Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
Ransomware: The Couch-Potato Vs The Backpacker
Lionel Payet | 30 Nov 2012 16:38:00 GMT

Comparing variants of the same malware family can sometimes uncover interesting results. Trojan.Ransomlock, the highly profitable and prevalent malware, is one of those cases. This threat was originally spotted in Russia in 2009 but since then has been highly active in the wider world, particularly in the past few months.

An in-depth analysis of this month's AV detection stats for the Trojan.Ransomlock family of threats reveals two top variants: Trojan.Ransomlock.T and Trojan.Ransomlock.G.

Figure 1. Trojan....

Read more
Crisis: The Advanced Malware
Takashi Katsuki | 30 Nov 2012 06:50:46 GMT

Over the past few months, we have blogged several times about OSX.Crisis and W32.Crisis. The Crisis malware is a highly advanced malware that has multiple infection vectors and a variety of information-stealing functions.

Figure 1. The Crisis infection routine

 

It targets Windows and Mac operating systems as well as devices running Windows Mobile. It can also sneak onto virtual machines if the compromised computer has a specific VMware virtual machine image installed on it and we believe that this is the first malware that can perform host-to-guest virtual machine infections.

Some...

Read more
Browser Add-ons Add Fraudulent Data
Mathew Maniyara | 29 Nov 2012 06:53:37 GMT

Contributor: Wahengbam RobinSingh

Phishers continue to devise diverse strategies to improve their chances of harvesting users’ confidential information. Symantec constantly monitors and keeps track of these phishing trends. In November 2012, Symantec observed a phishing site that loaded a malicious browser add-on. The malicious add-on, if installed, would lead users to phishing sites even when a legitimate website is entered in the address bar. Phishers utilized a typosquatting domain to host the phishing site and their primary motive in this strategy was financial gain. The phishing site spoofed a popular e-commerce website.

Figure 1. Browser prevents automatic installation of the malicious add-on

 

The phishing site detects the...

Read more
Instaspam 2: Electric Boogaloo
Satnam Narang | 28 Nov 2012 22:14:57 GMT

While death and taxes may be certainties in our lives, in the digital world—especially in social networking—one certainty is spam.

I recently wrote about gift card spam targeting the popular photo-sharing application Instagram. The service now has over 100 million users and it recently surpassed Twitter with more average daily visitors (Figure 1). As the number of users of Instagram continues to increase, we expect to see a corresponding increase in Instagram spam.

Figure 1. Instagram daily visitor growth
 

Cash Rules Everything Around Me (C.R.E.A.M.)

While gift cards work quite...

Read more
W32.Changeup – A Malicious Gift That Keeps On Giving
Satnam Narang | 27 Nov 2012 23:26:24 GMT

In mid-2009 W32.Changeup, a polymorphic worm written in Visual Basic, was first discovered on systems around the world. Over the last few years, we have profiled this threat, explained why it spreads, and shown how it was created.

In the last week there has been an increase in the number of W32.Changeup detections. The increase in detections is a result of an updated version of W32.Changeup now circulating in the wild:
 

Figure....

Read more
W32.Narilam – Business Database Sabotage
Symantec Security Response | 22 Nov 2012 10:39:05 GMT

In the last couple of years, we have seen highly sophisticated malware used to sabotage the business activities of chosen targets. We have seen malware such as W32.Stuxnet designed to tamper with industrial automation systems and other destructive examples such as W32.Disstrack and W32.Flamer, which can both wiped out data and files from hard disks. All of these threats can badly disrupt the activities of those affected.

Following along that theme, we recently came across an interesting threat that has another method of causing chaos, this time, by targeting and modifying corporate databases. We detect this threat as...

Read more
Malware Targeting Windows 8 Uses Google Docs
Takashi Katsuki | 16 Nov 2012 22:55:39 GMT

Initially, I thought that Backdoor.Makadocs was a simple and typical back door Trojan horse. It receives and executes commands from a command-and-control (C&C) server and it gathers information from the compromised computer including the host name and the operating system type. Interestingly, the malware author has also considered the possibility that the compromised computer could be running Windows 8 or Windows Server 2012.
 

Figure 1. Operating Systems check
 

Windows 8 was released in October of this year. This is not necessarily a surprise for security researchers as we always encounter new malware when new products are released. However, this malware does not...

Read more
Thanksgiving & Black Friday On Spammers’ Radar
Anand Muralidharan | 15 Nov 2012 13:22:37 GMT

Some events familiar among people in the United States are commencing this month, including: Thanksgiving—a great occasion to thank dear friends and family for their kindness; and Black Friday—a day after Thanksgiving, usually the busiest retail shopping day of the year. Spam messages related to these events have begun flowing into the Symantec Probe Network. Many of the spam samples observed are encouraging users to take advantage of e-cards, clearance sales of cars and trucks, products bidding to get the best deals, replica watches. Clicking the URL will automatically redirect the user to a fake offer website.
 

Figure 1: An e-card for Thanksgiving...

Read more
Instagram Spam Leads to Premium Mobile Services
Ben Nahorney | 14 Nov 2012 16:04:40 GMT

Spammers have long been leveraging social networking sites to pull off scams. Generally speaking, as the popularity of a service increases, so too do the illicit activities of scammers. It seems that the popular photo-sharing service Instagram is the latest social networking site to catch the attention of these scammers.

I discovered this first-hand when I received an Instagram photo comment, from an unfamiliar account, which had nothing to do with the photo:

"Hi there, Get a FREE Game in my Profile, OPEN it up, Get 85.90$ :-) xx"

I went to check out the user, who appeared to be a rather attractive woman with followers in the thousands, but surprisingly for a photo-sharing service, not a single photo.

Figure 1. Scammer’s Instagram profile

Who was...

Read more
Windows 8 Not Immune to Ransomware
Symantec Security Response | 13 Nov 2012 21:49:39 GMT

Cybercriminals have for some time now recognized that ransomware can be a highly profitable endeavor. This has led to a significant increase of different ransomware in the wild with no sign of it leaving the threat landscape anytime soon.

So, how effective is ransomware on Windows 8 compared to other operating systems? To answer this question, Symantec ran several prevalent ransomware samples currently found in the wild in a default Windows 8 environment. While some samples ran poorly on Windows 8, it did not take long to find a ransomware variant (Trojan.Ransomlock.U) that successfully locked a Windows 8 system, effectively holding it to ransom.
 

...

Read more