Video Screencast Help
Security Response
Showing posts in English
Aaron Adams | 08 Feb 2007 08:00:00 GMT | 0 comments

The month of January is already over and, accordingly, so is the Month of Apple Bugs(MoAB). As promised, one advisory was released every day of the month,in some cases addressing numerous vulnerabilities in an application.Unlike the Month of Browser Bugs and Month of Kernel Bugs, this time we saw the interesting twist of a parallel group starting a Month of Apple Fixes.This group was responsible for the release of unofficial run-timepatches for the majority of the issues disclosed, with the exception ofthose affecting the kernel.

The classes of vulnerabilities discovered during the MoAB...

Candid Wueest | 07 Feb 2007 08:00:00 GMT | 0 comments

If you live in a German-speaking region, then you might have received one or two strange emails last month, which were unlike the huge amount of regular spam often seen. The first type of odd email was multiple instances of alleged invoices that were sent as email attachments by local ISPs or other service providers. The disguised attachment had a .pdf.exe double extension, which was not an invoice document at all, but a Downloader. Some people thought it was a scam asking for payment for a service that was never received (which was not true in this case), but even so the decision to immediately delete the email was the right choice.

At the end of January, another strange email made its rounds. This one claimed to come from the Bundeskriminalamt (BKA), the federal police in Germany. The email text mentioned charges against the user for downloading illegal movies and software and referred to the attachment as a fax form for statements that had to be completed as soon as...

Amado Hidalgo | 07 Feb 2007 08:00:00 GMT | 0 comments

Last week, Microsoft published Security Advisory 932553to warn Windows users of a new vulnerability in Microsoft Office.Security Response has analysed a sample of a malicious Microsoft Excelfile that appears to be exploiting the vulnerability that is hinted atin that Advisory. Fully patched versions of Office 2000, XP, and 2003appear to be vulnerable to this exploit.

Upon opening the malicious Microsoft Excel document, which Symantec now detects as Trojan.Mdropper.Y, it drops a Trojan horse program by using the exploit referenced by CVE-2007-0671 (BID 22383).It proceeds to drop a back door Trojan onto the compromised computer.It then attempts to contact...

Zulfikar Ramzan | 06 Feb 2007 08:00:00 GMT | 0 comments

Castlecops, a volunteer-run organization that has made tremendous waves in fighting phishing, announced a sweepstakesto celebrate their five-year anniversary. A number of security vendors,including Symantec, have contributed prizes to the contest. Inaddition, Castlecops receives a list of verified phishing sites fromSymantec through the Phish Report Network.

For those who don’t know, Castlecops runs the Phish IncidentReporting and Termination (PIRT) task force. If you find a legitimatephishing site and report it to them, Castlecops does the leg work tohelp take the site down before it does additional damage. In addition,they collect information to work with law enforcement. If the phisherhas stored stolen credentials (e.g., passwords, credit card numbers,bank account numbers, social security numbers, etc.) directly on theWeb server that he or she compromised, then there...

Zulfikar Ramzan | 06 Feb 2007 08:00:00 GMT | 0 comments

Castlecops, a volunteer-run organization that has made tremendous waves in fighting phishing, announced a sweepstakes to celebrate their five-year anniversary. A number of security vendors, including Symantec, have contributed prizes to the contest. In addition, Castlecops receives a list of verified phishing sites from Symantec through the Phish Report Network.

For those who don’t know, Castlecops runs the Phish Incident Reporting and Termination (PIRT) task force. If you find a legitimate phishing site and report it to them, Castlecops does the leg work to help take the site down before it does additional damage. In addition, they collect information to work with law enforcement. If the phisher has stored stolen credentials (e.g., passwords, credit card numbers, bank account numbers, social security numbers, etc.) directly on the Web server that he or she compromised,...

Ollie Whitehouse | 05 Feb 2007 08:00:00 GMT | 0 comments

Recently my boss provided me with a license for some mind-mapping software (if you’re curious, it’s MindManager from MindJet). So, I took it for a spin on a subject close to my heart and if you’re a regular reader I’m betting you’ll be able to guess what it is – yep, mobile device threats.

