Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Ron Bowes | 21 Sep 2007 07:00:00 GMT | 0 comments

The Future Watch section of the latest Symantec Internet Security Threat Reportdiscusses the changing threat landscape, and presents some issues thatSymantec believes will emerge in the next six to eighteen months. Fourkey points were made this time: malicious activity in virtual worlds,evasion processes used by malicious code, hiding the origin of attacks,and new uses for bots.

Massively multiplayer online games (MMOGs) are becoming increasinglypopular. Originally, these types of games were mainly populated by moreexperienced computer users, but as they grow in popularity, more andmore casual users are beginning to participate. These types of usersare more likely to be exploited by scammers due to their lack ofexperience. As more of these kinds of players participate in MMOGs,scammers may increasingly target them.

Moreover, some online games allow "real money...

Vikram Thakur | 21 Sep 2007 07:00:00 GMT | 0 comments

If you've recently received an email with an attachment or link,asking you to install a patch or an update from Microsoft, pleasebeware as this is in all probability a hoax and could transfer controlof your computer to some unknown entity anywhere in the world.

Recently, we received samples of emails which prompted users toinstall patches for Windows, via fake Security Bulletins. The patcheswere either linked from the email or attached to the mail itself.Symantec products detect the linked file as Trojan.Dropper.

Patch-1sm.JPG
Click image for larger view


In this case, the installer distributed via this...

Ron Bowes | 20 Sep 2007 07:00:00 GMT | 0 comments

Volume XII of Symantec's Internet Security Threat Reportlooks at a variety of trends that were seen in phishing and spam.Although spammers' and phishers' techniques and targets constantlyvary, one thing remains the same: they're trying to make money – andthey're getting better at it.

Phishing attacks targeting financial services remained the mostpopular target than any other sector, making up 79 percent of uniquebrands phished, and 72 percent of all phishing Web sites. The reasonfor this is obvious: phishers want money, and stealing bank account orcredit card information is one of the quickest ways to make it. Andwith credit cards commonly selling for less than ten dollars on theblack market, and bulk rates offered on credit card sales, the phishersneed a lot of them to turn a profit.

In an attempt to get more bang for their buck, phishers have starteddeveloping...

M.K. Low | 20 Sep 2007 07:00:00 GMT | 0 comments

When you think botnet, your first response is to associate them with the usual menu of attacks such as spam generation, denial of service attacks (DoS), worms, Trojans, or phishing. There are many articles that detail typical botnet usage including illegally installing adware or spyware (attackers get paid on a per-install basis), hosting fraudulent banking Websites, and extortion (attackers can either threaten to unleash a DoS on a company’s Website unless a ransom is paid or hold a company’s files hostage and threaten to destroy them).

A botnet is typically a network of hijacked computers used to conduct attacks, usually for personal gain. One of the advantages of a botnet is that it can be used in a distributed computing attack. A large problem can be broken up into smaller, more manageable parts and distributed to many computers where they work on the problem in parallel. Distributing the workload to many computers is a very effective and dangerous way of...

David McKinney | 19 Sep 2007 07:00:00 GMT | 0 comments

Volume XII of the Internet Security Threat Report (ISTR)is now out. In this report, we discuss how attackers have been usingtrusted Web sites as a means of reaching their victims. This trend is,in part, facilitated by something that we call “site-specificvulnerabilities”, which are vulnerabilities that are limited to aparticular Web site or service. These vulnerabilities are typicallypresent in the proprietary Web-based applications that drive theservices provided by the site.

What initially tipped us off to the increasing prevalence ofsite-specific vulnerabilities was actually a drop in the proportion ofWeb application vulnerabilities. In this report, we observed that 61percent of vulnerabilities affected Web applications, which is a dropfrom the 66 percent in the previous report. (Our discussion of Webapplication vulnerabilities includes only those Web applications...

