Security Risks
metalplane
|
November 21st, 2009
I recently received a virus warning that I am infected with the Pidief.F Trojan. I followed the removal instructions that asked me to remove a number of Registry entries. I could not find any of them, even with the "Find", searching the entire registry file.
I am using XP and System Works 2006. Everything has been updated.
How can I tell what's triggering the warning, and are there variants I should be looking for in the registry?
Security, Malicious Code, Security Risks, Configuring, Tip/How to, Endpoint Protection Small Business
0 comments
Leo Nikora
|
November 20th, 2009
Endpoint Protection 11.0.5002.333 failed to even find (much less fix) the Sheur2 trojan.
AVG did find and fix it.
0 comments
jRand
|
November 20th, 2009
Background:
Currently running Symantec AV 10.1.5.5002
I need assistance with interpreting or coming to a conclusion of where certain types of files are originating from.
We have workstations that are provided from a vendor with their custom WinXP w/SP3 image installed on the harddrive. These workstations are on their own separate subnet.and internet access has been blocked. After the machines are shipped to us we network them, join the windows domain server, install symantec from the network, and then we perform a Full scan of the workstation harddrives and we find the files below. The scan detects the W32.SillyFDC virus. Once thing to note is that we only detect this type of virus on the workstations provided from the vendor. The vendor has Symantec EP11 and they scan their image and nothing is flagged. We are trying to determine if these files are false positives or if our SAV client settings are set too agressively in...
2 comments
Marian Merritt
|
November 20th, 2009
I had the honor recently of moderating a virtual roundtable discussion on the top Internet security trends from 2009 and what we expect to see in the security threat landscape in 2010. Funny thing about security predictions—you hope they won’t come true, but expect them to anyway. The roundtable featured expert panelists Paul Wood (Senior Analyst, MessageLabs Intelligence, Symantec) and Zulfikar Ramzan (Technical Director, Symantec Security Response). They each have unique insights into the world of cybercrime, spam, phishing attacks, and other cyberthreats that plague us all.
We want to give a big thanks to everyone who joined in to listen to our experts, and we hope you found it interesting. For those of you who couldn’t make it, please take a few minutes to listen to the podcast of the actual roundtable.
You can read more about Symantec’s top trends from 2009 and our predictions for 2010 by clicking on the following links:
Breadth of Security...
Emerging Threats, Security, Security Response, Evolution of Security, Malicious Code, Online Fraud, Security Risks, Spam, Vulnerabilities & Exploits, Endpoint Protection (AntiVirus)
0 comments
jomargonzales
|
November 18th, 2009
Symantec must develop virus signatures that recovers the original registry stored in PC. Almost all of threats changed registry which is very tedious to IT personnel to restore the original registry setup.
11.x, Emerging Threats, Security, Basics, Malicious Code, Security Risks, Features, Performance, Endpoint Protection (AntiVirus), Tip/How to
0 comments
VDOR
|
November 18th, 2009
SEP seems to think the SecLU.exe and is preventing it from running.
I am just setting up our new configuration and thought this was hilarious. I knew I should have been more careful about purchasing a Symantec product!
Anybody know what to do?
6 comments
Naor Penso
|
November 18th, 2009
Hi,
One of our clients asked me, and I'm not aware of the exsistance of a LiveCD containing Anti-Virus.
The client (which has a point by the way) says: McAfee has one, Kaspersky has one, why cant i get one from symantec.
If there is no LiveCD then it should be an idea.
Thanks.
Naor Penso
2 comments
Paul Wood
|
November 18th, 2009
This week I had the pleasure of sitting on a panel with some of the best and the brightest among my Symantec colleagues to reflect on 2009’s threat landscape and what we anticipate for the year ahead.
We concurred that what we’ve seen this year was ugly. Botnets prevailed and took over as a primary means of spamming and spreading malware and social engineering attacks became more sophisticated. But what we also know is that this year pales in comparison to what 2010 is expected to bring: fast flux botnets will dominate, IM spam will rear its head, rogue security software vendors will up their game, fraud targeted at social networking apps will grow, new CAPTCHA bypass techniques will emerge... to name a few.
That’s the bad news. The good news is that with a bit of preparation and the right security solutions in place, we can continue to outsmart the bad guys. So without further ado, I present to you Symantec’s 2010 Security Predictions.
2010 Security...
Emerging Threats, MessageLabs Intelligence, Security, Evolution of Security, Security Risks, Spam, Hosted Mail Security
1 comments
Andy Chow
|
November 17th, 2009
Hi,
Take a look at this link:
http://itknowledgeexchange.techtarget.com/network-technologies/don%E2%80%99t-panic-whenever-you-ip-4-dupaddr-duplicate-address-error-log-in-your-cisco-6500-switches-running-hsrp/
Does anyone has an idea on what kind of malware is this? Has Symantec encountered before this type of malware?
Is there any specific signatures from Symantec that can detect this type of threats?
Thanks in advance.
