October 18, 2010 - On Tuesday, September 21 a cross-site scripting (XSS) vulnerability in Twitter became publicly known and was exploited by attackers, as well as many curious copycats with non-malicious intentions. An issue surrounding the parsing of attributes of posted links allowed JavaScript (continue reading...) Read more
October 18, 2010 - Trojan.Zbot.B!inf, which was discovered on October 1st, has functionality to update Trojan.Zbot by using Windows Crypto API. Crypto API is a set of functions that uses PKI bundled with Windows and has been used by several malicious programs in the (continue reading...) Read more
October 18, 2010 - Halloween is drawing near, so the spammers are busy laying out bait in the form of Halloween jackpots, sweepstakes, gift cards, e-cards, personalized gifts, online contests, and even print products and costumes. Perhaps this is one of those seasons during (continue reading...) Read more
October 15, 2010 - W32.Stuxnet has been a subject of much discussion amongst security researchers and media, and Symantec Security Response has posted a whitepaper along with a series of blogs on the subject. As you may already be aware, Stuxnet (continue reading...) Read more
October 14, 2010 - Harry Potter and the Deathly Hallows is the seventh and (supposedly) final adventure in the Harry Potter novel series. As the grand finale of the series draws nearer, I’m sure all of the Harry Potter enthusiasts are waiting in anticipation (continue reading...) Read more
October 12, 2010 - Hello and welcome to this month’s blog on the Microsoft patch releases. This is, by far, the largest Patch Tuesday release since the start of the program. The vendor is releasing 16 bulletins covering a total of 49 vulnerabilities, including (continue reading...) Read more
October 11, 2010 - Adobe has released a new version of Adobe Reader on October 5th. It includes the patched module for the Adobe Reader 'CoolType.dll' TTF Font Remote Code Execution Vulnerability (BID: 43057). As Karthik Selvaraj wrote in a previous blog, this (continue reading...) Read more
October 8, 2010 - In this blog, I’m going to provide extra details about the PLC infection process and how an operator can determine if their PLC is infected. First, recall that Stuxnet’s end-goal is the infection of particular types of Simatic PLCs. In (continue reading...) Read more
October 6, 2010 - The spoofing or obfuscating of email messages to bypass antispam filters is a very common technique for spammers. Spammers try to obfuscate the email headers or email bodies of messages to evade antispam filters, as discussed in one of (continue reading...) Read more
October 4, 2010 - In a previous blog we reported on how attackers use social engineering techniques to scare users into purchasing a misleading application. This time around, we have come across a couple of websites that are using a slightly different trick (continue reading...) Read more
October 3, 2010 - The Zeus Trojan is back in the media spotlight once more, and for good reason. Last week the FBI’s Operation Trident Breach made worldwide headlines with over 100 arrests related to organized cybercrime operation activities in the (continue reading...) Read more
September 30, 2010 - We’re pleased to announce that we’ve compiled the results of many weeks of fast-paced analysis of Stuxnet into a white paper entitled the W32.Stuxnet Dossier. On top of finding elements we described in the ongoing Stuxnet summer blog series, (continue reading...) Read more
September 28, 2010 - Facebook now has over 500 million registered users, which makes this social network (like many other social networks) a very attractive “fishing pool” for attackers. There are so many potential victims that could easily fall for any of the scattered (continue reading...) Read more
September 28, 2010 - Over the past weekend, it was reported that a new worm was spreading amongst the Orkut user community. As a result, some of the Scrapbooks in Orkut had a hidden iframe inserted, which points to a malicious JavaScript (continue reading...) Read more
September 27, 2010 - As expected, we at the Symantec Probe Network have started observing an influx of spam messages related to the upcoming events of Halloween and Christmas. As the festive season is around the corner, it’s not surprising that spammers are exploiting (continue reading...) Read more
September 26, 2010 - Previous blog entries have covered several different Stuxnet propagation vectors, from autorun.inf tricks to zero-day vulnerabilities. Our research has also uncovered another method of propagation that impacts Step7 project folders, causing one to unknowingly become infected when (continue reading...) Read more
September 24, 2010 - Code to exploit the zero-day .lnk file vulnerability (BID 43073) used by Stuxnet was added to the threat around March 2010; we know this because the samples we observed before this date did not contain code to exploit (continue reading...) Read more
September 21, 2010 - We first mentioned that W32.Stuxnet targets industrial control systems (ICSs) -- such as those used in pipelines or nuclear power plants -- 2 months ago in our blog here and gave some more technical details here. While we (continue reading...) Read more
September 21, 2010 - Back in July we saw the Stuxnet worm targeting industrial control systems. The Stuxnet authors stole the digital signatures of two Taiwanese chip makers and used them on the rootkit employed by the worm. Just how they were getting their (continue reading...) Read more
September 21, 2010 - Chinese spammers are actively involved in the upcoming celebration of the Mid-Autumn Festival and National day. The Chinese Mid-Autumn Festival (Moon Festival) will occur on September 22 this year andthe government has declared that October 1 is National Day, as (continue reading...) Read more