Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Dick O'Brien | 08 Sep 2014 12:57:37 GMT

car-to-car-concept.png

The United States National Highway Traffic Safety Administration (NHTSA) is planning to create an official standard for Vehicle-to-Vehicle (V2V) communications and the agency recently published an Advance Notice of Proposed Rulemaking (ANPRM) on V2V—effectively a notice that the standard and a requirement to implement it is on the way—along with a progress report on the development of this new technology.

Why is the US government getting involved in creating new technology standards? It doesn’t believe that the market would agree on a standard itself in a timely fashion if left to its own devices.  “NHTSA...

Symantec Security Response | 05 Sep 2014 16:46:11 GMT

Days after numerous celebrities were found to have their iCloud accounts compromised, a major botnet has turned its attention to Apple customers, launching a phishing email campaign aimed at luring victims into disclosing their Apple ID’s and passwords.

Symantec has observed Kelihos (also known as Waledac) being used to send spam emails purporting to be from Apple, informing the victim that a purchase has been made using their account on the iTunes Store. Samples of the emails discovered by Symantec bear the subject line “Pending Authorisation Notification.” The email says that the victim’s account has been used to purchase the film “Lane Splitter” on a computer or device that hadn’t previously been linked to their Apple ID. The email gives an IP address that was used to make the alleged purchase and claims the address is located in Volgograd, Russia.

...

Nick Johnston | 04 Sep 2014 16:03:29 GMT

Obfuscated phishing sites are nothing new. Various techniques such as JavaScript encryption tools (which offer very primitive obfuscation), data URIs (where the page content is mostly Base64-encoded), and character escaping are often used. However, recently we have seen a phishing site using the Advanced Encryption Standard (AES).

Figure1_13.png

Figure 1. Page source of phishing site using AES

The page includes a JavaScript AES implementation, which it calls with the embedded password (used to generate the key) and embedded encrypted data (ciphertext). The decrypted phishing content is then dynamically written to the page using document.write().

This process happens almost instantly, so users are unlikely to notice anything unusual. Once decryption is complete, the phishing site is shown as normal.

 ...

Satnam Narang | 01 Sep 2014 20:41:48 GMT

It’s all over the news—private photographs of celebrities, including Jennifer Lawrence and Kate Upton, were posted online over the weekend. As for how they were obtained, various reports have suggested the attacker gained access to the celebrities’ Apple iCloud accounts. Based on the widespread interest in this story, we are warning users about scams around this narrative.

Apple ID phishing
Whether or not iCloud was the point of compromise in this incident, scammers have been interested in stealing these credentials for some time. We previously wrote about email scams claiming to be from Apple support asking users to update or verify their Apple IDs (Apple IDs are used for setting up an iCloud account). These emails contain links to phishing websites that...

Avdhoot Patil | 26 Aug 2014 08:40:29 GMT

Celebrity lures continue in the world of phishing. We have seen several phishing sites in the past that used altered celebrity images to get users’ attention. Today, we have a couple of examples in which phishers continued their celebrity  promotion campaigns with glamour models Martisha and Denise Milani. These phishing sites are typically developed for the purpose of stealing personal information from a large number of these celebrities’ fans.

In one campaign, the phishing page spoofed Facebook’s branding and contained an image of glamour model Martisha along with a message in the Arabic language. This message translates to “Chat with Arab boys and girls on Facebook”. The phishing site gave the impression that the user could get involved in adult chats when they entered their login credentials. In reality, after the user inputted their login credentials, they were redirected to the legitimate Facebook login page while their information was sent to the phishers. The...

Symantec Security Response | 25 Aug 2014 18:21:25 GMT

Trojan Backoff 1.png

A recently discovered point-of-sale (PoS) threat known as Trojan.Backoff has affected more than 1,000 US businesses and is capable of stealing credit and debit card information from infected terminals. The threat posed by Backoff has prompted the US Department of Homeland Security to issue an advisory, encouraging all organizations, regardless of size, to check their equipment for PoS malware infections.

The warning follows an earlier bulletin from US-CERT on July 31, which said that seven PoS system providers and vendors had confirmed that they have...

John-Paul Power | 25 Aug 2014 08:41:27 GMT

android-gyroscope-concept.png

Spying and violation of privacy are topics that never seem to be out of the headlines these days. Stories about mobile malware being used by governments and law enforcement agencies to spy on people (Finfish), smartphones coming off the production line with spyware preinstalled (Android.Uupay), or stories about cameras and microphones on smartphones being used for spying are all fairly common. Many spyware programs rely on data gathered from a device’s onboard sensors such as the microphone, camera, GPS etc., however, there is one sensor that has perhaps been overlooked and, unlike...

Hon Lau | 22 Aug 2014 18:59:00 GMT

Third Party Mobile 1.jpg

NIST has published draft guidelines (Technical Considerations for Vetting 3rd Party Mobile Applications (Special Publication 800-163)) to help guide organizations on how to check over third party mobile apps before they allow them for use in their environment. The document contains a wealth of information and advice on how organizations can approach the tricky problem of deciding whether certain mobile apps should be allowed or not. This report comes at a time when many organizations are struggling to get to grips with mobile device related security problems posed by the growth of BYOD and the challenge of increasing use of employer provisioned mobile devices. As the boundaries between business and personal use becomes...

Lionel Payet | 22 Aug 2014 10:17:15 GMT

automobile-sector-concept.png

Contributor: Mark Anthony Balanza

As a successful business sector, the automobile industry is an attractive target for cybercrime. The automobile industry is composed of a multitude of businesses ranging from manufacturers and sellers to garages offering maintenance and repair. Earlier this month, we observed a spam campaign that targeted several small to medium sized companies within the automobile industry in Europe with Infostealer.Retgate (also known as Carbon Grabber).

The Carbon Grabber crimeware kit first appeared on underground forums earlier this year. Crimeware kits are not new and since the Zeus (Trojan.Zbot) malware’s notoriety,...

Avdhoot Patil | 19 Aug 2014 23:33:39 GMT

Phishers are known for capitalizing on current events and using them in their phishing campaigns. Celebrity scandals are popular and Symantec recently observed a phishing attack on the Facebook platform that claimed to have the sex tape of well-known Filipino television host and news anchor Paolo Bediones. Paolo Bediones became a hot topic last month when an adult video featuring a person resembling this TV host appeared online.

Symantec discovered a fake Facebook site behind a campaign that offered the "sex scandal" video of Paolo Bediones.

image1_0.jpg

Figure. Phishing site requests user login, then steals credentials

A message on the phishing site requests users to login to watch the full sex video. If users enter their Facebook login credentials, the phishing page...