Showing posts sorted by relevance for query Symantec. Sort by date Show all posts
Showing posts sorted by relevance for query Symantec. Sort by date Show all posts

Symantec to Extend Leading Backup Software to the Cloud and Appliances

Posted by Avik Sarkar On 5/03/2011 11:31:00 pm


Symantec Vision -- Symantec Corp. (NASDAQ: SYMC) today announced a new approach to help small and mid-sized organizations protect data through new delivery models including Backup Exec.cloud, Backup Exec appliances, as well as an enhanced version Backup Exec 2010 software. For the first time, a company will be able to leverage the benefits of backup from Symantec as software, as a cloud service, or as an appliance, signaling the end of the complexity and delivering a fast, easy and modern backup infrastructure. 

 "Customers want choice in how they manage their backup environment, and Symantec is leading the transformation of the backup market with new appliances, cloud and enhanced software for Backup Exec," said Amit Walia, vice president of product management, Symantec. "The future of backup will be defined by simplicity, flexibility and allowing companies to deploy a modern infrastructure that best fits their needs."
Backup Exec 2010 Software Updates
  • Improved Virtualization Backup Performance: Available worldwide on May 3, Backup Exec 2010 R3 delivers improved backup and deduplication performance in virtualized environments. The V-Ray technology embedded into the core solution gives customers X-Ray vision to easily see, protect and recover their virtual machines with the same solution that protects their physical environments. Additionally, Symantec's Backup Exec Management Plug-in for VMware is now part of the standard agent for VMware providing Backup Exec management through vCenter.
  • New Security Layer: Backup Exec 2010 now provides SSL support from the agent to the server, providing an extra layer of security for customers that transmit backup data across the WAN or to a private cloud. The added security features help ensure that backed up data sent over a public Internet connection is secure and protected.
  • Improved Archiving for Data Management and Recovery: Archiving complements backup by helping companies identify what to store, what to delete and when to move older data to secondary systems, while ensuring fast discovery and recovery of older data. Symantec continues to streamline the integration between archiving and backup, helping customers to control storage costs and recovery times. Backup Exec 2010 Agent for Enterprise Vault now supports Enterprise Vault 10 beta backup, recovery and migration. Additionally, the Backup Exec Archive Option for Exchange now includes Virtual Vault, allowing users to access archived emails directly from within Outlook.
Backup Exec Cloud Strategy
  • Simple, Cloud-Based Backup: Expected to be available later this year, Symantec Backup Exec.cloud will be an ideal solution for small businesses or remote offices that want to offload their IT infrastructure. The hosted backup service will automatically protect the data on Windows desktops and servers with simple, online backup and recovery. Furthermore, customers will benefit from an expanded Symantec.cloud portfolio of SaaS offerings, that provide integrated solutions for security, email management, and data protection.
  • Automatic Backups and Easy Restore: Customers will be able to quickly protect their critical data by streaming it over a SSL connection to Symantec's secure, off-site data centers. Backups can be triggered by file changes or run according to a set schedule, while modified files are protected continuously. Should disaster strike, the service will help businesses stay up and running by restoring critical files to any service-enabled machine with just an internet connection. Employees may also take advantage of individual file restore for everyday file retrieval.
  • Predictable Pricing: Symantec plans to offer predictable, subscription-based pricing for Backup Exec.cloud.
Backup Exec Appliance Strategy
  • Secure, Optimized and Simple: The new Backup Exec appliances, scheduled to be available later this year as part of a phased launch, will provide businesses with purpose-built, secure and easy to manage backups that run Backup Exec software. Symantec will leverage its appliance model success within the enterprise segment to provide a tailored offering that meets the needs of its SMB customers and remote offices for larger organizations.
  • Easily Deployed, Consistent Architecture: Backup Exec appliances can be managed alongside other Backup Exec software installations. The appliance form factor assures a consistent technology deployed across an organization, allowing administrators to manage their information from a data center, by a channel partner, or from other remote locations for reliable on and off-site recovery protection.
Supporting Quotes
  • "IDC sees Purpose Built Backup Appliances (PBBA) as becoming a preferred deployment option for many companies and as a significant area for growth," said Robert Amatruda, research director, Data Protection and Recovery at IDC. "Symantec's strategy to deliver Backup Exec as a purpose built backup appliance for SMBs makes a lot of sense, and as the market share leader in backup this new strategy has the potential to shift the backup landscape for many years."
  • "Software-as-a-Service and online backup are important emerging options for small businesses and are poised for increased adoption," said Lauren Whitehouse, senior analyst, Enterprise Strategy Group. "Backup Exec.cloud promises to deliver simple, reliable backup that requires no on site hardware, and both small businesses and large organizations with remote offices could benefit."
  • "The latest version of Backup Exec 2010 has significantly improved install times, increased the speed of our backups, and has become more efficient in recovering data," said Patrick Manness, network analyst, Paul's Hauling Ltd. "Overall, I am impressed with the improvements and it has made my life easier."
  • "Backup Exec is comprehensive in its feature set and easy to implement," said Adam Miller, infrastructure services architect, Virginia Institute of Marine Science. "As we move to a virtualized IT environment, I look forward to using Backup Exec that can see into both our virtual and physical servers for greater ease of use."
  • "As a Symantec SMB Specialized partner, we understand that our SMB customers need cost-effective products and services that protect their critical information. We have relied on Backup Exec for years to protect our customers' data in both physical and virtual environments," said Dave Irvine, president and CEO, Irvine Consulting Services. "There is no one-sized-fits-all approach, and Symantec is the only major backup vendor that delivers the flexibility and choice for our customers' backup delivery models including software, appliance, or cloud-based solution -- all with deep support for virtual environments." 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Symantec Web Gateway 5.0 (Malware Protector)

