Posts tagged malware
3 awesome security tips for 2012
Jan 3rd
by Claudiu Popa
Everything I’m reading these days indicates that hacking and malware infections are going to increase in 2012. I don’t need to provide references here because everything you’re reading does too. Yet all the software you need to secure computers, both corporate and personal, is available for free. There’s everything from scanning and blocking to diagnosing and disinfecting the computing devices you depend on.
Claudiu Popa
So how come we’re poised for continued growth in data theft and general cyber-mischief?
In short, you’re the weakest link. If it weren’t for you, your computer would have a much higher chance of leading an infection-free existence, gracefully growing old and slowly descending into obsolescence. Instead, you may hear yourself thinking out loud: “it was fast at the beginning, but now it’s so slow I’m thinking of getting a new one”. This platform-independent mantra is no doubt very depressing for laptops and smartphones to overhear and even the shiny new tablets, smug in their reliance on a firmware-based operating system, aren’t too far behind.
What are your options? Panic? Trade in your new tablet for a stone tablet? Pester the one social recluse in your family with open-ended questions?
The latter is always a good idea (although you can’t go wrong with the first two either). Make sure you corner him (it’s always a ‘he’) at the family party this holiday season and don’t let him take another sip of the eggnog until he makes an effort to put his answers into plain English. Pull up a chair, make him feel special, for once!
Stone Tablet
In the failing case, here are three (because no one can really retain more than that anyway) tips for you to better understand computing security in general, and in particular over the next few months, as the reliance on technical attacks on all platforms (not just on mobile devices, PCs, or ‘in the cloud’) gives way to plain old abuses of trust). At the very least, you’ll sound smarter about this stuff, so here’s some sage advice:
1. Sometimes things that increase convenience may increase your security risk
Just one example: URL shorteners. These handy little tools (aside from the fact that they build clickthrough statistics) may send you to malicious destinations and may contribute to the security problems that plague social networking sites. So click wisely.
2. Sometimes it’s better to focus on the things that go out of your computer
We’re on the Internet for a reason: to explore and access information. Each click is a request, an a consensual invitation, an implied permission and an open door to receiving information. So when that response happens to be malicious, it’s difficult to see exactly what it’s doing inside your computer, but it’s relatively easy to block unauthorized software from ‘calling home’ and initiating outbound connections of its own. So look for personal firewalls with egress filtering and be cautious about approving connection requests.
3. Sometimes things that protect your privacy may decrease your security
You know that little ‘lock’ icon everyone tells you to look for when completing online purchases? And the ‘secure tunnel’ your IT guy tells you about when installing your remote access VPN into the office (so you can be ‘productive‘ from home, naturally)? Those are great things. They protect the confidentiality of the data that you exchange with the big bad Internet, and also serve to protect your privacy. But they also make it next to impossible for security tools to inspect data traffic, see malicious code and the details of hacking attacks as they come and go. So use with caution, and appreciate that once encrypted, both good and bad data is protected from prying eyes (and be sure to have a memory resident scanner to detect the latter just before or immediately after scrambling).
Enjoy 2012 and if you know someone who could use the information, don’t hesitate to suggest this blog.
Targeted attacks and how they’re happening now
Dec 13th
by Paul Wood
Targeted malware and advanced persistent threats (APTs) have been big news in 2011, particularly in the wake of the Stuxnet attacks of 2010, and the recent discovery of Duqu.
Paul Wood
Though the term has been overused and occasionally misused, it is undeniable that APTs represent a significant threat to some companies and industries. Symantec.cloud found that the number of APTs detected worldwide increased fourfold from January to November of this year. So as 2011 comes to a close, we thought it would be a good idea to use our November Intelligence Report to take a closer look at what have been dubbed “advanced persistent threats”. Read the rest of this entry »
Finally, some statistics on the impact of cybercrime in Canada!
Sep 9th
Claudiu Popa
By Claudiu Popa
It’s about time. Since most companies do not benefit from security monitoring tools and technologies and many of those that do aren’t inclined to share their unfortunate events for fear of getting ridiculed at the playground, statistics on cybercrime and malware in Canada are few and far between. So kudos to Symantec for releasing some meaningful statistics on cybercrime in Canada and some global figures in general.
And it’s been a worthwhile exposure effort. One day after the Norton Cybercrime Report’s release, the Internet was already teeming with superficial coverage of the contents. Most outlets are happy to report the big global number of $114 billion in losses for the past year. Personally, I like to have a deeper look. In this case, I’ll constrain my scope to the Canadian figures and try to put things into perspective. So here goes: Read the rest of this entry »
Spammers benefit from stock market turmoil
Aug 29th
By Matt Sergeant
August was a busy month for cyber criminals, according to the August 2011 Symantec Intelligence Report. While phishing levels were one in 229.9 forCanadathis month, spammers were also busy taking advantage of the recent financial market fluctuations.
