Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
Fraudulent Facebook 2013 Demo
Mathew Maniyara | 19 Dec 2012 18:35:45 GMT | 0 comments

Fake applications offered by phishing sites continue to appear. In December 2012, a fake app was seen that was titled, “Facebook 2013 demo”. Social networking users in India were most likely targeted in this phishing attack because the phishing URL consisted of certain words in Hindi. The phishing site was hosted on a free Web-hosting site.

The phishing site spoofed the login page of Facebook and the page contents were altered to promote the fake application. A message in the phishing page stated that users could use their existing Facebook accounts to access the application and that they did not need to create a new account. Of course, such a message was added to the phishing page because phishers wanted users to enter their primary login credentials. Towards the right hand side of the phishing page there were instructions on how to access the application. The poorly worded phishing page explained the instructions in three steps, along with a note. The first two...

Read more
Botnets for the Masses
Val S | 19 Dec 2012 11:02:47 GMT | 0 comments

Not so long ago, aspiring bot-herders, who wanted to get started with a botnet of their own, would have to hang out in the right circles or learn how to make one themselves. If they hung out in the right circles they would be provided with guidance and documentation to get started. If they were creative enough and had enough time and skill they could create their own from scratch.

But what if they didn’t have this skill set, or didn’t hang out in the right circles? Just like everything else, they could pay to have someone do it for them. The following examples of crimeware kits for sale have been found in various places on the Internet. Due to various reasons including, enabling the practice of crimeware and legal issues, we cannot confirm that the items being sold are legitimate.  Some have the characteristics of a scam due to inaccuracies in the description (old versions being touted as new) or pricing that does not reflect the going market rate.

...

Read more
Trojan.Batchwiper Reported in Iran
Symantec Security Response | 16 Dec 2012 21:30:57 GMT | 0 comments

On December 16, 2012, CERTCC-IR posted an advisory regarding a new threat, Trojan.Batchwiper, that wipes disks. We have recovered samples matching the hashes mentioned in their advisory and, based on preliminary analysis, can confirm their findings.

The samples are not sophisticated and will wipe any drives starting with the drive letters D through I, along with files on the currently logged-in user’s Desktop. After deletion, the threat will then run Chkdsk on the drives. The wiping will only occur on the following dates:

  • 12/10/2012
  • 12/11/2012
  • 12/12/2012
  • 01/21/2013
  • 01/22/2013
  • 01/23/2013
  • 05/06/2013
  • 05/07/2013
  • 05/08/2013
  • 07/22/2013
  • 07/23/2013
  • 07/24/2013
  • 11/11/2013
  • 11/12/...
Read more
Phishers' Fake Security App for Facebook
Mathew Maniyara | 14 Dec 2012 23:10:35 GMT | 0 comments

Contributor: Avdhoot Patil

Fake social media applications in phishing sites are not uncommon. Phishers continue to devise new fake apps for the purpose of harvesting confidential information. In December 2012, a phishing site (spoofing Facebook) claimed to have an application to secure Facebook accounts from being hacked. The phishing site was hosted on a free Web-hosting site.

The phishing site required users to enter their Facebook login credentials to gain access to the fake security app. In addition to their Facebook login credentials, users must enter a confirmation code generated by clicking a button. Phishers likely believe asking users to enter a confirmation code and stating that it is certified while displaying a fake Facebook stock certificate will make this fake app page seem more authentic. Still, it is hard to understand how a sample stock certificate has any relevance to security on Facebook.
 

...

Read more
Spam Campaign Flooding Towards Blackhole Exploit Kit
Anand Muralidharan | 13 Dec 2012 17:17:33 GMT | 0 comments

Contributor: Samir Patil

In the last few months, we have seen an increase in the volume of malicious spam. The majority of these new spam emails contain links to the Blackhole Exploit Kit.

Earlier this year Symantec reported on malicious spam during tax season that lead to the Blackhole Exploit Kit. Similar attacks targeting well-known businesses occurred throughout 2012, affecting major brands in various service industries such as payroll, fax, and social media.

The emails claim to be contacting the recipient in regards to account transactions, pending notifications, company complaint reports etc.

The main purpose of these spam campaigns is to lure recipients into clicking on links contained in the emails. These links then lead to malicious code being downloaded, which exploits common vulnerabilities.

Note: Read...

Read more
Microsoft Patch Tuesday - December 2012
Candid Wueest | 11 Dec 2012 17:10:35 GMT | 0 comments

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 12 vulnerabilities. Ten of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the December releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-Dec

The following is a breakdown of the issues...

Read more
Android.Enesoluty Adds a User Agreement
Joji Hamada | 10 Dec 2012 18:56:23 GMT | 0 comments

Recently, I wrote a blog describing the current status of Android malware thriving in Japan and much of the focus was on one particular family: Android.Enesoluty. I don’t know whether the authors of Android.Enesoluty read the blog or came across a news article discussing the content of it, but a few days later the app sites distributing the malware contained a user agreement. This was most likely done in an attempt to make the apps legal and ultimately avoid an arrest and prosecution as the Japanese authorities increase their pursuit of Android malware creators.

Until recently, the app pages hosting Android.Enesoluty only contained false descriptions of the apps, fake download counts, fake reviews, and links that download the apps. They did not have anything with regard to a user...

Read more
Phishers Turn to Social Media for Money
Mathew Maniyara | 07 Dec 2012 00:17:56 GMT | 0 comments

Contributor: Avdhoot Patil

Social media is a common target for phishers for the purposes of identity theft. Phishers are now seeking financial gain from social networking phishing sites. In November 2012, phishing sites spoofed a popular social networking site and asked for financial information as a requirement for to improve user security. The phishing sites were hosted on free web hosting sites.

The phishing site stated that the social networking site had made some improvements in security and required users to verify their identity by completing a security check. After the “Continue” button was clicked, users were asked to enter their personal details.

The personal details required included the user's:

  • First name
  • Last name
  • Email address
  • Password
  • Country
  • Gender
  • Birthday

The phishing pages that followed asked for users’ webmail address with their...

Read more
Football Phishing Fever Continues
Mathew Maniyara | 05 Dec 2012 23:52:35 GMT | 0 comments

Contributor: Avdhoot Patil

Several phishing attacks using football have been observed during 2012. Phishers have shown their interest in football clubs, football celebrities, and the 2014 FIFA World Cup. In November 2012, the trend continued with phishers spoofing the 2014 FIFA World Cup in Brazilian Portuguese on a free web hosting site.

In one example, a phishing site prompted users to sign up for a  daily offer to win prizes worth hundreds of dollars, including trips to the World Cup. The phishing page featured the World Cup mascot Fuleco on the right hand side. While signing up for the offer, the user is asked to select from three Brazilian electronic payment brands. After the brand is selected, the phishing site requests the user’s confidential information.

The information required includes the user's:

  • Card number
  • Electronic signature
  • Card holder name
  • Password
  • Email address...
Read more
Chicken or Egg: Where Does W32.Changeup Come From?
Symantec Security Response | 04 Dec 2012 02:12:57 GMT | 0 comments

­Throughout history, philosophers and scientists have pondered the question of which came first: the chicken or the egg. Over the last week, Security Response has seen an increase in the number of W32.Changeup detections. We know that Changeup can download a bevy of other threats onto a compromised computer. But an unanswered question is how does W32.Changeup compromise a computer in the first place?

While other vend­­­­ors have indicated the latest round of Changeup has spread through social networking websites, Symantec Security Response has managed to identify one source of the worm.

In recent malicious spam claiming to contain a secure message from banking...

Read more