Posted by Avik Sarkar On 7/13/2011 06:33:00 pm


Symantec Web Gateway protects organizations against multiple types of Web-borne malware, prevents data loss over Web and gives organizations the flexibility of deploying it as either a virtual appliance or on physical hardware. Powered by Insight, Symantec’s innovative reputation technology, Web Gateway relies on a global network of over 175 million of users to identify new threats before they cause disruption in organizations.

Key Features:-

  • Backed by Symantec Global Intelligence Network
  • Powered by Symantec Insight Technology
  • Integrates Award-winning Symantec AntiVirus engine
  • Seamless integration with Symantec Data Loss Prevention
  • Application control capabilities
  • URL filtering with flexible policy setting
  • Virtual or physical appliance deployment option
  • SSL Decryption capabilities
  • Multiple layers of malware protection

Key Benefits:-

1. Protection

  • Backed by Symantec’s Global Intelligence Network with real time updates to bolster protection
  • Integrates Symantec’s Award-winning AntiVirus engine
  • Powered by Symantec Insight providing proactive protection against new, targeted, or mutating threats

2. Control

  • Integration with Symantec Data Loss Prevention Network Prevent for Web allows for a robust Web and Data Loss prevention solution from a single vendor
  • Application controls provides administrators with multiple policy settings ensuring users are given access to applications which adhere to company guidelines
  • URL filtering list gives administrators ability to monitor, block, or allow access to over 100+ million sites organized within 62 different categories

3. Management

  • Multiple deployment options give customers ability to deploy Web Gateway as a physical appliance, virtual appliance, or a combination of both
  • Powerful reporting capabilities with out of the box reports and administration through a secure browser with a simple dashboard view
  • Proxy and caching capability meeting unique needs of customer network requirements

To Download the the Trail Version Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Symantec Confirms Norton Source Code Has Been Hacked

Posted by Avik Sarkar On 1/07/2012 09:01:00 pm



A hacker group named The Lords of Dharmaraja has managed to steal the source code of Norton anti-virus. Symantec, the anti-virus maker, has confirmed that hackers have stolen a “segment” of its flagship product. The group said it would make the source code available. 
The firm said that the code relates to two older enterprise products, one of which is no longer in production. But it said the breach was on a third-party network rather than its own, and will “not affect any current Norton product”.
A Google cache of the hackers' post on Pastebin says, "As of now we start sharing with all our brothers and followers information from the Indian Militaty Intelligence servers."
It continues, "Now we release confidential documentation we encountered of Symantec corporation and its Norton AntiVirus source code which we are going to publish later on."
The group claims it has the source code of a dozen software companies. The Symantec document posted is dated 28 April 1999 but doesn't contain any source code. Symantec has launched an investigation into the security breach and will provide updates when more facts and details are discovered. "Furthermore, there are no indications that customer information has been impacted or exposed at this time. However, Symantec is working to develop remediation process to ensure long-term protection for our customers' information. We will communicate that process once the steps have been finalized," it said in a statement.
Rob Rachwald, director of security at Impervia, said that this breach is “quite embarrassing on Symantec’s part”. He added that should the source code be recent and hackers find serious vulnerabilities, it could be possible to exploit the product itself. “But that is a big if and no one but Symantec knows what types of weaknesses hackers could find”, he added.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Symantec Network Was Breached On 2006 & At That Attack The Code Was Stolen

Posted by Avik Sarkar On 1/19/2012 11:58:00 pm


Few days ago a hacker group named The Lords of Dharmaraja has managed to steal the source code of Norton anti-virus. Symantec, the anti-virus maker, has confirmed that hackers have stolen a “segment” of its flagship product. They have also said that some of its code had been lifted from the server of a third party. But after investigation the security firm has found that its network had indeed been compromised. Symantec spokesman Cris Paden said on Tuesday that unknown hackers breached its network back in 2006 and obtained the source code to Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere. 
The only real threat at this time resides with customers using pcAnywhere, Symantec's software that facilitates remote access of PCs. "Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information," the company reports.
Symatec admitted that it previously offered up the source code of its products in compliance with the Indian government so that officials could make sure the software didn't contain spyware or other malicious programs. Save for the firm's current caution with pcAnywhere as revealed on Tuesday, Symantec wasn't too worried about a possible code leak given the stolen software is six years old.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

