Internet Security Threat Report
Mike Gardner
|
November 16th, 2009
Anyone having this problem?
Started today at 0900 Arizona time
Outlook receives a message stating:
"We are contacting you in regards to an unusual activity that was identified in your mailbox. As a result, you mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility."
Best regards, {domain}.com tachnical support.
the attachment is utility.zip
Thanks
7 comments
Nishant Doshi
|
November 12th, 2009
If a hacker managed to hack into your blog or website, what could they possibly do? They could insert malicious iframes or JavaScript code into your Web pages. Probably even attempt to steal some data. But most likely they would "search engine optimize" your website. Can this be true? Well, let me explain more.
Search engine optimization (SEO) is a collection of techniques used to achieve higher search rankings for a given website. "Black hat SEO" is the method of using unethical SEO techniques in order to obtain a higher search ranking. These techniques include things like keyword stuffing, cloaking, and link farming, which are used to "game" the search engine algorithms.
So what does a hacker gain from all this? Why would a hacker help you achieve a higher search engine ranking? Quite the contrary; he is helping himself.
What the hacker actually does is add numerous additional Web pages to your website. Let’s call each of these additional pages...
0 comments
Day7Theory
|
November 6th, 2009
it reads "Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer" ive done a few tracert reports and didnt see any alarm there. I am also on a wireless network and my question is could this be the network im on "bridging" trying to find my IP address causing the Message above? and should this be any concern for alarm?
Emerging Threats, Security, 10.x, Internet Security Threat Report, Security Risks, Reporting, Endpoint Protection (AntiVirus)
4 comments
Jarrad Shearer
|
October 26th, 2009
Misleading application, rogue software, fake AV: call it what you will, it’s everywhere. The authors of these applications are pumping them out by the hundreds, fooling many Internet surfers, and in the process they’re making big bucks out of it. In fact, as many of our readers will be well aware by now, it is the focus of a white paper Symantec has just released entitled Symantec Report on Rogue Security Software.
So if there are so many of these things, why should one called Windows Enterprise Defender be any different from the rest? Firstly, it tries to pass itself off as Windows Defender, which is a legitimate security product released by Microsoft. Obviously the name is similar but so is the GUI:
Notice the castle wall on the top-right hand side of the screen, which is similar to the legitimate product. Also notice the “Full Protection Activation Registration” icon on the top-left hand side, which looks and sounds like the real Microsoft Genuine Advantage...
0 comments
Gaurav Dixit
|
October 22nd, 2009
Misleading applications, also known as rogue applications, have always tried to lure users into their traps by using various techniques such as fake security scans, misleading task bar notifications, popup windows, etc. To take this to a new level, developers of these applications are now frequently changing the product name and its associated website name in order to mislead users and antivirus vendors. Clones of the same product—with different names—continue to appear almost every day. Earlier this week Symantec published its Report on Rogue Security Software, which discusses misleading apps in greater detail. A couple of examples of rogue security software are given below. We identify one such family of rogue or misleading applications as WiniGuard:
Those who are spreading this particular rogue app hold onto some of the associated domains for up to 24 to 48 hours. Once this domain goes down, another new domain becomes active, which will look almost the same as the...
0 comments
M.K. Low
|
October 21st, 2009
Rogue security software programs, also known as misleading applications or scareware, are programs that pretend to be legitimate security software, such as an antivirus scanner or registry cleaner, but which actually provide the user with little or no protection whatsoever. Well known examples of rogue security software include AntiVirus 2009, Malware Defender 2009, and System Guard 2009.
The recently published Symantec Report on Rogue Security Software includes a discussion on a number of servers that Symantec observed hosting these misleading applications from July to August 2009. The United States was the location for a majority of the servers hosting rogue security software, accounting for 53 percent of the total (figure 1). This result isn't surprising since the United States has a well-established broadband structure that can support these scams, and most of the rogue security software scams observed by Symantec are marketed in English.
When the distribution of the servers...
0 comments
David McKinney
|
October 20th, 2009
The Symantec Report on Rogue Security Software includes an in-depth analysis of the methods scammers use to distribute rogue security applications. This blog presents some of the highlights of the research into the distribution of these scams.
