Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Symantec Security Response | 04 Dec 2013 11:25:59 GMT
There has been recent media coverage around a new online banking Trojan, publicly known as Neverquest. Once Neverquest infects a computer, the malware can modify content on banking websites opened in certain Internet browsers and can inject rogue forms into these sites. This allows attackers to steal login credentials from users. The threat can also let attackers take control of a compromised computer through a Virtual Network Computing (VNC) server. Neverquest can replicate itself by stealing login details and spamming out the Neverquest dropper, by accessing FTP servers to take credentials in order to distribute the malware with the Neutrino Exploit Kit and by obtaining social networking credentials to spread links to infected websites...
Satnam Narang | 03 Dec 2013 23:29:52 GMT

Yesterday, a number of Twitter users were duped into following fake Twitter accounts known as @VerifiedReport and @MagicReports. Both accounts claimed to be part of a Twitter experiment between users, news organizations, and journalists, and followed a number of Twitter users while tweeting the following, “This is a Twitter experiment. We are changing the way users interact with journalists and news organizations.”
 

Twitter Exp 1.png

Figure 1. MagicRecs notification about @VerifiedReport
 

Many users who discovered these accounts did so through a legitimate Twitter account known as @MagicRecs.
 

Twitter Exp 2.png

...
Dick O'Brien | 03 Dec 2013 21:42:50 GMT

The value of Bitcoin has surged dramatically in recent weeks, fuelling fears that a bubble is forming around the virtual currency. As investors pile in, a crash in Bitcoin prices isn’t the only thing they have to worry about. There has been a spate of incidents in recent weeks in which Bitcoin wallet and banking services have been attacked and millions of dollars worth of the currency stolen.
 

Bitcoin Thefts 1.png

Figure 1. Size of recent Bitcoin heists (US$ value on November 29)
 

Multi-million dollar heists

The current round of attacks began on November 7, when Australian Bitcoin wallet service Inputs.io announced that it had closed its doors after two attacks resulted in around 4,100 Bitcoins (US $4.34 million at the time of...

Satnam Narang | 03 Dec 2013 16:49:11 GMT
Over the past week, users of the photo messaging application Snapchat have seen an increase in the number of spam snaps (Snapchat pictures). The service is now being infiltrated by a myriad of fake accounts sending spam snaps of topless women.
 
figure1_4.png
Figure 1. Spam accounts on Snapchat
 
Snapchat users are currently receiving requests from accounts named similarly, using the following format: “[GIRL'S NAME]snap_####”. Each request features a pending snap from these spam accounts. Despite the app offering privacy settings to only allow snaps from friends, users can still receive add requests from unknown users. Some Snapchat users we spoke to have noticed an increase in these requests over the last week.
...
Binny Kuriakose | 03 Dec 2013 08:16:47 GMT

Word Salad, a workaround method invented by spammers to counter Bayesian spam filtering, is an old trick in the spammer’s manual, but cutting edge anti-spam filtering technology has made this ploy blunt.

As a form of Bayesian poisoning, Word Salad is an incongruous string of words. It uses words that are very legitimate and can be seen in any form of legit prose. From the perspective of Bayesian filtering, there is a large volume of legit data in emails which employs Word Salad. The word salad are often seen in the form of HTML, where nonsensical tags are used to break  URLs up so analysers will have a hard time tracking down the spammy URL. The latest trend in word salad is to add the most current keywords, like the hottest news or an upcoming event.

The demise of Paul Walker, the ‘Fast and Furious’ franchise star, in a fiery car accident on Saturday, is the latest example exploited by spammers. Within hours of this breaking news, Symantec...

Christopher Mendes | 02 Dec 2013 08:10:34 GMT

The Christmas season is a time to loosen up a few strings.  The ‘how’ is obvious, and the ‘where’ is situated in your pocket.

Now that’s no joke. You draw your plans and fix your expenditure. After all, you know the frontiers of your funds. But, the one who values it the most after you is the one who pries on you! It’s amazing to see how easily they do it. All it takes is a little bit of greed, a little bit of fear and a little bit of urgency and you lose your resolutions.  It’s only moments after you have allowed yourself to be cheated that you feel the remorse. After all, you have struggled for months to build your bank account balance to spend for Christmas only to have it burgled in an instance. If this detour does not bring you goosebumps, a little analysis on one such phishing sample should do the needful.

The header of the phishing email reads:

Subject: [Brand name] is giving...

Symantec Security Response | 30 Nov 2013 01:35:12 GMT

On November 27, Microsoft issued a security advisory regarding the recent discovery of a zero-day vulnerability in a kernel component of Windows XP and Windows Server 2003. The advisory states that the Microsoft Windows Kernel 'NDProxy.sys' Local Privilege Escalation Vulnerability (CVE-2013-5065) can allow an attacker to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers.

Symantec is aware of the attacks attempting to exploit the vulnerability and confirms the attacks have been active since the beginning of November. The attack arrives as a malicious PDF file with file names such as syria15.10.pdf or Note_№107-41D.pdf, likely by an email attachment, although there is a possibility that targeted users are being enticed to download the malicious file from a...

Candid Wueest | 27 Nov 2013 17:39:15 GMT

In Switzerland, a judge sentenced a young man to pay a fine for a comment he made on a social network. According to news reports, he felt he didn’t receive a sufficient number of birthday congratulations from his 290 friends on the social network. He posted a comment that roughly translates to, “Is no one happy about my birthday? (…) I am going to destroy you all, you will regret it, now no one can protect you… pow pow pow.” He later explained that it was obviously meant as a sarcastic comment and not intended as a death threat. The judge did not see the humor in the comment and sentenced him to pay a fine.

This is just the most recent case of many alleged fake threats that have been posted this year. Others have received much higher penalties, like a teenager in Texas who spent...

Kaoru Hayashi | 27 Nov 2013 11:53:48 GMT

Symantec has discovered a new Linux worm that appears to be engineered to target the “Internet of things”. The worm is capable of attacking a range of small, Internet-enabled devices in addition to traditional computers. Variants exist for chip architectures usually found in devices such as home routers, set-top boxes, and security cameras. Although no attacks against these devices have been found in the wild, many users may not realize they are at risk since they are unaware they own devices that run Linux.

The worm, Linux.Darlloz, exploits a PHP vulnerability to propagate itself in the wild. The worm utilizes the PHP 'php-cgi' Information Disclosure Vulnerability (CVE-2012-1823), which is an old vulnerability that was patched in May 2012. The attacker recently created the worm based on the...

Laura O'Brien | 26 Nov 2013 09:10:44 GMT
Contributor: Vivek Krishnamurthi
cyber_monday_graphic.png
 
December 2, 2013 marks Cyber Monday, the day when Internet retailers expect to experience a major surge in traffic thanks to people shopping online for the holiday season. The concept of Cyber Monday, or Mega Monday as it’s known in Europe, was introduced back in 2005. It takes place after the Thanksgiving holiday weekend, when people return to the office and buy Christmas presents from their work computers, according to retailers. Some dismissed Cyber Monday as marketing hype but over time, the day has grown in significance, thanks to competitive deals on offer from many major retailers. In 2012, the 500 biggest retailers in the US took more than US$206.8 million on Cyber Monday while in Europe,...