Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
Linux Kernel Exploit Ported to Android
Symantec Security Response | 12 Jun 2013 00:20:53 GMT

Malware authors are notorious for quickly leveraging new exploits in the public domain for nefarious purposes. The recent discovery of a Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability (CVE-2013-2094) in the Performance Counters for Linux (PCL)—currently being exploited on various platforms—has now been modified to work on the Android operating system.  

For anyone unfamiliar with the Android operating system, it is based off the open source Linux operating system. This means that many of the discovered Linux kernel based vulnerabilities have the possibility of being exploited in Android devices. However, with different Android devices using different versions of the Linux kernel, only certain devices may be affected by a particular exploit.

...
Read more
Phishers Now Target Real Madrid Fans
Ashish Diwakar | 11 Jun 2013 04:44:49 GMT

Contributor: Avdhoot Patil

It seems that targeting football clubs, football celebrities, and football events has become a habit for phishers. They continue their uncivilized activities and in particular single out football. Now, phishers have set their eyes on the Real Madrid Football Club based in Madrid, Spain. Real Madrid is one of the world’s richest football clubs and has a large fan base.

Real Madrid fake login.png

Figure. Fake Facebook phishing page featuring Real Madrid and Cristiano Ronaldo.

 As we can see in the figure, the phishing page asks users to enter Facebook login...

Read more
Scammers Take Advantage of Dance Grand Prix Europe 2013
Anand Muralidharan | 10 Jun 2013 20:59:45 GMT

Contributor: Vivek Krishnamurthi

The International Dance Competition “Dance Grand Prix Europe” is set to begin June 12 and will be hosted in Spain. The purpose of the competition is to showcase all the top dancers from various dance schools and this major event attracts choreographic talent from around the world. Spammers also don’t want to miss this event and the opportunity to circulate a scam.
 

image1_0.jpeg

Figure 1. Dance Grand Prix Europe 2013 spam
 

To grab the reader’s attention, the spam email reveals some appealing facts about the event along with "only a little fee" required but no additional charges for participation in the event. Clicking the URL will automatically redirect the user to a website containing a bogus...

Read more
Beware of Fake Gift Offers for Father’s Day
Anand Muralidharan | 10 Jun 2013 13:27:32 GMT

A lot of people are counting down the days until they can express their appreciation and love towards their dads by giving them gifts for Father’s Day, which is celebrated on June 16. Last month we published a blog called Spammers Continue to Exploit Mother’s Day, now it’s the turn of Father’s Day, as spam messages have started flowing into the Symantec Probe Network. Most of the spam emails attempt to encourage users to take advantage of product offers, fake surveys, and replica watches. Clicking the URL contained in the spam message automatically redirects the user to a website containing a bogus offer.

Figure1_1.png

Figure 1. Gift offer spam

Figure2_0.png...

Read more
Dragon Boat Festival: Now Driving Away Spam Too
alisa_tsai | 10 Jun 2013 05:13:30 GMT

The Dragon Boat Festival, also known as the Duanwu Festival, is an important traditional holiday that has been celebrated by Chinese people as well as other people in East Asian societies for nearly 2,000 years. It is a day for people to drive away epidemics and evil spirits in summer by holding a series of symbolic activities because in ancient times, summer was considered to be a season of bugs, snakes, and fleas that could cause serious diseases.

There are several traditions followed on this day, such as holding a dragon boat race, eating sticky rice dumplings wrapped in bamboo (Zong zi), drinking realgar wine (Xionghuangjiu), and wearing perfumed medicine bags. Many of these activities involve some sort of commercial component—and spammers will never miss a good opportunity to make a profit.

This year, the Dragon Boat Festival is going to be celebrated on June 12, 2013. In the lead-up to this...

Read more
Backdoor.Tranwos Abuses EFS to Prevent Forensic Analysis
Kazumasa Itabashi | 07 Jun 2013 17:45:03 GMT

Recently, we discovered a threat that abuses the Encrypting File System (EFS), which Symantec detects as Backdoor.Tranwos. Not only is it trivial for program code to use EFS, it’s also very effective at preventing forensic analysis from accessing the contents of the file.

The threat creates the folder %Temp%\s[RANDOM ASCII CHARACTERS] and then calls the EncryptFileW API in order to encrypt the folder and all files and folders subsequently created in the encrypted folder will be encrypted automatically by Windows. The threat also copies itself as the file name wow.dll in the folder and then modifies the Characteristic attribute of the PE header in order to change to a DLL file.
 

backdoor tranwos 1 edit.png...

Read more
What to Wear
Candid Wueest | 07 Jun 2013 04:04:56 GMT

Many high-tech companies are researching wearable technologies, i.e. things that you can wear and help to make your life easier. Probably causing the biggest stir in the technology community recently are smart glasses, with Google Glass being the primary example. Giving you visual aid with augmented reality is a fascinating thought for me. But it also sparked the discussion on what should be allowed regarding the respect of privacy. Do you need to inform your friends whenever you are filming them? Maybe a red LED in your glasses should turn on whenever you are recording, taking the term “evil eye” to a whole new level. If you search the Web for people who are planning on extending the built-in functionality of the Google Glass, you will come across all kinds of interesting integration ideas, including the controversial face-recognition feature.

But there are quite a few other wearable devices worth discussing. From smart bracelets and intelligent shoes to watches...

Read more
Citadel’s Defenses Breached
Orla Cox | 06 Jun 2013 15:17:25 GMT

Contributor: Piotr Krysiuk

On June 5, Microsoft announced that they had worked together with members of the financial services industry and the FBI to disrupt the operations of a banking Trojan horse program called Citadel. The takedown operation resulted in over 1,000 Citadel botnets being taken offline.

Citadel is a banking Trojan that has been in existence since 2011. As with most banking Trojans, Citadel is a full crimeware kit, providing the attackers with payload builders, a command and control (C&C) server infrastructure, and configuration scripts to target various banks. Citadel is a descendant of that other behemoth of the financial Trojan world, Trojan.Zbot (Zeus). It came into existence after the Zeus source code was leaked in 2011, with criminal groups taking that code and enhancing it.

...

Read more
Symantec Protections for TravNet
Symantec Security Response | 05 Jun 2013 00:43:25 GMT

Today, Kaspersky published a paper titled “The NeTTraveler (aka ‘TravNeT’).” The paper provides analysis on a targeted attack campaign that is targeting various organizations worldwide, such as governments, industries, and non-government organizations. This research is related to the McAfee blog “Travnet Trojan Could Be Part of APT Campaign” released earlier in March about a campaign we have been monitoring as well. We have the following antivirus coverage in place for this threat:

We also provide the following IPS coverage:

Read more
Waledac Reloaded: Trojan.Rloader.B
Alan Neville | 04 Jun 2013 21:36:12 GMT

Recently, we blogged about systems compromised by W32.Virut that were observed downloading W32.Waledac.D (Kelihos). Symantec has followed the Waledac evolution for a number of years and have observed the botnet showing considerable resilience against take-down efforts conducted in the past. Waledac is traditionally known as a spamming botnet which has been observed to send up to 2000 malicious emails on a daily basis.
 

image1_1.png

Figure 1. W32.Waledac.D spam...

Read more