Archive for Symantec

Google Finds Flaws In Symantec AV Software That Have Existed For YEARS

Posted in Commentary with tags , on July 1, 2016 by itnerd

Millions of people and companies that use Symantec’s anti-virus software were likely living with serious vulnerabilities for years according to Google’s Project Zero. That means they were at risk for being pwned by hackers. Here’s the details:

These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.
As Symantec use the same core engine across their entire product line, all Symantec and Norton branded antivirus products are affected by these vulnerabilities, including:
  • Norton Security, Norton 360, and other legacy Norton products (All Platforms)
  • Symantec Endpoint Protection (All Versions, All Platforms)
  • Symantec Email Security (All Platforms)
  • Symantec Protection Engine (All Platforms)
  • Symantec Protection for SharePoint Servers
  • And so on.
Some of these products cannot be automatically updated, and administrators must take immediate action to protect their networks. Symantec has published advisories for customers, available here.
If you have a Symantec anti-virus product, you need to update yourself right now because it’s a safe bet that the forces of evil will take advantage of these flaws now that they’re public. it also shows that just because you have anti-virus software installed on your computer, it doesn’t mean that you’re safe.

Norton and Staples Canada Launch Norton Virus Protection Service

Posted in Commentary with tags , on July 18, 2014 by itnerd

Norton and Staples in Canada have launched a very unique service that helps to protect you from viruses. Called the Norton Virus Protection Service, it’s not simply just another boxed product. Here’s the key points:

  • When customers purchase any installation package with Norton 360 Multi-Device on their computer. The customer follows the normal product support and if it is detected that they have a virus, Norton Support will provide their extended Virus Removal Service included with this product through the Staples Easy Tech Services.
  • If remote services do not resolve the virus issue, Norton will have an agent dispatched to examine the problem on-site.
  • This service can be added on to most installation services available through Staples Easy Tech Centres.
  • Norton Virus Protection Services covers one user, for one year from the date of installation.
  • The product/attached services are available exclusively at Staples locations across Canada
  • The Norton Virus Protection Service is available on your first device for $99, additional services can be purchased for your other devices for only $49 each (PC’s, Mac’s, smartphones and tablets).
  • These products are available in both English and French.

The key thing is that support is available 24/7. So you can get help when you need it. That’s key because according to Symantec, 80% of Canadian consumers still believe they will NOT fall victim to a computer virus, malware or spyware in 2014. From my personal experience I know that if you don’t protect yourself you will get hit by something. So any service that makes it easy to protect consumers from all of that is a good thing. Thus I believe that  Staples and Norton have a winner here that a variety of people would benefit from.

Android Malware Scammer Who Pocketed $3.9 Million Busted: Symantec

Posted in Commentary with tags on July 29, 2013 by itnerd

If you’re a fan of Poker, you’ll recognize the name of Masaaki Kagawa. For those who who aren’t into poker, he’s an avid and successful poker tournament player who won more than $1 million in worldwide tournaments. He also had a side hobby. He ran operation that dealt in Android Marware. Mr. Kagawa’s operation began around September, 2012 and ceased in April, 2013 when authorities in Tokyo raided the company office. Symantec confirmed around 150 domains were registered to host malicious Android apps during this span. The group was able to collect approximately 37 million email addresses from around 810,000 Android devices. As a result, the company earned approximately $3.9 million US dollars by running a fake online dating service called Sakura site. Spam used to lure victims to the dating site was sent to the addresses collected by the malware.

If you want more detail about Kagawa and how Symantec helped to take him down and stop this threat to Android users click here. It shows how security companies like Symantec is making the digital world safe for all.

Android Malware Toolkit On Underground Economy: Symantec

Posted in Commentary with tags , on July 17, 2013 by itnerd

If you use an Android phone. Then you need to read this Symantec blog post. Mobile malware is now a commercial product available on the online underground economy and the development of mobile malware toolkits is one indication the evolution of mobile malware is steadily moving towards becoming a true criminal enterprise. An example of this is the so called AndroRAT APK Binder which is a tool now being sold on the online underground economy that easily allows an attacker with limited expertise to automate the process of infecting any legitimate Android application with the AndroRAT malware, thus Trojanizing the app. Symantec data shows only several hundred infections of AndroRAT worldwide at this time; however, the telemetry is reporting a recent rise in infection numbers, which Symantec expects to continue as both the availability and sophistication of tools such as AndroRAT APK Binder increase.

If that doesn’t make you nervous, it should. I would recommend reading the blog post and protecting yourself accordingly.

Symantec Looks At Organizations Attitudes Towards Migration To Windows Server 2012

Posted in Commentary with tags , on May 27, 2013 by itnerd

The only thing that is constant in IT is change. One of the bigger changes for IT is Windows Server 2012. Symantec wanted to see how businesses are doing when it comes to navigating their way through these changes. These key facts emerged:

  • While many are planning to upgrade to Windows Server 2012, 93 percent haven’t actually made the move yet

For those that are planning to migrate:

  • 13 percent plan to make the move after the 1st service pack
  • 15 percent within the next 6 months
  • 17 percent within the next 12 months
  • 11 percent in more than 12 months

So it looks like there is a conservative march towards Windows Server 2012 which is likely the sensible thing to do. The report that Symantec did on this topic also reports on what factors are responsible for this slow pace of transition as well as other factors that organizations are considering. It’s a very interesting read and worth a look if you’re looking to move to Windows Server 2012.

Cybercriminal Tactics Are Changing: Symantec

Posted in Commentary with tags on April 17, 2013 by itnerd

Symantec yesterday released their latest Internet Security Threats Report with something that caught me off guard. There was a 58 percent increase in mobile threats occurred last year, with a third of those threats designed to steal information. These are threats that are aimed at smartphones and tablets. Not only that, social networks are becoming more of the launching pad for attacks, not to mention that targeted attacks, hacktivism, and data breaches are on the rise. Not good if you ask me. I strongly suggest that you give this a read if you have a business or support users in a business from a IT security perspective.

Now on the mobile front, I’ll mention this: Symantec announced an update to their Mobile Management Suite that provides some protection from the mobile related threats. Updates include:

  • a secure email client for both iOS and Android platforms
  • single sign-on across wrapped apps to improve authentication process and security
  • SSL policing and URL whitelisting for secure app connections

More details can be found in this blog post. Businesses who have mobile devices deployed, should take a look at this.



Symantec Has Further Analysis On South Korean Cyberattacks

Posted in Commentary with tags on April 2, 2013 by itnerd

You might remember a story that I posted about Symantec’s analysis of recent cyber-attacks on South Korea. Here’s an update for you. Symantec previously identified a particular backdoor (Backdoor.Prioxer) that surfaced during another major attack against South Korea in 2011.  A modified version of this backdoor was also discovered during the attacks taking place this year. There are indications that the same individuals are responsible for the 2011 and 2013 versions, pointing towards a possible connection between the two attacks.

Further analysis indicates these threats are the work of only one group. It seems unlikely that an independent hacktivist is behind these attacks. There are implications that someone has either paid or been ordered to perform these attacks, either as a contractor or as an employee of some sort.

Further details can be found here. It’s a very interesting read.