Video Screencast Help
Security Response
Showing posts in English
Val S | 09 Jan 2014 00:44:56 GMT

In the first week of 2014, we came across a website using tried and tested social engineering techniques to coerce victims into installing malware. The domain http://newyear[REMOVED]fix.com, was registered on December 30, 2013. Based on our research, 94 percent of  attacks appear to be targeting users based in the United Kingdom through  advertising networks and free movie streaming and media sites.

The attackers attempt to trick victims using the following techniques:

  • A URL containing the words “new year” and “fix”
  • A professional looking template (from Google, Microsoft or Mozilla) telling the victim that a critical update is necessary for their system to function properly
  • Redirecting the user, based on their browser type, to a fake but convincing Chrome, Firefox, or Internet Explorer Web page.
  • Using a JavaScript loop to force the victim to give up and stay on site – users have to click on the “Yes/No” option 100 times in...
Satnam Narang | 20 Dec 2013 23:12:35 GMT

Recently we have observed a series of mobile ads intended to scare users into believing that their device is infected with a threat called “Trojan: MobileOS/Tapsnake”.
 

image1_20.png

Figure 1. Fake Tapsnake infection warnings
 

The malware alert is fake. Tapsnake is an older Android threat (we blogged about it in 2010 and detect it as Android.Tapsnake) that just happens to be mentioned in these ads to make them appear more authentic. We visited a site serving these ads using a brand new Android device with a fresh install and nothing on it and still received this alert. Users of Apple's iPhone...

Candid Wueest | 17 Dec 2013 19:55:23 GMT

Webcam blackmailing 1.jpg

Recently, we wrote about creepware and how people use it to spy on unsuspecting victims through webcams. As the name implies, this is really creepy. Unfortunately, there are other similar threats on the Internet. Another scam that has become very popular this year is webcam blackmailing. In these cases, the scammers don’t hide the fact that they are using the webcam.

The scam starts with a simple contact request on a social network or dating site. In general, the profile sending the request appears to be the scammer (posing as a woman), and the request is sent to single men. After a bit of...

Candid Wueest | 17 Dec 2013 13:51:06 GMT
“Because that’s where the money is!” This is a quote frequently attributed to Willie Sutton as the answer he allegedly gave when asked why he robbed banks. Even though Mr. Sutton never gave this answer, it still holds true. 
 
This paradigm also holds true when it comes to today’s financial malware. Online banking applications are where money is moved; hence they are also the focus of attackers. It should not come as a surprise that we still see further development of Trojans targeting online banking services. One example that we recently blogged about is the Neverquest Trojan, a successor of Trojan.Snifula, which was first seen in 2006 but is still in use. 
 
The number of infections of the most common...
Gavin O Gorman | 17 Dec 2013 00:40:59 GMT

The Browlock ransomware (Trojan.Ransomlock.AG) is probably the simplest version of ransomware that is currently active. It does not download child abuse material, such as Ransomlock.AE, or encrypt files on your computer, like Trojan.Cryptolocker. It does not even run as a program on the compromised computer. This ransomware is instead a plain old Web page, with JavaScript tricks that prevent users from closing a browser tab. It determines the user’s local country and makes the usual threats, claiming that the user has broken the law by accessing pornography websites and demands that they pay a fine to the local police.

...

Satnam Narang | 16 Dec 2013 23:23:48 GMT

Over the weekend, a hoax about mass account deletion made its rounds on photo-sharing app Instagram. A bogus account @activeaccountsafe, posted a photo which claimed to be a privacy policy update from Instagram. The photo reads:

“On December 20, 2013 we will be randomly deleting a huge mass of Instagram accounts. Many users create multiple accounts and don’t use them all. This cost us $1.1 million to run inactive accounts. These accounts become inactive and then create spams. In order for us to keep al spam off of Instagram we will be randomly deleting accounts. To keep your account active REPOST this picture with @ActiveAccountSafe & #ActiveAccountSafe . We’re doing this to keep active users online.”

Instagram Hoax 1 edit 2.png

Figure 1. The hoax Instagram account @ActiveAccountSafe...

Christopher Mendes | 16 Dec 2013 09:07:53 GMT

Contributor: Binny Kuriakose

‘Hello world’ we are digital! Well that was ages ago. Today the need for speed has made us extra fast. A click of a button and the desired webpage is up and running in an instant. In fact, organizations are switching to the Web because of cost effective business and global presence the Internet provides. This phenomenon has made predators smack their lips. What better environment to make a kill than Christmas, with the unaware and the vulnerable abound!

With a systematic study of business done during Christmas, spammers have leveraged a plethora of categories since early July, ranging from hospitality-related spam for those who plan early on how to celebrate Christmas later in the year, to last minute shoppers who scramble to buy gifts before rushing home. Now, that is a well-planned spread.

  • For the vacation planner, there is a hospitality-related spam, with headers reading:

From:...

Pavlo Prodanchuk | 11 Dec 2013 08:53:49 GMT

The latest trend in Russian language spam shows that spammers have started promoting Make Money Fast (MMF) schemes where users are told that money can be easily made with the use of binary options trading.

The sample observed by Symantec has the usual spam traits including a catchy subject, which highlights a large sum of money someone is making every month, to grab the attention of the recipient.

The spam is sent from mail.ru, the largest free email service in Russia, with the account name stating the age of the person linking it to the subject line. The following is a translation of the email header: 

Subject: $3700 a month – this retiree making more than you?
From: pensioner.vladimir@mail.ru

This is an effective trick, especially during the festive season when many peoples’ finances are stretched.

figure_0.jpg

...

Dinesh Theerthagiri | 10 Dec 2013 19:53:34 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eleven bulletins covering a total of 24 vulnerabilities. Ten of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the December releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Dec

The following is a breakdown of the...

Symantec Security Response | 10 Dec 2013 14:19:40 GMT

creepware_title_banner.png

Some people stick a piece of tape over the webcam on their laptop, maybe you even do it yourself. Are they over cautious, paranoid, a little strange? Are you? Or is there reason behind this madness? Many of us have heard the stories about people being spied on using their own computer or people being blackmailed using embarrassing or incriminating video footage unknowingly recorded from compromised webcams. But are these stories true and are some people’s seemingly paranoid precautions justified? Unfortunately the answer is yes, precaution against this type of activity is necessary and there are a multitude of programs out there that can be used for this type of malicious activity…and more. Remote access Trojans (RATs), or what we are calling creepware, are programs that are installed without the victim’s knowledge and allow an attacker to have access and...