Video Screencast Help
Security Response
Showing posts in English
Kelly Conley | 13 Feb 2007 08:00:00 GMT | 0 comments

It seems like only yesterday I was blogging about a new spam report that Symantec Messaging and the Web Security team have published regarding the state of spam. Now, the February report is online, which gives a good overview of spam activity in January of 2007.

This issue highlights several interesting trends. While spam continues to be a high percentage of all email, there was a slight reduction of spam in January to approximately 69 percent. The technique du jour, image spam, reached a high in January, but ended the month around 30 percent. It's amazing to think that 30 percent of the total spam volume is image spam. We look at it every day, and still it continues to arrive, most notably in emails for penny stock and fake Rolex.

Have you noticed a decline in adult-oriented email lately? So have we. Once consistently in the top categories of...

Ben Greenbaum | 13 Feb 2007 08:00:00 GMT | 0 comments

Anybody remember when RTF files were just innocent little things?They were like the big brother of the .txt file, or .txt v2, if youwill. Just characters on a screen, but some of them might be differentfonts or colors or sizes – maybe the occasional clipart. Who would haveguessed they are apparently the most hostile files on the Internet thismonth? "When RTFs Go Bad!…" Okay, perhaps I’m exaggerating, but thismonth Microsoft is patching no less than three vulnerabilities, inseparate applications, that can be exploited via malicious RTF filesthat contain OLE objects.

Several of this month’s patches address issues that have beenexploited already in limited-distribution, targeted attacks. Thecombination of target-specific social engineering and privately heldvulnerability information is becoming more and more widely adopted byattackers with political and industrial motivations. While the "newbreed" of cybercriminals wants to cast as wide a net as possible, wecannot forget that...

Symantec Security Response | 12 Feb 2007 08:00:00 GMT | 0 comments

Emperor Entertainment Group: From sex photo scandal to Web site being hacked, key word: protect the data on your hard drive.

It's probably not the best way to advertise privacy protection, butit's indeed something that should ring a bell for those who leave theirportable devices unattended or unsecured.

Rumor has it that Edison Chan, the popular celebrity from Hong Kong,had data stolen from his personal laptop. Now under normalcircumstances, this would be bad enough. However, it turns out Mr. Chanhad taken hundreds of pictures and videos of over 14 female celebritiesin various states of dress and involved in various sexual acts, andstored this data on his computer. The stolen data has since spreadquickly over the Internet.

Earlier today the Emperor Entertainment Group's Web site - the groupthat several of the victims have contracts with - was hacked by someonecalling themselves "blspi" with the following message in Chinese, "Isincerely hope EEG...

Symantec Security Response | 12 Feb 2007 08:00:00 GMT | 0 comments

As I sit here looking for inspiration for my next blogpontification, I realized that I would be remiss if I didn't touch abit on Vista given Microsoft's latest announcement. If you do a searchon Vista in your browser, you’ll see plenty of material out theretouting how “secure” Vista is. But let’s face it, at the most basiclevel, Vista, in and of itself, is just another operating system. So,let’s not confuse an operating system that’s more secure with somethingthat is an actual security solution that provides real protectionagainst the breadth of computer attacks. Perhaps it's just semantics,but it does cause some confusion as illustrated by severalconversations I've been in where people I’ve talked to have made thismistake. So, let's set the record straight.

For the record, and without getting too much into the nitty-grittydetails, Vista is simply an operating system that contains a variety ofnew features that make it less readily hackable and exploitable. That’sit. Although...

Dave Cole | 09 Feb 2007 08:00:00 GMT | 0 comments

We recently hit a big milestone here at Symantec Security Response:30 VB100 awards in a row! This means that for every VB100 test forwhich we have submitted a product, we’ve detected all the threats onthe latest WildList without missing a threat and without triggering afalse positive on a clean file. For a little perspective, this streakstretches all the way back to the last century (OK, 1999) with theNovember 1999 VB100 test for Windows 98. We think this a prettyremarkable achievement in consistency and reliability.

