Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts in English
Tony Millington | 07 Dec 2011 | 1 comment

With contributions from Manoj Venugopalan, Senior Malware Analyst, Symantec

Introduction
A new day and a new zero day PDF exploit used in a Targeted attack which our Skeptic heuristic engine stopped. This one exploits a vulnerability in the 3D engine in Adobe Reader (CVE-2011-2462 http://www.adobe.com/support/security/advisories/a...) which is often used to display a 3D wire mesh object that you can rotate and view from all angles in real time. An architect might use it to mock up a plan for a building that the customer can view from within the PDF, very cool. However, the more functions you add to your software, the more chance there is to exploit the format.

Details
The targeted attack against Adobe Reader 9.4.6 on Windows was sent in 5 emails...

Paul Wood | 06 Dec 2011 | 1 comment

Global spam is now at the lowest it has been since November 2008, when the rogue ISP McColo was closed-down. The effect on spam volumes back then were very dramatic and spam accounted for 68.0% of global emails. More recently the decline has been much slower, but spammers have also adapted to using more targeted approaches and exploiting social media as alternatives to email. Moreover, pharmaceutical spam is now at the lowest it has been since we started tracking it, accounting for 35.5% of spam, compared with 64.2% at the end of 2010.

With targeted attacks and advanced persistent threats being very much in the news this year, we thought it would be a good time as the end of the year draws closer to begin our review of targeted attacks and look more closely at what has been described as “advanced persistent threats” or APTs for short. Terms such as APT have been overused and sometimes misused by the media, but APTs are a real threat to some companies and...

Paul Wood | 30 Nov 2011 | 0 comments

A wise man once said, “Whoever wishes to foresee the future must consult the past; for human events ever resemble those of preceding times.” (Machiavelli). Thus, looking back at the major cyber security trends of 2011 helps us gain perspective on what we can expect in the future. So, how would you describe the past year in cyber security and what trends do you think will continue to grow in 2012? A few thoughts come to my mind.

First, perhaps 2011 will be remembered as the year we saw the foundation laid for the successor of the infamous Stuxnet. Another thought is that 2011 will go down in history as the year of the mobile threat; after all the mobile malware movement finally began in earnest. Finally, maybe we’ll look back on 2011 as the year of targeted attacks; with a concerning number of compromised legitimate digital certificates involved.

We think these key themes from 2011 will continue to grow throughout 2012. Here’s a bit deeper look...

ron_poserina | 21 Nov 2011 | 0 comments

Recently ProofPoint posted a blog with a chart detailing some of the differences between Symantec.cloud (formerly MessageLabs) and ProofPoint technologies.  Several of the side-by-side comparisons are inaccurate, so we are posting this blog to address the factual inaccuracies.

In the section entitled “Content filtering of email attachments” a more accurate representation would look like this:

In the section entitled “End User Functionality” a more accurate representation would look like this:

And finally, in the section entitled “Reporting and Log Search” a more accurate representation would look like this:

The section “Phishing detection” inaccurately represents...

| 14 Oct 2011 | 0 comments

Do you know which of these Instant Messaging (IM) scenarios could put a company at risk and which are harmless? Have you (or someone you know) ever…

  • Sent a file over IM to a coworker who needed it ASAP?
  • Clicked on a link sent in IM by a colleague (i.e. “Hey I thought you might like this…”)?
  • Griped to a coworker about how frustrating the day has been?
  • Chatted with an ex-colleague to obtain a client list?

The rise of IM has undeniable benefits for business, but it poses a serious slew of security risks: Worms, Trojans, hackers and spim (IM spam), to name a few.

Symantec has developed a one-to-two minute survey to gauge how employees IM and how their IM habits might lure or detour cyber attacks. 

So, is IM the potential weak link in an organization’s security defense? We’ll keep you posted on what we find out.

We’d love to hear from you. Take our survey here, and...