Matt Sergeant
“Pump-and-dump stock” scams have become popular among hackers hoping to generate profits on intentionally overvalued penny stocks, or highly speculative common stocks traded at less than a dollar. Just as they sound, “pump-and-dump stocks” are promoted (“pumped”) by their owners in order to inflate the price of the stocks as much as possible so that they may then be sold (“dumped”) before their valuation decreases to the original price. Using this scam, cyber criminals attempt to convince the prospective mark that the penny stock is actually worth more than its valuation, or that it will soon skyrocket, using false or misleading information.
When successful, these misleading scams can artificially drive up the price of the stock to a point where the scammers decide to sell their shares, ending the spam campaign and lowering the stock’s valuation back to its original price. Read the rest of this entry »
Sophisticated polymorphic malware is on the rise
Aug 3rd
By Paul Wood
Recent research from the July 2011 Symantec Intelligence Report found cyber criminals are more aggressive than ever before when it comes to spreading malware over e-mail using more sophisticated polymorphic techniques designed to bypass more traditional anti-virus defences.
Paul Wood
Polymorphic malware uses variations of the same code by employing different encoding techniques, making it harder to detect as each new variation may require its own signature in order to identify it correctly. Read the rest of this entry »
Cutwail botnet raising spam levels once more
May 12th
There has been a recent increase in the amount of malicious email traffic detected by MessageLabs Intelligence despite a continuous decrease in the actual number of spam mail distributed.
The decrease in spam is due in large part to the takedown of Rustock, the largest spamming botnet, in March. So what accounts for this increase in malware traffic?
Paul Wood
An investigation by MessageLabs Intelligence revealed that this increase is at least due in part to the Cutwail botnet.
Goo.gl fake antivirus worm spreads across Twitter
Jan 24th
By Tony Bradley
Twitter and Twitter users are being targeted by a malicious worm. The worm sends out tweets with a goo.gl shortened URL link directed to a rogue antivirus application. The attack demonstrates once again how URL shortening can be a Pandora’s box as users click on links with no clue where they might lead.
A post on Naked Security by Sophos’ Graham Cluley describes the threat. “Thousands of Twitter users are finding that their accounts have been tweeting out malicious links without their permission, pointing to a fake anti-virus attack,” adding, “A quick search on the popular micro-blogging network finds many tweets from users containing no message other than a goo.gl shortened link (Google’s equivalent to bit.ly or tinyurl), which itself points to a URL ending with “m28sx.html”.
Security Predictions for 2011
Dec 17th
On December 7, we released our MessageLabs Intelligence 2010 Annual Security Report which highlighted the changes in the threat landscape during 2010 and looked ahead to potential trends for 2011. This blog is a snap shot of some of the trends and predictions noted in the report.
Global Spam Trends
In 2011, spam will become more culturally and linguistically diverse. The use of English in spam will fall from approximately 95 per cent of all spam to below 90 per cent driven by economic growth and broadband adoption in emerging economies. For instance, spammers will target Brazil with more than 40 percent of spam in Portuguese. Portuguese and Spanish will become some of the most popular languages used in spam other than English.
Spammers can be quite creative
Nov 19th
By Mathew Nisbet
Spammers will try anything to get their spam past your filters and into your inbox. We’ve seen many tricks involving random text hidden in the body, use of images, a message body with nothing but a link to the main message somewhere on the web. This example is one of the more elaborate (but ultimately futile) attempts that I’ve seen.
Recently we have been seeing a run of emails that pretend to be informing the recipient that they have a number of “unread” or “important” messages waiting for them on a well known social network. Over a 3 day period, between October 24 and 26, we saw roughly 18,500 of these. Since then the volume has dropped to less than 100 per day, but we are still seeing them.
The use of a well known social media brand name is the first part of the approach to bypass filters. The message copies the format of common legitimate email subjects and cannot be detected based on a signature related to the subject alone. It is also a piece of social engineering, to try and entice an unsuspecting user into opening the email. Read the rest of this entry »
What caused sudden drop in spam traffic?
Oct 28th
It has been widely reported that global spam volumes have decreased, especially on October 3 when spam levels dropped to their lowest for some time.
Dan Bleaken
At Symantec Hosted Services we have a wealth of data on spam traffic, and crucially what contribution to global spam each of the major botnets makes. This blog will take a close look at botnet spam, what factors influence botnet output, and will try to explain some of the changes that occurred around October 3. Read the rest of this entry »