In the report, the following distribution and advertising trends were observed:
• Ninety-three percent of the top 50 most prevalent rogue security applications were distributed as intentional downloads. This means that victims are tricked into believing they are downloading legitimate security software and subsequently installing the rogue application.
• Seventy-six percent of the top 50 most prevalent rogue security applications were classified as unintentional downloads. This means that the software may be installed unintentionally through drive-by downloads or other means such as false advertising (such as misrepresenting the software as a video codec). This overlaps with intentional downloads...
0 comments
Ben Nahorney
|
October 20th, 2009
Rogue security software scams are everywhere these days. The numbers are quite staggering—over 250 distinct programs racking up 43 million installation attempts, according to our new Report on Rogue Security Software.
Still, when it comes down to functionality and code base, it’s more akin to a few people with really large wardrobes. There might be dozens of variations of the same underlying program, each receiving minor updates and a new software skin. They even use the same fake threat names when attempting to scam you—stuff like “Spyware.Monster” or “Spyware.IEmonster”.
Ultimately what we’re looking at is variety in graphic design rather than functional design. We’ve put together a video to show just that. Our report calls these threats Antivirus200X—a “family” of rogue security programs large enough that two iterations have the dubious honor of ranking second and third in the list of most common rogue...
Security, Security Response, Evolution of Security, Internet Security Threat Report, Security Risks, Endpoint Protection (AntiVirus)
0 comments
Téo Adams
|
October 19th, 2009
Given their financial motivations, the distributors of rogue security software scams need to affect a broad number of potential victims. Getting the program onto a victim’s computer is a critical step in rogue security software scams and the scammers use a variety of techniques to do so. While some rogue security software programs rely on just a few specific techniques to achieve this, many of them incorporate multiple techniques to improve the odds of success. The distribution techniques for rogue security software programs can be simplified into two groups: installation methods and advertising methods.
The installation methods for rogue security software can either be intentional or unintentional. Scammers who persuade victims that they need the rogue software to address security concerns lure the victims into downloading the software intentionally. This is a common approach to rogue security software installation that was used by 93 percent of the top rogue security software...
Security, Security Response, Evolution of Security, Internet Security Threat Report, Security Risks, Endpoint Protection (AntiVirus)
0 comments
Kevin Haley
|
October 19th, 2009
In the 80’s I lived in NYC. At the time, enterprising hustlers had re-introduced the old Three Card Monte con game to NYC streets. Like wide ties and frozen yogurt shops, Three Card Monte always seemed to come back into fashion. Before you knew it, the streets were full of grifters running games. Whole blocks would be lined with these low-rent con men, standing behind cardboard boxes, tossing cards and asking the suckers to put their money on the red queen.
How could there be that many bad guys running Three Card Monte scams at one time? Well, there was plenty of money to be made, and it drew the criminal element like flies to honey. Grifters were making a lot of money at the con and every two-bit chiseler wanted their own piece of the action. Plus, there was very little needed to get in on the scam. The barrier to entry was low. You only need three playing cards, a couple of cardboard boxes for a table, and some very basic card manipulation skills.
For the low-life...
Security, Security Response, Evolution of Security, Internet Security Threat Report, Security Risks, Endpoint Protection (AntiVirus)
0 comments
Kevin Haley
|
October 7th, 2009
Every day when I walk into work I’m greeted by an avalanche of data on new malware and Internet scams. The numbers in the last few years have been staggering. And when you think about the people behind the numbers it can get quite sad—people who’ve had their computers taken over, been scammed, stolen from, and just plain abused by cyberthiefs. It can get to you. A lot of days I don’t feel so good. Today I feel better. The FBI just announced they will arrest nearly 100 people involved in a phishing scheme.
The FBI calls it Operation Phish Fry. Operation Phish Fry means that someone in the FBI loves a bad pun. But the important thing is it means that a whole bunch of bad guys are going to jail. It’s not going to eliminate all phishing attacks (we detected 55,389 phishing Web site hosts in 2008 alone). But this latest move takes a lot of bad guys off the Internet and serves as a warning to others. Even those who think they are protected because they are...
