Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts in English
Darragh Cotter | 25 Jul 2013

Symantec’s Internet Security Threat Report (ISTR) is an annual report which provides an overview and in-depth analysis of the online security landscape over the previous year. The report is based on data from Symantec’s Global Intelligence Network, which Symantec analysts use to identify, analyze, and provide commentary on emerging trends in cyberattacks, malicious code activity, phishing, and spam as well as the wider threat landscape trends in general.

The latest release, ISTR volume 18, may be considered the most comprehensive and detailed to date. Among other findings, the report incorporated up-to-date data and analysis on targeted attacks, data breaches, malware, spam, vulnerabilities, and mobile malware.

Everyone in Symantec is extremely proud of the ISTR; however, this is no time to rest on our laurels. We are constantly looking to improve the quality of our...

Ben Nahorney | 13 Jun 2013 | 0 comments

As the seasons change and we move from spring into summer, we’ve released the May Symantec Intelligence Report with a new look and feel. For this issue, we’ve focused on a few select topics that we've looked at over the months in the report, and also a few that we highlighted in this year's Internet Security Threat Report.

For starters we’ve taken a look at data breaches. Symantec and the Ponemon Institute have just released their annual Cost of a Data Breach report, which covers trends seen in 2012. Looking ahead into the New Year, we cover what has happened so far in 2013, where the number of data breaches is up for...

Ben Nahorney | 16 May 2013

As the urban legend goes, the bank robber Willie Sutton was asked why he robbed banks. “Because that’s where the money is,” he is attributed as saying. While Sutton has long since distanced himself from the statement, the concept resonates with many people, to the extent that it’s been used to describe principles in accounting and even medicine.  

This principle also holds true in the world of Internet security. In the latest version of the Internet Security Threat Report we discussed the major trends in the spam world, where the percent of spam email continues to decline while more and more social networks are being targeted. Given the growth of social networking in recent years as a...

Ben Nahorney | 12 Feb 2013 | 0 comments

In this month’s report, we find that the email malware rate has dropped significantly since December, where only one in 400 emails containing a virus in January. This is the lowest virus rate we’ve seen since 2009. It could indicate that email virus distributors took a break after the holiday season, or that they have continued to migrate away from email as a choice for malicious payload delivery. We’ll watch this trend carefully to see if it continues to drop off.

In other news this month, Valentine’s Day spam is in full swing. Such spam generally arrives as an ecard during this time of year, preying upon a potential victim’s curiosity about a potential secret admirer—a situation where a legitimate email would likely arrive unsolicited in the first place. Unfortunately many such emails around this time of year do not lead to unexpected romance, but rather fake bargains, phishing attempts, or malicious code. More details on these scams can...

Paul Wood | 11 Jan 2013 | 0 comments

In December’s Symantec Intelligence Report we take a closer look at our worldwide stats on the threat landscape. For the month of December, the United States claimed the dubious honor of being the largest source of spam at 12.7%, phishing scams at 24.2%, and virus attachments at 40.9% globally. It’s not unusual for the US to top one or two of these three categories, though claiming the triple crown of risk-based distribution is a little less common.

In other country news, Norway has jumped up to become the most targeted country for phishing attacks, as we’ve determined that 1 in 81.4 emails in the country were phishing attempts in December. Norway also came in second biggest source country, distributing 20.2% of all worldwide phishing attacks. The reasons why one country would jump like this are often varied, but likely due to a concerted...

Ben Nahorney | 10 Dec 2012 | 1 comment

It seems that everywhere you turn this year, there’s news of another data breach. Sometimes it’s a laptop stolen, other times it’s hackers compromising a database. No matter how they occur, each breach leads to someone’s identity being exposed. Whether or not this exposure leads to identity theft, there’s no doubt that the risk involved, and the frequency that these breaches are occurring makes data breaches one of the top security issues of 2012.

In this month’s Symantec Intelligence Report, we examine the types of data that is often stolen during a data breach. It turns out the most commonly stolen information is more personal than you might first expect: a person’s real name is more likely to be stolen than a username or password.

Overall, the median number of identities stolen per breach...

Takashi Katsuki | 19 Nov 2012 | 0 comments

Initially, I thought that Backdoor.Makadocs was a simple and typical back door Trojan horse. It receives and executes commands from a command-and-control (C&C) server and it gathers information from the compromised computer including the host name and the operating system type. Interestingly, the malware author has also considered the possibility that the compromised computer could be running Windows 8 or Windows Server 2012.

Figure 1. Operating Systems check

Windows 8 was released in October of this year. This is not necessarily a surprise for security researchers as we always encounter new malware when new...

Paul Wood | 13 Nov 2012 | 0 comments

In this month’s report we investigate a new social networking avenue that scammers are attempting to leverage: Instagram. They’re doing so in order to gather personal details and persuade users to sign up for premium-rate mobile services, among other things, generally by creating fake accounts:

The scams take on a number of forms, from spam comments, to fake followers, to liking photos in the hopes people will check out their profiles, which in turn often contain more spam links.

We’ve also noticed a significant drop in email spam volumes this month. The global spam rate has dropped by more than 10%, from 75% of email traffic in September, down to 64.8% in October. It’s good news overall, resulting in a 50 percent drop in spam volume over a two-month period.  We take a look at some of the likely causes for this significant drop.


Kazumasa Itabashi | 06 Nov 2012 | 0 comments

W32.IRCBot.NG and W32.Phopifas

In a previous blog, my colleague Kevin Savage detailed a social engineering attack that utilized instant messaging applications. While the infection rates of W32.IRCBot.NG and W32.Phopifas have passed their peaks, the modules continue to be updated daily.

The infection routine of these threats has not changed since they were discovered, but the threat authors have added new file-hosting sites to use in order for the threats to be downloaded. W32.IRCBot.NG attempts to steal passwords that are used to log into the file-hosting sites from compromised computers. In addition, some modules are located on the servers of virtual server services and...

Paul Wood | 08 Oct 2012 | 1 comment

In this month’s report, we take a look at an often-overlooked side of malicious code: how attackers administer the Web servers that they use to spread spam and malicious code. We highlight a PHP-based tool in particular that is often used to control and manipulate the configuration of these Web servers.

The tool can run arbitrary PHP code, brute force file transfer and database accounts, and even allows quick access to Web server configuration files so that the attacker can edit them in order to suit their malicious needs. The attacker can easily obfuscate his or her code, making its function less apparent if viewed by the legitimate server admins. We’ve witnessed this tool being used to create spam-related websites and hosting exploit pages to compromise further computers.

We also take a look at a rather interesting Android application that attempts to trick the user into thinking that they can charge their device with nothing but the rays of the sun. The...