Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Marc Fossi | 16 Oct 2006 07:00:00 GMT | 0 comments

As regular readers of this blog site willbe aware, I attended the Virus Bulletin 2006 conference in Montreal,Quebec last week. On my flight home to Calgary (aboard a major Canadiancarrier) they had something new for me. On the back of each seat therewas a touch-screen display for people to watch movies, television, andso on. Ok, so this may not be anything new (I probably just don’t getout enough) or all that interesting at first glance. However, a coupleof things relevant to computer security struck me about these screens.

Almost right after looking at the screen for the first time, my eyeswere drawn to a socket just to the left of it—a USB port. There weren’tany keyboards distributed during the flight, but I suspect the portsare there for a future video game option (when I tried selecting thisoption on the touch screen, I was greeted with a “This feature iscurrently unavailable” message). Now, there’s also a distinctpossibility that the operating system behind these...

Marc Fossi | 13 Oct 2006 07:00:00 GMT | 0 comments

VB-Oct06_small.jpg

Back in September, I summed up some of the malicious code and phishing trends from the latest edition of the Symantec Internet Security Threat Report. To sum up that summary, I said that we’re seeing a trend toward profit-driven attacks. Malicious code is being created with financial motivation and is used in conjunction with phishing attacks. Well, after two days of presentations at the Virus Bulletin 2006 conference, it seems that others agree with this conclusion.

From the keynote address by Mikko Hypponen of F-Secure, through to the presentation on phishing Trojan creation kits by Dmitri Alperovitch of Secure Computing, there...

Oliver Friedrichs | 12 Oct 2006 07:00:00 GMT | 0 comments

I have to say that it is not surprising to see that Microsoft is countering the claims (that Symantec, McAfee, and others are making) that Windows Vista will hinder innovation, while putting consumers at risk. In fact, I think that it is to be expected. Some of the arguments that are being put forth in their favor are rather uninformed, exceptionally broad, and disingenuous. They have been presented in such a way as to position security vendors as though we have for decades preyed on the weak and stolen from the poor and with the emergence of Windows Vista, freedom from this tyranny is in sight. The reality is, we offer a real service—protection from real threats that will otherwise result in real losses—and this is by no means a protection racket. In any case, it’s not my intent to try and dissuade that part of the population that really thinks this; but, I will try to offer some insight to those who would consider themselves technologists.

It is important to remember that...

Peter Ferrie | 12 Oct 2006 07:00:00 GMT | 0 comments

Some time ago, the author of W32.Gatt had posted a comment on his Web site that said he read my blog entry aboutthis particular virus. From there on in he assumes that we visit hispage often. In fact, we have no need for it—customers are doing thatfor us.

We receive samples almost as soon as they appear on any Web site,anywhere in the world, and we are notified about curious comments likethat one. To quote the virus author's entry: "Interpretation without acontext of information." Well, exactly. Interestingly, while the authorclaims that Symantec was wrong about why the source was not released,he does not tell us why the source wasn’t released. It must be quitesensitive, maybe even better than my reason, but until we know, I'llstick with my reason.

...

Sarah Gordon | 11 Oct 2006 07:00:00 GMT | 0 comments

VB-Oct06_small.jpg

Monday was a holiday in the United States, but since I’m in Canada I took advantage of that fact in order to not take the day off. My boss should like that. :) Instead, I created some more slides for my upcoming VB presentation;but, I didn’t have a very easy time of it. Some people are naturals atputting together presentations—complete with nice graphics,easy-to-read charts, and a minimum of animation. I’m not one of them.Not only do I fight (and I’m finally winning, I might add) theanimation daemon that seems to want to add flying horses and spinningcircles of yellow and black to each slide, I am dyslexic and I suffer from more than moderate dyscalculia, making charts more than a small challenge.

I think...

Joji Hamada | 10 Oct 2006 07:00:00 GMT | 0 comments

Recently, we have seen a trend in Trojanhorse programs exploiting popular desktop applications. Theapplications that have been exploited have included Microsoft Word,Excel, Powerpoint, and JustSystem's Ichitaro. Now, we have uncovered aTrojan horse exploiting a vulnerability in WinRar—software which maynot be quite as well known as those examples I have just mentioned.

Symantec Security Response has confirmed that Trojan.Radropper exploits the RARLAB WinRAR LHA Filename Handling Buffer Overflow Vulnerability.This vulnerability was first made public in July of this year and hassubsequently been fixed. The current version of WinRAR (version 3.61)does not contain this vulnerability.

The attack was email based and was executed when an email with a RARarchive...

Ben Greenbaum | 10 Oct 2006 07:00:00 GMT | 0 comments

This month is a busy one, with 10 updates in total, fixing 27 distinct vulnerabilities. Of the 10 updates, seven of them are listed as “Critical” by Microsoft. Interestingly, all seven of them are intended to patch various client-side vulnerabilities—four of them in the Office suite.

Critical bugs:

The patched Office vulnerabilities are all file-format vulnerabilities that will allow an attacker to run the code of their choice on the victim machine, provided a user on that machine opens the malicious file.

There are patches for Powerpoint (MS06-058: BIDs 20322, 20304, 20325, 20226), Excel (MS06-059: BIDs...

Sarah Gordon | 10 Oct 2006 07:00:00 GMT | 0 comments

VB-Oct06_small.jpg

I landed in Montreal on Sunday morning and immediately began sortingout pictures of my dogs (!) so I could put the finishing touches on myVirus Bulletin presentation. “Everything I Need to Know About Security I Learned from My Dog and a Country Western Song”is not your usual security paper title; in fact, the initial ideaevolved as a tongue-in-cheek “what if” mental exercise. However, themore I thought about it, and the more people I talked to about it, themore I realized the idea was worth pursuing to the next level.Somewhere along the way it changed to “two dogs”, I submitted theabstract to Virus Bulletin, it was accepted, and the paper began totake shape.

Virus Bulletin is undoubtedly one of the best opportunities(globally...

Dave Cole | 10 Oct 2006 07:00:00 GMT | 0 comments

apocalypse1.JPG

Read ‘em and weep. Doesn’t matter what it is, how much you spent onit, or what you’ve done it implement it, its outlook is about as goodas the Cleveland Browns’ Super Bowl chances. Got your attention? That’sthe idea. This type of apocalyptic proclamation has been alive and wellin information security over the past few years and never ceases to getits share of eyeballs and chatter. Gartner fired a shot across the bowa while back with the “IDS is dead” statement and similar things arenow being said about antivirus. The siren call of these alarmiststatements has proven irresistible, but I’ll offer that while they makefor catchy headlines, they obscure a more complex, but much moreaccurate reality. In this spirit, I’ll offer up a couple of alternateheadlines that are a lot less captivating, but also do a better job ofhitting the mark, in my eyes....

Eric Chien | 09 Oct 2006 07:00:00 GMT | 0 comments

Over the weekend, the Google blog was hacked and someone made a fake post stating Google was discontinuing their Click-To-Call service. A few weeks ago, Randy Charles Morin's blog was reportedly hacked using a new unknown and unpatched exploit by Jason Schramm known as the Host Overflow Application eXception.

Now,some people are putting one and one together and assuming Google's blogwas hacked via the unpatched Host Overflow Application eXception. Theproblem? The Host Overflow Application eXception appears to be a HOAX(follow the capital letters). Jason followed up with a post to his blogwith a supposed patch. The patch itself...