Security, Security Response, Evolution of Security, Internet Security Threat Report, Online Fraud, Endpoint Protection (AntiVirus)
0 comments
ierc
|
September 30th, 2009
Hi
I sent to symantec 4 sample infected file that other antivirus detected they in past week.
But I didn't receive any response from Symantec for detect they until now.
I re sent today by following tracking number:
Tracking #12984470
Tracking #12984496
You can see the other antivirus report in following address:
http://www.virscan.org/report/88a3b6f389b00ad3d56a0ec8f10014fa.html
http://www.virscan.org/report/4df6a3f11ed1f3d092e4ab7c7150efa7.html
Thanks you
******************
Eventually Symantec detect this malware as Backdoor.Trojan in 2009.10.22.
Resolved problem.
27 comments
Satyam Pujari a...
|
August 21st, 2009
Symantec’s Web site ratings service Norton Safe Web presents the Dirtiest Web Sites of Summer 2009 – the top 100 infected sites based on number of threats. Norton Safe Web is a new reputation service from Symantec.
What makes these sites so dirty?
Symantec explained it by pointing out the fact that the average number of threats per malicious site rated by Norton Safe Web is 23. With that said, the average number of threats on the Dirtiest Web Sites list is a staggering 18,000 per site. Forty of the top 100 have more than 20,000 threats per site. Moreover, 75-percent of sites on the list have distributed Malware for more than six months.
“This list underscores what our research shows. There has been exponential growth in the number of online threats that are constantly evolving as cybercriminals look for new ways to target your money, identity, or assets. In 2008, most new infections occurred while people were surfing the Web,” said Rowan Trollope,...
11.x, Emerging Threats, Security, 10.x, Evolution of Security, 9.x and Earlier, Internet Security Threat Report, Symantec Event, Malicious Code, Inside Symantec, Vulnerabilities & Exploits, Endpoint Protection (AntiVirus), General Symantec, Symantec Connect
5 comments
johnvg
|
July 14th, 2009
The embedded Sybase database included with Symantec Endpoint Protection Manager is not supported by the Symantec Endpoint Protection Integration Component. Only SQL Server 2000 or SQL Server 2005 databases are supported.
To use Symantec Endpoint Protection Integration Component functionality, you must make sure that your client computers are managed by Altiris before you install the Symantec Endpoint Protection Client package. Client computers must have the Altiris Agent installed on them to be managed by Altiris.
If a computer on the network is not managed by Altiris, it is still visible in one of the collections: All 32-Bit Windows Computers without Latest Symantec EP Client or All 64-Bit Windows Computers without Latest Symantec EP Client. These collections are used by the Symantec EP 32- and 64-bit Client installation package; therefore, it is possible to inadvertently attempt to install the Symantec Endpoint Protection Client package to computers that are not managed by Altiris...
Security, Evolution of Security, 9.x and Earlier, Internet Security Threat Report, Security Risks, Endpoint Protection (AntiVirus), Endpoint Protection Small Business, Enterprise Security Manager
1 comments
nac
|
June 26th, 2009
Hi friends;
Can anybody list out what all services are there in SEP MRX?
Thanks in advance
10 comments
TomSchroeder
|
June 26th, 2009
Gartner Information Security Summit, Sept 21-22, London, Royal Lancaster Hotel, UK
Visit Symantec - the Premier Sponsor at Gartner Information Security Summit and and learn how you can protect and manage today’s ever-growing variety of endpoints and systems—smartphones, laptops, mail servers, gateways, and more
The Gartner Information Security Summit will give you the information you need to create a layered approach combining risk management and compliance, secure business enablement and infrastructure protection. Hear the latest analysis revealing market trends, opportunities and threats to you and your organization.
Topics: Business Continuity Management, Customer Security and Privacy, Identity and Access Management, Infrastructure Protection, Managed Security Services, Mobile Security, Securing the Workplace, Security Management, Security Risk Management, Security Software
For further questions please contact Ilka Eimkemeier, EMEA Events (ilka_eimkemeier@symantec.com...
