Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response
Showing posts in English
Shunichi Imano | 16 Apr 2007 07:00:00 GMT | 0 comments

It has been reported that a worm that exploits the Microsoft Windows Domain Name Server Service Remote Procedure Call Interface Vulnerability is in the wild. Symantec Security Response has obtained a sample of the worm and we detect the threat as W32.Rinbot.BC.

UPDATE
We have seen an increase in activity over TCP port 1025 as a result ofW32.Rinbot.BC scanning the port in search of vulnerable computers.W32.Rinbot.BC is the first worm that exploits the Microsoft DNSvulnerability and the exploit code was only made public a few days ago.If you have not done so already, Symantec suggests that you block TCPport 1025 in order to avoid the attack.

Blaster, Sasser, W32.Rinbot.BC
We have observed that the time taken from exploit code...

Shunichi Imano | 16 Apr 2007 07:00:00 GMT | 0 comments

It has been reported that a worm that exploits the Microsoft Windows Domain Name Server Service Remote Procedure Call Interface Vulnerability is in the wild. Symantec Security Response has obtained a sample of the worm and we detect the threat as W32.Rinbot.BC.

UPDATE
We have seen an increase in activity over TCP port 1025 as a result ofW32.Rinbot.BC scanning the port in search of vulnerable computers.W32.Rinbot.BC is the first worm that exploits the Microsoft DNSvulnerability and the exploit code was only made public a few days ago.If you have not done so already, Symantec suggests that you block TCPport 1025 in order to avoid the attack.

Blaster, Sasser, W32.Rinbot.BC
We have observed that the time taken from exploit code...

Marc Fossi | 16 Apr 2007 07:00:00 GMT | 0 comments

The taxing time of year

It’s tax time once again – that time of year when those who owe aresweating while those getting refunds are gloating. Many people whoprepare their own returns use one of the many software packages on themarket to help them out. One thing that I’ve noticed is that many ofthe makers of these packages are beginning to offer Web-based tools toprepare and file their returns.

Honestly, the security of these Web applications worries me. In therecently published Symantec Internet Security Threat Report it wasfound that 66 percent of the 2,526 vulnerabilities in the second halfof 2006 affected Web applications. To highlight this fact, someonerecently reported that she was able to access other peoples’ returns through the TurboTax Web site. This is likely the result of a simple input validation flaw in the Web application.

Now, many of you who use the...

Vikram Thakur | 14 Apr 2007 07:00:00 GMT | 0 comments

Right at the heel of Microsoft releasing its slew of patches, another vulnerability has been released. Microsoft didn't delay getting into action, releasing an advisoryfor it almost immediately. This time, the vulnerability lies within theDomain Name System (DNS) Server Service affecting the server line ofMicrosoft's operating systems. The vulnerability allows the attacker torun code remotely in the security context of DNS Server Service, whichby default is SYSTEM.

Symantec Security Response have analyzed a sample of the proof-of-concept code and have released Bloodhound.Exploit.136signatures to detect threats that utilize this vulnerability. Thisdetection is...

Symantec Security Response | 13 Apr 2007 07:00:00 GMT | 0 comments

Facebook is quickly becoming one of themost popular social networking sites for the 20-something crowd. It wasinitially focused on college students, but has since opened up to thewider public. Recent statistics place Facebook among the most popularsocial networking sites on the Internet.

Privacy has become a bigger issue in recent times for socialnetworking sites. People are becoming aware of the danger of placingpersonally identifiable information in plain view on the Internet. Theapproach Facebook has taken towards privacy issues is a granular one.People with profiles on Facebook can join “networks” based on theirschool or workplace. All that is necessary to join a network is anemail account from that organization. Privacy settings can becustomized in many configurations, including maximum visibility, whereanyone can find your limited profile in a search; limited privacy,where only those in one of your networks can see your full profile; anda restrictive setting,...

