Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Orla Cox | 03 Feb 2014 09:44:10 GMT

POS_concept.jpg

Cybercriminals have an insatiable thirst for credit card data. There are multiple ways to steal this information on-line, but Point of Sales are the most tempting target. An estimated 60 percent of purchases at retailers’ Point of Sale (POS) are paid for using a credit or debit card. Given that large retailers may process thousands of transactions daily though their POS, it stands to reason that POS terminals have come into the crosshairs of cybercriminals seeking large volumes of credit card data. Download our Attacks on Point of Sales Systems whitepaper for details on how POS attacks...

Satnam Narang | 30 Jan 2014 18:29:16 GMT

This week, fans of the Denver Broncos and Seattle Seahawks have been tweeting in anticipation of Super Bowl XLVIII, but many have been subjected to a torrent of spam from Twitter bots. Fans of pop star Miley Cyrus have also been plagued with an identical spam campaign using targeted keywords.

Last summer, we published a blog about a similar campaign that focused on the BET Awards and fans of Justin Bieber, One Direction, and Rihanna. The latest campaign follows the same blueprint with improvements.

The scam starts with Twitter users tweeting specific keywords which are monitored by spam bots on the service. The keywords could be about the Super Bowl, the Broncos, Seahawks, or individual players on the team, such as Denver Broncos quarterback Peyton Manning or Seattle Seahawks cornerback Richard Sherman. In the case of Miley Cyrus, mentions of her full name or her first...

Binny Kuriakose | 30 Jan 2014 09:39:42 GMT
China is gearing up to usher in the Year of the Horse, which begins with the new moon on January 31 this year. With more than a billion people worldwide preparing to celebrate the new year for the lunar calendar, the celebration this year promises more color than ever before.
 
Chinese New Year, also known as the spring festival, is a day for reunion and thanksgiving, where exchanging gifts is at the heart of the celebration. Friends, family, colleagues and even businesses exchange gifts to show love, respect and loyalty. Business owners often send gifts to their customers and shops offer gifts and discounts to show their gratitude. However, spammers are all too aware of this practice.
 
The spammers and fraudsters are known to capitalize on special occasions and exploit the noble gesture of giving gifts in order to send out spam. They are known to pose as friends and business owners and send emails promising gifts and...
Joji Hamada | 29 Jan 2014 03:23:01 GMT

In 2013, scammers published thousands of apps on Google Play that led to fraudulent sites. This form of scam is typically called “one-click fraud” in Japan.  The very first variant appeared in January and while only a handful of these fraudulent apps survive for a few days at most, we confirmed that, in total, more than 3,000 apps were published on the market in 2013. By October, scammers for the most part have stopped publishing new variants of the fraudulent apps on Google Play for unknown reasons.

figure1_14.png
Figure 1.
Total number of apps leading to one-click fraud sites published on Google Play throughout 2013

While apps that lure victims to fraudulent sites may no longer be available on Google Play, there are currently other vehicles leading victims to these sites, such as spam. 

This scam typically begins with spam...

Paul_Thomas | 23 Jan 2014 22:30:13 GMT

You may have seen media reports based on research by Proofpoint that hundreds of home devices such as entertainment systems and even a refrigerator had been sending spam. We refer to this collection of networked devices as the Internet of Things (IoT). Originally, the reports didn’t provide any evidence so we were unable to validate the claim. However, additional details have now been made available and we can confirm that your IoT devices, including your refrigerator, are not the source of this recent spam run.

From the information that was publicly provided, we have been able to determine that this specific spam run is being sent by a typical botnet resulting from a Windows computer infection. Symantec receives telemetry from a wide variety of sources including our endpoint security products, spam receiving honeypots, and botnet honeypots that await spam-initiating...

Flora Liu | 23 Jan 2014 07:14:03 GMT

We’ve seen Android malware that attempts to infect Windows systems before. Android.Claco, for instance, downloads a malicious PE file along with an autorun.inf file and places them in the root directory of the SD card. When the compromised mobile device is connected to a computer in USB mode, and if the AutoRun feature is enabled on the computer, Windows will automatically execute the malicious PE file.

Interestingly, we recently came across something that works the other way round: a Windows threat that attempts to infect Android devices.

The infection starts with a Trojan named Trojan.Droidpak. It drops a malicious DLL (also detected as Trojan.Droidpak) and registers it as a system service. This DLL then downloads a configuration file from the following remote server:

  • ...
Dick O'Brien | 21 Jan 2014 00:51:42 GMT

Internet of Things Header.jpg

Could your baby monitor be used to spy on you? Is your television keeping tabs on your viewing habits? Is it possible for your car to be hacked by malicious attackers? Or could a perfectly innocent looking device like a set-top box or Internet router be used as the gateway to gain access to your home computer?

A growing number of devices are becoming the focus of security threats as the Internet of Things (IoT) becomes a reality. What is the Internet of Things? Essentially, we are moving into an era when it isn’t just computers that are connected to the Internet. Household appliances, security systems, home heating and lighting, and even cars are all becoming Internet-enabled. The grand vision is of a world where almost anything can be connected—hence the Internet of Things.

Exciting new...

Eric Park | 20 Jan 2014 18:44:19 GMT

Spammer success is dependent on two factors:

  1. Evading spam filters so the spam message arrives in the recipient inbox
  2. Crafting messages so that the recipient is enticed to open and perform desired call-to-actions (click on the link, open attachment, etc.)

Spammers walk a fine line to balance these two aspects; relying heavily on one factor and ignoring the other will make the spam campaign fail. For example, spammers can evade spam filters by randomizing the subject and body of the message, however such randomization is likely to be ignored by even the most unsophisticated user as obvious spam. Similarly, crafting stand-out enticing messages to increase the email open rate often results in spam filters blocking the message. Spammers have a tough challenge.

Rising up to meet this challenge, spammers are now hiding the true content from the user more than ever before. While there are still spam campaigns with links to online pharmacies with...

Satnam Narang | 15 Jan 2014 22:13:49 GMT

A few weeks after our blog post about porn and secret admirer spam targeting Snapchat users, a new spam campaign using sexually suggestive photos and compromised custom URLs is circulating on the photo messaging app.
 

image1_21.png

Figure 1. Snapchat spam
 

Each of these spam messages includes a request to “Add my kik”, along with a specially crafted user name on the Kik instant messaging application for mobile devices.
 

image2_12.png

Figure 2...

Eric Park | 15 Jan 2014 09:29:01 GMT
After a long hiatus, spammers are once again using an old trick, where they attach a .zip file to trick the user into executing the compressed malware. The chart below shows the number of spam messages with .zip attachments over the last 90 days in Symantec’s Global Intelligence Network (GIN).
 
figure1_6.png
Figure 1. Spam messages with .zip attachments over the last 90 days
 
On January 7, 99.81 percent of the .zip attachment spam that came into Symantec’s GIN had the file name “BankDocs-”  followed by 10 hexadecimal characters.
 
figure2_7.png
Figure 2. Email with “BankDocs-” .zip attachment
 
On January 8, 99.34 percent of the .zip...