Archive for Symantec

« Older Entries
Newer Entries »

Flamer Is More Advanced Than You Realize: Symantec

Posted in Commentary with tags , on September 17, 2012 by itnerd

I’ve written about Flamer before, and Symantec has now posted additional insights on this Marware threat. Here’s the highlights:

  • The malware was under development by a group of at least four developers as early as 2006
  • t’s likely the server itself has been used for more attacks than just those related to the Flamer malware.
  • The attackers used multiple encryption techniques and made a concerted effort to securely wipe data from the server on a periodic basis.

You should check their blog posting on this as it has far more details, including details on their command and control servers that will send chills down your spine. It’s important that you read this as we’re talking about a very sophisticated piece of Marware, put out by a very sophisticated group with tremendous resources at their disposal.

That’s scary if you ask me.

Leave a comment »

Sophisticated Attacker Group A Real Threat: Symantec

Posted in Commentary with tags , on September 8, 2012 by itnerd

If you haven’t heard of the Elderwood Project, you might want to pay attention to a report put out by Symantec. A group somewhere out there is active in carrying out large scale, targeted attacks including a 2009 attack on Google, deploying the “Aurora” or Hydraq attack methodology

More facts on the Elderwood Project:

  • The group have used 8 zero day vulnerabilities in their attacks. This is a huge number, as Stuxnet only used 4
  • The attackers compromise individuals and networks using 2 methods:
    • Spearphishing emails with attachments: E-mails are sent to unsuspecting recipients with attachments, usually documents, which exploit a vulnerability in order to drop a backdoor Trojan (The vulnerabilities are in Internet Explorer and Adobe Flash).
    • “Watering  hole” attacks: The attackers inject the exploit into a website which caters to an audience of interest to the attackers. One of those websites was the Amnesty International Hong Kong website. They are called watering hole attacks because the attackers wait for the victim to come to them, similar to a predator in the wild who lies in wait for its prey.
  • The targets of these attacks are mainly manufacturers of components for the defense industry. The second most common target were NGOs
  • The vast majority, 72%, of victims were located in the US (Canada ranked 2nd for number of victims)
  • Due to the scale and duration of the attacks, the attackers are likely well funded. They are most likely a large criminal organization, attackers supported by a nation state, or a nation state
  • The motivation of the attackers would appear to be the theft of intellectual property and intelligence gathering. Intelligence gathered would allow the attackers to identify individuals or information that may be useful for future attacks.

Charming isn’t it? I’d read up on the two articles that I linked to. Then I’d do everything possible to protect yourself. Clearly these are not small time players. They’re a serious threat.

Leave a comment »

Java Zero Day Exploit Leveraged In Targeted Attack Campaign: Symantec [UPDATED]

Posted in Commentary with tags , , on September 1, 2012 by itnerd

You might recall that I have talked about a serious Java exploit that currently has no fix. According to Symantec, the news just got worse. Here’s a quote from a e-mail that Symantec sent me:

In October 2011, Symantec published a paper [Warning: PDF] on The Nitro Attacks targeting chemical companies. These targeted attacks were in the form of an email with a malicious attachment ultimately leading to victims being infected with ‘Poison Ivy’. No vulnerabilities were exploited in these attacks. The recent attacks by this group are more sophisticated, using a Java zero-day vulnerability to infect victims but using the same IP address for the command and control server that was used in 2011.

Well, that’s just delightful. The full details can be found here. But it shows that Oracle needs to step up to the plate and fix this exploit. Until that happens, either downgrade to Java 1.6 (if you must have Java) or disable it entirely.

UPDATE: Apparently there is an update from Oracle that addresses this issue. Check their download page here. It would have been nice if Oracle had said something about this as apparently these have been out since Thursday. Sure they put out something on their blog. But given how serious this was, you’d think they’d make a bit more noise. In any case. Download those updates and protect yourself.

Leave a comment »

Symantec Annouces Norton Mobile Utilities For Andrioid Users

Posted in Commentary with tags on August 22, 2012 by itnerd

If you have a smartphone there’s one thing that you have to be afraid of – having your battery die at the worst time. It’s happened to me a couple of times and it really sucks when that happens. The question is, how can you prevent it. Well, if you have an Android based smartphone then Symantec has something that can help. Called Norton Mobile Utilities, these are tools that help to maximize your battery life and keeps your smartphone running at top speed. The tool shows you what applications your phone is running and allows you to close out apps to manage your battery drain. According to testing performed by Symantec, using Norton Mobile Utilities resulted in a phone battery savings of more than five hours. Sounds like a winner to me.

It’s available on Google Play as of now. Hopefully Symantec brings this to iOS and Blackberry users as they could use this sort of help as well.