Agents, Altiris Client Management Suite, Emerging Threats, Security, Altiris Deployment Solution, Evolution of Security, Altiris IT Asset Management, Internet Security Threat Report, Altiris Notification Server, IT Risk Management, Altiris Recovery Solution, Drivers, LiveUpdate, Altiris Server Management Suite, Endpoint Management and Virtualization, Malicious Code, Inside Symantec, Online Fraud, Compatibility, Security Risks, Configuring, Spam, Vulnerabilities & Exploits, MS Exchange, Brightmail Gateway, VMware, Windows, Control Compliance Suite, Critical System Protection, Data Loss Prevention (Vontu), Reporting, Endpoint Protection (AntiVirus), Tip/How to, Endpoint Protection Small Business, Enterprise Security Manager, General Symantec, Hosted Mail Security, Mobile Security, Network Access Control, Security Information Manager, SecurityExpressions, Workspace Virtualization
2 comments
Spencer Parkinson
|
June 23rd, 2009
In response to the increase in online cyber threats targeting the endpoint, combined with IT staffing pressures, Symantec is now offering Symantec Managed Endpoint Protection Services - a new set of offerings which provides management and monitoring of endpoint protection technologies to defend users against malware and other sophisticated attacks, such as rootkits, zero-day attacks, and spyware. The new managed services leverage the customers’ existing endpoint protection technologies, Symantec security experts, and the Symantec Global Intelligence Network to secure customer, employee, and corporate data, while providing expert management to help IT departments with the configuration, availability and effectiveness of their endpoint protection technologies.
Symantec’s March 2009 Managed Security in the Enterprise report highlighted the need for additional protection from cyber threats that are growing in number and intensity and becoming more effective. According to the...
11.x, Emerging Threats, Security, Internet Security Threat Report, Inside Symantec, Endpoint Protection (AntiVirus), General Symantec, Network Access Control
1 comments
breas
|
May 28th, 2009
The reason why you are not finding the Rtvscan.exe in the database, is because the software scan runs in Package Mode by default, so it will report on the first file that meets certain criteria and as Symantec AntiVirus has many files with the same criteria, there is a slim chance that you will have the file that you wish reported when using Package Mode (defwatch.exe, savroam.exe, and sndinst.exe were reported).
To combat Package Mode without using file mode on the auditpls.ini file itself, you can add the 'Symantec AntiVirus' Product Name to the 'AeX SW Virus Protection' Special Group, and then configure the Special Group to run in File Mode (Special Group Properties > Advanced > check the Package Mode check box > select the No radio button). This will cause the software scan to report on all EXE files that meet the criteria within this Special Group.
As you also want to report on certain DLL files, you can simply add them to the 'File Masks' section of the auditpls.ini...
Agents, Emerging Threats, Security, Internet Security Threat Report, Endpoint Management and Virtualization, Endpoint Protection (AntiVirus), Workspace Remote
0 comments
Marika Pauls Laucht
|
April 16th, 2009
Despite the recent economic downturn, phishing and spam scams are still profitable for attackers, possibly because phishers are able to quickly target their scams to match prevailing attitudes. For instance, phishers are enticing potential victims with lures that spoof well-known financial institutions and which promise easy access to low-interest loans and credit. Spammers are also attempting to use the uncertainty of the financial situation to their advantage. While it might be expected that spam offering stock market tips or other financial opportunities would drop off during a period of market uncertainty, it is likely that such a drop-off would be balanced out by an increase in spam offering such recession-related enticements as low-interest loans and easy access to credit.
Many phishing attacks that spoof financial services brands prompt users to enter credit card information or banking credentials into fraudulent sites. If this ruse is successful, phishers can then capture and...
0 comments
Téo Adams
|
April 15th, 2009
A driving force behind the growing speed and efficiency of malicious code development is the demand for goods and services that facilitate online fraud. This is demonstrated by the flourishing profitability of confidential information sales in the online underground economy. For example, one person who was arrested for computer related credit card fraud in 2008 had possession of a condominium, a luxury vehicle, and over 1.6 million dollars in cash, among other valuable goods. All of which were presumably obtained by fraudulent means.
