Symantec Intelligence

The Symantec Intelligence Blog published by Symantec.cloud serves as a conduit for communicating Intelligence data, trends and statistics based on analysis of cyber security threats, trends and insights from the Symantec Intelligence team comprised of many world-renowned malware and spam experts. Sitting on the front lines of defense, they have a global view of threats across multiple communication protocols drawn from the billions of web pages, email and IM messages they monitor each day.

Follow Us on Twitter
  • 0
    Created: Takashi Katsuki 19 Nov 2012

    Malware Targeting Windows 8 Uses Google Docs

    Initially, I thought that Backdoor.Makadocs was a simple and typical back door Trojan horse. It receives and executes commands from a command-and-control (C&C) server and it gathers information from the compromised computer including the host name and the operating system type. Interestingly, the malware author has also considered the possibility that the compromised computer could be running Windows 8 or Windows Server 2012.   Figure 1. Operating Systems check   Windows 8 was released in October of this year. This is not necessarily a surprise for security researchers as we always encounter new malware when new...
  • 0
    Created: Kazumasa Itabashi 06 Nov 2012

    LOL Links Wake Up Rage?

    W32.IRCBot.NG and W32.Phopifas In a previous blog, my colleague Kevin Savage detailed a social engineering attack that utilized instant messaging applications. While the infection rates of W32.IRCBot.NG and W32.Phopifas have passed their peaks, the modules continue to be updated daily. The infection routine of these threats has not changed since they were discovered, but the threat authors have added new file-hosting sites to use in order for the threats to be downloaded. W32.IRCBot.NG attempts to steal passwords that are used to log into the file-hosting sites from compromised computers. In addition, some modules are located on the servers of virtual server services and...
  • 1
    Created: Bhaskar Krishna 27 Sep 2011

    Malicious emails masquerade as office printer messages

    Some of the newest printers have scan-to-email ability, a feature that allows users to email scanned documents to a specified email address on demand. Symantec Intelligence has identified malware authors using social engineering tactics that take advantage of this, sending executables in a compressed “.zip” archive via email. The attachment contains an executable disguised as a scanned document from a printer, as shown in the example in figure 1, below.   Figure 1: Example of malicious email masquerading as a scanned document sent from an office printer In each case the sender domain was spoofed to match the recipient domain, sometimes appearing as though forwarded to the recipient by a colleague at the same organization, implying that this email originated internally. To be clear, office printers and scanners will not send malware-laden...
  • 0
    Updated: Paul Wood 19 Sep 2011

    Nimda – the worm finds new tricks

    The word ‘Nimda’ may not be the most well remembered in the cyber-crime hall of fame but as malicious worm outbreaks go, Nimda certainly contributed to the malware landscape and was able to cause havoc on 18 September, 10 years ago in 2001. Long before cloud based security services were the norm and virus scanning was only performed once a week, the Nimda worm was effectively unleashed onto the global computer network exactly a week after the 9/11 atrocities. Because of this timing, some media quickly began speculating a link between the worm and Al Qaeda, although this rumour was quickly quashed by the FBI, but it did highlight the fact that cyber warfare can be a real threat carefully orchestrated by sophisticated cyber gangs or even terrorists and not script kiddies tucked away in dormitories. The Nimda worm came hot on the heels of the “Code Red” scare in August 2001, when a variant of the original worm infected more than 250,000 machines...
  • 2
    Updated: Paul Wood 28 Jun 2011

    Welcome to the new-look Symantec Intelligence Report

    Welcome to the June edition of the Symantec Intelligence report, which for the first time combines the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report.  The new integrated report, the Symantec Intelligence Report, provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. Since the shutdown of the Rustock botnet in March, spam volumes have never quite recovered as the volume of spam in global circulation each day continues to fluctuate, as shown in figure 1, below. The overall impact has been that spam now accounts for 72.9% of email in June, returning to the same level as in April earlier this year. In June, 76.6% of this spam was being sent from botnets, compared with 83.1% in March. This marks a return to the same level of output as at the end of 2010...