Video Screencast Help
Symantec Intelligence
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Takashi Katsuki | 19 Nov 2012 | 0 comments

Initially, I thought that Backdoor.Makadocs was a simple and typical back door Trojan horse. It receives and executes commands from a command-and-control (C&C) server and it gathers information from the compromised computer including the host name and the operating system type. Interestingly, the malware author has also considered the possibility that the compromised computer could be running Windows 8 or Windows Server 2012.
 

Figure 1. Operating Systems check
 

Windows 8 was released in October of this year. This is not necessarily a surprise for security researchers as we always encounter new malware when new...

Kazumasa Itabashi | 06 Nov 2012 | 0 comments

W32.IRCBot.NG and W32.Phopifas

In a previous blog, my colleague Kevin Savage detailed a social engineering attack that utilized instant messaging applications. While the infection rates of W32.IRCBot.NG and W32.Phopifas have passed their peaks, the modules continue to be updated daily.

The infection routine of these threats has not changed since they were discovered, but the threat authors have added new file-hosting sites to use in order for the threats to be downloaded. W32.IRCBot.NG attempts to steal passwords that are used to log into the file-hosting sites from compromised computers. In addition, some modules are located on the servers of virtual server services and...

Bhaskar Krishna | 27 Sep 2011 | 1 comment

Some of the newest printers have scan-to-email ability, a feature that allows users to email scanned documents to a specified email address on demand. Symantec Intelligence has identified malware authors using social engineering tactics that take advantage of this, sending executables in a compressed “.zip” archive via email. The attachment contains an executable disguised as a scanned document from a printer, as shown in the example in figure 1, below.
 

Figure 1: Example of malicious email masquerading as a scanned document sent from an office printer

In each case the sender domain was spoofed to match the recipient domain, sometimes appearing as though forwarded to the recipient by a colleague at the same organization, implying that this email originated internally.
To be clear, office printers and scanners will not send malware-laden...

Paul Wood | 19 Sep 2011 | 0 comments

The word ‘Nimda’ may not be the most well remembered in the cyber-crime hall of fame but as malicious worm outbreaks go, Nimda certainly contributed to the malware landscape and was able to cause havoc on 18 September, 10 years ago in 2001.

Long before cloud based security services were the norm and virus scanning was only performed once a week, the Nimda worm was effectively unleashed onto the global computer network exactly a week after the 9/11 atrocities. Because of this timing, some media quickly began speculating a link between the worm and Al Qaeda, although this rumour was quickly quashed by the FBI, but it did highlight the fact that cyber warfare can be a real threat carefully orchestrated by sophisticated cyber gangs or even terrorists and not script kiddies tucked away in dormitories.

The Nimda worm came hot on the heels of the “Code Red” scare in August 2001, when a variant of the original worm infected more than 250,000 machines...

Paul Wood | 28 Jun 2011 | 2 comments

Welcome to the June edition of the Symantec Intelligence report, which for the first time combines the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report.  The new integrated report, the Symantec Intelligence Report, provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks.

Since the shutdown of the Rustock botnet in March, spam volumes have never quite recovered as the volume of spam in global circulation each day continues to fluctuate, as shown in figure 1, below.

The overall impact has been that spam now accounts for 72.9% of email in June, returning to the same level as in April earlier this year. In June, 76.6% of this spam was being sent from botnets, compared with 83.1% in March. This marks a return to the same level of output as at the end of 2010...