Video Screencast Help

Security Response

Showing posts in English
Eric Park | 20 Jan 2014 18:44:19 GMT

Spammer success is dependent on two factors:

  1. Evading spam filters so the spam message arrives in the recipient inbox
  2. Crafting messages so that the recipient is enticed to open and perform desired call-to-actions (click on the link, open attachment, etc.)

Spammers walk a fine line to balance these two aspects; relying heavily on one factor and ignoring the other will make the spam campaign fail. For example, spammers can evade spam filters by randomizing the subject and body of the message, however such randomization is likely to be ignored by even the most unsophisticated user as obvious spam. Similarly, crafting stand-out enticing messages to increase the email open rate often results in spam filters blocking the message. Spammers have a tough challenge.

Rising up to meet this challenge, spammers are now hiding the true content from the user more than ever before. While there are still spam campaigns with links to online pharmacies with...

Satnam Narang | 15 Jan 2014 22:13:49 GMT

A few weeks after our blog post about porn and secret admirer spam targeting Snapchat users, a new spam campaign using sexually suggestive photos and compromised custom URLs is circulating on the photo messaging app.
 

image1_21.png

Figure 1. Snapchat spam
 

Each of these spam messages includes a request to “Add my kik”, along with a specially crafted user name on the Kik instant messaging application for mobile devices.
 

image2_12.png

Figure 2...

Eric Park | 15 Jan 2014 09:29:01 GMT
After a long hiatus, spammers are once again using an old trick, where they attach a .zip file to trick the user into executing the compressed malware. The chart below shows the number of spam messages with .zip attachments over the last 90 days in Symantec’s Global Intelligence Network (GIN).
 
figure1_6.png
Figure 1. Spam messages with .zip attachments over the last 90 days
 
On January 7, 99.81 percent of the .zip attachment spam that came into Symantec’s GIN had the file name “BankDocs-”  followed by 10 hexadecimal characters.
 
figure2_7.png
Figure 2. Email with “BankDocs-” .zip attachment
 
On January 8, 99.34 percent of the .zip...
Christopher Mendes | 15 Jan 2014 07:35:27 GMT

It’s not surprising to see scammers exploiting the laxity of Internet users.

Symantec has observed another malware wave over the past few days following the holiday season. Many users check their utility and other official emails post-vacation to see if they missed out important messages. This is where spammers take a chance and hope that users will click on malicious links in their emails.

In this latest wave of attacks, spammers are taking advantage of users’ desire to open and respond to urgent emails right away. When this happens, the malware infects users’ computers and extracts confidential data.

Last week, I too, received some of these scam emails posing as delivery failure notifications from well-known stores with an online presence, stating that I missed the delivery of a couple of parcels while I was away on vacation.

At first, I wondered how this was possible since I hadn’t placed any orders, and wondered if they might be surprise gifts....

Candid Wueest | 14 Jan 2014 22:40:15 GMT

The rise of “rest in peace” scam messages on social media sites continues. Jackie Chan, Morgan Freeman, Will Smith, Keanu Reeves, and Rihanna are only a few of the celebrities that have been proclaimed dead in recent scams. The sensational messages usually include links to a video. Before the user gets to see the video, they are tricked into manually sharing the bait message with all of their family and friends in order to spread the scam further. Even after sharing the post, the user will still not be able to see the fake video. Rather, they will be redirected to a site with advertisements that asks the user to fill out a survey. The ads and surveys generate revenue for the scammer. Other variants of the scam ask the user to download a malicious browser extension or application. This kind of scam is not new, but as long as they make money, they will continue.

...

Dinesh Theerthagiri | 14 Jan 2014 19:24:29 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing four bulletins covering a total of six vulnerabilities. All six of this month's issues are rated ’Important’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the January releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Jan

The following is a breakdown of the issues being addressed...

Symantec Security Response | 14 Jan 2014 08:02:58 GMT

We recently encountered a website of a major Japanese book publisher and distributor, of books, magazines, comics, movies, and games, injected with a malicious iframe leading to another website hosting an exploit kit.

As far as we know, at least three files on the book publisher’s site were compromised.

 figure1_6.png
Figure 1. Malicious iframe found on publisher’s site

The malicious iframe was present across multiple pages including the homepage. Our telemetry shows the first potential victim visited the site at approximately 22:00 PST on January 5, 2014 (15:00 JST on January 6, 2014). The security issue was not fixed until late on January 8, PST (in the evening of January 9, 2014 JST).

The malicious iframe loads another website, hosting an exploit kit, as soon as a user visits the book publisher’s site. The exploit kit...

Candid Wueest | 13 Jan 2014 13:06:59 GMT
Energy is crucial to our modern lifestyle. Disturbingly, reports of attempted attacks against the companies and industries that supply it are increasing every year. In the first half of 2013, the energy sector was the fifth most targeted sector worldwide, experiencing 7.6 percent of all cyberattacks. So, it’s not surprising that in May 2013, the US Department of Homeland Security warned of a rising tide of attacks aimed at sabotaging processes at energy companies. At Symantec, our researchers are finding that traditional energy utility companies are particularly concerned about scenarios created by the likes of Stuxnet or Disttrack/Shamoon which can sabotage industrial facilities. 
 
We are also learning that aggressors who target the energy...
Lionel Payet | 10 Jan 2014 16:36:48 GMT

Japanese animation is known as anime and Japanese comics are known as Manga. In the last two decades, these industries have grown in popularity across the world. People know that cashing in on the latest trend is often an easy way to earn money, and many legal and illegal businesses often take advantage of this. The popularity of anime and manga has opened up a new avenue for cybercriminals to push malware threats onto unsuspecting fans through malvertisements and mobile risks.

During the early 90’s Japanese comics experienced a boom in the US market and earned their place on the shelves of major book sellers. Before these books can be read by fans who do not speak Japanese, they must be translated. The number of manga being officially translated is growing, but this doesn’t seem to be enough to keep fans satisfied. In addition, only the more popular titles are candidates for translation.

One problem the...

Candid Wueest | 09 Jan 2014 15:05:24 GMT

The New Year has started and many people are still holding to their resolutions. Besides the usual suspects of exercising more and quitting smoking, some might have planned on finding a new apartment. Unfortunately, this also means a rise in prepaid rental ad scams. So be cautious while you’re searching for a new home.

The prepaid rental scam advertisements can be encountered on nearly any platform and in most countries. The ads often look very professional; some are even copies of real ads from legitimate sources. We have seen them on established apartment rental sites, online notice boards, B&B agency sites, and even in the classified ads section of newspapers. The website owners try their best to spot false advertisements and delete them as fast as possible, but there is always a chance that there is a new ad that hasn’t been removed yet.

The scam is pretty simple. Once the victim shows interest in the apartment the alleged landlord informs the victim that he...