There were a couple other notable items in the latest test, not theleast of which was that it was the first VB100 that covered Microsoft’snew Vista operating system. We were one of several security companieswho notched a win on the inaugural Vista VB100, but there were a few ofus who didn’t quite make the cut.Note that...

Kelly Conley | 08 Feb 2007 08:00:00 GMT | 0 comments

I just received a legitimate e-newsletter from a science gadget company. I'm reading along about robotic arms and hands and the use of these objects in operating rooms. I'm immersed in this email. It's pretty interesting stuff. To imagine the steps that we've made with science and technology in the past 50 years or less, is truly mind boggling. Then I get to the end. Or not.

There it is. A URL. Why is it there and where does it lead? It must have something to do with scientific gadgets. Does it take me back to the main Web site? Does it take me to another reference of robotic use in operating rooms? It isn’t the opt-out, because that URL is just above this one.

I click and it doesn't take me anywhere that I would have guessed. In fact, it is not related to science or technology at all. The URL takes me to an adult-related meds site. What is the correlation? Is there supposed to be one between readers of science newsletters and viagra? I have no idea what the...

Orla Cox | 08 Feb 2007 08:00:00 GMT | 0 comments

Today has seen another large-scale spamming of Trojan.Peacomm, aka the "Storm Trojan". With Valentine's Day approaching, this time around the authors are attempting to tug on the heartstrings of unsuspecting users with romantic subject lines such as "My Heart belongs to you" and "Together You and I". The mail body is empty and the attachments have the usual names of "Greeting Card.exe", "Postcard.exe", and "Greeting Postcard.exe".

The Trojan is much the same as we've seen before, the only difference being that the authors have used a modified packer in an (unsuccessful) effort to evade detection by AntiVirus vendors. These latest samples are proactively detected as Bloodhound.Packed.13 with Rapid Release definitions dated 02/07/2007 (revision 54). Definitions dated 02/08/2007 (revision 25) and later will...

Aaron Adams | 08 Feb 2007 08:00:00 GMT | 0 comments

The month of January is already over and, accordingly, so is the Month of Apple Bugs(MoAB). As promised, one advisory was released every day of the month,in some cases addressing numerous vulnerabilities in an application.Unlike the Month of Browser Bugs and Month of Kernel Bugs, this time we saw the interesting twist of a parallel group starting a Month of Apple Fixes.This group was responsible for the release of unofficial run-timepatches for the majority of the issues disclosed, with the exception ofthose affecting the kernel.

The classes of vulnerabilities discovered during the MoAB...

Candid Wueest | 07 Feb 2007 08:00:00 GMT | 0 comments

If you live in a German-speaking region, then you might have received one or two strange emails last month, which were unlike the huge amount of regular spam often seen. The first type of odd email was multiple instances of alleged invoices that were sent as email attachments by local ISPs or other service providers. The disguised attachment had a .pdf.exe double extension, which was not an invoice document at all, but a Downloader. Some people thought it was a scam asking for payment for a service that was never received (which was not true in this case), but even so the decision to immediately delete the email was the right choice.

At the end of January, another strange email made its rounds. This one claimed to come from the Bundeskriminalamt (BKA), the federal police in Germany. The email text mentioned charges against the user for downloading illegal movies and software and referred to the attachment as a fax form for statements that had to be completed as soon as...

Amado Hidalgo | 07 Feb 2007 08:00:00 GMT | 0 comments

Last week, Microsoft published Security Advisory 932553to warn Windows users of a new vulnerability in Microsoft Office.Security Response has analysed a sample of a malicious Microsoft Excelfile that appears to be exploiting the vulnerability that is hinted atin that Advisory. Fully patched versions of Office 2000, XP, and 2003appear to be vulnerable to this exploit.

Upon opening the malicious Microsoft Excel document, which Symantec now detects as Trojan.Mdropper.Y, it drops a Trojan horse program by using the exploit referenced by CVE-2007-0671 (BID 22383).It proceeds to drop a back door Trojan onto the compromised computer.It then attempts to contact...