Video Screencast Help
Symantec Intelligence
Showing posts in English
MarissaVicario | 21 Dec 2010 | 0 comments

Posted on behalf of Martin Lee, Senior Software Engineer, Symantec Hosted Services

Information security is all about maintaining the confidentiality, integrity and availability of data. At this time of year, no information security asset is more important than Santa’s ‘naughty or nice’ list.

This data set lists the personal details of billions of individuals along with highly sensitive details of their private life. This database is almost certainly a high profile target for criminal gangs. The details may be used to blackmail high profile individuals or to compromise employees with access to sensitive or further confidential information. Any unauthorized disclosure of this information may also breach North Pole data protection laws.

The integrity of this data is also of vital importance, unauthorized access may allow criminal gangs to alter statuses from ‘naughty’ to ‘nice’ for financial...

MarissaVicario | 17 Dec 2010 | 0 comments

Posted on behalf of Matt Sergeant, Senior Anti-spam Technologist, Symantec Hosted Services

As of this week, Canada joins the rest of the G8 countries with its very own anti-spam law. Until now, Canada has been the only G8 country without anti-spam legislation. Bill C-28, the new Fighting Internet and Wireless Spam Act, will require businesses to follow best practices and aims to prevent unsolicited commercial e-mail distribution in Canada

First introduced in 2009 as Bill C-27, the Electronic Commerce Protection Act died when parliament was prorogued in December 2009 but was reintroduced earlier this year as Bill C-28. After much debate, it was finally approved by the Senate on December 15, 2010.

This legislation differs from the CAN SPAM Act in the U.S., which requires opt-out protocol. Canada’s powerful spam law requires businesses to obtain opt-in consent from recipients before sending commercial emails and other electronic...

MarissaVicario | 17 Dec 2010 | 0 comments

Posted on behalf of Nicholas Johnston, Senior Software Engineer, Symantec Hosted Services

This year's soccer FIFA World Cup in South Africa, enjoyed by millions, was also used by both 419/advance fee fraud scammers and malware authors to lure unsuspecting victims into handing over money or installing malware. World Cup interest has been briefly re-ignited by FIFA's recent announcement of the host nations for the 2018 and 2022 tournaments.

However, the host for the 2014 tournament, Brazil, had already been decided. Even though the tournament is over 1,200 days away and many of the stadiums are that will be used to stage matches are being redeveloped, 419/advance fee fraud lottery scams have already started using this event to try to trick victims into handing over money to claim fake lottery winnings.

MessageLabs Intelligence recently saw two examples of this. Both contain attachments claiming that the recipient has won a...

MarissaVicario | 10 Dec 2010 | 0 comments

Posted on behalf of Nicholas Johnston, Senior Software Engineer, Symantec Hosted Services

Spammers abusing free hosting sites by using them for hosting spam-related content is nothing new, but this abuse has turned into much more sophisticated, multi-layer abuse.

Instead of just including a link to a free hosting site, and hosting spam-related content there, spammers are increasingly using URL shortening services. These services allow spammers to create an almost unlimited number of links, allowing each individual spam message sent to contain a new link. Increasingly, these links do not point directly to a spam-related site. Instead, they point to a free hosting site, often with extra randomized "junk" parameters added to the end of the URL like this:

 http://fipxmdmzp.REDACTED.com/?iyzdm=yngqsa
...

MarissaVicario | 07 Dec 2010 | 0 comments

Posted on behalf of Tony Millington, Malware Operations Engineer, Symantec Hosted Services

On Friday 3rd December at 12:41 Skeptic stopped a new virus that we had not seen before, a targeted attack against a government body using WikiLeaks as social engineering to get the user to open the document.

File Details:
    Name: WikiLeaks.pdf
    Md5sum: 8be9d8ad72d2ac5a0e0eb59292bd41a9
    Commercial Scanner Detection: 9/43

 

 

The email had been sent from a compromised account and, as is often the case, the social engineering didn’t have a lot of thought behind it. Because the above sentence within the email doesn’t make much sense, the recipient is led to believe the pdf attachment may lead to more information.

However, the attachment has an encrypted executable embedded in it...

Daren Lewis | 06 Dec 2010 | 0 comments

 

Tomorrow (December 7) we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we have shared a number of these trends. This trend is the final in this series of posts:

Cybercriminals Usurp URL Shortening Services

URL Shortening services are becoming critical to the operation of social networks, particularly those that apply a character limit to user updates. In 2010 we saw a number of exploits using URL shortening services that lead to compromised sites.

In 2011 we expect to see more sophisticated attacks using URL shortening services either by a criminal enterprise gaining control of a significant URL shortening service or one of these groups setting up a service which appears legitimate, and operates in a legitimate...

Daren Lewis | 06 Dec 2010 | 0 comments

Tomorrow (December 7) we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Hackers Exploit Router Vulnerabilities 

As 2010 has proven there are many systems vulnerable to attack. We often focus on PCs, servers and devices but recently it has become apparent that routers are also open to exploit. Router vulnerabilities, allow attackers to re-route network traffic with malicious intent. As an example a user could be diverted from an online banking site to an identical-looking malicious website and their login credentials could be stolen or a business user could be diverted from a legitimate CRM, ERP or HR service allowing a hacker to access client, business or staff information. When properly...

Daren Lewis | 03 Dec 2010 | 0 comments

On December 7 we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Rogue Marketplace Vendors Exploit Online Digital Currencies
In 2011 social networking sites and online marketplaces will roll-out their own in-house digital virtual currencies. As an example one site already has a system in place that uses “Credits.” Attacks will soon be designed to seek to exploit these new areas for financial fraud, including specialized malware, rogue applications and phishing attacks.

We expect more social networking environments and online marketplaces will move towards adopting this approach, and that these systems will come under prolonged attack and a weakness in one will be identified as the...

MarissaVicario | 02 Dec 2010 | 1 comment

Posted on behalf of Martin Lee, Senior Software Engineer, Symantec Hosted Services

Targeted Trojans are bespoke pieces of malware written by someone who is trying to access information from an identified individual. This particular Trojan demonstrates some of the tricks used by targeted Trojan writers.

The intended victim of this attack is a senior individual in the energy and mining sector. The malicious email is plausible, during difficult economic times an urgent round of downsizing may be underway and that this issue is being kept a secret. The attacker is expecting the victim to be curious and to attempt to open the attachment.

Although the attachment appears to be a spreadsheet file, it is actually a malicious executable that exploits a known vulnerability in Microsoft Excel to run.

Malware writers are aware that many corporate systems...

Daren Lewis | 02 Dec 2010 | 0 comments

On December 7 we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Botnets Evolve with Steganography
Since the McColo ISP takedown in November 2008, which removed the command and control servers used by cyber crooks to control the activities of their botnets, and wiped out many cybercrime operation, the cybercriminals have been looking to build business continuity practices into their operations.

In 2011, we expect that botnet controllers will resort to employing steganography techniques to control their computers. This means hiding their commands in plain view – perhaps within images or music files distributed through file sharing or social networking websites. This approach will allow...