Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Masaki Suenaga

Masaki Suenaga
Member for: 3 years 50 weeks
Contact: Send this user an email
Member for: 3 years 50 weeks
Blog: View recent blog entries
Contribution Stats
0
Solutions
0
Forum Threads
0
Comments
14
Blog Entries
0
Ideas
0
Articles
0
Videos
0
Downloads
0
Events
0
Groups Joined

Masaki Suenaga's Activity

Show:
New blog entry 02 Nov 2010
Masaki Suenaga posted: Trojan.Zbot.B による HTML インジェクション
前回のブログ では Trojan.Zbot.B の設定ファイルの構造について詳しく説明しましたが、今回はその設定ファイルに含まれる別のコマンドについてさらに詳しく見てみたいと思います。ここでは、Web ブラウザに HTML コードをインジェクトするコマンドについて説明します。 この設定ブロックには、0010、0020、0004、0008 という 4 つのコマンドレコードがあります。コマンド 0010 は、次のパターンに一致する HTML データを検索するために使われます。 <td><div class=”account-
New blog entry 01 Nov 2010
Masaki Suenaga posted: HTML Injections by Trojan.Zbot.B
Following on from my previous blog exploring the structure of the Trojan.Zbot.B configuration files, we will now take a closer look at another command contained in the configuration file. In this case we will examine a command that injects HTML code into the Web browser. This
New blog entry 01 Nov 2010
Masaki Suenaga posted: Trojan.Zbot.B の設定ファイルについて
同僚の板橋一正氏が ブログ に書いているように、 TrojanZbot.B (別名 Zeus ボットネット)は、システム時間を基にランダムなドメイン名を生成し、そのドメインを含んだ URL からファイルをダウンロードします。 TrojanZbot.B は、 /news/?s= [数値] というパスを使ってそのドメインにアクセスし、設定ファイルをダウンロードします。設定ファイルはデジタル署名されており、次のような内容になっています。 設定ファイルは暗号化されています。このファイルを復号化するには、RC4 を適用して、先頭から末尾までバイト単位で各先行
New blog entry 31 Oct 2010
Masaki Suenaga posted: Configuration File Details of Trojan.Zbot.B
As my colleague Kazumasa Itabashi outlined in this blog , TrojanZbot.B , a.k.a. Zeus Botnet, attempts to download files from URLs with random-looking domain names generated by the Trojan based on the system time. When it accesses these domains with a path of /news/?s=[NUMBER], it dow
New blog entry 16 Jul 2010
Masaki Suenaga posted: Trojan.Sasfis に関する詳細
Trojan.Sasfis に関する 最近の記事 では、この攻撃のスパム的な面に焦点を当てましたが、今回はまだ続いているこの脅威について、シマンテックのグローバルに設置されたセンサーで最近流行が確認されている傾向を詳細に説明します。 拡散 Sasfis についてまとめると、この脅威は多くのスパム活動によって、これまでに全世界の電子メール量に大きな影響を及ぼしてきました。Amazon_Tracking_Number_N[ランダムな数字][長い空白文字]DOC.exe や iTunes_certificate[ランダムな数字].exe といった偽装のほか、最
New blog entry 16 Jul 2010
Masaki Suenaga posted: Trojan.Sasfis: A Closer Look
In our recent article on Trojan.Sasfis we focused on the spam angle of the attack and in this piece we will take a deeper look at this somewhat persistent threat which our global sensors indicate is recently on the rise. Distribution To recap, Sasfis has been making a significa
New blog entry 13 Dec 2009
Masaki Suenaga posted: AVAR 2009 Conference in Kyoto
The AVAR 2009 Conference was held in the historical city of Kyoto, Japan from November 5. As this year's trend is cloud computing, fake antivirus software and massive PDF file attacks, the cloud and PDF topics were covered in the conference. We had several Japan-specific sessions. Som
New blog entry 05 Dec 2007
Masaki Suenaga posted: An Infostealer That is Just Too Visible
There have been many viruses discoveredthat have the direct purpose of stealing online bank account andpassword information. It has been determined that a good majority ofthese have originated in Brazil and in these cases the viruses areknown to be part of the infostealer.bancos family. They ru
New blog entry 18 Oct 2007
Masaki Suenaga posted: RealPlayer Exploit On The Loose
Yesterday we became aware of an in-the-wild exploitation of a previously unknown RealPlayer vulnerability .This unpatched vulnerability affects the latest versions of RealPlayerand RealPlayer 11 BETA distributed on their site. The issue affects anActiveX object in the RealPlayer component ie
New blog entry 29 Jul 2007
Masaki Suenaga posted: 300-Day Attacks
Some file formats are more vulnerable toexploits than others. Document and spreadsheet programs, for example,are often exploited, possibly as much because of their prevalence ondesktops as from any other reason. That said, updating them is ofteneasier precisely because of their widespread use,
New blog entry 05 Jun 2007
Masaki Suenaga posted: The Beginning of the Arabic Virus Era
If a virus uses a language other than English, it is most oftenChinese, German, Spanish, Portuguese or Russian, and sometimesIndonesian/Malay, Japanese or Thai. It is rare to find an Arabic-awarevirus. At least we've thought so until now. In the current trend where a worm that spreads thr
New blog entry 05 Mar 2007
Masaki Suenaga posted: WordPress 2.1.1 Compromised
WordPress, a blog-publishing system written in PHP, has had a recent release of its software compromised that may allow remote code execution via a back door. While apparently limited to certain copies of 2.1.1, WordPress has since released an updated and verified version 2.1.2 and are advising
New blog entry 26 Feb 2007
Masaki Suenaga posted: Fake Archiver Product Found in Korea
A fake installer for the Korean version of ALZIP – a commercial archiver application and a component of the ALTOOLS series created by ESTsoft Corp – was recently discovered, which Symantec detects as Trojan.Dropper . When the fake installer is executed, it displays the same window as the ge
New blog entry 17 Aug 2006
Masaki Suenaga posted: IME-Aware infostealer discovered
Traditional key loggers are used to capture key strokes or parameters of WM_CHAR window messages. A key logger is usually good enough to decipher what is input by the user if the language is English, French, Russian, Arabic, Thai and so on. However, people in China, Japan, and Korea often have

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,949