Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts in English
The Symantec Advanced Threat Research Team
Oliver Friedrichs | 17 Jul 2006 07:00:00 GMT | 0 comments

Since this is my first Symantec blog entry, I’d like to start things off by giving you some insight into our Advanced Threat Research team, which is a part of the Security Response group here at Symantec. We are responsible for generating all of Symantec’s protection content, which includes antivirus definitions, intrusion detection signatures, spam analysis, phishing site analysis, DeepSight early warning, and vulnerability alerts. Any content that is delivered through LiveUpdate or that drives the protection of Symantec products is delivered by Security Response.

The Advanced Threat Research team has the sole responsibility of researching new and emerging technologies and identifying how those technologies can be attacked. Our goal is fairly simple: to identify areas where attackers will strike next. There is no shortage of things to research, but we are interested specifically in those technologies and threats that will make the most impact within the...

Read more
SMS/MMS: The New Frontier for Spam and Phishing
Ollie Whitehouse | 14 Jul 2006 07:00:00 GMT | 0 comments

I've always wondered why SMS/MMS isn't used more often for spam or other malicious activities (CommWarrior being one notable exception). After talking to people in the industry about this, (that is, the security industry with a cellular or mobile flavor) it became apparent that we all have numerous hypotheses that try to explain the lack of SMS/MMS spam or phishing attacks. Some of the ideas that I've heard over the years include:
a) It costs money to send SMS/MMS messages, whereas to send e-mail it, for all intents and purposes, is free.
b) Any spam originating from a single operator or third party SMS/MMS originator can easily be shut down.
c) There is no need to complicate things as people still fall for e-mail phishing.

These opinions are certainly valid, but I think the tide may be turning, albeit on a very small scale. SMS is...

Read more
New Undisclosed Microsoft PowerPoint Vulnerability
Symantec Security Response | 14 Jul 2006 07:00:00 GMT | 0 comments

Well, it seems that things will never get too boring around here inSymantec Security Response. There is a new, in-the-wild threat runningaround on the Internet that is exploiting a previously undisclosedvulnerability in Microsoft PowerPoint.

In particular,attackers can create specially crafted PowerPoint files to exploit thevulnerability. These files can then be special delivered to yourcomputer via your Inbox as an attachment, or perhaps placed on Webpages for downloading (like a wolf in sheep’s clothing). All you haveto do is open the file—and WHAMMO!—the vulnerability is triggered,potentially allowing the attacker to run his or her code on yourmachine.

At this point in time, we have discovered a Trojan attached to thePowerPoint exploits that we’ve seen in the wild, and made antivirussignatures available for it; the Trojan is detected as Trojan.PPDropper.B....

Read more
SMS/MMS: The New Frontier for Spam and Phishing
Ollie Whitehouse | 14 Jul 2006 07:00:00 GMT | 0 comments

I've always wondered why SMS/MMS isn't used more often for spam or other malicious activities (CommWarrior being one notable exception). After talking to people in the industry about this, (that is, the security industry with a cellular or mobile flavor) it became apparent that we all have numerous hypotheses that try to explain the lack of SMS/MMS spam or phishing attacks. Some of the ideas that I've heard over the years include:
a) It costs money to send SMS/MMS messages, whereas to send e-mail it, for all intents and purposes, is free.
b) Any spam originating from a single operator or third party SMS/MMS originator can easily be shut down.
c) There is no need to complicate things as people still fall for e-mail phishing.

These opinions are certainly valid, but I think the tide may be turning, albeit on a very small scale. SMS is...

Read more
Mac OS X: Viruses and Security
TWoodward | 13 Jul 2006 07:00:00 GMT | 0 comments

Researchers and engineers who are working in the security field musthave strong constitutions—especially when it comes to weatheringnegative backlash and tired conspiracy theories whenever security andMac OS X are mentioned in the same breath. With that in mind, in aneffort to improve the quality of the dialogue, I would like to discusssome important issues regarding Mac OS X and security.

Let’sstart with the hot-button issue of Mac OS X viruses. Simply put, at thetime of writing this article, there are no file-infecting viruses thatcan infect Mac OS X. I see some of you raising a hand or two, wantingto ask me some “but, what about…” types of questions. Indeed, inFebruary of this year, when OSX.Leap.Awas discovered the news headlines declared that it was the “First evervirus for Mac OS X!” Long before the digital ink dried on thosesimplistic and sensational headlines our Security...

