Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Symantec Intelligence
Showing posts in English
Nick Johnston | 05 Sep 2011 | 0 comments

In February this year the Symantec Intelligence Blog covered how 419 or advance fee fraud scammers were using the unrest in Libya to their advantage. As we've extensively covered in the past on the blog, 419 scammers are skilled at using current events to their advantage. For example, scammers have taken advantage of the devastating March 2011 earthquake in Japan as well as other natural disasters and other current events.

The scam message we found in February claimed to be written by someone connected to Libya's Senussi crown, which was overthrown by Muammar al-Gaddafi in his 1969 coup d'état. Since then, we have seen several more messages, exploiting the unrest in different ways, but still following the general 419 or advance fee fraud pattern of demanding endless upfront fees from victims, with vast promised payouts never materialising.

One scam, where the scammer pleads "please read this carefully", claims to be sent by a wealthy...

Bhaskar Krishna | 10 Aug 2011 | 0 comments

Posted on behalf of Bhaskar Krishnappa

Last week Symantec Intelligence blogged about the new tactics applied by Bredolab, especially the start-code obfuscation and hack pack approach.

The past 24 hours of our e-mail scanning engine and monitoring tools have reported a huge run of Bredolab malware. The most interesting part of this blog is our scanners have seen two different samples (Md5sum: f8527fc91329e282c261331303dbaa82 and Md5: ea9ad01c0e8d58c3a5cd8666568201f4), run in different subjects and names to sneak through the mail scanning engines and spam signatures.

We do have interesting stats showing subject v/s the count and attachment names used by attackers to compose the mail pretending to be arriving from well known parcel services and money transfer services.

We have seen more than 300 copies of the sample (Md5sum: f8527fc91329e282c261331303dbaa82) which is...

Lee_Rothman | 09 Aug 2011 | 0 comments

A good service level agreement (SLA) can be an effective tool for helping SaaS providers and customers manage expectations, clarify responsibilities, and objectively assess service effectiveness. If well-defined, an SLA will clearly identify the performance metrics and expectations that guarantee the service.  In some cases, SLAs may offer vague metrics, loose definitions and incomplete information that can be open to misinterpretation.

As you consider your technology investment, keep these important considerations in mind: 

  • Put it on the wish list – Many organizations purchase technology without considering an SLA or they make it an afterthought. Make sure SLAs are included as part of your search for the right solution and are discussed up front during the decision-making process. The SLA may just be among the differentiators.
     
  • ...
| 03 Aug 2011 | 1 comment

Posted on behalf of Bhaskar Krishnappa

Symantec has blogged about the Bredolab malware in the past and its method of infection with the goal of creating awareness in innocent users. Apart from blogs Symantec has also published a research paper explaining how the malware works, why it’s so widespread and the motivations behind it.

This post focuses on why this threat is still a challenge for AV vendors to comprehensively detect.

What does Bredolab bring in?

The latest Bredolab samples are downloading and installing rogue security products on victim’s machines for financial gains as shown below in step: 1 and step: 2...

Nick Johnston | 02 Aug 2011 | 0 comments

by Francisco Pardo and Nick Johnston

Spammers are never idle when it comes to finding new ways to bypass mail filters--after all, this is crucial to a spammer's success.

Recently we've seen a low, but steady, number of spam messages where spammers are replacing characters in URLs (which point to spam sites) with Unicode characters which look similar or identical. This is yet another way of obfuscating URLs in an attempt to make it more difficult to analyse URLs. To understand how this technique works, a bit of knowledge of the Unicode standard is helpful. As well as specifying a large repertoire of characters, Unicode also provides normalisation rules for converting similar and/or equivalent characters to a single form. For example, under various Unicode normalisation forms, an encircled number is considered equivalent to the corresponding ordinary number. This latest spammer obfuscation technique relies on the HTML rendering engine in mail clients (or web...

Ken Bechtel | 01 Aug 2011 | 2 comments

In the past few days, many people in the Anti-Malware community seem to be discussing user education again.  Based on these discussions, I felt it a good time to update an older work and re-release it, in hopes that it helps educate our user community.

