Video Screencast Help
Security Response
Showing posts in English
Ben Greenbaum | 14 Nov 2006 08:00:00 GMT | 0 comments

Microsoft released six security bulletins this morning, covering atotal of 11 distinct security vulnerabilities. In rough order of mosturgent to least, here we go:

Topping the list in raw urgency is MS06-066 (BID 21023 and BID 20984,CVE-2006-4688 and CVE-2006-4689). This affects everything from Win2KSP0 to XP SP2, provided that the systems have the Client Service forNetware enabled. This obviously reduces the population of vulnerablesystems, but for those systems this is where you want to start. Thisaddresses two vulnerabilities, the more severe of which is theMicrosoft Windows Client Service For Netware Remote Code ExecutionVulnerability. If your computers match that description, you are wideopen to remote attackers, who have the opportunity to run code of theirchoice on your machines – until you apply the...

Mimi Hoang | 14 Nov 2006 08:00:00 GMT | 0 comments

Whether it’s spaghetti or lasagna or any other potential mess, Symantec can clear away whatever Gromozon dishes out. Our team has already written a couple of blogs on just how nasty the Gromozon (LinkOptimizer) threat is. You can read about it in Gromozon.com and Italian Spaghetti, and Gromozon Evolution: From Spaghetti to Lasagna.

Recently, we took 18 different LinkOptimizer samples and did our own testing to see whether or not other vendors could deal with this super aggressive threat. The results are pretty staggering. Symantec provides the most complete protection, whereas the next closest vendor handled only five out of the 18 samples.

...

Ben Greenbaum | 14 Nov 2006 08:00:00 GMT | 0 comments

Microsoft released six security bulletins this morning, covering a total of 11 distinct security vulnerabilities. In rough order of most urgent to least, here we go:

Topping the list in raw urgency is MS06-066 (BID 21023 and BID 20984, CVE-2006-4688 and CVE-2006-4689). This affects everything from Win2K SP0 to XP SP2, provided that the systems have the Client Service for Netware enabled. This obviously reduces the population of vulnerable systems, but for those systems this is where you want to start. This addresses two vulnerabilities, the more severe of which is the Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability. If your computers match that description, you are wide open to remote attackers, who have the opportunity to run code of their choice on your machines – until you...

Dave Cole | 13 Nov 2006 08:00:00 GMT | 0 comments

This past spring we announced that Phish Report Network (PRN) was officially open for any organization who wanted to have phishing attacks against their brand blocked through the PRN’s community of solution providers, including Yahoo, Netscape, Symantec and others. This was (and still is) completely free of charge to the organization sending the data. We’re now pleased to announce that anyone, from Grandma Jones in Topeka to Uncle Jack in Melbourne, can now submit their fresh phish to the PRN. It’s a piece of cake to do and mostly consists of copying the URL of the fraudulent Web site into a submission form at the following location: https://submit.symantec.com/antifraud/phish.cgi

Once we receive the suspicious URLs, we vet them both programmatically as well as manually to make sure it is indeed a fraudulent...

Dave Cole | 13 Nov 2006 08:00:00 GMT | 0 comments

This past spring we announced that Phish Report Network (PRN) was officially open for any organization who wanted to have phishing attacks against their brand blocked through the PRN’s community of solution providers, including Yahoo, Netscape, Symantec and others. This was (and still is) completely free of charge to the organization sending the data. We’re now pleased to announce that anyone, from Grandma Jones in Topeka to Uncle Jack in Melbourne, can now submit their fresh phish to the PRN. It’s a piece of cake to do and mostly consists of copying the URL of the fraudulent Web site into a submission form at the following location: https://submit.symantec.com/antifraud/phish.cgi

Once we receive the suspicious URLs, we vet them both programmatically as well as manually to make sure it is indeed a fraudulent...

Shunichi Imano | 11 Nov 2006 08:00:00 GMT | 0 comments

It has recently been reported thatfunctional exploit code for Broadcom Wireless drivers has been madeavailable to the public. Concerns over the exploit are increasing,because the exploit allows remote code execution, and the susceptibledrivers are shipped with many new computers.

More information can be found at the Month of Kernel Bugs site.

A machine is vulnerable to the exploit if the computer has asusceptible Broadcom Wireless-N network card, and is running thedrivers in question. Unfortunately, due to the nature of wirelessnetworking, all that is required of the attacker is to be within rangeof the vulnerable machine. Because this vulnerability occurs at anextremely low level
within the networking protocol, there may be difficulties in detecting these attacks using standard IDS/IPS methods.

Symantec Security Response recommends that you update...

Ollie Whitehouse | 10 Nov 2006 08:00:00 GMT | 0 comments

Hola again! Well, that’s my Spanish out the way. Oh, wait – dos cervezas por favor ;-). Anyway, I was invited down to Spain by the kind folk of NoConName (thanks to Nico and crew – Majorca is lovely!) to deliver a presentation on some research I had done at the start of the year when I first joined the Advanced Threat Research team (research that I had alluded to in an earlier blog entry on an attack surface analysis of Windows CE 5 and Windows Mobile 5.

This is a rundown of the NoConName version of my presentation:

• Introduction & Context
• Overview of Windows CE
• Windows CE Security Model
• Analysis Findings
• Windows CE and Security Patches

The first three sections are pretty self explanatory and way too long to cover...

Zulfikar Ramzan | 09 Nov 2006 08:00:00 GMT | 0 comments

A fairly imaginative phishing attack was live on the MySpace.com site for a few hours on the morning of Friday, October 27, 2006. The attack was interesting not so much because of its technical prowess, but because the attackers were so creative. The attack was initially reported by Netcraft who discovered it when one of their customers encountered the page.

The attackers were able to create a login page located at http://www.myspace.com/login_home_index_html, which solicited the visiting user’s MySpace username and password. When entered, these values would go to a server operated out of France.

How did the attackers manage to pull this off? They tossed the wealth of complex phishing techniques aside and did something that was remarkably simple and yet clever. Like millions before them, they just went to MySpace.com and registered an...

Mimi Hoang | 08 Nov 2006 08:00:00 GMT | 0 comments

Symantec is the most effective at detecting and removing spyware versus five other vendors. AV-Test (Andreas Marx), under the supervision of TUEV Saarland, conducted a test to determine how each vendor handled the spyware/adware anti-removal techniques.

This test was conducted in June, 2006, with 50 security risk samples randomly chosen by AV-Test from the “top 10” lists of various antispyware vendors, including the vendors that were tested. Further information on testing methodology and samples used can be downloaded at http://www.symantec.com/enterprise/security_response/toughsecurity/index.jsp (refer to the Appendix at the end of the technical brief) or visit www.tekit.de.

The results showed Symantec’s lead in the detection and removal of spyware, adware, and other security risk programs. We...

Hon Lau | 07 Nov 2006 08:00:00 GMT | 0 comments

Many great things have been touted about Web 2.0, such as that it will bring about a richer, freer, and more community-driven experience for all users. Technologies like wikis and blogs, along with services like Flickr and YouTube are prime examples of how the Web has evolved to bring about increased community participation. What these services really do is bring about freedom of speech to the masses. Unfortunately, the masses also include the “bad”.

Wikipedia has long been a target for mischief makers who abuse the ability for anyone to freely create and edit entries in the encyclopedia. Usually the abuses only involve providing false information in articles on the site. Recently, we received reports that the German version of Wikipedia has been used by malware creators to distribute their creations by modifying a page to point to their malicious programs. According to the reports, a Wikipedia entry regarding W32.Blaster was modified to point at fake Microsoft Windows...