Posts tagged virus
Targeted attacks and how they’re happening now
Dec 13th
by Paul Wood
Targeted malware and advanced persistent threats (APTs) have been big news in 2011, particularly in the wake of the Stuxnet attacks of 2010, and the recent discovery of Duqu.
Paul Wood
Though the term has been overused and occasionally misused, it is undeniable that APTs represent a significant threat to some companies and industries. Symantec.cloud found that the number of APTs detected worldwide increased fourfold from January to November of this year. So as 2011 comes to a close, we thought it would be a good idea to use our November Intelligence Report to take a closer look at what have been dubbed “advanced persistent threats”. Read the rest of this entry »
2011: The year that big name companies got owned
Apr 5th
By Claudiu Popa
There’s little sense in waiting until the end of the year. We know that the headline will likely say something to that effect. The question is, why now?
Comodo is known for their free Windows firewalls. The company has seen its digital certificate process compromised to the point where their digital certificates, built into all Web browsers, could no longer be trusted. A simple breach exposed millions of users, embarrassed the company and tarnished an already shaky public image.
Claudiu Popa
RSA, the paragon of security thanks to its ubiquitous password tokens, has seen a key piece of its access control mechanism breached. In so doing, hackers have technically compromised the security infrastructure of tens of thousands of organizations that depend on these systems for verifiable protection. Again, what could be simpler than a phishing attack? All it took was one employee clicking on email-borne malware to install a remote access tool. But can we really blame the access compromise on a single user error at the world’s leading access control company?
Speaking of phishing, the client contact information of such notable enterprises as Citigroup, JPMorgan Chase, Best Buy, Disney, Ritz Carlton, Marriott, Barclays PLC, US Bancorp, McKinsey & Co, Walgreens, TiVo, Capital One, HSN Channel, Hilton Hotels, Verizon, Kraft Foods, AstraZeneca and some 5900 colleges, universities and schools has been compromised in one fell swoop by a breach of Epsilon, a prominent marketing firm with some 2500 big name clients. Read the rest of this entry »
Goo.gl fake antivirus worm spreads across Twitter
Jan 24th
By Tony Bradley
Twitter and Twitter users are being targeted by a malicious worm. The worm sends out tweets with a goo.gl shortened URL link directed to a rogue antivirus application. The attack demonstrates once again how URL shortening can be a Pandora’s box as users click on links with no clue where they might lead.
A post on Naked Security by Sophos’ Graham Cluley describes the threat. “Thousands of Twitter users are finding that their accounts have been tweeting out malicious links without their permission, pointing to a fake anti-virus attack,” adding, “A quick search on the popular micro-blogging network finds many tweets from users containing no message other than a goo.gl shortened link (Google’s equivalent to bit.ly or tinyurl), which itself points to a URL ending with “m28sx.html”.
Spammers can be quite creative
Nov 19th
By Mathew Nisbet
Spammers will try anything to get their spam past your filters and into your inbox. We’ve seen many tricks involving random text hidden in the body, use of images, a message body with nothing but a link to the main message somewhere on the web. This example is one of the more elaborate (but ultimately futile) attempts that I’ve seen.
Recently we have been seeing a run of emails that pretend to be informing the recipient that they have a number of “unread” or “important” messages waiting for them on a well known social network. Over a 3 day period, between October 24 and 26, we saw roughly 18,500 of these. Since then the volume has dropped to less than 100 per day, but we are still seeing them.
The use of a well known social media brand name is the first part of the approach to bypass filters. The message copies the format of common legitimate email subjects and cannot be detected based on a signature related to the subject alone. It is also a piece of social engineering, to try and entice an unsuspecting user into opening the email. Read the rest of this entry »
How cyber crooks break CAPTCHAs
Aug 11th
The per centage of spam containing shortened hyperlinks has increased significantly over the last year. As far as spammers are concerned, any tactic that makes it harder to block their spam emails is going to be exploited. These shortened hyperlinks contain reputable and legitimate domains, making it harder for traditional anti-spam filters to identify the messages as spam.
Paul Wood
Analysis in the latest MessageLabs Intelligence Report revealed that URL-shortened spam hit a one day peak of 18 per cent, or 23.4 billion spam emails, on April 30, 2010. This doubled last year’s peak level of 9.3 per cent of spam, or more than 10 billion spam emails, on July 28, 2009.
While botnets are often the source of short URL spam, 28 per cent of this type of spam originated from sources not linked to a known botnet, such as unidentified spam-sending botnets or non-botnet sources such as webmail accounts created using CAPTCHA-breaking tools.
World Cup-related scams
Jul 8th
Buying a fake World Cup ticket isn’t the only scam that awaits the unwary footie fan online. As the tournament in South Africa reaches its climax and excitement mounts in the lead up to the final, fraudsters are continuing to augment their attacks with a variety of World Cup-related email ruses. Supporters will need a sharp defensive line-up to keep them out.
Paul Wood
Despite FIFA’s stringent rules about distribution and resale, there are still World Cup tickets on offer from unauthorized online outlets. Some of these will be old-fashioned touts using new channels to sell tickets at higher than face value. Some will be genuine people who bought tickets and now can’t go, but are unaware of the resale rules (which state that tickets can only be transferred to another named person with FIFA’s permission). And some will be outright fraudulent: the tickets are forgeries or don’t exist at all.
The end result for the ardent fan is the same: they risk flying themselves to South Africa at great expense only to find they are refused permission to the stadium. Read the rest of this entry »
Canada introduces anti-spam law as spam URLs become pervasive
Jun 9th
The Government of Canada recently re-introduced anti-spam legislation, titled the Fighting Internet and Wireless Spam Act (FISA), in the House of Commons. The goal of the proposed legislation is to deter damaging and deceptive forms of spam and help drive spammers out of the country.
FISA is an important step in the ongoing fight against spam. The May 2010 MessageLabs Intelligence Report indicated that, in Canada, 89.4 per cent of email was spam. The global ratio of spam was 90 per cent.
Analysis revealed that nine out of 10 spam emails now contain a URL link in the message. In May, five percent of all domains found in spam URLs belonged to genuine web sites. Of the most frequently used domain names contained in spam URLS, the top four belong to well-known web sites used for social networking, blogging, file sharing and host other forms of user-generated content. Read the rest of this entry »
New Threats and High Spam Rates Mark the Beginning of 2010
Feb 11th
It’s no secret that scammers and spammers are always looking ahead to capitalize on topical news and seasonal activities to target unsuspecting web users. Whether it’s the New Year’s spam we’ve just intercepted that offered pharmaceuticals, watches and weight loss products or the predictable and expected St. Valentine’s Day-related enticements, a fraudster’s calendar is always full.
- Seth Hardy, Senior Malware Analyst at Symantec Hosted Services
