Zulfikar Ramzan

Profile

Zulfikar Ramzan

Symantec Employee

Member for: 3 years 50 weeks
Contact: Send this user an email

Member for: 3 years 50 weeks

Blog: View recent blog entries

Contribution Stats

Solutions

Forum Threads

Comments

Blog Entries

Ideas

Articles

Videos

Downloads

Events

Groups Joined

Zulfikar Ramzan's Activity

Show:

New blog entry 01 Jun 2010

Zulfikar Ramzan posted: Trying to Rely on the Right Platform Provides the Wrong Protection

There has been a considerable amount of news activity purporting that Google is looking to do a full-scale migration away from using Microsoft products, citing security as the primary impetus. While I can’t say whether or not these reports are indeed true, the story does raise a couple of importan

New blog entry 20 Aug 2009

Zulfikar Ramzan posted: Twitter Filter Aimed at Killing Malicious Links

Recently, Twitter implemented technology to help stem the threat of malicious URLs being propagated though its service. This approach seems to be a great effort on the part of Twitter to prevent attackers from tweeting malicious links. It appears as if the tool is filtering tweets and compari

New blog entry 22 May 2009

Zulfikar Ramzan posted: The Rise of Low-Tech Attacks

While many forms of online mischief require some degree of technical sophistication on the part of the miscreant, we often see forms of attack that are quite simple. One case in point is the phishing attack. In many ways, phishing attacks are at the low end of the totem pole from a technical sophi

New blog entry 19 Jan 2009

Zulfikar Ramzan posted: Online Miscreants Swept Away by Obamania

In previous blog postings, I talked about politically themed online malicious activity, focusing on what we observed during the recent U.S. presidential election cycle. Even though the election itself has long since been over, we are continuing to see similar political themes in today’s attacks.

New blog entry 08 Aug 2008

Zulfikar Ramzan posted: The BlackHat 2008 Attendee Survey Results Are In!

On the opening day of BlackHat 2008, Symantec commissioned an anonymous survey among the attendees to learn about contemporary views on security related topics, such as vulnerability research, future threats and trends, and what types of challenges we as security professionals will collectively fa

New blog entry 01 Aug 2008

Zulfikar Ramzan posted: Safe Summer Travels on the Information Superhighway

With the Olympics right around the corner and being that we are in the heart of the summer, I’m sure many of you will find yourselves travelling quite extensively. Nowadays, it’s almost impossible to go cold turkey from the Internet. It’s equally impossible to find a place that doesn’t offer some

New blog entry 27 May 2008

Zulfikar Ramzan posted: Crimeware Book Chat on Network World (Wednesday 28-May-2008 from 2-3pm ET)

In my most recent blog entry , I mentioned that Markus Jakobsson and I recently collaborated on a new book: “ Crimeware: Understanding New Attacks and Defenses .” Network World is hosting a live chat session, and attendees will be eligible to win one of ten copies of the book

New blog entry 21 Apr 2008

Zulfikar Ramzan posted: Political Implications of Cross-Site Scripting

On the eve of the much anticipated Pennsylvania Democratic Primary, we received public reports of a series of cross-site scripting vulnerabilities that affected Barack Obama's campaign Web site. We also saw reports of these vulnerabilities being disclosed publicly on the XSSed.com Web site. T

New blog entry 18 Apr 2008

Zulfikar Ramzan posted: Crimeware Book Now Available

For some time now, Symantec has stressed that the online threat landscape shifted a few years back, away from hobbyist-driven threats towards financially driven threats. This trend has given rise to a class of malicious software known as "crimeware." I recently had the plea

New blog entry 22 Jan 2008

Zulfikar Ramzan posted: Drive-by Pharming in the Wild

In a previous blog entry posted almost a year ago, I talked about the concept of a drive-bypharming attack. With this sort of attack, all a victim would have todo to be susceptible is simply view the attacker’s malicious HTML orJavaScript code, which could be placed on a Web page or embedded

New blog entry 21 Jan 2008

Zulfikar Ramzan posted: Flashing Home Routers

In a recent blog posting ( http://www.gnucitizen.org/blog/hacking-the-interwebs )the GNUCITIZEN security think tank published some new research on thesecurity of home routers – specifically on how to modify routersettings from an external location using Adobe Flash. The techniques,if I unders

New blog entry 27 Nov 2007

Zulfikar Ramzan posted: Malicious Advertisements

On November 2, 2007 I had the opportunityto participate in a panel at the Federal Trade Commission on the futureof online behavioral advertising. While this topic is not one that isnormally associated with information protection issues, there are someinteresting implications that I touched upon

New blog entry 27 Nov 2007

Zulfikar Ramzan posted: Malicious Advertisements

New blog entry 27 Aug 2007

Zulfikar Ramzan posted: Michael Dolan to Face Seven Years in Jail

Michael Dolan, a phisher who targeted AOL over the course of fiveyears recently pleaded guilty to two criminal counts that the U.S.attorney's office brought against him. The first count was a conspiracyto commit fraud and the second count was aggravated identity theft. Dolan's "

New blog entry 12 Aug 2007

Zulfikar Ramzan posted: A Brief History of Phishing: Part II

Part I on Friday discussed the early days of phishing from relatively harmless spam to targeting the financial sector and then to an increasingly professional operation with serious consequences for both organizations and individuals. The threat evolves further In a technic

New blog entry 09 Aug 2007

Zulfikar Ramzan posted: A Brief History of Phishing: Part I

Symantec is celebrating its 25-year anniversary and, during the course of the company’s history, we’ve seen the threat landscape evolve continuously. Many of the threats we routinely address today were practically unheard of in the early days. While much of the activity back then was centered arou

New blog entry 01 Jul 2007

Zulfikar Ramzan posted: Phished Brands and the Pareto Principle

The Pareto principle, sometimes known as the 80-20 rule, states thatroughly 80% of the effects stem from 20% of the causes. It was namedafter Vilfredo Pareto, an Italian economist, who observed that 20% ofItaly’s population received 80% of its income. This principle comes upin numerous other place

New blog entry 27 Jun 2007

Zulfikar Ramzan posted: Core Brands and Phishing

I recently looked at some data collected from the NortonConfidential server on brands spoofed in phishing attacks from Junethrough December of 2006. In total, we saw phishing attacks on 343different brands. Looking further into the data, I wanted to get asense of which types of brands are consiste

New blog entry 31 May 2007

Zulfikar Ramzan posted: On Bank-Specific Top-Level Domains

Recently, Mikko Hypponen proposed the idea of a .bank top-level domain extension as a way to combat phishing attacks (see 21 Solutions to Save the World: Masters of Their Domain ). The proposal garnered some significant interest including two Slashdot threads: A Foolproof Way To End Bank Acco

New blog entry 16 May 2007

Zulfikar Ramzan posted: Phishing and Two-Factor Authentication Revisited

A while back, I blogged about the role of two-factor authentication tokens in protecting against phishing scams .Since then, the issue has come up again, and has recently has attractedmore attention, so I thought I’d spend some time here revisiting it. First, let’s recall what two-factor a

Zulfikar Ramzan

Zulfikar Ramzan's Activity

Technical Support

Symantec.com

Store

Community Stats