Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Response
Showing posts in English
Ankit Singh | 22 Jul 2014 22:25:38 GMT

Facebook Scam.png

Contributor: Himanshu Anand

Facebook scams are a regular occurrence in today’s world, but attackers have become more aggressive and are now using Facebook scams to exploit a user’s system. Normally Facebook scams trick users into filling out fake surveys, or sharing videos and pictures. It is very rare that a scam redirects to an exploit kit, but in the case of one famous Facebook scam targeting users who wanted to work from home, that was exactly what happened. The “EXPOSED: Mom Makes $8,000/Month” scam, which we observed recently, redirected users to the Nuclear exploit kit. This particular scam has since been removed by Facebook.

Facebook Scam 2.png

Figure 1....

Symantec Security Response | 16 Jul 2014 23:01:43 GMT

Despite Japan's isolated adoption of unique and sometimes incompatible technological standards, often described as Galapagosization, the country still seems to be open game when it comes to banking malware. Attacks on online banking are nothing new in Japan and the country has dealt with several prominent cases in the last year. For instance Infostealer.Torpplar targeted confidential information that was specific to Japanese online banks and credit cards, and variants of Infostealer.Bankeiya utilized various methods including zero-day vulnerabilities and exploit kits to target Japanese users. Japan's National Police Agency reported that US$11,840,000 was stolen in 2013 as a result of cybercrime and, as of May 9, 2014, US$14,170,000...

Satnam Narang | 15 Jul 2014 16:12:08 GMT

One year ago, we warned users about one of the first instances of adult webcam spam on the up-and-coming mobile dating application Tinder. We also warned about an impending flood of spam bots once an Android version was released. Now, a year later, we have observed a number of different spam campaigns using fake profiles to flirt with users of the service.

Adult webcam spam
The first spam campaign we identified ultimately set the tone for future campaigns. These spam bots claimed to offer an adult webcam session and asked users to click on a link to another website. The spammers iterated their efforts; modifying their scripts, switching short URL services (from goo.gl to bit.ly), and linking to different webcam sites. Eventually, these bots were set up to get users to...

Symantec Security Response | 10 Jul 2014 17:40:05 GMT

An international law enforcement operation has struck a major blow against the gang behind Shylock, one of the world’s most dangerous financial Trojans. The takedown, which was led by the UK National Crime Agency, resulted in the seizure of a command and control (C&C) servers, in addition to domains that Shylock uses for communication between infected computers.

Trojan.Shylock is designed to intercept online banking transactions and steal victims’ credentials. The gang behind it appears to be based in Russia or Eastern Europe and its main target is customers of UK banks. It has also hit financial institutions in a number of other European countries and the US. Shylock is more advanced than many other financial Trojans:

  • The attackers behind Shylock have an advanced, targeted...
himanshu_mehta | 08 Jul 2014 18:40:33 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing six bulletins covering a total of 29 vulnerabilities. Twenty-four of this month's issues are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the July releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14...

Binny Kuriakose | 04 Jul 2014 10:01:54 GMT

Contributor: Vijay Thawre

It’s a time of freedom and joy for Americans as the United States prepares to celebrate its 238th Independence Day on July 4 with fireworks, parades, music, and public events. However, like every other year, spammers are sending people a barrage of cleverly crafted spam aimed at exploiting this mood of celebration.

This year, Symantec has observed a variety of spam, ranging from fake Internet offers to pharmacy deals, which take advantage of the US Independence Day.

Travel promotion spam
In travel promotion spam campaigns, the spammer tries to lure customers with offers of premium travel arrangements for July 4. The spammer claims to offer chartered private jets, aiming to entice customers with the luxury of having a plane at their disposal. They also make a pitch for budget travelers as well. The spam message includes a link  to a page that asks users to enter their personal information....

Ankit Singh | 03 Jul 2014 17:01:17 GMT

On June 28, the popular video sharing website Dailymotion was compromised to redirect users to the Sweet Orange Exploit Kit. This exploit kit takes advantage of vulnerabilities in Java, Internet Explorer, and Flash Player. If the vulnerabilities were successfully exploited during the campaign, pay-per-click malware was then downloaded on the victim’s computer. This week, Dailymotion is no longer compromised, as users are currently not being redirected to the exploit kit.

We believe that the attackers compromised Dailymotion in order to target a large number of users. Dailymotion is in Alexa’s top 100 most popular websites list, so the attackers could have potentially infected a substantial amount of users’ computers with malware through this attack. We found that the campaign mainly affected Dailymotion visitors in the US and Europe.

...

Ankit Singh | 02 Jul 2014 08:46:25 GMT

Contributor: Karthikeyan Kasiviswanathan

Last week, it was reported that popular Web portal AskMen.com was compromised to redirect users to a malicious website that hosted the Nuclear Exploit Kit. Symantec has found during investigations that users were also redirected to the Rig Exploit Kit during this attack. Symantec has notified the owners of  the AskMen.com site about this compromise.

The Rig Exploit Kit was discovered a few months ago and mainly exploits vulnerabilities in Internet Explorer, Java, Adobe Flash, and Silverlight. We decided to take a closer look at how the exploit kit was used in this attack to find out what damage it could do to users’ computers.

Rig Exploit Kit’s features
To set up the attack, the attackers injected malicious JavaScript into the website...

Symantec Security Response | 30 Jun 2014 12:58:04 GMT

dragonfly_concept.png

An ongoing cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to energy supplies in affected countries.

Among the targets of Dragonfly were energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers. The majority of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland. 

The Dragonfly group is well resourced, with a range of malware tools at its disposal and is capable of launching...

Candid Wueest | 27 Jun 2014 16:07:09 GMT

android_tablet_security.png

 

At this year’s Google I/O developer conference, the technology giant shared its vision of a connected world where smart watches, smartphones, cars, laptops, televisions, and thermostats all interact seamlessly with one another. Of course, central to this vision was one of the conference’s main themes, the idea of Android everywhere and on every device. However, while all this is very exciting and filled with possibility, this new wave of devices and capabilities will spur on a race to develop more contextually aware and voice-enabled apps on the Android operating system (OS) – which, as a platform, has been a popular target for attackers. 

 

Android L
Google’s next version of Android to be released, referred to as Android L, comes with many new features and capabilities. There are also a few...