Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Security Response

Showing posts in English
Santiago Cortes | 25 Nov 2013 09:17:33 GMT
Back in 2012, a key player involved with the prominent Remote Administration Tool (RAT) known as Blackshades RAT was reportedly arrested. Despite his alleged arrest, and with its code leaked in 2010, the tool is still being sold and used in cybercriminal activity. Symantec Security Response has noticed that the use of the RAT has increased over the last five months.
 
Blackshades RAT, detected by Symantec products as W32.Shadesrat, will gather passwords and credentials from infected systems, sending them back to the malicious command-and-control (C&C) server. This increase in activity prompted us to investigate the main C&C servers that manage the latest infections. Upon investigation, we found a connection to the...
Binny Kuriakose | 22 Nov 2013 09:42:44 GMT

Contributor: Vivek Krishnamurthi

The holiday season starts in the United States on Thanksgiving on November 28 preceding Black Friday, which occurs on November 29. This also marks the beginning of the much awaited shopping season when people take to the streets to celebrate the shopping furor with their family and friends. The shopping buzz is fuelled by discount sales and promotional offers by online sites and retailer outlets.

With online commerce growing by the day, spammers may take advantage of the holiday season to target shoppers. The spammers usually send out fake promotional messages and bogus deals and lie in wait for any victims who are tricked by these scams. Symantec has been on the lookout for signs of such messages to warn the public on what to avoid this holiday season.

We found the most popular spamming techniques, which topped our chart early this holiday season 

Products offered at discounts never seen before...

Symantec Security Response | 22 Nov 2013 00:12:26 GMT

Fake AV 1 edit.png

Contributor: Joseph Graziano

A new clever way of social engineering spam is going around today that attempts to trick users into running malware on their computers. The methods malware authors are using include emails pretending to be from various antivirus software companies with an important system update required to be installed by the end user, along with attaching a fake hotfix patch file for their antivirus software. The email plays on end user concern over the lack of detection, especially in the face of the latest threats showcased in the media recently, such as the Cryptolocker Trojan. This type of social engineering entices users to open and install the hotfix without using much discretion as...

Takashi Katsuki | 20 Nov 2013 16:42:05 GMT

Symantec has discovered a new back door worm-type threat which targets servers running Apache Tomcat. This threat is a little different from the ones we usually encounter every day.

Back door type Trojan horses and worms let attackers execute various commands on compromised computers and essentially enable the attacker to control a computer remotely. This means that important information can be stolen from the user and their computer could be used to attack other victims.

You may think that this type of attack only targets personal computers, such as desktops and laptops, but unfortunately that isn’t true. Servers can also be attacked. They are quite valuable targets, since they are usually high-performance computers and run 24x7. We often see back door type Trojans that are written in PHP, such as PHP.Backdoor.Trojan. This time around though, Symantec has found...

Christopher Mendes | 20 Nov 2013 05:37:33 GMT

Tacloban, the new ground zero created by Haiyan, is the raison d'être for a large directory harvest attack (DHA) launched by spammers today.

A DHA attack is launched to check the validity of an email directory or emails related to a targeted email server. The aim of this is to collect intelligence and prepare a platform to launch a large spam campaign on that particular site once a database is put in place. Rejected emails return as bounce or non-delivery report/receipt (NDR) and the rest is concluded as legit, while valid emails will soon be bombarded with a host of spam, phish and malware laden email attacks.

The attack is launched, with the spammer claiming to be from a reputed mass media and communications company on a very large Internet site and service provider, for the sole purpose of harvesting and validating email addresses.

The email’s structure is very simple. The headers and body content of the said attack are taken from a...

khaley | 19 Nov 2013 15:49:56 GMT

Whispers.

The secret to predicting the future is to listen for the whisper.

By the time you’ve heard things in a loud, clear voice they have already come true. I’ve been listening to the whispers in 2013 and have a pretty good idea for what we’ll be hearing loud and clear in 2014. Below are my predictions of the top things we’ll hear and what they will mean for us in 2014.

  • People will finally begin taking active steps to keep their information private.
  • Scammers, data collectors and cybercriminals will not ignore any social network, no matter how “niche” or obscure.
  • The “Internet of Things” becomes the “Internet of Vulnerabilities.”
  • Mobile apps will prove that you can like yourself too much.

“Wait a minute…The Internet knows more about me than my own mother?”

People will finally begin taking active steps to keep...

Mathew Maniyara | 19 Nov 2013 05:34:13 GMT

Contributor: Avdhoot Patil

The internet can be a dangerous place with security threats lurking from every direction, and it gets worse when threats meld together. Phishing today is a major part of cybercrime and phishers have recently gained interest in additional security threats. This year has witnessed the fusion of threats such as malware and spam with phishing, for instance. The recent use of malware in bogus apps are a good example.

This month, malware was used yet again in a phishing site spoofing Facebook. This phishing site offers a fake app devised to entice Android and iPhone users and was hosted on servers based in Paris, France, with pages in the French language.

A phishing site always comes with bait but phishers always craft new ones because they don’t want users to get familiar with same old phishing bait. This time, the bait was an offer...

Liam O Murchu | 19 Nov 2013 01:09:56 GMT

It was with quite some skepticism that I accepted Peter Szor's invitation to go surfing with him five years ago. I had tried surfing several times before but had been disappointed by the lack of adrenalin. I came from a snowboarding background and everyone had told me to try surfing because it was so similar. I had tried it, several times, and I was not impressed. It was mostly about sitting around waiting for something to happen. Where is the adrenalin? Where is the rush?

PeterSzor.jpg

Peter Szor holding his book The Art of Computer Virus Research and Defense, I was looking for a picture of him out surfing but I realized that sadly I don’t have any pictures with him at all.

At first Peter wanted to take me (a true novice) to his secret spot* in Malibu, a point break with a rocky bottom that would cut you to pieces if you fell the...

Satnam Narang | 18 Nov 2013 23:04:38 GMT

Last week, the United Kingdom’s National Crime Agency (NCA) warned that tens of millions of customers were being targeted by the Cryptolocker malware through a mass spam campaign.

According to the alert, millions of UK customers received malicious emails, but the primary targets seem to have been small and medium businesses.

A recent Symantec blog examined a threat named Trojan.Cryptolocker and how it is an aggressive evolution of the ransomware family of threats. Cryptolocker thrives by encrypting files on a victim’s computer and holding the decryption key for ransom. Interestingly, Symantec...

Symantec Security Response | 14 Nov 2013 14:03:17 GMT

The security industry, as well as IT administrators across the globe, has been busy recently dealing with multiple zero-day vulnerabilities emerging in quick succession. Before anyone has time to draw a breath after the barrage, yet another zero-day has appeared, ready to cause people problems. Well, for people in Japan at least, since the vulnerability is in the Japanese word-processing software Ichitaro.

Ichitaro developer JustSystems recently announced that the Multiple Ichitaro Products Unspecified Remote Code Execution Vulnerability (CVE-2013-5990), allowing the execution of arbitrary code, exists in Ichitaro products. In September 2013, Symantec discovered attacks in the wild attempting to exploit this vulnerability; however, the exploits did not properly work to compromise the system in our testing environment. As always, we...