February 9, 2012 - Microsoft published its Patch Tuesday Preview for February of 2012 and as expected we are getting a larger batch of nine bulletins addressing a total of 21 vulnerabilities. Four bulletins are (continue reading...) Read more
February 9, 2012 - Contribution: Takayoshi Nakayama I was going through some files we acquired related to targeted attacks the other day and an unusual set of files caught my eyes. We did some analysis on the files and it turns out a pair of (continue reading...) Read more
February 8, 2012 - Upwards of 20,000 stolen archives have been uploaded to a third party file-sharing site from hosts infected with a new threat called Infostealer.Offsupload. The following heatmap indicates the U.S. is the primary target of infection, however, only a few countries (continue reading...) Read more
February 8, 2012 - Thanks to Eric Chien for his assistance with this research. Introduction We recently came across a new piece of Android malware, first highlighted by NC State’s Xuxian Jiang, and began investigating the command-and-control (C&C) servers associated with the threat. The (continue reading...) Read more
February 8, 2012 - This post discusses the recent detainment of two young British tourists in Los Angeles, California who were suspected of planning terroristic and other criminal activities due to the a misunderstanding of their Twitter messages (aka tweets). Read more
February 8, 2012 - Thanks to Anand Muralidharan for their assistance with this research. Televison channels across the world are set to be at the 14th International Exhibition and Forum, World Content Show, held Feb 7- 9, 2012, in Russia. The exhibition showcases the latest (continue reading...) Read more
February 7, 2012 - At 3 AM, on February 6, 2012, Symantec Security Response observed spam carrying malicious links which target the upcoming tax season. The spam volume spiked between 6 AM and 1 PM, identifying over 200 unique URLs which lead to a (continue reading...) Read more
February 4, 2012 - You may not need pills to watch the super bowl but spammers feel that this definitely is an occasion to do so! The most exciting annual championship of the NFL - the Super Bowl XLVI - starts tomorrow. And as (continue reading...) Read more
February 3, 2012 - Walter Sulym from the Cisco IPS team explains the signature retirement process and how the default configuration is determined. Read more
February 3, 2012 - Google has pleasantly surprised the mobile malware research community when it announced yesterday that Android apps are analysed for malicious behavior before being allowed onto the Android Market, but is it all good news? Vanja Svajcer, Sophos Principal Researcher, investigates. (continue reading...) Read more
February 1, 2012 - For quite some time, we have observed the technique of server-side polymorphism being used to infect Windows computers around the world. What this means is that every time a file is downloaded, a unique version of the file is created (continue reading...) Read more
February 1, 2012 - How many times have we encountered a situation where some part of the software industry starts small, in a closed environment, then grows and attracts a lot of attention before realising that things were not designed properly for this changed (continue reading...) Read more
January 31, 2012 - Nothing can be more enticing than to be chosen for some free goodies—be it mementos, a cash prize, or a ticket to watch a game. It gets even more interesting if you are from a cricket crazy continent and suddenly, (continue reading...) Read more
January 31, 2012 - Last week Symantec published a whitepaper "pcAnywhere Security Recommendations" which recommended increased security measures to all users who are managing pcAnywhere installations. The whitepaper was prompted by the recent disclosure (continue reading...) Read more
January 31, 2012 - January marked half-time for the folks at the DNS Changer Working Group (DCWG) who are now running the DNS servers originally used in the Rove botnet. Ever since a (continue reading...) Read more
January 30, 2012 - Last week, we posted a blog informing Android users of the discovery of new versions of Android.Tonclank, which we have named Android.Counterclank. The blog generated a bit of discussion over whether these new versions should be a concern (continue reading...) Read more
January 30, 2012 - Malware is often embedded in email as compressed attachments (such as .zip, .rar, etc.). Recently, however, Symantec has noticed an increase in malicious email attacks with .htm (HTML) attachments. Here is what the message looks like in your inbox: (continue reading...) Read more
January 30, 2012 - It’s never too early to get ready for Valentine’s day, it seems, even when it comes to malicious attacks. Recently, I came across a scam in Facebook that leverages the upcoming occasion. The said attack begins with a post on affected (continue reading...) Read more
January 27, 2012 - Symantec Security Response is aware of in-the-wild malware exploiting the Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Buffer Overflow Vulnerability (BID 51292). Microsoft has already issued a patch against this vulnerability in the monthly patch release (continue reading...) Read more
January 27, 2012 - Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as (continue reading...) Read more