For mobile device threats, I found that it was actually quite a good way to communicate the threats modern mobile devices face today. You can see the results below (click on the image for a larger version). This rocked for several reasons, not the least because it saved me from having to type out long and rambling descriptions while trying to poorly communicate their relationships. The threats shown below are the most applicable to modern smart devices, yet certain categories also apply to legacy mobile devices running proprietary operating systems.

...

Marc Fossi | 02 Feb 2007 08:00:00 GMT | 0 comments

Being a fan of novels in the “cyberpunk” genre, the concept ofvirtual online worlds intrigues me. Standard massively multiplayeronline games (MMOGs) seem boring in comparison to the flexibility of aworld that allows participants to create their own objects within thevirtual environment. These creations are really only limited by theuser’s imagination and the boundaries of the coding language.

Recently, I read an article about residents of Second Life stagingin-world protests against a political party that opened an office inthe world (I won’t get into the details here because this space isn’tabout politics). What really caught my eye were some of the forms theseprotests took, including users strafing the offices with virtualmachine guns and exploding pigs.

So what does any of this have to do with computer security? Well, acouple of things about Second Life are noteworthy. One is that somemiscreants were successful in creating self-replicating code (like avirus) in...

Joseph Blackbird | 01 Feb 2007 08:00:00 GMT | 0 comments

What better time than January to review last year's security issuesand discuss predictions for the coming months of 2007. This issue ofSymantec's Home and Home Office Security Report looks into this, aswell as discussing current potential risks and threats that couldimpact home and home office users.

On January 20, 2007, a critical security flaw in Apple iChat wasreported. Hackers could use the flaw to break into your computer,allowing them to read your email messages and address books, steal yourfiles and software, and use your computer to carry out further hackingattempts. A hacker could also take advantage of the flaw by enticingyou to visit a malicious Web site or open a malicious file. When theWeb site is loaded or the file is opened, the malicious content willtake advantage of the flaw and allow the attacker to gain control ofyour computer. At the time of this writing, Apple had not yet releasedsolutions for all of these problems, but you can protect yourself...

Elia Florio | 31 Jan 2007 08:00:00 GMT | 0 comments

We've been getting a lot of requests from people asking what it looks like when your computer is compromised by one of these very limited targeted attacksthat involves any of the recent MS Word zero-day vulnerabilities. Atargeted attack begins with an incoming email that has a .DOC fileattached; a very common event that happens to almost everyone everyday. The email sender looks legitimate (it's spoofed of course!) andthe document name is selected to appeal to the recipient. For example,if the targeted user is an accountant, then the document would looklike a tax certificate or an invoice. For members of governments, itcould appear to be an important communication from a Minister. Forfinance brokers, a stocks analysis and so on...

Targeted attacks are not intended for the masses, so we're nevergoing to see the usual "Very exciting greeting postcard.exe" attachedto those emails. But the big question is: what happens when someoneopens the malicious...

Eric Chien | 30 Jan 2007 08:00:00 GMT | 0 comments

We have received some additional Worddocuments that exploit an unpatched Microsoft Word vulnerability. Thesedocuments are detected as Trojan.Mdropper.X. We believe this is a newvulnerability, making it the fifth currently unpatched Office fileformat vulnerability. While these documents are being used in atargeted attack consistent with previous cases, we have receiveddifferent documents that use this same exploit from multipleorganizations. The documents have been each designed specifically forthe targeted organization in both language and content.

The vulnerability could be a slight variation or may be covered bythe existing CVEs and we are awaiting confirmation from MicrosoftSecurity Response Center. Nevertheless, no patches appear to beavailable, so, as always, be careful opening unsolicited Word documents.

Update - Feb 1st, 2007 11:40 UTC: We have receivedconfirmation from Microsoft that the vulnerability being used in theseattacks is in...