‎pcAnywhere Exploit- More Than 200,000 Windows PCs Can Be Hijacked

Posted by Avik Sarkar On 2/25/2012 04:25:00 pm

pcAnywhere Exploit More Than 200,000 Windows PCs Can Be Hijacked 
According to a researcher hackers have made pcAnywhere hackers exploiting bugs in the Symantec software which can hijack as many as 200,000 systems connected to the Internet. Also Rapid7 developer of Metasploit confirmed that an estimated 150,000-to-200,000 PCs are running an as-yet-unpatched copy of the Symantec software, and are thus vulnerable to be hijacked by remote attacks, which could commandeer the machine's keyboard and mouse, and view what's on the screen.This bug has been found just after Symantec took the unprecedented step of telling pcAnywhere users to disable or uninstall the program because attackers had obtained the remote access software's source code. According to an exclusive report of Computer World- 
Credit Card Data at Risk:-
About 2.5% of those vulnerable Windows PCs, or between 3,450 and 5,000 systems, are running a point-of-sale system - Windows PCs are often paired with cash registers by small businesses - potentially putting credit card data at risk, said HD Moore, chief security officer at Rapid7.
Moore reached those conclusions by scanning the internet for the TCP port the software leaves open for incoming commands, running more targeted scans for evidence of the remote access software, then using the number of programs that identify themselves as older than the patched editions to estimate the extent of the problem.
Some of the computers returned queries with replies consistent with specific point-of-sale software, Moore said. Point-of-sale software often relies on pcAnywhere for remote support, not for transmitting credit card data, but by exploiting pcAnywhere, a cybercriminal could control the machine and easily harvest the information. "These point-of-sale systems are an attractive target for break-in," said Moore.
Exploitable Bugs:-
DoS attacks can sometimes be leveraged to execute remote code. The source code leak also ups the risk to pcAnywhere users, Moore maintained, even though Symantec has patched some flaws. With the source code at their disposal and the software's problems highlighted in the media, researchers on both sides of the law will spend time looking for vulnerabilities, he said. And some of that research may result in new, exploitable bugs.
An anonymous researcher has already published findings from his examination of the pcAnywhere source code. Although his description on the InfoSec Institute website did not claim any new vulnerabilities, he noted that the source code also revealed the workings of LiveUpdate, the Symantec service used to update much of its software, including its consumer antivirus programs, such as Norton Antivirus. "We now know how their LiveUpdate system works thanks to the included architecture plans and full source code," said the researcher. Symantec did not immediately reply to a request for comment on Moore's research or Norman's DoS proof-of-concept.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Duqu, The Next-Generation Cyber Attack Weapon

Posted by Avik Sarkar On 10/21/2011 07:34:00 pm



Researchers found an alarm for a new piece of malware with “striking similarities” to Stuxnet, the mysterious computer worm that targeted nuclear facilities in Iran. The new malware, identified as Duqu, is a highly specialized Trojan capable of gathering intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.
“The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility,” according to Symantec’s security response team. 
Symantec said it got a copy of the in-the-wild malware from an unnamed research lab with strong international connections. The company found that parts of Duqu are “nearly identical to Stuxnet” but noted that the malware has a completely different goal.
Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created after the last recovered Stuxnet file. Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.
The company said Stuxnet and Duqu shared the same modular structure, injection mechanisms, and a driver that is digitally signed with a compromised key. Unlike Stuxnet, Symanted said the new malware does not contain any code related to industrial control systems.  It was built to be a  remote access Trojan (RAT) that does not self-replicate.
“The threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants,” Symantec warned.
The attackers used Duqu to install another infostealer that could record keystrokes and gain other system information. The attackers were searching for assets that could be used in a future attack. In one case, the attackers did not appear to successfully exfiltrate any sensitive data, but details are not available in all cases. Two variants were recovered and, in reviewing our archive of submissions, the first recording of one of the binaries was on September 1, 2011. However, based on file compile times, attacks using these variants may have been conducted as early as December 2010.
Noted that Duqu uses HTTP and HTTPS to communicate to a command and control server which is currently operational.

To know more about Duqu and to see the similarities between Stuxnet and Duqu Click Here


-News Source (ZD net, Yahoo, Symantec) 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonymous Tricked Their Supporter Into Installing Zeus Trojan - Said Symantec

Posted by Avik Sarkar On 3/04/2012 07:56:00 pm

Anonymous Tricked Their Supporter Into Installing Zeus Trojan - Said Symantec

Remember the Operation Megaupload (#OpMegaupload) the largest attack ever where 5,635 Anon people bring down the websites of Universal Music, the U.S. Department of Justice and the Recording Industry Association of America while using one of the world's most popular and vastly used DDoSer LOIC.
Now Security software company Symantec have discovered that a piece of Anonymous-recommended DDoS software called Slowloris contained an insidious Trojan that was stealing financial info from people using it. According to the official blog post of Symantec on the 20th day of January after Kim Dotcom was arrested, Anonymous was frequently shearing few pastebin links which was containing the download link of Slowloris which led to a trojanized copy that installed the Zeus trojan on users' systems. The compromised download then replaced itself with a clean version of the tool to avoid detection. 

