stealing malware code would be modified and reused. Those experts were proven right when Trojan.Carberp.B was uncovered in late 2014. Symantec has now observed yet another modified version of Carberp (Trojan.Carberp.C) being spread through a spam campaign mainly targeting Australia.

This latest version of the malware is still...

PraveenSingh | 13 Jan 2015 20:57:06 GMT

ms-tuesday-patch-key-concept-white-light 2_1.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 8 vulnerabilities. One of this month's issues is rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.
  • ...
Laura O'Brien | 18 Dec 2014 13:58:36 GMT


The CEO of a company that created the StealthGenie mobile spying app recently pleaded guilty for advertising and selling spyware. The US Department of Justice ordered Hammad Akbar to pay a US$500,000 fine and to hand over the spyware’s source code. It’s a significant result, as it marks the first ever criminal conviction surrounding the sale of a mobile spyware app. 

This may not be the last mobile spyware case in the US, judging by comments made by Assistant Attorney General Leslie Caldwell of the US Justice Department’s Criminal Division. “Make no mistake: selling spyware is a federal crime, and the Criminal Division will make a federal case out if it,” said Caldwell soon after the case. “Today’s...

Jo Hurcombe | 16 Dec 2014 15:06:05 GMT


Contributor: Satnam Narang 

Attackers behind malicious spam campaigns have shifted their tactics in recent months and are increasingly attempting to infect victims by luring them into clicking on links rather than sending them malicious attachments.

Since late November, Symantec Security Response has seen a spike in the number of malicious emails using this tactic. Over the last six months, there were relatively few spam emails containing malicious links. For example, in October, only seven percent of malicious spam emails contained links. That number jumped to 41 percent in November and has continued to climb in early December.

While many malicious emails come with an attachment, organizations can block and filter these types of messages. Symantec believes that the Cutwail botnet (...

Symantec Security Response | 15 Dec 2014 20:27:57 GMT

Ransomware is nothing new to Japan. Symantec’s research has found that Japan ranks among the regions that are the most affected by global ransomware attacks. However, no attacks specifically targeting Japanese users have ever been confirmed. That is, until now. In the recent weeks, Symantec has observed a ransomware variant in the wild that was designed to target users who speak Japanese.

Torlocker 1.png
Figure 1. Ransomware attacks in November 2014 by region

The ransomware threat in question is a localized variant of TorLocker. The malware encrypts files with certain file extensions on the compromised computer and demands that the user pays in order to decrypt the files. Symantec has confirmed multiple variants of this particular Japanese ransomware threat.

TorLocker has been used in ransomware attacks around the world. The...