Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Vincent Weafer | 28 Dec 2006 08:00:00 GMT | 0 comments

The two most common questions I hear around this time of year are:what do you think the biggest trend of the year was and what do youthink the biggest threat next year will be. After outlining a year in review, let’s spend a little time on what we may expect to see in the next 12 months.

Obviously, the debut of a new operating system brings with it newfeatures for both the research community and malicious code authors toscrutinize. It’s simple to expect that we’ll see new attack attempts onMicrosoft Vista. What’s more interesting are trends we’re likely to seethat don’t even touch the physical hard drive of a computer. Web 2.0technologies have already begun to capture attacker interest andmotivation. As adoption continues to grow and dependence on these Webapplications increases, the impact and frequency of these issues willrise.

Consider the...

Vincent Weafer | 28 Dec 2006 08:00:00 GMT | 0 comments

The two most common questions I hear around this time of year are:what do you think the biggest trend of the year was and what do youthink the biggest threat next year will be. After outlining a year in review, let’s spend a little time on what we may expect to see in the next 12 months.

Obviously, the debut of a new operating system brings with it newfeatures for both the research community and malicious code authors toscrutinize. It’s simple to expect that we’ll see new attack attempts onMicrosoft Vista. What’s more interesting are trends we’re likely to seethat don’t even touch the physical hard drive of a computer. Web 2.0technologies have already begun to capture attacker interest andmotivation. As adoption continues to grow and dependence on these Webapplications increases, the impact and frequency of these issues willrise.

Consider the...

Vincent Weafer | 27 Dec 2006 08:00:00 GMT | 0 comments

The countdown to December 31 has begun. As 2006 comes to a close, it’s important to review the significant trends and issues observed by Symantec Security Response over the past year. Some of these may relate to what we can expect to see in the New Year.

First and foremost, throughout 2006 we identified that online fraud has steadily increased and become even more sophisticated. Much of the online fraud activity we’ve seen has been in the form of phishing – approximately seven million total phishing attempts each day. That’s a lot of cybercriminals on the hunt for your personal information! We have also witnessed phishers innovating beyond the traditional online scam where they may distribute tens of thousands of emails hoping to trick one of you lucky individuals. Today, we are seeing fraudsters embrace new techniques such as vishing and SMishing to solicit and obtain your confidential information. See Zulfikar Ramzan’s blog...

Vincent Weafer | 27 Dec 2006 08:00:00 GMT | 0 comments

The countdown to December 31 has begun. As 2006 comes to a close,it’s important to review the significant trends and issues observed bySymantec Security Response over the past year. Some of these may relateto what we can expect to see in the New Year.

First and foremost, throughout 2006 we identified that online fraudhas steadily increased and become even more sophisticated. Much of theonline fraud activity we’ve seen has been in the form of phishing –approximately seven million total phishing attempts each day. That’s alot of cybercriminals on the hunt for your personal information! Wehave also witnessed phishers innovating beyond the traditional onlinescam where they may distribute tens of thousands of emails hoping totrick one of you lucky individuals. Today, we are seeing fraudstersembrace new techniques such as vishing and SMishing to solicit andobtain your confidential information. See Zulfikar Ramzan’s blog...

Vincent Weafer | 27 Dec 2006 08:00:00 GMT | 0 comments

The countdown to December 31 has begun. As 2006 comes to a close, it’s important to review the significant trends and issues observed by Symantec Security Response over the past year. Some of these may relate to what we can expect to see in the New Year.

First and foremost, throughout 2006 we identified that online fraud has steadily increased and become even more sophisticated. Much of the online fraud activity we’ve seen has been in the form of phishing – approximately seven million total phishing attempts each day. That’s a lot of cybercriminals on the hunt for your personal information! We have also witnessed phishers innovating beyond the traditional online scam where they may distribute tens of thousands of emails hoping to trick one of you lucky individuals. Today, we are seeing fraudsters embrace new techniques such as vishing and SMishing to solicit and obtain your confidential information. See Zulfikar Ramzan’s blog...