"It is worth highlighting how Anonymous supporters have been deceived into installing Zeus botnet clients purportedly for the purpose of DoS attacks. The Zeus client does perform DoS attacks, but it doesn’t stop there. It also steals the users' online banking credentials, webmail credentials, and cookies."
"When the Trojanized Slowloris tool is downloaded and executed by an Anonymous supporter, a Zeus (also known as Zbot) botnet client is installed. After installation of the Zeus botnet client, the malware dropper attempts to conceal the infection by replacing itself with the real Slowloris DoS tool. Zeus is an advanced malware program that cannot be easily removed. The Zeus client is being actively used to record and send financial banking credentials and webmail credentials to the botnet operator. Additionally, the botnet is being used to force participation in DoS attacks against Web pages known to be targets of Anonymous hacktivism campaigns."

Full information can be found Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Symantec Released pcAnywhere Security Recommendations After Security Breach

Posted by Avik Sarkar On 1/28/2012 04:24:00 pm

After Security Breach Symantec Released pcAnywhere Security Recommendations
Few days ago Norton has confirmed that their Network was breached in 2006 and in that attack hackers have stolen the source code of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack & pcAnywhere.
Now the company has published a white paperPDF in which it warns against using the remote PC control software at all, since malicious parties could use the source code to identify and exploit security vulnerabilities to compromise PCs that use the program. In addition, an attacker with cryptography knowledge could conduct man-in-the-middle attacks on encrypted connections and create unauthorized connections to remote machines, thereby potentially gaining access to whole networks.
Symantec plans to eradicate the known vulnerabilities in pcAnywhere step by step. A patch was released earlier this week, but it doesn't fix the problem described above. Those who absolutely need the product should make sure to always have the latest updates and follow the security recommendationsPDF in the white paper.


-Source (Symantec, The-H)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Android Malware 'Loozfon' Targeting Female Android Users -Said Symantec

Posted by Avik Sarkar On 8/31/2012 06:05:00 pm

Android Malware 'Loozfon' Targeting Female Android Users -Said Symantec

We are very much familiar to see Malware has targeted men by enticing them to view videos or pictures of a sexually-oriented nature. But here the story is totally different, recently Antivirus firm Symantec has discovered discovered 'Android.Loozfon' a rare example of malware that targets female Android users.
According to the symantec official blog -A group of scammers is attempting to lure female Android users in Japan into downloading an app by sending emails stating how the recipient can easily make some money. The email includes a link to a site that appears to be designed to assist women to make money simply by sending emails. When a certain link on the site is clicked, Android.Loozfon is downloaded onto the device. Other links direct the user to a dating service site that likely attempts to charge money to use the service, which supposedly helps women meet rich men.



If this trick does not work, the criminal group has another trick up its sleeve. It also sends spam that states that the sender of the email can introduce the recipient to wealthy men. When the link included in the body of the email is clicked, the malware is automatically downloaded onto the device. The downloaded app is titled “Will you win?” in Japanese. It has nothing to do with earning extra income or wealthy men.

If the app is installed and launched, it counts down from two to zero and then states that the user has lost. The app is programmed to lose every time, although there is nothing to either lose or win. It steals contact details stored on the device as well as the phone number of the device, which is the main goal of the malware. The scammers are likely harvesting email addresses in order to send spam to the contacts they were able to steal to lure them to the dating service site and/or sell the data to another group of spammers.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Norton Cyber Crime Report: The cost of Global Cybercrime is 114 Billion Dollar Annually

Posted by Avik Sarkar On 9/09/2011 11:13:00 pm


Cybercrime Cost Canadians $840 million Last Year For the first time a Norton study calculates the cost of global cybercrime: $114 billion annually.

(i) Based on the value victims surveyed placed on time lost due to their cybercrime experiences, an additional $274 billion was lost.

(ii) In Canada, more than 7.3 million people fell victim to cybercrime last year, suffering CAD$840 million in direct financial losses and an additional CAD$4.7 billion in time spent resolving the crime. With 431 million adult victims globally in the past year and at an annual price of $388 billion globally based on financial losses and time lost, cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion).

(iii) According to the Norton Cybercrime Report 2011 more than two thirds of online adults (69 percent) have been a victim of cybercrime in their lifetime. Every second 14 adults become a victim of cybercrime, resulting in more than one million cybercrime victims every day.

(iv) For the first time, the Norton Cybercrime Report reveals that 10 percent of adults online have experienced cybercrime on their mobile phone. In fact, the Symantec Internet Security Threat Report, Volume 16

