Video Screencast Help
Security Response
Showing posts in English
Yusuke Kudo | 13 Aug 2013 10:28:08 GMT

Recently, we observed an attack campaign using link files attached to emails in Japan. We have blogged about threats utilizing link files before and this type of attack is still alive and well.

The target of the link is disguised to make it look like it is linking to a text file, tricking the user into opening it, unaware that they are not opening a text file.

Link file example.png

Figure 1. Details of LNK file made to look like a link to a text file

Under more careful examination, by scrolling to the left of the text box, you can see the malicious scripts that will actually be executed if you open this link.

scrolled_link.png

Figure 2. ...

Candid Wueest | 09 Aug 2013 11:10:54 GMT

3D_Key_Printing.png

3D printers are fascinating devices that are becoming affordable and widely available.  Many people love to experiment with them, bringing innovation to many different fields. There are so many things that one can do with 3D printing, from controversial ideas like printing weapons to creating copies of security keys. And we’re not just talking about cheap plastic copies. Newer machines can sinter titanium and other materials to create extremely durable objects.

Last week, during the OHM2013 and DEFCON security conferences, two similar presentations on lock picking innovation took place. Both showcased how copies of physical keys could be created using a 3D printer. All that was needed...

Joji Hamada | 08 Aug 2013 23:16:45 GMT

It is not uncommon to see social media accounts, specifically Twitter accounts, directing users to malicious sites such as the ones hosting Android.Opfake, an issue we blogged about last year. Recently, we discovered that the accounts of innocent users were being compromised to tweet these types of malicious links to their followers.
 

Compromised Twitter 1-3.png

Figure 1. Malicious tweets from compromised accounts
 

The series of compromised accounts appears to have started around the beginning of July and has affected users globally. A broad range of accounts have been compromised for...

Christopher Mendes | 07 Aug 2013 08:17:13 GMT

It may sound strange, but one surefire sign that the economy is on the mend is an increase in stock spam. Yes, stock spam is a bellwether signal of an economic revival and if you want proof, check your email. Scattered in your bulk folder, you may find a myriad of such spam promising you ‘an opportunity of a life time.’ Rearing its ugly head every time there is a hint of an economic recovery, stock spam never misses an opportunity to try and con victims out of their hard-earned cash.

Over the years, stock spam has evolved, honing its method of psychologically hustling a victim into buying a particular stock that will ‘imminently’ be pumped up by some sort of syndicate. Stock spam creates an unwarranted urgency and promises a pot of gold at the end of it all.

Stock spam relies on a strategy called ‘pump and dump,’ where spammers create pseudo hysteria, beckoning victims to invest in penny or sub-penny stocks that would give...

Symantec Security Response | 06 Aug 2013 09:16:52 GMT

On August 4, websites hosted by Freedom Hosting, a service provider that offers anonymous hosting through the Tor network, began to host malicious scripts. This follows media reports from August 3 about US authorities seeking the extradition of the man believed to be the head of Freedom Hosting. 

The scripts that were found take advantage of a Firefox vulnerability that was already fixed in Firefox 22 and Firefox ESR 17.0.7. It is thought that this vulnerability was chosen because the Tor Browser Bundle (TBB) is based on Firefox ESR-17. Symantec detects these scripts as...

Hon Lau | 31 Jul 2013 13:51:24 GMT

3273421_automated_analysis.png

Companies in our field of business have long wished for a better way of discovering and describing malware capabilities than the current system. Such a system would be of great benefit to everyone who has to deal with malware and the damage they can cause. While there is currently a whole spectrum of techniques used to discover the functionality of malware, ranging from the most basic to the more advanced, most fall short because they don’t describe the malware in a very complete way.

Many either rely on manual decomposition and analysis or may run samples in physical or virtual machine (VM) environments, then record changes made to the system and report them as side effects of the malware. Each method has its own benefits and drawbacks. Manual analysis is a slow and cumbersome task and prone to human error. Automated side effects...

John-Paul Power | 30 Jul 2013 20:23:25 GMT

HackSmartHome.png

Kashmir Hill, a reporter for Forbes, found out just how easy it is to hack a smart home. By “Googling a very simple phrase,” Hill was presented with a list of homes with automation systems from a well-known company. “[The] systems had been made crawl-able by search engines,” says Hill, and because the now discontinued systems didn’t require users to have a username or password the search engine results, once clicked, allowed her full control of the system. Hill contacted two of the homes she found online and, once she had asked for permission, demonstrated her ability to switch on and off lights in the homes. Hill also had the ability to control a range of other devices in the homes. This is just one example of...

Symantec Security Response | 30 Jul 2013 17:31:07 GMT

more-android-malicious-apps.png
 

In a recent blog entry we covered how scammers continue to publish malicious apps on Google Play and how the Android app market is struggling to keep itself clean.

In many cases it is difficult to quickly identify any malicious intent of applications and in-depth analysis is often required to be truly safe—a challenge for Google Play’s publishing process to prevent malicious apps from slipping through.

Symantec Security Response has discovered 14 applications, all published by the same developer, that allow the developer to create connections to any website of their choosing...

Joji Hamada | 26 Jul 2013 22:00:05 GMT

Since the beginning of the year, Japanese one-click fraud scammers have continued to pump new apps onto Google Play and the market has struggled to keep itself clean. Though many are removed on the day they are published, some remain for a few days. Although they have short lives, the apps must provide ample profit for the scammers as they show no signs of halting their development of new ones. Their tactic of abusing the search function on Google Play allows their apps to be easily bumped to the top of keyword searches. A test search carried out by Symantec resulted in 21 out of 24 top hits being malicious apps.
 

One Click 1.png

Figure 1. Search with only 3 out of 24 results not malicious
 

The scammers have been persistent as well, publishing apps almost daily...

Candid Wueest | 25 Jul 2013 21:39:23 GMT

image1_8.png
 

Modern cars contain a lot of nifty electronic gadgets, as well as more than one kilometer of cable wired to all kinds of sensors, processing units, and electronic control units. The cars themselves have become large computers, and as history shows, wherever there is a computer, there is someone trying to attack it. Over the past few years various studies have been conducted on how feasible it would be to attack a car through its onboard network. Most researchers focused on attacks with full physical access to the car, but some also explored external attack vectors.

If attackers have physical access to a car they can, for...