Leave a comment »

Earnings, Earnings, And More Earnings

Posted in Commentary with tags , , on July 26, 2012 by itnerd

Tis the season for earnings and there’s a lot to choose from. Let’s start with today’s big news. Facebook had it’s first report since their rather craptastic IPO. The results were less than stunning:

Facebook posted a net loss of $157-million, or 8 cents a share in the second quarter, due to hefty stock compensation charges related to its IPO, compared to net income of $240-million, or 11 cents, in the year-ago quarter.

Excluding the charges, Facebook said it earned 12 cents a share.

In its first report to Wall Street since the IPO, the world’s No.1 social networking company said that revenue in the three months ended June 30 was $1.18-billion, compared to $895-million in the year-ago quarter.

This was enough to send the stock sharply downwards in after hours trading. Not good if you’ve invested in the social networking giant.

Next was Apple earlier this week. The good news is that they beat their guidance and made an obscene amount of money:

The Company posted quarterly revenue of $35.0 billion and quarterly net profit of $8.8 billion, or $9.32 per diluted share. These results compare to revenue of $28.6 billion and net profit of $7.3 billion, or $7.79 per diluted share, in the year-ago quarter. Gross margin was 42.8 percent compared to 41.7 percent in the year-ago quarter. International sales accounted for 62 percent of the quarter’s revenue.

Here’s the bad news. The street expected more:

But analysts had expected profits of $9.8 billion, or $10.38 a share, on $37.35 billion in revenues.

After the announcement, Apple’s shares were trading down more than $29 at under $572.

It’s a weird world when you make money and still get punished for it.

Finally, there’s Symantec. First they announced their earnings:

GAAP operating margin for the first quarter of fiscal year 2013 was 16.1 percent compared with 18.3 percent for the same quarter last year. GAAP net income for the fiscal first quarter was $172 million compared with net income of $191 million for the year-ago period. GAAP diluted earnings per share were $0.24 compared with $0.25 for the year ago quarter. Variation in year-over-year GAAP results were as expected due to increases in restructuring costs and IT infrastructure investments.

GAAP deferred revenue as of June 29, 2012, was $3.745 billion compared with $3.689 billion as of July 1, 2011, up 2 percent year-over-year and up 5 percent after adjusting for currency. Cash flow from operating activities for the first quarter of fiscal year 2013 was $340 million compared with $503 million for the year ago period.

Those are solid numbers. But the news doesn’t end there:

Symantec today announced that Enrique Salem, president and chief executive officer (CEO), has stepped down effective immediately and Symantec’s board of directors has appointed Steve Bennett president and chief executive officer, in addition to his continued role as chairman of the board.

Unlike the first two tech companies, this news didn’t affect the stock. That’s great for them.

Expect more releases to come next week.

Leave a comment »

Think That Viruses Only Affect Windows? You’re Wrong…

Posted in Commentary with tags , on June 7, 2012 by itnerd

A blog post from Symantec got my attention today. Threats that used to be focused towards Windows PC are now moving to much broader targets:

Of particular note is a threat family called Opfake. This threat covers a wide range of device operating systems, from Symbian, to Windows Mobile, to Android, and even targets iOS devices through an elaborate phishing scam.

It’s not just mobile devices either. While Apple’s Macintosh computers have been targeted by threats here and there, the idea that this computing platform could be compromised en mass is something Internet security experts have warned about for years.

That day has finally arrived. A trojan by the name of Flashback, which first appeared last year, had a breakout performance in April, successfully infecting approximately 600,000 Macs. We discovered the authors behind this threat may have faltered when it came to profiting from it; perhaps taken by surprise at their apparent success. However, other attackers quickly followed in their footsteps, also seeking to exploit the same weaknesses before the vulnerability was closed.

It is clear that attackers are now paying attention to other platforms outside of the Windows world. But perhaps what is even more worrying is that we’re starting to see a move to platform-independent threats.

So, regardless what you happen to use, it’s becoming clear that you have to protect yourself. Simply assuming that you are immune to threats is no longer an option. This blog post has lots of other useful info that is worth paying attention to. Give it a read and take heed of what it says.

Leave a comment »

Using pcAnywhere? Dump It ASAP!

Posted in Commentary with tags on January 31, 2012 by itnerd

pcAnywhere by Symantec has been a preferred product used by people who want remote access to computers. However, it was recently revealed that Symantec had a leak of the source code back in 2006, and to add to the fun there are an undisclosed number of bugs. The combination of the two make pcAnywhere horribly insecure. Now there are other products that have been affected by this leak, but pcAnywhere users are at the most risk. Patches that address these issues are starting to become available, but you might be better off not using pcAnywhere or anything else on the article from Symantec that I linked to earlier.

Now to the second part of this story. The notorious hacker group Anonymous is rumored to be behind this. Whether they are or not is irrelevant because one of the world’s leading computer security companies got hacked. That’s the story because if you can’t trust the people who you get your security software from, who can you trust? Besides they got hacked years ago and didn’t admit it. That’s not a good thing.