Ten Rules of Common Sense Anti-Virus

  1. Buy and keep up-to-date, Anti-Virus Software.  If you fail to keep it up-to-date, you might as well not have anything at all.
  2. Just because you trust a person with your house key, doesn’t mean they practice safe computing. If you don’t know why they are sending you a file, don’t double click on the attachment, ask why it was sent.  Beware of sensational headline news links on social networks.  A healthy dose of paranoia will save you time, energy and frustration.
  3. Recordable CDs and removable Hard Drives are cheap, your data’s not.  With a CD...
Nick Johnston | 13 Jul 2011 | 0 comments

By Nicholas Johnston

As we've covered extensively on the MessageLabs Intelligence blog, 419 or advance fee fraud scammers are skilled at using current events in their scams. In the past we've seen scams relating to earthquakes in Japan and Haiti, and scams relating to the recent unrest in Egypt and Libya.

We recently saw a 419 scam claiming to be from Christine Lagarde, the newly-appointed director of the IMF (International Monetary Fund). The scam follows the usual 419 or advance fee fraud pattern. The scammer claims to be Christine Lagarde, and is releasing all "intercepted consignments" in celebration of her appointment. The catch (or "Rule and Obligation", as the mail puts it) is that to get one of these mysterious consignments, you have to pay a fee of $45 to the IMF in Benin. Of course, this $45 will simply be the first of many increasingly-inventive fees and charges that the scammer demands.

The message was sent through a...

Paul Wood | 10 Jul 2011 | 0 comments

As with many exciting trends we observe in the technology industry - designed as a force for good, to enable, enhance and empower - there are criminals on the other side of fence looking to hijack, undermine and exploit the new capabilities for their own nefarious purposes.  The subject of today's post - VoIP telephony - is an excellent example of how even a genuinely transformative technology can quickly lose its innocence.  Sunday 10th July represents the five year anniversary of a new word in the security commentator's vocabulary, as the first 'vish' - a phish using VoIP telephony - was reported by a number of concerned consumers. Vishing uses techniques that are essentially similar to phishing, the act of acquiring sensitive information via electronic communication whilst posing as a trusted entity. A vish takes place over the telephone, using call spoofing, and tricks a user into...

Paul Wood | 04 Jul 2011 | 0 comments

Today – Monday 4th July – is notable not just because it is Independence Day in the US, but also because it marks another important anniversary for the technology industry in particular. Fifteen years ago, on 4th July 1996, entrepreneurs Sabeer Bhatia and Jack Smith officially launched the first free web-based email system Hotmail, choosing the day deliberately to symbolise freedom from ISP-based email. In 1997, Microsoft acquired Hotmail for an estimated $400m and turned it into the world’s largest web-based email service with over 350 million users operating in 36 different languages.

The mass adoption of Hotmail, and subsequently rival web-based email tools such as Gmail and Yahoo! Mail, is significant for a couple of reasons. Firstly, over a number of years it has successfully transformed email from a largely professional, ‘grown up’ tool, into a free, mainstream, consumer-friendly way of communicating, accessible to, and enthusiastically...

Nick Johnston | 01 Jul 2011 | 0 comments

We've seen spammers abusing URL shortening services on a huge scale for quite some time, which was also reported in-depth as part of the May 2011 MessageLabs Intelligence Report [http://www.symanteccloud.com/mlireport/MLI_2011_05_May_FINAL-en.pdf]. The explosion in popularity of micro-blogging services and social networking status updates has seen a huge increase in the number of URL shortening sites. The simple and semi-anonymous nature of these sites allow spammers to easily create thousands of links which they then include in their spam in an attempt to evade URL-based spam blocking.

Recently we saw a large malware attack using URL shortening services.
The attack abused at least five different URL shortening sites. The message claimed to be from an inter-bank funds transfer service, claiming that a funds transfer had been cancelled. To find out why the transfer was...