(v) reported there were 42 percent more mobile vulnerabilities in 2010 compared to 2009 - a sign that cybercriminals are starting to focus their efforts on the mobile space. The number of reported new mobile operating system vulnerabilities increased, from 115 in 2009 to 163 in 2010. In addition to threats on mobile devices, increased social networking and a lack of protection are likely to be some of the main culprits behind the growing number of cybercrime victims.
Canada not immune to digital dangers There are close to 20,000 Canadian adults falling victim to cybercrime everyday - that's about 14 every minute.
Most are experiencing computer virus or malware attacks, or responding to online scams. Largely, Canadians are cognizant of online dangers with 77 percent of respondents noting the possibility of cybercrime is something they are always aware of when online. However, some are not taking the necessary precautions with 35 percent of Canadian adults revealing they don't have up-to-date security software.
"Canadians are becoming more aware that cybercrime is real and can affect anyone, but some work needs to be done to further educate them on how to protect themselves," said Lynn Hargrove, Director of Consumer Solutions, Symantec Canada "This survey is important because it shows the costs of cybercrime and people tend to do something to protect themselves when they see it can have a big impact on their bottom line." Male, Millennial, Mobile The study identifies men between 18 and 31 years old who access the Internet from their mobile phone as even more likely victims: in this group four in five (80 percent) have fallen prey to cybercrime in their lifetime. Globally, the most common - and most preventable - type of cybercrime is computer viruses and malware with 54 percent of respondents saying they have experienced it in their lifetime. Viruses are followed by online scams (11 percent) and phishing messages (10 percent). Earlier this year the Symantec Internet Security Threat Report, Volume 16, found more than 286 million unique variations of malicious software ("malware") compared to the 240 million reported in 2009, representing a 19 percent increase.

(vi) "There is a serious disconnect in how people view the threat of cybercrime," said Adam Palmer, Norton Lead Cybersecurity Advisor.
"Cybercrime is much more prevalent than people realize. Over the past 12 months, three times as many adults surveyed have suffered from online crime versus offline crime, yet less than a third of respondents think they are more likely to become a victim of cybercrime than physical world crime in the next year. And while 89 percent of respondents agree that more needs to be done to bring cybercriminals to justice, fighting cybercrime is a shared responsibility. It requires us all to be more alert and to invest in our online smarts and safety." The disconnect between awareness and action is further illustrated by the fact that while 74 percent of respondents say they are always aware of cybercrime, many are not taking the necessary precautions. Forty-one percent of adults indicated they don't have an up to date security software suite to protect their personal information online. In addition, less than half review credit card statements regularly for fraud (47 percent), and 61 percent don't use complex passwords or change them regularly. Among those who access the Internet via their mobile phone, only 16 percent install the most up to date mobile security.

For More information and to see the Norton cyber crime report click Here

-News Sourec (Norton & Tmcnet)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

URL Shorteners Have been Exploited Malware Writers

Posted by Avik Sarkar On 7/05/2011 01:15:00 pm


URL shorteners (such as bit.ly) have escalated in popularity thanks to services like Twitter where every character counts. However they come at a security cost.
Spammers have been using them to for some time, and anyone who frequents twitter will have seen the pornography industry using them. However Symantec’s Nick Johnston reports on a worrying trend, using them to hide malware using so-called drive-by attacks. He reports on one exploit.
The attack abused at least five different URL shortening sites. The message claimed to be from an inter-bank funds transfer service, claiming that a funds transfer had been cancelled. To find out why the transfer was cancelled, recipients were encouraged to click on a link supposedly pointing to a PDF file, but actually pointing to a shortened URL. This shortened URL then redirects to a site with several drive-by exploits.
A drive-by attack is one that exploits security flaws in browsers and causes them to download and execute malicious code simply by visiting a page. They do not require a user to click on anything or download files. In the example cited, the page exploited holes in PDF documents, Java and a Windows Help Center exploit. Expect more of this, warns Symantec.
We saw hundreds of unique shortened URLs being used to link to this malware, and expect to see malware authors using this technique in future.
There are browser plug-ins for Firefox and Chrome that will expand shortened URLs so you can see the destination site before clicking on the link. It is expected that

To See the Symantec Report Click HERE

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again

Posted by Avik Sarkar On 9/09/2012 04:05:00 pm

Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again 

Computer security firm Symantec has unveiled, that a hacker group which unleashed the Hydraq or Aurora Trojan horse against Google and 34 other companies in 2009 has also been linked to attacks that have compromised systems at defense contractors, human rights organizations, and other large groups. According to the official blog of Symantec- they have been monitoring the activities of that hacker group since last three years and figure out that these attackers have used a large number of zero-day exploits against not just the intended target organization, but also on the supply chain manufacturers that service the company in their cross hairs. These attackers are systematic and re-use components of an infrastructure we have termed the "Elderwood Platform". The term "Elderwood" comes from the exploit communication used in some of the attacks. This attack platform enables them to quickly deploy zero-day exploits. The attacking methodology has always used spear phishing emails but we are now seeing an increased adoption of "watering hole" attacks (compromising certain websites likely to be visited by the target organization). The overall campaign by this group has been dubbed by the name "Elderwood Project".  
Serious zero-day vulnerabilities, which are exploited in the wild and affect a widely used piece of software, are relatively rare; there were approximately eight in 2011. The past few months however has seen four such zero-day vulnerabilities used by the Elderwood attackers. Although there are other attackers utilizing zero-day exploits (for example, the Sykipot, Nitro, or even Stuxnet attacks), we have seen no other group use so many. The number of zero-day exploits used indicates access to a high level of technical capability. Here are just some of the most recent exploits that they have used:
  •  Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779)
  •  Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875)
  •  Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889)
  •  Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535) 
Symantec have published a research paper that details the links between various exploits used by this attacking group, their method of targeting organizations, and the Elderwood Platform. It puts into perspective the continuing evolution and sheer resilience of entities behind targeted attacks. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Security experts can't verify Iran's claims of new worm

