Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence
Showing posts in English
MarissaVicario | 10 Jan 2011 | 5 comments

Posted on behalf of Mathew Nisbet, Malware Analyst, Symantec Hosted Services and Matt Sergeant, Senior Anti-Spam Technologist, Symantec Hosted Services

On December 25, 2010, Rustock, the largest of the spam botnets, went quiet. Why this happened, we don't know but what we do know is that global spam levels dropped massively as a result. MessageLabs Intelligence analysts did not expect this respite to last, and sadly we were right.
 
Since around 00:00 (UTC) on January 10, Rustock has resumed activity, and appears set to continue where it left off on December 25 as the biggest source of global spam.

As Rustock has now returned, this means the overall level of spam has increased. MessageLabs Intelligence honeypot servers have seen an increase of roughly 98 percent in spam traffic between 00:00 and 10:00 today compared to the same period on...

Paul Wood | 04 Jan 2011 | 0 comments

Posted on behalf of Mathew Nisbet, Malware Data Analyst

Over the 2010 Christmas holiday, the level of spam in circulation has dropped drastically. For example, at the time of writing, the amount of spam hitting our spam honeypots is the lowest it has been since McColo, the rogue ISP, was shut down in November 2008. As can be seen from the global spam level estimates in figure 1 below, the amount of spam worldwide has dropped dramatically since 25th December 2010.

Figure 1 - Global spam volumes

 

The main cause of this drop is a from a huge reduction in output from the Rustock botnet, by far the most dominant spam botnet of 2010. Since 25th December, Rustock seems to have all but shut down, with the amount of spam coming from it consistently accounting for below 0.5% of all spam worldwide. Further  contributing to the massive reduction in spam levels...

MarissaVicario | 21 Dec 2010 | 0 comments

Posted on behalf of Martin Lee, Senior Software Engineer, Symantec Hosted Services

Information security is all about maintaining the confidentiality, integrity and availability of data. At this time of year, no information security asset is more important than Santa’s ‘naughty or nice’ list.

This data set lists the personal details of billions of individuals along with highly sensitive details of their private life. This database is almost certainly a high profile target for criminal gangs. The details may be used to blackmail high profile individuals or to compromise employees with access to sensitive or further confidential information. Any unauthorized disclosure of this information may also breach North Pole data protection laws.

The integrity of this data is also of vital importance, unauthorized access may allow criminal gangs to alter statuses from ‘naughty’ to ‘nice’ for financial...

MarissaVicario | 17 Dec 2010 | 0 comments

Posted on behalf of Matt Sergeant, Senior Anti-spam Technologist, Symantec Hosted Services

As of this week, Canada joins the rest of the G8 countries with its very own anti-spam law. Until now, Canada has been the only G8 country without anti-spam legislation. Bill C-28, the new Fighting Internet and Wireless Spam Act, will require businesses to follow best practices and aims to prevent unsolicited commercial e-mail distribution in Canada

First introduced in 2009 as Bill C-27, the Electronic Commerce Protection Act died when parliament was prorogued in December 2009 but was reintroduced earlier this year as Bill C-28. After much debate, it was finally approved by the Senate on December 15, 2010.

This legislation differs from the CAN SPAM Act in the U.S., which requires opt-out protocol. Canada’s powerful spam law requires businesses to obtain opt-in consent from recipients before sending commercial emails and other electronic...

MarissaVicario | 17 Dec 2010 | 0 comments

Posted on behalf of Nicholas Johnston, Senior Software Engineer, Symantec Hosted Services

This year's soccer FIFA World Cup in South Africa, enjoyed by millions, was also used by both 419/advance fee fraud scammers and malware authors to lure unsuspecting victims into handing over money or installing malware. World Cup interest has been briefly re-ignited by FIFA's recent announcement of the host nations for the 2018 and 2022 tournaments.

However, the host for the 2014 tournament, Brazil, had already been decided. Even though the tournament is over 1,200 days away and many of the stadiums are that will be used to stage matches are being redeveloped, 419/advance fee fraud lottery scams have already started using this event to try to trick victims into handing over money to claim fake lottery winnings.

MessageLabs Intelligence recently saw two examples of this. Both contain attachments claiming that the recipient has won a...

MarissaVicario | 10 Dec 2010 | 0 comments

Posted on behalf of Nicholas Johnston, Senior Software Engineer, Symantec Hosted Services

Spammers abusing free hosting sites by using them for hosting spam-related content is nothing new, but this abuse has turned into much more sophisticated, multi-layer abuse.

Instead of just including a link to a free hosting site, and hosting spam-related content there, spammers are increasingly using URL shortening services. These services allow spammers to create an almost unlimited number of links, allowing each individual spam message sent to contain a new link. Increasingly, these links do not point directly to a spam-related site. Instead, they point to a free hosting site, often with extra randomized "junk" parameters added to the end of the URL like this:

 http://fipxmdmzp.REDACTED.com/?iyzdm=yngqsa
...

MarissaVicario | 07 Dec 2010 | 0 comments

Posted on behalf of Tony Millington, Malware Operations Engineer, Symantec Hosted Services

On Friday 3rd December at 12:41 Skeptic stopped a new virus that we had not seen before, a targeted attack against a government body using WikiLeaks as social engineering to get the user to open the document.

File Details:
    Name: WikiLeaks.pdf
    Md5sum: 8be9d8ad72d2ac5a0e0eb59292bd41a9
    Commercial Scanner Detection: 9/43

 

 

The email had been sent from a compromised account and, as is often the case, the social engineering didn’t have a lot of thought behind it. Because the above sentence within the email doesn’t make much sense, the recipient is led to believe the pdf attachment may lead to more information.

However, the attachment has an encrypted executable embedded in it...

Daren Lewis | 06 Dec 2010 | 0 comments

 

Tomorrow (December 7) we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we have shared a number of these trends. This trend is the final in this series of posts:

Cybercriminals Usurp URL Shortening Services

URL Shortening services are becoming critical to the operation of social networks, particularly those that apply a character limit to user updates. In 2010 we saw a number of exploits using URL shortening services that lead to compromised sites.

In 2011 we expect to see more sophisticated attacks using URL shortening services either by a criminal enterprise gaining control of a significant URL shortening service or one of these groups setting up a service which appears legitimate, and operates in a legitimate...

Daren Lewis | 06 Dec 2010 | 0 comments

Tomorrow (December 7) we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Hackers Exploit Router Vulnerabilities 

As 2010 has proven there are many systems vulnerable to attack. We often focus on PCs, servers and devices but recently it has become apparent that routers are also open to exploit. Router vulnerabilities, allow attackers to re-route network traffic with malicious intent. As an example a user could be diverted from an online banking site to an identical-looking malicious website and their login credentials could be stolen or a business user could be diverted from a legitimate CRM, ERP or HR service allowing a hacker to access client, business or staff information. When properly...

Daren Lewis | 03 Dec 2010 | 0 comments

On December 7 we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Rogue Marketplace Vendors Exploit Online Digital Currencies
In 2011 social networking sites and online marketplaces will roll-out their own in-house digital virtual currencies. As an example one site already has a system in place that uses “Credits.” Attacks will soon be designed to seek to exploit these new areas for financial fraud, including specialized malware, rogue applications and phishing attacks.

We expect more social networking environments and online marketplaces will move towards adopting this approach, and that these systems will come under prolonged attack and a weakness in one will be identified as the...