Zulfikar Ramzan | 26 Dec 2006 08:00:00 GMT | 0 comments

Now that we’re near the end of the year, Ithought I’d spend some time looking back at the phishing threat andreviewing some of the noteworthy trends. There are three high-levelaspects that I’d like to touch upon:
1) The overall increase in phishing activity
2) New phishing attack vectors
3) New antiphishing techniques

Overall activity

First, phishing activity has steadily increased during the course of2006. We’ve seen increases in both the number of phishing Web sitesthat go up as well as the number of unique phishing emails being sentout. Most targets are in financial services, but phishers have expandedtheir scope to include retailers, social networking sites, serviceproviders, government sites, and even certificate authorities.

In addition, we’re seeing semblances of “corporate” behavior inphishing attack patterns. For example, phishers seem to be workingnormal business workdays and, therefore, are less active during...

Zulfikar Ramzan | 26 Dec 2006 08:00:00 GMT | 0 comments

Now that we’re near the end of the year, I thought I’d spend some time looking back at the phishing threat and reviewing some of the noteworthy trends. There are three high-level aspects that I’d like to touch upon:
1) The overall increase in phishing activity
2) New phishing attack vectors
3) New antiphishing techniques

Overall activity

First, phishing activity has steadily increased during the course of 2006. We’ve seen increases in both the number of phishing Web sites that go up as well as the number of unique phishing emails being sent out. Most targets are in financial services, but phishers have expanded their scope to include retailers, social networking sites, service providers, government sites, and even certificate authorities.

In addition, we’re seeing semblances of “corporate” behavior in phishing attack patterns. For example, phishers seem to be working normal business workdays and, therefore, are less active during...

John McDonald | 22 Dec 2006 08:00:00 GMT | 0 comments

A vulnerability has been discovered in theway the Windows Client/Server Runtime Server Subsystem (CSRSS)processes a type of system message referred to as the HardErrormessage, reportedly allowing a logged on user to execute arbitrary codein the CSRSS.EXE process and elevate their privileges to SYSTEM level.The vulnerable code is present in the new Vista operating system, aswell as Windows 2000, XP and 2003.

When certain events occur within the operating system, a HardErrormessage is sent to CSRSS containing the caption and text of a messagebox to be displayed in order to notify the user of a critical systemerror. The HardError message is handled by a function in WINSRV.DLLwhich returns pointers to the caption and text of the message box. Ifthe caption or text parameters are prefixed with certain characters,the function erroneously frees the buffer holding the text and returnsa pointer to freed memory. After the message box is closed by the user,the same buffer is then...

Zulfikar Ramzan | 22 Dec 2006 08:00:00 GMT | 0 comments

This entry continues my blog series on some Symantec phishing data I have recently analyzed. I decided to look at data that relates to how phishing attacks are becoming more targeted. During the periods studied, our data does not support the hypothesis that attackers are going after more and more specialized targets. For the periods studied, our data also indicates that targeted phishing campaigns are outweighed by more scattered ones. Again, it’s important to note that the data is specific to a given period of time, so it’s possible (and perhaps quite likely, given how rapidly the landscape is changing) that outside this time frame the picture could change dramatically.

Let’s consider unique brands first. From June through September, 2006, the Symantec Norton Confidential system recorded 154 distinct brands that were spoofed in a phishing attack. Of these 154 brands, 93 of them were spoofed in a phishing attack that occurred during June; this number jumped...

Zulfikar Ramzan | 22 Dec 2006 08:00:00 GMT | 0 comments

This entry continues my blog series on some Symantec phishing data I have recently analyzed. I decided to look at data that relates to how phishing attacks are becoming more targeted. During the periods studied, our data does not support the hypothesis that attackers are going after more and more specialized targets. For the periods studied, our data also indicates that targeted phishing campaigns are outweighed by more scattered ones. Again, it’s important to note that the data is specific to a given period of time, so it’s possible (and perhaps quite likely, given how rapidly the landscape is changing) that outside this time frame the picture could change dramatically.

Let’s consider unique brands first. From June through September, 2006, the Symantec Norton Confidential system recorded 154 distinct brands that were spoofed in a phishing attack. Of these 154 brands, 93 of them were spoofed in a phishing attack that occurred during June; this number jumped...