Joseph Blackbird | 18 Sep 2007 07:00:00 GMT | 0 comments

Volume XII of Symantec's Internet Security Threat Reportis out and shows that malicious activity over the Internet is here tostay. During the first six months of 2007, our analysis of theproportion of malicious activity in each country showed little varianceform the last reporting period. There was some change in certainspecific areas of malicious activity, but overall it seems that once amalicious Internet population is established in a country, it remainsthere.

For example, the United States saw a drop in bots, while China saw arise. The United States also saw a drop in Internet attacks, whileChina saw a rise; overall, though, the malicious activity in these twocountries didn’t really change. Thus, any change is more due to thechanging trends in malicious activity. While bots that propagatethrough vulnerabilities in network-based services seem to be on thedecline...

Marc Fossi | 17 Sep 2007 07:00:00 GMT | 0 comments

In a military operation, a beachhead is a point where an attackingforce landing by sea reaches a beach and defends it untilreinforcements arrive. At this point, the reinforcements will expandthe attack. What can this possibly have to do with malicious code? Inthe last six months, we’ve seen a large shift towards multistageattacks as described in Volume XII of the Symantec Internet Security Threat Report.The first stage of a typical multistage malicious code attack consistsof a small and quiet initial downloader Trojan being installed on acomputer. This initial stage may disable security applications on thecomputer, then download other malicious code as part of a secondarystage attack (expanding the beachhead).

Of great concern is that the secondary stages usually allow theattackers to perform a wider variety of attacks against the user. Thelater stages are often back doors that...

Marc Fossi | 17 Sep 2007 07:00:00 GMT | 0 comments

In a military operation, a beachhead is a point where an attacking force landing by sea reaches a beach and defends it until reinforcements arrive. At this point, the reinforcements will expand the attack. What can this possibly have to do with malicious code? In the last six months, we’ve seen a large shift towards multistage attacks as described in Volume XII of the Symantec Internet Security Threat Report. The first stage of a typical multistage malicious code attack consists of a small and quiet initial downloader Trojan being installed on a computer. This initial stage may disable security applications on the computer, then download other malicious code as part of a secondary stage attack (expanding the beachhead).

Of great concern is that the secondary stages usually allow the attackers to perform a wider variety of attacks against the user. The later stages are often back...

Nicolas Falliere | 14 Sep 2007 07:00:00 GMT | 0 comments

Peacomm samples - the so-called Storm worm- started sending unusual spam yesterday. For once, the mail did notcontain a hard-coded IP address linking to fake videos, pseudo Torclients or NFL "tracker programs". The spam advertises a website,http://www.vs-amounts.net:

From: xxx@yyy.com
To: victim@domain.com
Subject: Cold Hard Cash!

Seeking highly motivated individuals interested in a unique opportunity in financial services.

Building an exciting career where you determine your own hours and compensations.

http://www.vs-amounts.net/

Hmm. Already this looksvery suspicious, but let's check that link anyway. The site hostsphpbb, a popular open-source PHP-based Bulletin Board, and opensdirectly to the following...

Chen Yu | 13 Sep 2007 07:00:00 GMT | 0 comments

It has recently been discovered thatBaoFeng Storm, a movie player written in Chinese and widely used inChinese-speaking countries, contains multiple buffer-overflowvulnerabilies, some of which are being actively exploited. Thevulnerabilities are related to the ActiveX control used by the softwareand a vulnerable computer simply needs to browse a Web site, whichcontains exploit code, to be compromised. Successful exploitation thenallows remote execution of arbitrary code in the context of theapplication using the ActiveX control (in this case Internet Explorer)and allows the attacker to take full control of the compromisedcomputer. Failed exploit attempts may lead to denial-of-serviceconditions, possibly resulting in the browser crashing.

The vulnerabilities have been confirmed in version 2.7.9.8 and betaversion 2.7.9.9, although other versions may also be affected, and atthe time of this writing the vulnerabilities remain unpatched. SecurityFocus have also...