Video Screencast Help
Search Video Help Close Back
to help

Symantec Intelligence

Showing posts in English
IT Security Essentials for Growing Businesses
Paul Wood | 30 Apr 2010 | 0 comments

Small-to-Medium-sized Businesses (SMBs) often encounter problems with IT security, but it’s not that they don’t care about being secure or that it doesn’t show up as an issue on their company radar. The problem stems from not knowing what it is that they really need to do as a priority. They know that there are lots of things they could be doing, but security can be such a complex subject and with so many options, the end result is that they don’t really know what to focus on first. In essence, what measures would actually make a real difference to their level of security rather than be purely cosmetic or give them only a minimal return?

If you strip away all the complexity, then these security questions can be answered. Most SMBs do not have the same breadth of IT security needs that larger enterprises have and do not need their security to be as comprehensive. Security can be stripped down to the essentials. And, if we do that, then we find that...

Read more
LoveBug Virus Turns Ten
MarissaVicario | 28 Apr 2010 | 0 comments

May 4, 2000 is a date that has gone down in history for Symantec Hosted Services, then MessageLabs. On that day the MessageLabs Intelligence team was the first to stop and name the LoveBug virus, a mass-mailing worm that affected 45 million computer users when virus levels surged overnight from 1 in every 1000 emails to 1 in 28. Most of the insight into the sentiment of that day is in the accounts from those who were on the front lines of detection as told in the April 2010 MessageLabs Intelligence Report. Similarly, the only essence of the virus itself is left in its pictorial image which Symantec Hosted Services has captured using LoveBug’s actual virus code.  

Image generated by Alex Dragulescu using actual LoveBug virus code

This unique representation of the LoveBug virus was featured this week at InfoSec in...

Read more
Symantec Hosted Services Cyber Threat Gallery Brings Cyber Threats to Life
Daren Lewis | 13 Apr 2010 | 0 comments

For the past three years, the Symantec Hosted Services (formerly MessageLabs) Cyber Threat Gallery has traveled far and wide displaying at events from London to San Francisco. This week, the collection is on display at Symantec’s Vision 2010 Conference. Attendees can see many pieces from the collection, comprised of 25 images in its entirety and created by digital artists Alex Dragulescu and Julian Hodgson, at the Vision Welcome Reception on Tuesday, April 13 in the main expo hall of the MGM Grand. The artwork will remain displayed on the first and second floors of the hotel conference center for the duration of Vision 2010.

This week at Vision 2010, Conficker will debut along with Lovebug and Rustock, two of the newest additions to the collection. A dropper discovered by Symantec in November 2008, Conficker infected more than six million computers worldwide becoming one of the most dangerous threats of the year. Having remained relatively quiet since, it is now a...

Read more
Scammers exploit the goodwill of “volunteers” from India
MarissaVicario | 06 Apr 2010 | 0 comments

By Martin Lee, Senior Software Engineer, Symantec Hosted Services

A common tactic of scammers is to exploit the desire of individuals to do good while doing well – to associate themselves with good works while making a little money. In the process these individuals become money mules, unwitting participants in the shadow economy.

One recent scam email purports to be from the Red Cross in Norway looking to recruit volunteers in India to process payments. Volunteers are offered a commission of 7% from the sums of money that they process and are offered up to $500/month. In reality, the email is from organised cyber criminals looking to recruit people to launder money stolen from attacks on bank accounts or from scams.

Criminals need to recruit networks of money mules who unknowingly accept transfers of stolen money into their bank accounts then transfer the money on to bank accounts controlled by the criminals. Often the money transfers are cross border,...

Read more
Spammers Capitalize on Easter
MarissaVicario | 01 Apr 2010 | 0 comments

Posted on behalf of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services

It comes as no surprise that as Easter approaches, spammers are taking advantage of the holiday. Though there hasn’t been any noticeable increase in traffic, there have been a few subtle changes to the websites that spammers link to, such as the one below.

This is a common tactic for the people who create these websites, and the spam runs that are developed to send victims there. The main site itself will stay the same, but a key banner in a central location gets updated with a seasonal or topical theme. Below is an example of a banner taken from the same site as the one above, at a time when there were no upcoming seasonal holidays. The below banner is a “standard” offer, rather than a seasonal special, but in reality it is the same offer as the one above, for the same price. All that has...

