Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Symantec Intelligence

Showing posts in English
Daren Lewis | 24 Nov 2010 | 0 comments

On December 7 we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Making Web Security Work in an Era of Pervasive Threats
In 2010 more than 80% of malicious threats intercepted were found on legitimate websites that had been compromised either directly or indirectly via third party provided content. At the same time categories which were once easy to block universally, like social media, are becoming increasingly business relevant.

In 2011 we expect IT managers will be forced by business necessity to implement more granular and refined web security policies. Particular business units, departments or users will be granted access to certain websites or categories of sites. Our data indicates...

Daren Lewis | 24 Nov 2010 | 0 comments

On December 7 we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Security and Services Continue Migrate to the Cloud
An increasingly distributed workforce is pushing organizations to the cloud for suitable security solutions that will be required to work seamlessly across multiple platforms, as users switch between devices used to store and transmit information online. In 2011 businesses will increasingly begin to reap the benefits of adopting a hybrid infrastructure that is premise-based, private cloud based and public cloud based and will seek to deliver a seamless user experience regardless of device or access location.

Later today: Making Web Security Work in an Era...

MarissaVicario | 23 Nov 2010 | 0 comments

Posted on behalf of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services

Cutwail has recently been sending spam making use of cached versions of webpages, as well as the same type of HTML text obfuscation I mentioned in a recent blog:  http://www.symantec.com/connect/blogs/cutwail-take.... In this case, the email is much longer, making it even harder to spot the actual text unless the viewer looks at the rendered HTML.

This time the obfuscation is slightly enhanced though. Rather than just attempting to use colors to hide the 'junk' text, the HTML changes the size of the font and letter positioning too. The text meant to fool filters, but not to be read by humans, is made so small it would simply...

Daren Lewis | 23 Nov 2010 | 0 comments

On December 7 we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. We also use the opportunity to look ahead at potential trends for next year. In the days leading up to the publication of the report we will share a few of these trends.

Distributed Workforce Drives Security Policies

The past year has challenged businesses with securing an increasingly distributed workforce in the wake of the recent global economic crisis. With laptops and smart-phones becoming ubiquitous the workforce is increasingly distributed regardless of where workers spend their traditional work day. To remain competitive, as the economy begins to recover, companies will continue to look to employee productivity gains from longer hours, working remotely and from home offices. IDC estimates that 1 billion workers will be mobile at least part of the time or remote from their firm’s main...

Daren Lewis | 22 Nov 2010 | 0 comments

On December 7 we will release our MessageLabs Intelligence 2010 Annual Security Report looking back at the changes in the threat landscape during 2010. As is our standard practice we also use the opportunity to look ahead at potential trends for next year. In the days before we publish our report we will share a few of these trends.

Global Spam Trends
In 2011, spam will become more culturally and linguistically diverse.  The use of English in spam will fall from approximately 95% of all spam to below 90% driven by economic growth and broadband adoption in emerging economies. For instance, spammers will target Brazil with more than 40 percent of spam in Portuguese. 

Portuguese and Spanish will become some of the most popular languages used in spam other than English. We expect Italy to receive 20-25% of spam in Italian, France to receive 15-20% French language spam and Germany will find 10-15% of its spam in German. China will receive...

MarissaVicario | 18 Nov 2010 | 0 comments

Posted on behalf of Martin Lee, Senior Software Engineer, Symantec Hosted Services  

Recent reports have focused on several well-known botnets revealing millions of dollars in money trails associated with them. What many people may not realize is that botnets are often run like a business. The distribution of malware is an economic crime primarily undertaken to make money for the perpetrators. Most malware is written for the purpose of creating botnets, vast networks of virus infected computers under the control of a single gang. The gang then rents out the botnets to other criminals who use the computers within the botnet to make money.

The prices for rental of the botnet depend on the economic forces of supply and demand, the size of the botnet and the duration for which it is rented. Prices range from as low as $9 per hour to higher than $65 per hour.

But how do the criminals get money from their outlay?

1.  ...

MarissaVicario | 10 Nov 2010 | 0 comments

Posted on behalf of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services

As the next G20 summit approaches, businesses once again must be on guard for criminals looking to exploit this important political event. The G20 (and also G8) summits are occasions when anyone invested in the summits are more vulnerable to cyber attack, particularly those deploying social engineering tactics. It is a time when people are much more likely to be receiving unsolicited mail, often with attachments. The attackers know this and will exploit it if they can.
 
Since the start of October MessageLabs Intelligence has seen an increase in the frequency of targeted attacks on the subject of the G20 summit and its host country, South Korea. Through July, August and September, there was an average of around one targeted attack per day. So far in October and November this has tripled to three attacks per day. This activity can be seen in the...

Daren Lewis | 08 Nov 2010 | 0 comments

Post developed in collaboration with Martin Lee, Senior Software Engineer

Our spam boxes are typically full of the usual suspects -- pharmaceutical spam, watch spam, relationship spam, and offers from the family members of ousted African potentates. The obvious solution is to create a block list of key words used in these spam messages. Unfortunately it isn’t that easy.

Consider pharmaceuticals. While the vast majority of emails with pharmaceutical names are spam there are legitimate emails using these key words and in some industries, like health care, these key words are in use daily. Key word based spam filtering creates high numbers of false positives, putting legitimate emails into spam folders. Extending the health care example, these false positives can have any number of negative outcomes from missing a meeting with a pharmaceutical representative to direct impacts on patient care.
 
...

Daren Lewis | 29 Oct 2010 | 2 comments

Posted on behalf of Mathew Nisbet, Malware Data Analyst

Spammers can be quite creative
Spammers will try anything to get their spam past your filters and into your inbox. We've seen many tricks involving random text hidden in the body, use of images, a message body with nothing but a link to the main message somewhere on the web. This example is one of the more elaborate (but ultimately futile) attempts that I've seen.
 
Recently we have been seeing a run of emails that pretend to be informing the recipient that they have a number of "unread" or "important" messages waiting for them on a well known social network. Over a 3 day period, between the 24th and 26th of October, we saw roughly 18,500 of these. Since then the volume has dropped to less than 100 per day, but we are still seeing them.
 
The use of a well known social media brand name is the first part of the approach to...

MarissaVicario | 27 Oct 2010 | 0 comments

Posted on behalf of Jo Hurcombe and Manoj Venugopalan, Malware Analysts, Symantec Hosted Services

 

As many of us already heard the great news about Bredolab Malware that been shut down by Dutch authorities.

“On October 25th 2010, the High Tech Crime Team of the Dutch National Crime Squad took down a very large botnet, containing at least 30 million infected computer systems worldwide since July 2009. These computers were infected with the malicious Bredolab trojan, through infected websites. Through these botnets, cybercriminals can spread large amounts of other viruses and create new botnets.

In close cooperation with a Dutch hosting provider, The Dutch Forensic Institute (NFI), the internet security company Fox-IT and GOVCERT, the computer emergency response team of the Dutch government, shut down 143 computer servers today”

But MessageLabs Intelligence is still seeing different Bredolab runs (distributing...