Posted by Avik Sarkar On 4/26/2011 08:45:00 pm

 
Without a sample of the new worm that an Iranian official says attacked the country's computers, it's impossible to verify his claims, a security researcher said Monday.
Kevin Haley, the director of Symantec's security response group, said that his team has not found an example of the worm, dubbed "Stars" by the Iranian military commander responsible for investigating Stuxnet, the sophisticated malware that attacked the country's uranium enrichment facilities beginning in June 2009.
"Generally, samples [of malware] do get traded among security vendors," said Haley, explaining that when one antivirus company lacks malware it wants to analyze, it asks other firms to share their samples. "[Iran'] makes this a little more difficult, because we have no direct relationships there," added Haley. "But perhaps someone else does."
Although Symantec has asked researchers in other companies if they have a sample, as of late Monday it has not been able to acquire one.
No other security vendor has stepped forward to say it has a copy of Stars.
Security experts need the malware to corroborate claims by Brigadier Gen. Gholam Reza Jalali, the head of Iran's Passive Defense Organization, the military unit that defends the country's nuclear program.
On Monday, Jalali told Iran's Mehr News Agency that the Stars worm had been detected and thwarted, but provided no information on its function or targets, or when it was discovered.
Jalali's claim came just a week after he blamed Siemens for helping U.S. and Israeli teams create Stuxnet.
Stuxnet, which targeted industrial control systems manufactured by Siemens, has been called a "groundbreaking" piece of malware because it used multiple "zero-day" vulnerabilities, hid while it wreaked havoc on Iran's uranium enrichment hardware, and required enormous resources to create.
It's possible that Stars was not a targeted attack aimed at Iran, but simply part of a more traditional broad-based assault, said Haley.
"It could be a mass attack that got through their defenses," he said. "That could have raised the alarm. They're already paranoid about attacks."
Symantec sees millions of threats every day, the vast majority of which are not targeted, Haley said.
If that's the case, trying to identify Stars would be impossible. "In the case of Stuxnet, we actually had samples, we just didn't understand the significance of the threat until later," Haley said. "Finding [Stars] in our database would be like finding a needle in a haystack" without more information from Iran.
"And even if we found something, we wouldn't know if it was the one they're talking about," said Haley.
Other antivirus vendors, including Helsinki-based F-Secure and U.K. securitycompany Sophos, also acknowledged that they could not verify Iran's claims.
"We can't tie this case to any particular sample we might already have," admitted Mikko Hypponen, F-Secure's chief research officer, in a blog post Monday. "We don't know if Iran[ian] officials have just found some ordinary Windows worm and announced it to be a cyber war attack."
Graham Cluley, a senior security technology consultant at Sophos, also said his company had not been able to identify the malware.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonymous Defaced New York Ironworks Website & Leaked Source Code of Norton

Posted by Avik Sarkar On 3/12/2012 09:42:00 pm

Anonymous Defaced New York Ironworks Website & Leaked Source Code of Norton

The Federal Authorities still unable to dominate the spirit of Anonymous. After a series of arrest by FBI, Interpol, Scotland Yard still the hacktivist are on the high node. As a result New York Ironworks, a supplier of police equipment and tactical gear based in New York City became the victim of cyber attack. Where a hacker collective group named #Antisec (Part of Anonymous) has hacked and defaced the index page of Ironworks with a rambling message from AntiSec. The message expressed support for those who were arrested and anger at fellow hacker "Sabu" whose cooperation with the FBI contributed to this week's arrests. It included a brief diatribe against the FBI, a promise of more hacks Friday.
Meanwhile, Anonymous members also released source code to Symantec's Norton Antivirus 2006 software in apparent tribute to those who were arrested this week. A 1.07GB file that is apparently the source code was published on Pastebin as well as Pirate Bay on Thursday. The release of the code was not unexpected. Last month, hackers named Lords of Dharmaraja affiliated with Anonymous had released source code to Symantec's pcAnywhere after a botched sting operation. That time too, the hackers published the code on The Pirate Bay website. Symantec also confirmed the security breach




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Prison CCTV System are Under Attack By Worm Named 'Conficker'

Posted by Avik Sarkar On 9/29/2012 02:32:00 am

Prison CCTV System are Under Attack By Worm Named 'Conficker'

Yet again worm named 'conficker' has been spotted in the wild and this time it's showing some dangerous tricks. Security researcher from Symantec has unveiled that is infamous malware have managed to hack all the computers that control closed circuit television (CCTV) system of an unknown prison. Representatives from the correctional institutions were adamant that all the required security measures be all set and be in place so that the malware might be blocked, thus claiming that the threats were identified by protective software that were most likely false positives. Symantec experts found that a different Windows server 2003 system was required to control the prison CCTV system after examining the whole incident, and that system had remained unpatched as updates are formed interoperability problems with the cameras. An infection is introduced unintentionally through a USB drive while a contractor doing maintenance on the system. The recorded footage is modified by the threat insisting the prison's representative to catalogue it as "tampered evidence". While commenting on the matter, Director of Managed Security Services for the Asia Pacific and Japan region at anti-virus firm (Symantec), Peter Sparkes denoted that a CCTV was found to cause infection and identified as a threat, through a maintenance device. It is a software update by the involvement of a third party was that was into maintaining the CCTV.


