Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response
Showing posts in English
khaley | 19 Nov 2013 15:49:56 GMT


The secret to predicting the future is to listen for the whisper.

By the time you’ve heard things in a loud, clear voice they have already come true. I’ve been listening to the whispers in 2013 and have a pretty good idea for what we’ll be hearing loud and clear in 2014. Below are my predictions of the top things we’ll hear and what they will mean for us in 2014.

  • People will finally begin taking active steps to keep their information private.
  • Scammers, data collectors and cybercriminals will not ignore any social network, no matter how “niche” or obscure.
  • The “Internet of Things” becomes the “Internet of Vulnerabilities.”
  • Mobile apps will prove that you can like yourself too much.

“Wait a minute…The Internet knows more about me than my own mother?”

People will finally begin taking active steps to keep...

Mathew Maniyara | 19 Nov 2013 05:34:13 GMT

Contributor: Avdhoot Patil

The internet can be a dangerous place with security threats lurking from every direction, and it gets worse when threats meld together. Phishing today is a major part of cybercrime and phishers have recently gained interest in additional security threats. This year has witnessed the fusion of threats such as malware and spam with phishing, for instance. The recent use of malware in bogus apps are a good example.

This month, malware was used yet again in a phishing site spoofing Facebook. This phishing site offers a fake app devised to entice Android and iPhone users and was hosted on servers based in Paris, France, with pages in the French language.

A phishing site always comes with bait but phishers always craft new ones because they don’t want users to get familiar with same old phishing bait. This time, the bait was an offer...

Liam O Murchu | 19 Nov 2013 01:09:56 GMT

It was with quite some skepticism that I accepted Peter Szor's invitation to go surfing with him five years ago. I had tried surfing several times before but had been disappointed by the lack of adrenalin. I came from a snowboarding background and everyone had told me to try surfing because it was so similar. I had tried it, several times, and I was not impressed. It was mostly about sitting around waiting for something to happen. Where is the adrenalin? Where is the rush?


Peter Szor holding his book The Art of Computer Virus Research and Defense, I was looking for a picture of him out surfing but I realized that sadly I don’t have any pictures with him at all.

At first Peter wanted to take me (a true novice) to his secret spot* in Malibu, a point break with a rocky bottom that would cut you to pieces if you fell the...

Satnam Narang | 18 Nov 2013 23:04:38 GMT

Last week, the United Kingdom’s National Crime Agency (NCA) warned that tens of millions of customers were being targeted by the Cryptolocker malware through a mass spam campaign.

According to the alert, millions of UK customers received malicious emails, but the primary targets seem to have been small and medium businesses.

A recent Symantec blog examined a threat named Trojan.Cryptolocker and how it is an aggressive evolution of the ransomware family of threats. Cryptolocker thrives by encrypting files on a victim’s computer and holding the decryption key for ransom. Interestingly, Symantec...

Symantec Security Response | 14 Nov 2013 14:03:17 GMT

The security industry, as well as IT administrators across the globe, has been busy recently dealing with multiple zero-day vulnerabilities emerging in quick succession. Before anyone has time to draw a breath after the barrage, yet another zero-day has appeared, ready to cause people problems. Well, for people in Japan at least, since the vulnerability is in the Japanese word-processing software Ichitaro.

Ichitaro developer JustSystems recently announced that the Multiple Ichitaro Products Unspecified Remote Code Execution Vulnerability (CVE-2013-5990), allowing the execution of arbitrary code, exists in Ichitaro products. In September 2013, Symantec discovered attacks in the wild attempting to exploit this vulnerability; however, the exploits did not properly work to compromise the system in our testing environment. As always, we...

Symantec Security Response | 13 Nov 2013 16:54:16 GMT


In May of this year, sophisticated attackers breached a large Internet hosting provider and gained access to internal administrative systems. The attackers appear to have been after customer record information such as usernames, emails, and passwords. While these internal administrative systems had access to customer records, discovery of the attack and certain security implementations mitigated the scope of the breach. Customer passwords were accessible, but these passwords were hashed and salted making mass password cracking difficult. Customer financial information was also accessible, but encrypted. Unfortunately, access to the encryption key cannot be ruled out. While breaches of organizations and mass customer record dumps are posted almost daily, this particular attack was more sophisticated than we have seen in the past.

The attackers understood the target environment was generally well protected. In particular, the attackers needed a means to avoid...

Satnam Narang | 12 Nov 2013 20:48:34 GMT

Symantec Security Response has discovered many Instagram users have willingly shared their usernames and passwords to a bot-like app in order to increase likes and followers.


Figure 1. InstLike application welcome and login

The application known as InstLike was available for iOS and Android devices. It could be found in both Apple App Store and Google Play Store. Google and Apple have since removed the applications from their respective stores. There is also a mobile version of the application online.

InstLike claims users will receive likes and followers for free. But as we have warned previously, these kind of “free” services for social networks are not actually...

Dinesh Theerthagiri | 12 Nov 2013 20:13:13 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 19 vulnerabilities. Nine of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the November releases can be found here:

The following is a breakdown of the...

Symantec Security Response | 12 Nov 2013 16:13:12 GMT

On November 11, Microsoft published a blog post about a new zero-day Microsoft Internet Explorer Unspecified Information Disclosure Vulnerability (CVE-2013-3918) affecting an Internet Explorer Active X Control, that had been publically disclosed on November 8. The blog states that this vulnerability is scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090 today through Windows Update at approximately 10:00AM PDT. As Symantec is part of the Microsoft Active Protections Program (MAPP), we are aware of this vulnerability and have the following protection in place for our customers:


Samir_Patil | 12 Nov 2013 08:34:49 GMT

Contributor: Vijay Thawre

Typhoon Haiyan, one of the strongest tropical cyclones on record struck the Philippines this week, leaving behind a trail of mass destruction. With more than 10,000 people dead, call for help has been raised by several NGOs and organizations worldwide. Donation requests have been posted on different social networks as well as some popular websites. Meanwhile, spammers have started taking advantage of the situation by sending email containing fake donation requests.


Figure. Philippines Typhoon Haiyan scam email

In the the example shown in this blog, the spammer has sent an email that seems perfectly fine at first glance, but when you take a closer look, you can see the email is sent from a different email ID with the subject line "HELP PHILIPPINES".

The spammer disguises himself as a...