~Andy Chow
1 comments
Kevin Haley
|
November 17th, 2009
Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need. I expect it to show up in a revision of Maslow’s Hierarchy of Human Needs any day now—behind love, but certainly ahead of safety.
I do have a point to all this. Two actually. As we compiled the Security Trends to Watch in 2010, what occurred to me is that the people who most needed to read this information never will. At least not without some social engineering on my part. And since social engineering plays such a prominent role in future trends, it seemed appropriate. So I’ve decided to use this little trick to get people to read the list of trends below. So…
Don’t read this if you think antivirus technology...
11.x, Security, Security Response, 10.x, Evolution of Security, 9.x and Earlier, IT Risk Management, Malicious Code, Online Fraud, Security Risks, Spam, Vulnerabilities & Exploits, Endpoint Protection (AntiVirus)
0 comments
Kevin Haley
|
November 17th, 2009
The Security Response team has compiled the top security trends of 2009. We pulled data from the Global Intelligence Network and the experiences of the thousands of analysts and security experts at Symantec to come up with the top trends for the year. While none of these trends will be a surprise to anyone even casually following the threat landscape, when compiled and summarized, it is clear that the breadth of security problems in the past year was pretty stunning.
For example:
• Toolkits and threat recycling have made malware easier to create than ever
• Polymorphic technology is being applied to make threats harder to catch
• Botnets, large and small, are used as the foundation of attacks making most attacks complex
• All major news events are used for social engineering
• Major brands are being appropriated by cybercriminals to lure online victims
But, it’s the...
Security, Security Response, Evolution of Security, IT Risk Management, Malicious Code, Online Fraud, Security Risks, Spam, Vulnerabilities & Exploits, Endpoint Protection (AntiVirus)
0 comments
MarissaVicario
|
November 17th, 2009
Posted on behalf of Paul Wood
This week I had the pleasure of sitting on a panel with some of the best and the brightest among my Symantec colleagues to reflect on 2009’s threat landscape and what we anticipate for the year ahead.
We concur that what we’ve seen this year was ugly. Botnets prevailed and took over as a primary means of spamming and spreading malware and social engineering attacks became more sophisticated. But what we also know is that this year pales in comparison to what 2010 is expected to bring: fast flux botnets will dominate, IM spam will rear its head, rogue security software vendors will up their game, fraud targeted at social networking apps will grow, new CAPTCHA bypass techniques will emerge... to name a few.
That’s the bad news. The good news is that with a bit of preparation and the right security solutions in place, we can continue to outsmart the bad guys.
So without further ado, I present to you Symantec’s 2010 Security...
0 comments
MFishman
|
November 17th, 2009
I am getting messages from SAV 10.x saying that a virus was found, but it reports the risk discovered by "Unknown" (not prefixed by Heuristic, etc.).
So who did indeed catch this one?
4 comments
fbentz
|
November 17th, 2009
The current release of removeable media does not allow a user to take a USB drive to a non SEE equiped machine, open the files on the machine and then save it back encryped to the usb drive. Once the file is opened it can only be saved unencrypted. This then allows confidential data to be compromised. Please add encrypting data on USB drives for all data rewritten to a drive.
0 comments
soumyaghosh
|
November 17th, 2009
RECENTLY I HAVE SEEN NTP LOG THERE I HAVE SEEN "MS RPC NETWORK DDE BO DETECTED".I HAVE ATTACHE THE SCRNSHT HERE.PLZ HELP ME OUT.IS IT ANY HAZOURDOUS FOR MY NETWORK?
SOUMYA
1 comments
Liam O Murchu
|
November 16th, 2009
Finally, some help with explaining Internet security to my non-geek friends! The Guide to Scary Internet Stuff video series will hopefully make my life a little easier. Explaining the intricacies of Internet security is a challenging task. I often have difficulty explaining to my non-technical friends and relatives why they need to know about risks on the Internet. On top of that, I sometimes discover that my advice has fallen on deaf ears as I inevitably fix their computers after a click on a spam or phishing link, or after they have not run Windows Update or updated their antivirus software in a while.
Although this is not the normal technical type of material that we post here on the Security Response blog, when Dominic Cook from our UK PR team showed me these, I immediately thought they were worth a post. The animations are fun, but most of all I think my friends will understand them, remember some of the advice, and hopefully be safer online after watching them—although...
Security, Security Response, Malicious Code, Online Fraud, Security Risks, Spam, Endpoint Protection (AntiVirus)
0 comments
Paul Mapacpac
|
November 15th, 2009
Virus alert, cannot be detected by most of the antivirus out in the market.
Will reside on one of our Recycler profiles. (You should delete the files Desktop.ini, MxEng.exe) if it is in use, you can use the utility Unlocker 1.8)
The virus will create registry entries on
1. HKLM\SOftware\Microsoft\Windows NT\Winlogon\Shell (it will add the exe file csrcs.exe after Explorer.exe)
2. HKLM\SOftware\Microsoft\Windows NT\Winlogon\Taskmon (pls delete this entry)
The virus will use System (svchost) to infect other pcs on the network. It will also scan/send the virus on your network.