-Source (SPAMfighter News)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Security Essentials is on the first place in North America

Posted by Avik Sarkar On 6/14/2011 03:33:00 pm



Microsoft (17.07 percent), AVG (15.63 percent), and Symantec (14.47 percent) were found to be the top three antivirus vendors in North America, according to the latest quarterly antivirus market share report released by OPSWAT. Microsoft increased its market share from OPSWAT's previous antivirus report to surpass Symantec and become the North American leader. AVG held steady in the second position, and Symantec fell to third.
Worldwide, the top three antivirus vendors detected were Avast (12.37 percent), AVG (12.37 percent), and Avira (12.29 percent). Microsoft was fourth (11.24 percent), followed by ESET Software (9.98 percent).
The software company analyzed more than 43,000 opt-in reports from endpoints worldwide. The reports, generated by OPSWAT's AppRemover and Am I OESIS OK? tools, utilize the detection capabilities of the OESIS Framework to list the applications installed on the endpoint computer. The full 8-page document, titled Q2 2011 Antivirus and Instant Messenger Market Share Report, includes data on the leading antivirus vendors and products in North America and worldwide, Windows OS usage in North America and worldwide, instant messaging market share worldwide, and instant messaging usage in North America and Europe.
The rest of the data wasn't too surprising: Windows 7 usage continues to increase in North America and worldwide, showing a steady trend away from Windows Vista. In both North America and worldwide, Windows XP remains the dominant Windows operating system. The top three worldwide IM applications are Windows Live Messenger, Skype, and Yahoo! Messenger. The report does not, however, account for Web-based instant messaging services such as Google Chat or Facebook. This is because it only looks at installed applications, and those services run in the browser.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Due to Cyber Crimes India is Loosing 4 Billion Dollar Per Year

Posted by Avik Sarkar On 9/11/2011 01:26:00 pm


Cybercrime leads to annual losses of around $ 4 billion or Rs 18,000 crore in direct financial losses, and an additional $3.6 billion or Rs 16,200 crore is spent in resolving the crime in India, states a recent study done by Symantec, the maker of Norton computer security software.
Globally the financial losses due to cybercrimes was found to be $114 billion annually, and an additional $274 billion was lost, based on the value victims  placed on time lost due to their cybercrime experiences. The study claims that cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion) and it affected more than two thirds(69 percent) of online adults.

Surprisingly, even with its tight internet security rules China is unable to escape cybercriminal activities. In  China, the direct losses due to cybercrime is around $25 billion, even higher than that of India.
“Over the past 12 months, three times as many adults surveyed have suffered from online crime versus offline crime, yet less than a third of respondents think they are more likely to become a victim of cybercrime than physical world crime in the next year,” said Gaurav Kanwal, Country Sales Manager for India and SAARC, Consumer Business Unit, Symantec.
According to the report, the most common types of cybercrimes are computer viruses and malware, followed by online scams and phishing. In India, four in five online adults have been a victim of cyber crime, and males aged between 18 and 31 years old are most likely to become victims of cyber-attack on cell phones.

Though, 74 per cent Indian users are aware of cybercrimes, many are not taking the necessary precautions. Over 41 per cent of the respondents revealed that they don’t have an up to date security software suite to protect their personal information online. Only half of the respondents reviewed their credit card statements regularly for fraud and 61 per cent don’t use complex passwords or change them regularly.
“Cybercrime is much more prevalent than people realize. Over the past 12 months, three times as many adults surveyed have suffered from online crime versus offline crime, yet less than a third of respondents think they are more likely to become a victim of cybercrime than physical world crime in the next year,” said Adam Palmer, Norton Lead Cybersecurity Advisor
Fighting cybercrime is a shared responsibility. It requires  us to be more alert and take the necessary precautions to ensure complete online security.

To see the the Norton report click Here
-News Source (Symantec & Buzzom)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The Nitro Attacks Stealing Secrets from the Chemical Industry