Read more
Why Some Webmail Services May Be Favored in Targeted Attacks
MarissaVicario | 30 Mar 2010 | 0 comments

by Tony Millington, Associate Software Engineer, and Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

A few days ago Symantec Hosted Services released its March Messagelabs Intelligence Report, which was picked up by a number of other technology news sites. We were quite surprised that they seemed to pick up on the information we published about the location of the sender. This is nothing new, really. We've used this information for a long time in various facets of our detection to facilitate more accurate judgments on the nature of a potentially harmful email.

The data published in the Messagelabs Intelligence report (http://www.messagelabs.com/mlireport/MLI_2010_03_M...) in regards to the source of the targeted attacks we intercept, is in a good proportion of all the targeted attacks we...

Read more
MessageLabs Intelligence Warns of Tax Season Phishing Scams
MarissaVicario | 29 Mar 2010 | 0 comments

By Mathew Nisbet, Malware Data Analyst

‘Phishing’ has been around since 1996, and refers to the attempted theft of sensitive information such as usernames, passwords, or credit card details by impersonating a trustworthy source such as a bank.

Below is a typical example that MessageLabs Intelligence sees on an almost daily basis. It is impersonating the HMRC (“her majesty’s revenue and customs,” the UK tax office).

As you can see, the scammers are quite good at making an e-mail look legitimate. Someone who has never received an official e-mail from the tax office would have no reason to suspect this was not genuine on first glance. The logo is correct, and the links in blue along the bottom go to the genuine HMRC website. However, the link in green in the message itself does not go to an official page. It goes to a fake page where any...

Read more
Sport news website 'Send this page to a friend' service being abused by 419 scammers
MarissaVicario | 26 Mar 2010 | 0 comments

By Dan Bleaken, Malware Data Analyst, Symantec Hosted Services

MessageLabs Intelligence analysts found a 419 scam today that is a little different from the majority of 419s.

The basic premise of a 419 scam (also commonly referred to as an advance fee fraud scam) is that the recipient is entitled to, or has won a large sum of money, and in order to get the money, they need to contact someone (usually a webmail address but sometimes a phone number), or email personal details to a webmail address.  

As well as it being highly likely that the recipient’s email address would then be added to the  scammers’ list of targets (lining up the recipient for many more scam emails in future), the next stage would almost certainly be for the scammers to phone or email back, to get the victim to send an advance fee, in order to release the supposed money.  As is so often the case with advance fee fraud scams or 419s, the initial email is just the...

Read more
Targeted Attack uses FIFA World Cup 2010 as a hook
Daren Lewis | 25 Mar 2010 | 1 comment
Posted on behalf of Greg Leah, Dan Bleaken, Seth Hardy, Jo Hurcombe & Tony Millington

Symantec Hosted Services analysts spotted a blocked targeted attack yesterday that uses the FIFA World Cup 2010 to encourage the recipient to open a malicious PDF attachment.  It uses a very fresh vulnerability in Adobe Reader.
 
First some background on targeted attacks.

What is a targeted attack?
  • Probably the most damaging type of internet threat
  • Takes place via email
  • Designed to target a specific individual or organisation
  • Aim is to extract sensitive/valuable information
  • Used to gain competitive advantage, blackmail, harm reputation, gather intelligence/spy, steal secrets/designs/ideas, other information

How is it done?
  • First the attacker performs...
Read more
Spammers Get Creative with ASCII
MarissaVicario | 25 Mar 2010 | 0 comments

Posted on behalf of Dan Bleaken, Malware Data Analyst and Nick Johnston, Senior Software Engineer, Symantec Hosted Services

This week MessageLabs Intelligence noticed some eye-catching artwork from spammers.  

‘ASCII art’ is the use of the ASCII character set (just under 100 characters available on standard keyboards), to produce a picture.  

For example:


                 
Over the years ASCII art has been used sporadically in spam.   Spammers use it as a way to obfuscate words, presenting messages written in ASCII art rather than simple text.  This often frustrates attempts by some of the more basic anti-spam technology to recognise certain phrases.  The same thinking is behind the use of images containing text....

Read more