Olivia Borsje | 13 Oct 2011 | 0 comments

In the last week or so, erroneous statements about Symantec Enterprise Vault.cloud have popped up on a few social media sites. The statements claim that Symantec Enterprise Vault.cloud is not a “true” cloud solution and is merely an example of the negative “cloud labeling trend.”

We just want to take a minute to address a few of the factual inaccuracies with these statements and set the record straight.

Erroneous Statement #1:

As an established software vendor Symantec provides over 30,000 customers an on-premise archiving solution using Enterprise Vault.

Symantec.cloud, formerly Message Labs, has worked in the cloud space for more than 11 years and is the biggest provider of email, web and Instant Messaging security services in the cloud.

Erroneous Statement #2:

Competition within the cloud archiving market is significantly...

| 29 Sep 2011 | 0 comments

It’s no secret that the proliferation of mobile devices in the workplace has added to the ongoing struggle between employees who want to use their mobile devices to access corporate data and the IT departments working to secure and control all of their business endpoints.

Employees demand access to corporate networks and data wherever they are with whichever device they’re using. At the same time, companies trying to keep up with that demand are under increasing pressure to comply with regulatory requirements, which in turn creates a challenge for IT departments to find ways to secure and manage mobile workers without interfering with how they get their jobs done.

To get a closer look at this challenge, Symantec partnered with IDG Research Services to sponsor a survey of IT security professionals at 115 organizations exploring the security and compliance risks associated with a growing mobile workforce.

There is no shortage of IT pros that believe...

Bhaskar Krishna | 27 Sep 2011 | 1 comment

Some of the newest printers have scan-to-email ability, a feature that allows users to email scanned documents to a specified email address on demand. Symantec Intelligence has identified malware authors using social engineering tactics that take advantage of this, sending executables in a compressed “.zip” archive via email. The attachment contains an executable disguised as a scanned document from a printer, as shown in the example in figure 1, below.
 

Figure 1: Example of malicious email masquerading as a scanned document sent from an office printer

In each case the sender domain was spoofed to match the recipient domain, sometimes appearing as though forwarded to the recipient by a colleague at the same organization, implying that this email originated internally.
To be clear, office printers and scanners will not send malware-laden...

Nick Johnston | 27 Sep 2011 | 0 comments

In the Symantec Intelligence blog we've covered how spammers like to conceal their actual spam sites through elaborate chains of redirects, often involving hacked or compromised sites, URL shortening sites, obfuscation techniques, or combinations of all of these.

We've recently seen spammers exploiting a vulnerability in WordPress, the popular open-source blogging software running on thousands of servers worldwide. Spammers are using the WordPress platform to compromise a Web server, placing a file deep within the WordPress directory structure, presumably in an attempt to avoid (or at least delay) detection. The buried file is a simple HTML page, usually containing text like "Page loading" which is briefly shown before a HTTP “meta refresh” is used to redirect users to the spammer's "Canadian Health&Care Mall" Web site, as shown in figure 1:

<meta http-equiv="refresh" content="0; url=http://[new...
Paul Wood | 19 Sep 2011 | 0 comments

The word ‘Nimda’ may not be the most well remembered in the cyber-crime hall of fame but as malicious worm outbreaks go, Nimda certainly contributed to the malware landscape and was able to cause havoc on 18 September, 10 years ago in 2001.

Long before cloud based security services were the norm and virus scanning was only performed once a week, the Nimda worm was effectively unleashed onto the global computer network exactly a week after the 9/11 atrocities. Because of this timing, some media quickly began speculating a link between the worm and Al Qaeda, although this rumour was quickly quashed by the FBI, but it did highlight the fact that cyber warfare can be a real threat carefully orchestrated by sophisticated cyber gangs or even terrorists and not script kiddies tucked away in dormitories.

The Nimda worm came hot on the heels of the “Code Red” scare in August 2001, when a variant of the original worm infected more than 250,000 machines...