I will try to upload samples to Symantec Security Response asap..
4 comments
mistrd
|
November 14th, 2009
Concerning my Norton System Works 2006 suite:
Hi, I probably should have subscribed to the forum before I made such a move, but:
I was having problems with keeping my "autoprotect" turned on, searched all over for a cure, and eventually downloaded the "uninstall" tool and uninstalled it. Upon computer reboot, Symantec page popped up with a window to reinstall it. Very helpful. However, after the reinstall and entering my product key, I have no virus software.
Not good. Any ideas?? My subscription runs out soon, and I will likely buy a 3 pc pack (wife's laptop crashed and just installed xp on it) but in the meantime, , , , , ,
1 comments
scottmc10
|
November 14th, 2009
Hi. I have Symantec Antivirus 10.1.6.6000, virus definitions 11/03/09 rev. 3. Windows XP. I hope I'm posting in the correct forum. It seems the version of Symantec AV software my graduate school gives out to students and faculty is a corporate version, and the people on the Norton board sent me here.
In the last two days I have seen auto-protect pop up with Backdoor.tidserv something like 12 times. Each time it says, "cleaned by deletion." But then a few hours later it comes back. It seems there must be some part of this infection not being removed. I have the risk history log that just shows the dozen occurences I mentioned and a cluster of trojan horse files that were supposedly quarantined on 11/8/09. Can anyone help?
Thanks in advance. Apologies if I have omitted some baseline information. I have never posted to this forum before.
8 comments
early_morning
|
November 13th, 2009
We have been doing a SEP 11 upgrade and for the most part we have worked through 3500 workstations and over 230 Servers. But, and you knew there had to be a "but", I have 2 SQL servers that have me baffled.
One is a Win2000 Server and the other a 2003 Server. Both run MS SQL and both are running on older DELL Server hardware. They both were running version 10.1.6xxx of SAV but I've done a manual cleanup process to ensure that the old version is removed from all directories, registry and rebooted the servers multiple times. Obviously I don't want to leave them vulnerable and I don't want to go back to SAV 10.
The error describes a "pending install has not completed." You will need to reboot before attempting to install SEP client. After you reboot, the install seems to be going along just fine, then it backs out of the install and returns us to the same error - Kind of an infinite loop. The frustrating thing is there is no...
13 comments
shp
|
November 12th, 2009
I would like to add an idea about online status of the users in Symantec connect.
It will be good to see a status icon(small bubble) beside user virtual face(avatar) like Green for online orange for inactive etc....
It will be easy for us to know the person availability and do PM.
11.x, Emerging Threats, Security, 10.x, Evolution of Security, 9.x and Earlier, Basics, IT Risk Management, Best Practice, Malicious Code, Security Risks, Configuring, Spam, Features, Installing, Performance, Reporting, Endpoint Protection (AntiVirus), Tip/How to, Upgrade
2 comments
riva11
|
November 12th, 2009
Wireshark is the world's most popular network protocol analyzer. Originally known as Ethereal , Wireshark is particularly helpful for network troubleshooting, using a graphical front-end allows to see all traffic being passed over the network.
Features
Deep inspection of hundreds of protocols, with more being added all the time
Live capture and offline analysis
Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
The most powerful display filters in the industry
Rich VoIP analysis
Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor,...
Endpoint Management and Virtualization, Security Risks, Configuring, Features, Performance, Reporting, Tip/How to, Symantec Connect, Workspace Virtualization
0 comments
techcoor
|
November 12th, 2009
Network Threat Protection traffic log shows Blocked Ethernet (type = 0x34) and (type = 0x5c) from remote host 0.0.0.0.
What is this type of communication and what should I do about these types of communication?
13 comments
georgepr
|
November 12th, 2009
Hi,
We have certain domains that only receive email from certain geographic regions, is there a way to either exclude or include entire regions?
We would be interested in simply blocking all traffic from Russia, China, Africa, etc...
Thanks
3 comments
Nishant Doshi
|
November 12th, 2009
If a hacker managed to hack into your blog or website, what could they possibly do? They could insert malicious iframes or JavaScript code into your Web pages. Probably even attempt to steal some data. But most likely they would "search engine optimize" your website. Can this be true? Well, let me explain more.
Search engine optimization (SEO) is a collection of techniques used to achieve higher search rankings for a given website. "Black hat SEO" is the method of using unethical SEO techniques in order to obtain a higher search ranking. These techniques include things like keyword stuffing, cloaking, and link farming, which are used to "game" the search engine algorithms.
So what does a hacker gain from all this? Why would a hacker help you achieve a higher search engine ranking? Quite the contrary; he is helping himself.
What the hacker actually does is add numerous additional Web pages to your website. Let’s call each of these additional pages...
0 comments