 

1 Comment »

Are You A Facebook User? Your Personal Info Might Have Been Leaked…

Posted in Commentary with tags , , on May 12, 2011 by itnerd

Facebook users should take note. A recent report by Symantec says that your personal info might have been leaked to third parties. How is this happening? Well, there’s an app for that. Actually there’s about 100, 000 apps for that:

Symantec has discovered that in certain cases, Facebook IFRAME applications inadvertently leaked access tokens to third parties like advertisers or analytic platforms. We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.

Well, that’s going to keep you awake at night. But you shouldn’t be shocked. After all, Facebook has proven time and again hasn’t had the best record when it comes to privacy. But back to the issue at hand. What do you do to stop your personal info from leaking? Here’s what Symantec recommends:

There is no good way to estimate how many access tokens have already been leaked since the release Facebook applications back in 2007. We fear a lot of these tokens might still be available in log files of third-party servers or still being actively used by advertisers. Concerned Facebook users can change their Facebook passwords to invalidate leaked access tokens. Changing the password invalidates these tokens and is equivalent to “changing the lock” on your Facebook profile.

I’m going to guess that there’s a lot of people changing passwords over the next few days.

I really wish that Facebook would get their act together when it comes to privacy.

2 Comments »

Symantec Sued Over Auto Renewals… After Promising Not To Auto Renew

Posted in Commentary with tags on February 8, 2010 by itnerd

A resident of New York State is suing Symantec for billing is credit card for a renewal of his Norton Anti-Virus without informing him first. The funny thing is, Symantec agreed that they would stop doing just that:

Many antivirus vendors enroll customers in automatic renewal programs when they purchase or activate the software, claiming that it’s the only way to guarantee that users stay protected against new threats. Symantec started doing so in 2005, while rival McAfee began four years earlier.

But last June, New York Attorney General Andrew Cuomo announced that his office had reached a settlement with Symantec and McAfee over consumer charges that the companies didn’t get users’ approval to automatically bill them, and had made it difficult for customers to opt out or obtain refunds. Symantec and McAfee paid $375,000 each in penalties, and said they would clarify subscription renewal costs, and refund fees to consumers who asked for them within 60 days of being charged.

Symantec and McAfee also agreed to “provide electronic notification to consumers before and after renewal of the subscription,” Cuomo’s office said at the time.

Expect this to play out in court for a bit before being settled.

As an aside, I’ve always wondered why people pay for anti-virus protection when there’s many good if not better products that are available for free. So rather than spring for an anti-virus package at your local Best Buy, try AVG which is on my list of free products that help to secure your PC. Or you can try Microsoft Security Essentials which I’ve written about in the past as that is free as well being good at what it does. In my mind, there’s really very little reason why anyone should have to pay for anti-virus protection.

Leave a comment »

Symantec Caught Up In Indian Credit Card Scam….. And It’s Caught On Tape

Posted in Commentary with tags , , on March 20, 2009 by itnerd

If you’re thinking of renewing the subscription of your copy of Norton Internet Security or some other Symantec product, you may want to think again. According to the BBC, an agent inside an Indian call center that handles renewals for Symantec is selling credit card numbers on the black market for as little as $10 a card. The BBC was able to buy these card numbers and get the transaction captured on hidden camera. From there they decided to follow the trail back to the holders of those cards:

The BBC team contacted the owners of these cards and warned them that their details were now being bought and sold in India.

Three of those customers had, within hours of each other, bought a computer software package by giving their credit card details to a call centre over the phone.

Within hours of making the purchase, their details were fraudulently sent on to the reporters.

One of the victims said he was “disturbed” at what had happened.

Symantec for its part had this to say:

“We are investigating how this incident happened and will take any appropriate steps to address any opportunities for improvement in our processes.

“We have engaged with the local law enforcement officials in India and will cooperate fully with that investigation. We are in the process of reviewing all possible options to manage this third party call centre, including moving away from it.”

A spokeswoman stressed that “rigorous security measures” are put in place at call centres. For example, staff are not allowed to take electronic devices, memory sticks, pens or pencils to their desks. Internet and email access is also banned.

I guess those “rigorous security measures” that are in place didn’t work all that well. After all, it looks like one agent was able slip by them and go to town. One has to wonder if similar scams aren’t running anywhere else in call centers that Symantec and others use?

I took a look this morning for any mention of this on the Symantec website. There wasn’t any. Not that I’m shocked by that as I would really be surprised if they did come clean on that. After all, they are a security company and they have to appear perfect or their customers will shop elsewhere. Having said that, this story does appear to be getting traction via Google News. So I suspect Symantec will have to come out with something soon to reassure its customers.

Leave a comment »

« Older Entries
Newer Entries »