Read more
Phishing and Two-Factor Authentication
Zulfikar Ramzan | 12 Jul 2006 07:00:00 GMT | 0 comments

In many cases we use passwords toauthenticate ourselves on Web sites where we make transactions, andpasswords represent only one mechanism for authentication. Passwordsare “something we know” (and something that, hopefully, no one elseknows). However, there are other ways of authenticating ourselves. Forexample, we can use “something we are”, such as a fingerprint or otherbiometric, or even “something we have”, such as an access control card.“Two-factor authentication” refers to the concept of using twoinstances of “something we know”, “something we are”, or “something wehave”. Two-factor authentication provides much stronger guarantees whencompared to using just one of these means of authentication.

Oneof the most popular forms of two-factor authentication involves the useof a hardware token that displays a sequence of digits that changes atset intervals. To authenticate ourselves on a network using thismethod, we provide our regular password in...

Read more
Phishing in Sessions
Candid Wueest | 11 Jul 2006 07:00:00 GMT | 0 comments

Phishing attacks evolved from simple email attacks quite a long time ago. These days, we still see many attacks with obfuscated links and spoofed Web sites, but the emerging threat is in phishing malware. Even in the malware domain we have seen further developments, from basic key logging to session modification Trojans. The attacks are becoming more sophisticated in order to circumvent the current prevention methods.

Take, for example, the Trojan.Satiloler family. This threat monitors traffic that is sent and received by a Web browser. It can inject script code into received Web pages before they are passed to the user’s browser. If the Trojan finds a predefined online banking Web site, it replaces all of the Web form submit functions with its own functions. This enables the Trojan to control the information flow on that particular site without the user noticing. If a...

Read more
Phishing in Sessions
Candid Wueest | 11 Jul 2006 07:00:00 GMT | 0 comments

Phishing attacks evolved from simple email attacks quite a long time ago. These days, we still see many attacks with obfuscated links and spoofed Web sites, but the emerging threat is in phishing malware. Even in the malware domain we have seen further developments, from basic key logging to session modification Trojans. The attacks are becoming more sophisticated in order to circumvent the current prevention methods.

Take, for example, the Trojan.Satiloler family. This threat monitors traffic that is sent and received by a Web browser. It can inject script code into received Web pages before they are passed to the user’s browser. If the Trojan finds a predefined online banking Web site, it replaces all of the Web form submit functions with its own functions. This enables the Trojan to control the information flow on that particular site without the user noticing. If a...

Read more
Hijacked Yahoo! IM Accounts
Eric Chien | 11 Jul 2006 07:00:00 GMT | 0 comments

The Symantec Security Response team has received multiple reports of the hijacking of Yahoo! instant messaging accounts over this past weekend. The hijacking seems to be successful because some users are unwittingly providing their Yahoo! login credentials to a phishing Web page. There are several phishing Web pages involved in the attacks, some of which are listed here:
www.geocities.com/cindy7781115
www.geocities.com/madhatterchick15
www.geocities.com/julianna2504j15

Please use caution when receiving instant messages with links included in the text, especially any links that require you to login to another Web site. This phishing attack will attempt to use valid and current (compromised) Yahoo! accounts so that messages sent will appear to come from trusted contacts, so you'll need to keep a keen eye out for strange messages. For a detailed explanation on how this attack is carried out, please refer to my previous blog entry that describes...

Read more
Trustworthy Interfaces for Entering Passwords and other Personal Information: The 2006 TIPPI Workshop
Zulfikar Ramzan | 10 Jul 2006 07:00:00 GMT | 0 comments

The development of interfaces for trustworthy information has not progressed at the same rate as computing technology in general. Today we enter passwords using a text-based interface that we assume is trustworthy, much like what we did thirty-plus years ago.

On June 19, 2006 I attended (and gave a talk at) the TIPPI Workshop that was held on the Stanford University campus. TIPPI stands for “Trustworthy Interfaces for Passwords and Personal Information”. The workshop brings together people who design security schemes with those who build user interfaces. The goal is to help solve the problem of designing trustworthy user interfaces, which has specific implications for fighting online fraud, especially when it comes to phishing.

There has been considerable progress in designing protocols for secure password authentication. For example, password authenticated key exchange (PAKE) protocols...

Read more