Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
MMS Exploit Released for Windows Mobile – No Patch Available
Ollie Whitehouse | 30 Dec 2006 08:00:00 GMT | 0 comments

Collin Mulliner gave an updated version of his presentation at 23C3 in Berlin titled ‘Advanced Attacks Against PocketPC Phones’ (we originally blogged about it in August). As I previouslymentioned, one of the vulnerabilities he discussed had, to myknowledge, still not been patched. Well Collin confirmed this in hispresentation and also released a working exploit for the vulnerability to liven things up...

Read more
MMS Exploit Released for Windows Mobile – No Patch Available
Ollie Whitehouse | 30 Dec 2006 08:00:00 GMT | 0 comments

Collin Mulliner gave an updated version of his presentation at 23C3 in Berlin titled ‘Advanced Attacks Against PocketPC Phones’ (we originally blogged about it in August). As I previously mentioned, one of the vulnerabilities he discussed had, to my knowledge, still not been patched. Well Collin confirmed this in his presentation and also released a working exploit for the vulnerability to liven things...

Read more
MMS Exploit Released for Windows Mobile – No Patch Available
Ollie Whitehouse | 30 Dec 2006 08:00:00 GMT | 0 comments

Collin Mulliner gave an updated version of his presentation at 23C3 in Berlin titled ‘Advanced Attacks Against PocketPC Phones’ (we originally blogged about it in August). As I previously mentioned, one of the vulnerabilities he discussed had, to my knowledge, still not been patched. Well Collin confirmed this in his presentation and also released a working exploit for the vulnerability to liven things...

Read more
Is This the World’s Dumbest Digital Criminal?
Ollie Whitehouse | 29 Dec 2006 08:00:00 GMT | 0 comments

While speaking with an industry friend recently, he mentioned that he had received some spam. When viewed in plain text, the spam looked like this (the filename has been changed to save the compromised):

Subject: You have received a greeting from a family member! You can pick up your postcard at the following web address http://62.75.XXX.XXX/~XXXXXXXX/XXXXXXXXXX.exe

However, if you remove the executable from the URL, you get a directory listing:

OW_dcrim_index.jpeg

So, from this we can see the machine had been compromised for two months prior to the malicious code being placed upon the site (one day before my friend received the message). However,...

Read more
Is This the World’s Dumbest Digital Criminal?
Ollie Whitehouse | 29 Dec 2006 08:00:00 GMT | 0 comments

While speaking with an industry friend recently, he mentioned that he had received some spam. When viewed in plain text, the spam looked like this (the filename has been changed to save the compromised):

Subject: You have received a greeting from a family member! You can pick up your postcard at the following web address http://62.75.XXX.XXX/~XXXXXXXX/XXXXXXXXXX.exe

However, if you remove the executable from the URL, you get a directory listing:

OW_dcrim_index.jpeg

So, from this we can see the machine had been compromised for two months prior to the malicious code being placed upon the site (one day before my friend received the message). However,...

Read more
2007 Predictions
Vincent Weafer | 28 Dec 2006 08:00:00 GMT | 0 comments

The two most common questions I hear around this time of year are:what do you think the biggest trend of the year was and what do youthink the biggest threat next year will be. After outlining a year in review, let’s spend a little time on what we may expect to see in the next 12 months.

Obviously, the debut of a new operating system brings with it newfeatures for both the research community and malicious code authors toscrutinize. It’s simple to expect that we’ll see new attack attempts onMicrosoft Vista. What’s more interesting are trends we’re likely to seethat don’t even touch the physical hard drive of a computer. Web 2.0technologies have already begun to capture attacker interest andmotivation. As adoption continues to grow and dependence on these Webapplications increases, the impact and frequency of these issues willrise.

Consider the...

Read more
2007 Predictions
Vincent Weafer | 28 Dec 2006 08:00:00 GMT | 0 comments

The two most common questions I hear around this time of year are:what do you think the biggest trend of the year was and what do youthink the biggest threat next year will be. After outlining a year in review, let’s spend a little time on what we may expect to see in the next 12 months.

Obviously, the debut of a new operating system brings with it newfeatures for both the research community and malicious code authors toscrutinize. It’s simple to expect that we’ll see new attack attempts onMicrosoft Vista. What’s more interesting are trends we’re likely to seethat don’t even touch the physical hard drive of a computer. Web 2.0technologies have already begun to capture attacker interest andmotivation. As adoption continues to grow and dependence on these Webapplications increases, the impact and frequency of these issues willrise.

Consider the...

Read more
2006 in Review
Vincent Weafer | 27 Dec 2006 08:00:00 GMT | 0 comments

The countdown to December 31 has begun. As 2006 comes to a close, it’s important to review the significant trends and issues observed by Symantec Security Response over the past year. Some of these may relate to what we can expect to see in the New Year.

First and foremost, throughout 2006 we identified that online fraud has steadily increased and become even more sophisticated. Much of the online fraud activity we’ve seen has been in the form of phishing – approximately seven million total phishing attempts each day. That’s a lot of cybercriminals on the hunt for your personal information! We have also witnessed phishers innovating beyond the traditional online scam where they may distribute tens of thousands of emails hoping to trick one of you lucky individuals. Today, we are seeing fraudsters embrace new techniques such as vishing and SMishing to solicit and obtain your confidential information. See Zulfikar Ramzan’s blog...

Read more
2006 in Review
Vincent Weafer | 27 Dec 2006 08:00:00 GMT | 0 comments

The countdown to December 31 has begun. As 2006 comes to a close,it’s important to review the significant trends and issues observed bySymantec Security Response over the past year. Some of these may relateto what we can expect to see in the New Year.

First and foremost, throughout 2006 we identified that online fraudhas steadily increased and become even more sophisticated. Much of theonline fraud activity we’ve seen has been in the form of phishing –approximately seven million total phishing attempts each day. That’s alot of cybercriminals on the hunt for your personal information! Wehave also witnessed phishers innovating beyond the traditional onlinescam where they may distribute tens of thousands of emails hoping totrick one of you lucky individuals. Today, we are seeing fraudstersembrace new techniques such as vishing and SMishing to solicit andobtain your confidential information. See Zulfikar Ramzan’s blog...

Read more
2006 in Review
Vincent Weafer | 27 Dec 2006 08:00:00 GMT | 0 comments

The countdown to December 31 has begun. As 2006 comes to a close, it’s important to review the significant trends and issues observed by Symantec Security Response over the past year. Some of these may relate to what we can expect to see in the New Year.

First and foremost, throughout 2006 we identified that online fraud has steadily increased and become even more sophisticated. Much of the online fraud activity we’ve seen has been in the form of phishing – approximately seven million total phishing attempts each day. That’s a lot of cybercriminals on the hunt for your personal information! We have also witnessed phishers innovating beyond the traditional online scam where they may distribute tens of thousands of emails hoping to trick one of you lucky individuals. Today, we are seeing fraudsters embrace new techniques such as vishing and SMishing to solicit and obtain your confidential information. See Zulfikar Ramzan’s blog...

Read more