Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts in English
Nick Johnston | 08 Mar 2012 | 2 comments

Recently we noticed spammers abusing Dropbox, a popular cloud-based, file-hosting and synchronization tool, to spread spam.

Dropbox accounts have a public folder where files can be placed and made publicly available. This function is useful to spammers, as it effectively turns Dropbox into a free hosting site. Spammers have abused URL shortening and free hosting sites for some time. Dropbox also provides a URL shortening service, which spammers have also abused.

Spammers have created several Dropbox accounts, uploading an image and a simple .html file and then using the image to link to a pharmaceutical site.


Following this link takes you to a fairly standard "Canadian Health & Care Mall" site:

We saw over 1,200 unique Dropbox URLs being used in spam over a 48-hour period. We...

Nick Johnston | 25 Jan 2012 | 1 comment

Beginning on New Year's Eve, January 1, 2012 and continuing earlier into the days following, Symantec Intelligence identified spammers taking advantage of the New Year anniversary, seemingly to entice users into clicking on spam links contained in the email messages.

Further investigation revealed that spammers were compromising legitimate Web servers, leaving the main Web site content intact (to avoid or delay detection) and simply adding a simple PHP script, typically named "HappyNewYear.php", "new-year-link.php" or "". These scripts simply redirect to a spam pharmaceutical Web site.

Analysis of one of the messages we saw using these links makes the spammers' motives clearer, as can be seen in figure 1, below.


Figure 1: Example spam email containing New Year reference in spam URL

The message uses social...

Tony Millington | 07 Dec 2011 | 1 comment

With contributions from Manoj Venugopalan, Senior Malware Analyst, Symantec

A new day and a new zero day PDF exploit used in a Targeted attack which our Skeptic heuristic engine stopped. This one exploits a vulnerability in the 3D engine in Adobe Reader (CVE-2011-2462 which is often used to display a 3D wire mesh object that you can rotate and view from all angles in real time. An architect might use it to mock up a plan for a building that the customer can view from within the PDF, very cool. However, the more functions you add to your software, the more chance there is to exploit the format.

The targeted attack against Adobe Reader 9.4.6 on Windows was sent in 5 emails...

Paul Wood | 06 Dec 2011 | 1 comment

Global spam is now at the lowest it has been since November 2008, when the rogue ISP McColo was closed-down. The effect on spam volumes back then were very dramatic and spam accounted for 68.0% of global emails. More recently the decline has been much slower, but spammers have also adapted to using more targeted approaches and exploiting social media as alternatives to email. Moreover, pharmaceutical spam is now at the lowest it has been since we started tracking it, accounting for 35.5% of spam, compared with 64.2% at the end of 2010.

With targeted attacks and advanced persistent threats being very much in the news this year, we thought it would be a good time as the end of the year draws closer to begin our review of targeted attacks and look more closely at what has been described as “advanced persistent threats” or APTs for short. Terms such as APT have been overused and sometimes misused by the media, but APTs are a real threat to some companies and...

Paul Wood | 30 Nov 2011 | 0 comments

A wise man once said, “Whoever wishes to foresee the future must consult the past; for human events ever resemble those of preceding times.” (Machiavelli). Thus, looking back at the major cyber security trends of 2011 helps us gain perspective on what we can expect in the future. So, how would you describe the past year in cyber security and what trends do you think will continue to grow in 2012? A few thoughts come to my mind.

First, perhaps 2011 will be remembered as the year we saw the foundation laid for the successor of the infamous Stuxnet. Another thought is that 2011 will go down in history as the year of the mobile threat; after all the mobile malware movement finally began in earnest. Finally, maybe we’ll look back on 2011 as the year of targeted attacks; with a concerning number of compromised legitimate digital certificates involved.

We think these key themes from 2011 will continue to grow throughout 2012. Here’s a bit deeper look...

ron_poserina | 21 Nov 2011 | 0 comments

Recently ProofPoint posted a blog with a chart detailing some of the differences between (formerly MessageLabs) and ProofPoint technologies.  Several of the side-by-side comparisons are inaccurate, so we are posting this blog to address the factual inaccuracies.

In the section entitled “Content filtering of email attachments” a more accurate representation would look like this:

In the section entitled “End User Functionality” a more accurate representation would look like this:

And finally, in the section entitled “Reporting and Log Search” a more accurate representation would look like this:

The section “Phishing detection” inaccurately represents...

| 14 Oct 2011 | 0 comments

Do you know which of these Instant Messaging (IM) scenarios could put a company at risk and which are harmless? Have you (or someone you know) ever…

  • Sent a file over IM to a coworker who needed it ASAP?
  • Clicked on a link sent in IM by a colleague (i.e. “Hey I thought you might like this…”)?
  • Griped to a coworker about how frustrating the day has been?
  • Chatted with an ex-colleague to obtain a client list?

The rise of IM has undeniable benefits for business, but it poses a serious slew of security risks: Worms, Trojans, hackers and spim (IM spam), to name a few.

Symantec has developed a one-to-two minute survey to gauge how employees IM and how their IM habits might lure or detour cyber attacks. 

So, is IM the potential weak link in an organization’s security defense? We’ll keep you posted on what we find out.

We’d love to hear from you. Take our survey here, and...

Olivia Borsje | 13 Oct 2011 | 0 comments

In the last week or so, erroneous statements about Symantec Enterprise have popped up on a few social media sites. The statements claim that Symantec Enterprise is not a “true” cloud solution and is merely an example of the negative “cloud labeling trend.”

We just want to take a minute to address a few of the factual inaccuracies with these statements and set the record straight.

Erroneous Statement #1:

As an established software vendor Symantec provides over 30,000 customers an on-premise archiving solution using Enterprise Vault., formerly Message Labs, has worked in the cloud space for more than 11 years and is the biggest provider of email, web and Instant Messaging security services in the cloud.

Erroneous Statement #2:

Competition within the cloud archiving market is significantly...

| 29 Sep 2011 | 0 comments

It’s no secret that the proliferation of mobile devices in the workplace has added to the ongoing struggle between employees who want to use their mobile devices to access corporate data and the IT departments working to secure and control all of their business endpoints.

Employees demand access to corporate networks and data wherever they are with whichever device they’re using. At the same time, companies trying to keep up with that demand are under increasing pressure to comply with regulatory requirements, which in turn creates a challenge for IT departments to find ways to secure and manage mobile workers without interfering with how they get their jobs done.

To get a closer look at this challenge, Symantec partnered with IDG Research Services to sponsor a survey of IT security professionals at 115 organizations exploring the security and compliance risks associated with a growing mobile workforce.

There is no shortage of IT pros that believe...

Bhaskar Krishna | 27 Sep 2011 | 1 comment

Some of the newest printers have scan-to-email ability, a feature that allows users to email scanned documents to a specified email address on demand. Symantec Intelligence has identified malware authors using social engineering tactics that take advantage of this, sending executables in a compressed “.zip” archive via email. The attachment contains an executable disguised as a scanned document from a printer, as shown in the example in figure 1, below.

Figure 1: Example of malicious email masquerading as a scanned document sent from an office printer

In each case the sender domain was spoofed to match the recipient domain, sometimes appearing as though forwarded to the recipient by a colleague at the same organization, implying that this email originated internally.
To be clear, office printers and scanners will not send malware-laden...