Posted by Avik Sarkar On 11/01/2011 06:10:00 pm


Symantec prepares a a report on the ongoing malware report and named it "Nitro Attacks". By using this an attacker can pull secretes information from chemical industries, companies, the attack is mainly based on social engineering. 
An Analysis report is Saying:-
This "nitro" attack has an interesting blend of malware techniques that does show some ingenuity. It used a socially engineered email message with a malicious attachment. While the malware component of the attack was a recycled version of the common remote access Trojan (RAT) PoisonIvy, it was often packaged in an encrypted archive to evade email gateway detection. Nitro portrayed itself as a necessary Adobe Flash or anti-virus update, using your desire to be secure to trick you into installing the malware. Like many other targeted attacks that have come to light recently, this one attacks our weakest link, our humanity.
One of the behaviors of the Trojan was to collect password hashes from compromised Windows computers. If you haven't already gotten the memo, it is an extremely bad idea to give your users administrative rights.
Malware cannot access the Windows cache of passwords, which almost always has admin credentials included, if it does not have administrative rights. Simply restricting permissions would be enough to stunt the spread of an attack like this. Additionally, the behavior of this malware is quite easy for HIPS or behavioral anti-virus to detect and block. With the multitude of techniques being used by the bad guys, analyzing the behavior of applications is critical.
The command and control for this Trojan was located on a virtual hosted server in the United States. Symantec's investigation shows that the person who owns this instance, Covert Grove, is based in the Hebei region of China. In too many high profile organizations, IT security and their users have an adversarial relationship. Additionally, IT often does not use the full capabilities of the tools they are purchasing out of fear of false positives. Blocking suspicious attachments, using proactive detection technologies and educating users could all stop this type of attack from succeeding. If you weren't one of the victims, this is a great lesson on what you should be doing to protect against the next attack.

For more info & to download the symantec report click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Has Been Blocked By Norton & Declared Fb a Phishing Site

Posted by Avik Sarkar On 10/18/2011 12:31:00 am


Symantec has withdrawn an update to its Norton consumer security software that branded Facebook a phishing site on Wednesday. The snafu meant that users of Norton Internet Security were blocked from accessing the social networking site and were told a "fraudulent web page" had been blocked, as illustrated in a discussion thread on Symantec's support forums here.
While wags might joke that Facebook is all about persuading punters to supply personal information to a website that ought not to be trusted, it's a bit of a stretch to even compare Zuckerberg's Reservation to a fraudulent banking site. Symantec responded to the problem within hours. From the looks of support forum postings affected users were left dazed and confused rather than seriously inconvenienced or aggrieved by the screw-up.
Security firms update their signature definition files to detect either rogue applications or questionable websites at increasing frequency in order to keep up with malware production rates. Plenty of effort is put into the quality assurance process across the industry but even so mistakes sometimes occur. False positives are a cross-industry problem that affects all vendors.

-News Source (The Register & Norton) 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Every 14 Programs Downloaded by Windows Users Turns out to be Malicious

Posted by Avik Sarkar On 5/18/2011 11:06:00 pm


The next time a website says to download new software to view a movie or fix a problem, think twice. There's a pretty good chance that the program is malicious.
In fact, about one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5 percent of users ignore the warnings and download malicious Trojan horse programs anyway.
Five years ago, it was pretty easy for criminals to sneak their code onto computers. There were plenty of browser bugs, and many users weren't very good at patching. But since then, the cat-and-mouse game of Internet security has evolved: Browsers have become more secure, and software makers can quickly and automatically push out patches when there's a known problem.
So increasingly, instead of hacking the browsers themselves, the bad guys try to hack the people using them. It's called social engineering, and it's a big problem these days. "The attackers have figured out that it's not that hard to get users to download Trojans," said Alex Stamos, a founding partner with Isec Partners, a security consultancy that's often called in to clean up the mess after companies have been hacked.
Social engineering is how the Koobface virus spreads on Facebook. Users get a message from a friend telling them to go and view a video. When they click on the link, they're then told that they need to download some sort of video playing software in order to watch. That software is actually a malicious program.
Social-engineering hackers also try to infect victims by hacking into Web pages and popping up fake antivirus warnings designed to look like messages from the operating system. Download these and you're infected. The criminals also use spam to send Trojans, and they will trick search engines into linking to malicious websites that look like they have interesting stories or video about hot news such as the royal wedding or the death of Osama bin Laden.
"The attackers are very opportunistic, and they latch onto any event that might be used to lure people," said Joshua Talbot, a manager with Symantec Security Response. When Symantec tracked the 50 most common malicious programs last year, it found that 56 percent of all attacks included Trojan horse programs.
In enterprises, a social-engineering technique called spearphishing is a serious problem. In spearphishing, the criminals take the time to figure out who they're attacking, and then they create a specially crafted program or a maliciously encoded document that the victim is likely to want to open -- materials from a conference they've attended or a planning document from an organization that they do business with.

With its new SmartScreen Filter Application Reputation screening, introduced in IE 9, Internet Explorer provides a first line of defense against Trojan horse programs, including Trojans sent in spearphishing attacks.
IE also warns users when they're being tricked into visiting malicious websites, another way that social-engineering hackers can infect computer users. In the past two years, IE's SmartScreen has blocked more than 1.5 billion Web and download attacks, according to Jeb Haber, program manager lead for SmartScreen.
Haber agreed that better browser protection is pushing the criminals into social engineering, especially over the past two years. "You're just seeing an explosion in direct attacks on users with social engineering," he said. "We were really surprised by the volumes. The volumes have been crazy."
When the SmartScreen warning pops up to tell users that they're about to run a potentially harmful program, the odds are between 25 percent and 70 percent that the program will actually be malicious, Haber said. A typical user will only see a couple of these warnings each year, so it's best to take them very seriously.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search