Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
Christmas Would Not Text You That Early
Candid Wueest | 13 Nov 2012 21:39:34 GMT

Even with mobile phones now being an essential part of our lives, I am still not used to receiving text message spam. Hence, I was kind of excited when I recently received one on my private number. The claim was that I had won something from Apple. The spam was sent from a number in Virginia, +1 540 514 [REMOVED], and it looks like the scam is currently run in a few different countries.
 

Figure 1. Swiss German version of scam text message
 

If you click on the link, which you obviously should not do, you will end up at a site that tells you that your gift is a brand new iPhone 5. All you have to do is enter the winning code that you received in the text message. The text is badly written with several spelling errors, just like in the old...

Read more
Microsoft Patch Tuesday - November 2012
Candid Wueest | 13 Nov 2012 18:25:50 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing six bulletins covering a total of 19 vulnerabilities. Seven of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the November releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-Nov

The following is a breakdown of the issues...

Read more
You Have Received a Christmas Card
Anand Muralidharan | 08 Nov 2012 23:03:41 GMT

It is more than a month until Christmas, but spammers are all set to spam the vacation season. We have observed Christmas related spam messages flowing into the Symantec Probe Network.

For greeting card spam, spammers used a legitimate look and feel in the email with headers (Subject & From) and flash animations that included a message to open the "Christmas Card.zip" attachment. After opening the attachment, the malicious code is downloaded on to the user's system. Symantec detects the attachment as W32/AutoRun.BBC!worm.
 

Figure 1. Christmas card example
 

As expected, spammers are promoting fake offers by targeting specific categories, including:

  • Products
  • Health
  • Internet
  • Finances
  • Replicas
...
Read more
Top 5 Security Predictions for 2013 from Symantec
Kevin Haley | 08 Nov 2012 14:01:41 GMT

With this year quickly coming to an end, it’s time for us at Symantec to publish our predictions on what we expect will happen in the world of cybersecurity for the coming year.

Most of us at Symantec tend to be fact-based, data-driven individuals. However, predicting the future always involves a bit of speculation. To derive our predictions for 2013, we began by talking to hundreds of security experts at Symantec to gather their thoughts and ideas. Then, we peer-reviewed these ideas, argued a lot, and boiled it all down to a handful of predictions that we felt would provide real insight into where we believe the threat landscape is going.

While these predictions are based on what we see today, they also reflect where we think things are going based on our years of expertise, our understanding of threat evolution, and our experience in previous cybersecurity trends.
 

  1. Cyber conflict becomes the norm
    In 2013...
Read more
Ransomware: A Growing Menace
Symantec Security Response | 08 Nov 2012 14:00:42 GMT

We regularly access computers in order to help with all manner of our daily activities. Indeed, many of us have come to depend on them, storing important files and documents for work and leisure. Imagine a scenario where you find that you can no longer use your computer, or imagine you are coming up to an important deadline and find that you are denied access to that important document you were working on. Suppose that a solution is offered to restore access, but for a fee. Would you pay? Should you pay?

Ransomware is a problem that has been with us for several years, but this year Symantec has seen a substantial growth in the sheer number and variety of this particular type of malware. This recent explosion in ransomware is most likely the result of existing cyber-criminal gangs realizing the revenue-generating power of the ransomware business model. The premise is simple and straightforward, take away something important to a user and demand cash for its return.

To...

Read more
Ransomware: How to Earn $33,000 Daily
Symantec Security Response | 08 Nov 2012 14:00:22 GMT

Ransomware is a type of malicious software that disables the functionality of a computer in some way and demands a ransom in order to restore the computer to its original state. Recent variants use law enforcement imagery to add legitimacy to the warning messages. The malware uses geo-location services to determine the location of the computer it is running on and then, after locking the computer displays a message appropriate to that country. The message usually claims that the user has broken the law by browsing some illegal material. Figure 1 is an example of a ransomware variant that displays a message claiming to be from the FBI.

Figure 1. An example of a ransomware message

The message states that in order to unlock the computer, “a fine” must be paid using one of...

Read more
Millions Download SMS Spoofing Code Found on Google Play
Mario Ballano | 05 Nov 2012 19:52:59 GMT

A few days ago, researchers from North Carolina State University published a video demonstrating how an app can simulate the reception of a text message from a spoofed source. SMS spoofing can be used for a number of malicious intentions, including SMS phishing attacks (SMSishing), which could trick someone into providing banking credentials or subscribing to paid services.

The code to perform this action has been publicly documented and in use since August, 2010. However, we have not yet found any instances that use the code for an SMSishing attack. Instead, the vast majority of apps use the code to deliver advertisements, including a couple hundred applications hosted on Google Play.

To send a spoofed SMS message there is no need to send a text message over the air. In fact, a...

Read more
Airpush Begins Obfuscating Ad Modules
Costin Ionescu | 02 Nov 2012 17:15:52 GMT

Many Android apps contain advertising modules provided by third parties in order to monetize their development efforts. Airpush is a company that produces one of the more aggressive advertising modules. Their advertising modules can place ads in the Android notification bar where users are alerted to events such as missed messages or missed phone calls.

Unfortunately, in the most common versions of Android, the notification bar fails to show the user which app actually generated the advertisement. Since these advertisements can appear when the user is not actively using the app, there may be confusion on how to stop the advertisements from appearing in the notification bar. It is worth noting that changes have since been made by both Google and Airpush to better link advertisements directly to apps.

Many users disapprove of this model of advertising which has resulted in a controversy causing waves of not-so-good ratings and comments for some apps. This has prompted...

Read more
LOL Links Wake Up Rage?
Kazumasa Itabashi | 01 Nov 2012 07:44:18 GMT

W32.IRCBot.NG and W32.Phopifas

In a previous blog, my colleague Kevin Savage detailed a social engineering attack that utilized instant messaging applications. While the infection rates of W32.IRCBot.NG and W32.Phopifas have passed their peaks, the modules continue to be updated daily.

The infection routine of these threats has not changed since they were discovered, but the threat authors have added new file-hosting sites to use in order for the threats to be downloaded. W32.IRCBot.NG attempts to steal passwords that are used to log into the file-hosting sites from compromised computers. In addition, some modules are located on the servers of virtual server services and...

Read more
Sandy Storms Inboxes
Samir_Patil | 31 Oct 2012 14:30:39 GMT

Hurricane Sandy, one of the most devastating Superstorms in decades, hit the US East coast. Causing the loss of lives and businesses and leaving countless people without electricity, Sandy has now added spam to its list of misery. We are observing spam messages related to the hurricane flowing into Symantec Probe Networks. The top word combinations in message headlines are "hurricane – sandy", "coast – sandy", "sandy – storm", and "sandy – superstorm."

Figure 1. Message volume over a two-day period

Typical spam attacks like "Gift card offer" and "Money making & Financial" spam are currently targeting the disaster. Below are the screenshots of some spam samples.

...

Read more