Video Screencast Help
Symantec Intelligence
Showing posts in English
MarissaVicario | 07 Dec 2010 | 0 comments

Posted on behalf of Tony Millington, Malware Operations Engineer, Symantec Hosted Services

On Friday 3rd December at 12:41 Skeptic stopped a new virus that we had not seen before, a targeted attack against a government body using WikiLeaks as social engineering to get the user to open the document.

File Details:
    Name: WikiLeaks.pdf
    Md5sum: 8be9d8ad72d2ac5a0e0eb59292bd41a9
    Commercial Scanner Detection: 9/43

 

 

The email had been sent from a compromised account and, as is often the case, the social engineering didn’t have a lot of thought behind it. Because the above sentence within the email doesn’t make much sense, the recipient is led to believe the pdf attachment may lead to more information.

However, the attachment has an encrypted executable embedded in it...

Daren Lewis | 06 Dec 2010 | 0 comments

 

Tomorrow (December 7) we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we have shared a number of these trends. This trend is the final in this series of posts:

Cybercriminals Usurp URL Shortening Services

URL Shortening services are becoming critical to the operation of social networks, particularly those that apply a character limit to user updates. In 2010 we saw a number of exploits using URL shortening services that lead to compromised sites.

In 2011 we expect to see more sophisticated attacks using URL shortening services either by a criminal enterprise gaining control of a significant URL shortening service or one of these groups setting up a service which appears legitimate, and operates in a legitimate...

Daren Lewis | 06 Dec 2010 | 0 comments

Tomorrow (December 7) we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Hackers Exploit Router Vulnerabilities 

As 2010 has proven there are many systems vulnerable to attack. We often focus on PCs, servers and devices but recently it has become apparent that routers are also open to exploit. Router vulnerabilities, allow attackers to re-route network traffic with malicious intent. As an example a user could be diverted from an online banking site to an identical-looking malicious website and their login credentials could be stolen or a business user could be diverted from a legitimate CRM, ERP or HR service allowing a hacker to access client, business or staff information. When properly...

Daren Lewis | 03 Dec 2010 | 0 comments

On December 7 we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Rogue Marketplace Vendors Exploit Online Digital Currencies
In 2011 social networking sites and online marketplaces will roll-out their own in-house digital virtual currencies. As an example one site already has a system in place that uses “Credits.” Attacks will soon be designed to seek to exploit these new areas for financial fraud, including specialized malware, rogue applications and phishing attacks.

We expect more social networking environments and online marketplaces will move towards adopting this approach, and that these systems will come under prolonged attack and a weakness in one will be identified as the...

MarissaVicario | 02 Dec 2010 | 1 comment

Posted on behalf of Martin Lee, Senior Software Engineer, Symantec Hosted Services

Targeted Trojans are bespoke pieces of malware written by someone who is trying to access information from an identified individual. This particular Trojan demonstrates some of the tricks used by targeted Trojan writers.

The intended victim of this attack is a senior individual in the energy and mining sector. The malicious email is plausible, during difficult economic times an urgent round of downsizing may be underway and that this issue is being kept a secret. The attacker is expecting the victim to be curious and to attempt to open the attachment.

Although the attachment appears to be a spreadsheet file, it is actually a malicious executable that exploits a known vulnerability in Microsoft Excel to run.

Malware writers are aware that many corporate systems...

Daren Lewis | 02 Dec 2010 | 0 comments

On December 7 we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Botnets Evolve with Steganography
Since the McColo ISP takedown in November 2008, which removed the command and control servers used by cyber crooks to control the activities of their botnets, and wiped out many cybercrime operation, the cybercriminals have been looking to build business continuity practices into their operations.

In 2011, we expect that botnet controllers will resort to employing steganography techniques to control their computers. This means hiding their commands in plain view – perhaps within images or music files distributed through file sharing or social networking websites. This approach will allow...

Daren Lewis | 01 Dec 2010 | 0 comments

On December 7 we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Targeted Attacks Diversify
Targeted attacks remain a significant risk. While the volume of these attacks is low relative to mass spam and malware attacks they are very effective in bypassing all traditional security systems and user training. In 2010 cybercriminals began targeting industries not previously targeted. At one point 25% of attacks were against the retail sector which had previously seen few to no targeted attacks.

In 2011, we expect the range of organizations being targeted in such attacks to become more diverse. This means that attackers will also seek indirect entry into specific industries by exploiting...

Daren Lewis | 01 Dec 2010 | 0 comments

On December 7 we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Automation Advances Targeted Attacks
Highly targeted attacks are steadily increasing in number. These carefully crafted attacks target specific users in specific organizations and require significant effort and research on behalf of the cybercriminal.

In 2011 criminal enterprises will increasingly automate this research to create a heavier volume of more powerful and convincing attacks that appear particularly relevant, interesting and/or newsworthy to the intended victims.

Later today: Targeted Attacks Diversify

Published earlier:

  • Global Spam Trends:...
Daren Lewis | 30 Nov 2010 | 0 comments

On December 7 we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Trending Topics Fashioned to Follow the News 

We’ve seen malware that attempts to ensure that links to infected pages are returned in search engine results using black-hat search-engine optimization techniques.

In 2011, the criminals will go one step further. Rather than just promoting compromised websites through search engine optimization they will proactively identify websites likely to see higher than normal levels of traffic based on current events or hot topics on the internet. They will use multiple methods, including monitoring of micro-blogging site topics and search engine hot topic feeds, to track these...

Daren Lewis | 29 Nov 2010 | 0 comments

On December 7 we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Stuxnet Strikes Up Malware Specialization

One of the most threatening advances in malware during 2010 broadened the range of targets beyond PCs and servers when the Stuxnet Trojan attacked programmable logic controllers. This specialized malware written to exploit physical infrastructures will continue in 2011 driven by the huge sums of money available to criminal enterprises at low risk of prosecution.
These attacks will range from the obvious targets like smartphones, to any number of less obvious yet critical systems like power grid controls or electronic voting systems. Any technology that can be exploited for financial gain...