Malicious code that exposes confidential information is of particular value because the information is critical to several illegal practices, such as identity theft and credit card fraud. In many instances, well-organized programmers are developing this code on a large scale, much as how development occurs in a legitimate software enterprise. The confidential information obtained by the malicious code is then used for fraud or advertised for sale on...
0 comments
dave@wilsoncrew.com
|
April 14th, 2009
Currently using version 9.01 on xp machines with up to date virus defs. I have a two users that get the following virus in their log files:
File name : jvmimpro.jar-51fad18-7564bc04.zip>>vmain.class
Location:...\aplication data\sun\java\deployment\cache\javapi\V1.0\Jar\
Threat: Downloader
Action Taken: Left Alone
My system center tells me the that the primary and secondary action in the log file is 'Leave Alone (log Only)' even though the local machine settings are to 'remove' then 'quarantine'
After reading some posts, I deleted the java cache. After a complete scan, the machine comes up clean only to have the file show up again the next day.
My users are savy, and after talking with them I do not think they opened any files on the web today that caused this to show up again.
Any ideas on how I can get rid of this?
Thanks
5 comments
M.K. Low
|
April 14th, 2009
The prevalence of Web-based applications and the ease of which these applications can be exploited using vulnerabilities have contributed to the widespread nature of Web-based attacks. Attackers can successfully reach and compromise a massive number of targets, and this remains as the source of motivation behind Web-based attacks. Attackers who wish to take advantage of client-side vulnerabilities no longer need to actively compromise or break into specific networks to gain access to those computers. Instead, by attacking websites, attackers can use them as means to mount client-side attacks.
An attacker can exploit any number of Web application vulnerabilities, such as SQL injection vulnerabilities, to help mount their Web-based attack. Surprisingly, many of these vulnerabilities are not used to directly compromise enterprise data assets or gain access to sensitive information. They are used simply as a way of injecting malicious content into websites as a means of launching attacks...
0 comments
riva11
|
April 7th, 2009
There are many risks on internet, but if you have a good antivirus updated , you have reduced the risk of attack. But sometime is better to test if your antivirus program detecs viruses.
I found an interesting site that you can use to test run your antivirus / Antispyware program and check if you are really protected against these risks.
Antivirus researchers has created some test files that antivirus products "detect" as if it were a virus. On THE ANTI-VIRUS OR ANTI-MALWARE TEST FILE page , you have only to download one of the different test files and see what will happen.
If you antivirus program works in the right way, the antivirus will show a message about a virus found with EICAR as virus description.
Please note the Eicar disclaimer :
Important note: EICAR cannot be held responsible when these files or your AV scanner in combination with these files cause any damage to your computer. YOU DOWNLOAD THESE FILES AT YOUR OWN RISK. Download these files only if...
Security, Internet Security Threat Report, Security Risks, Endpoint Protection (AntiVirus), Tip/How to
4 comments
John H
|
March 24th, 2009
As we talk to enterprise and consumer customers, we are finding that many don’t understand the risks of the Internet today, why their computers have been compromised, or how the threat landscape has really changed. The fact that simply visiting your favorite website can either lead to malware silently being installed on your computer without ever clicking on anything, or being plagued by misleading applications, such as fake antivirus software, seems to be a surprise to many users and IT managers alike.
With the increase in Web-based attacks that users are being subjected to every day, we wanted to share timely data on the changing threat landscape and examine some of the factors and background information that have influenced the shift toward this type of attack over the past year.
Our recently published Web-based attacks white paper highlights some of the top Web threat trends that our security analysts observed during 2008...
0 comments
sc345908
|
March 23rd, 2009
I keep getting an alert from Endpoint saying that traffic from ip address .... is blocked
[SID 23179] MSRPC Server Service BO detected
I was just wondering what this means and how I can fix it. It is always the same address and has been occuring more often the past week.
25 comments