Andy Cianciotto | 12 Apr 2007 07:00:00 GMT | 0 comments

Security Response has seen a large spam run of what appears to be the latest in the line of Trojan.Peacomm variants. While this is nothing new, this time around the attachments are in the form of password-protected zip files. The recipient is tricked into unzipping the attachment with the included password, then running the unzipped file, to counteract activity related to an unknown worm (with which the recipient has undoubtedly been infected).

We've seen samples arrive in email messages with subjects including, but not limited to, "ATTN!", "Spyware Alert!", "Spyware Detected!", "Trojan Alert!", "Trojan Detected!", "Virus Activity Detected!", "Virus Alert!", "Virus Detected!", "Warning!", and "Worm Activity Detected!". The attachments are generally a .gif image file (...

Andy Cianciotto | 12 Apr 2007 07:00:00 GMT | 0 comments

Security Response has seen a large spam run of what appears to be the latest in the line of Trojan.Peacommvariants. While this is nothing new, this time around the attachmentsare in the form of password-protected zip files. The recipient istricked into unzipping the attachment with the included password, thenrunning the unzipped file, to counteract activity related to an unknownworm (with which the recipient has undoubtedly been infected).

We've seen samples arrive in email messages with subjects including,but not limited to, "ATTN!", "Spyware Alert!", "Spyware Detected!","Trojan Alert!", "Trojan Detected!", "Virus Activity Detected!", "VirusAlert!", "Virus Detected!", "Warning!", and "Worm Activity Detected!".The attachments are generally a .gif image file (this image containsthe zip password) and the executable in the form of patch-[random fourdigits].zip.

...

Hon Lau | 12 Apr 2007 07:00:00 GMT | 0 comments

Just in time to coincide with MicrosoftTuesday Patches, another new vulnerability is released to the world.This time the vulnerability was found in Windows Help (.hlp) files.This flaw enables an attacker to make use of a heap overflow in orderto achieve arbitrary code execution.

Symantec Security Response have analyzed a sample of the proof-of-concept code and have released the Bloodhound.Exploit.135 detection to proactively detect potential threats that utilize the vulnerability.

At this point we have not seen this vulnerability actively exploitedin the wild, but since there is no vendor-supplied patch available, wewould urge that users continue to remain vigilant, keep your securityproducts up to date, follow safe computing guidelines and...

Ollie Whitehouse | 12 Apr 2007 07:00:00 GMT | 0 comments

In May of 2006, for my second blog post for Symantec, I penned an entry entitled, "The Elephant Under the Carpet (and when I say 'carpet' I mean PDA). " The purpose of that post was to dispel the myth that Windows CE (and thus Windows Mobile) doesn't have security issues, and to point out that Microsoft had silently patched a number of security-related bugs. At that time, I couldn't see any Windows CE 5.0 security issues patched by Microsoft. This didn't seem right, so I decided it was time to review the situation. This blog post is an update to cover some issues since then.

If you look at Microsoft's Windows CE Critical Updates and Security site, [1] you'll see that there are no issues listed. It's important to point that, due to Microsoft's restrictions around getting information with regards to Windows Mobile, I will only be...

Dave Cole | 11 Apr 2007 07:00:00 GMT | 0 comments

Alright, I’ll fess up: spam has never been just for email, in spite of our cluttered inboxes that loudly protest to the contrary. Spam’s early commercial origins point back to a message to 6,000 recipients on Usenet by a couple of immigration attorneys named Canter & Siegel from Phoenix, Arizona back in 1994 who were promoting their services to enroll people in the national green card lottery. From these roots, spam moved on to its dominant format today: email. Nonetheless, the flood of SMTP-based spam we see today may obscure the other flavors of spam that have popped up, including IM spam, SMS spam, and the Web 2.0 buzzword-friendly “splog”.

I’ll spare you all the gory details on IM and SMS spam, they’re pretty straightforward. IM spam has yet to reach major proportions, but it’s certainly out there, plugging spy software, ringtones, and other services. SMS spam has been highly visible overseas since 2001, especially in Asia where SMS has been used heavily for some...