Latest Intelligence Reports
Report highlights
- Spam – 75.9 percent in August (a decrease of 1.9 percentage points since July 2011): page 13
- Phishing – One in 207.7 emails identified as phishing (an increase of 0.48 percentage points
since July 2011): page 16
- Malware – One in 203.3 emails in August contained malware (an increase of 0.14 percentage points since July 2011): page 17
- Malicious Web sites – 3,441 Web sites blocked per day (a decrease of 49.4 percent
since July 2011): page 19
- 34.1 percent of all malicious domains blocked were new in August (a decrease of 1.32 percentage points
since July 2011): page 19
- 17.3 percent of all Web-based malware blocked was new in August (a decrease of 3.82 percentage points
since July 2011): page 19
- Global Debt Crises News Drives Pump-and-Dump Stock Scams: page 2
- Are MBR Infections Back in Fashion?: page 3
- Phishing Apple’s iDisk: page 5
- Phishing Brazilian Brands: page 6
- The Truth Behind the Shady RAT: page 6
- Spammers take advantage of Unicode normalisation to hide URLs: page 11
- Best Practices for Enterprises and Users: page 22
[PDF] http://www.symanteccloud.com/en/us/mlireport/SYMCINT_2011_08_August_FINAL-EN.pdf
Symantec Blog
We have a total of 3,280 unique samples representing approximately 12,000 infections. While this is only a percentage of all known infections, we were able to learn some interesting aspects of how Stuxnet spread and where it was targeted.
• Stuxnet was a targeted attack on five different organizations.
• 12,000 infections can be traced back to these five organizations.
• Three organizations were targeted once, one was targeted twice, and another was targeted three times.
• Organizations were targeted in June 2009, July 2009, March 2010, April 2010, and May 2010.
• All targeted organizations have a presence in Iran.
• Three variants exist (Jun 2009, Apr 2010, Mar 2010) and a fourth variant likely exists but has never been recovered.
http://www.symantec.com/connect/blogs/updated-w32stuxnet-dossier-available
by certifiedbug on December 7, 2009
in Browser
According to Symantec senior engineer Candid Wüest, the company has “recently observed an increase in malware that drops malicious BHOs, Firefox extensions, and even Opera user scripts… to maximize their impact on a user’s machine.”
One avenue that’s taken is to drop the malicious extension directly into Firefox’s components directory. This means it will be automatically loaded with the browser, but will not show up in the Add-ons window.
Consequently, users are unlikely to know that the extension has been added, or see a mechanism to remove it.
http://www.itwire.com/content/view/29853/53/
Romanian hacker Unu posted on his blog that he had located a critical SQL injection vulnerability in a website belonging to security company Symantec.
If you remember, in February, Kaspersky faced with a sql injection. Then they had the courage to admit vulnerability, why have my admiration. There was fair play, they quickly secured vulnerable parameter, and even if at first they were very angry at me, finally understood that I did not extract, I saved nothing, I have not abused in any way by the data found. My goal was, what is still, to warn. To call attention.
Softpedia
In an e-mail to Softpedia, Symantec has confirmed the existence of a vulnerabiliy in the pcd.symantec.com. Here is the full statement we received:
“A SQL injection vulnerability has been identified at pcd.symantec.com. The Web site facilitates customer support for users of Symantec’s Norton-branded products in Japan and South Korea only. This incident does not affect Symantec customers anywhere else in the world.
“This incident impacts customer support in Japan and South Korea but does not affect the safety and usage of Symantec’s Norton-branded consumer products. Symantec is currently in the process of updating the Web site with appropriate security measures and will bring it back online as soon as possible. Symantec is still investigating the incident has no further details to share at this time.”
http://news.softpedia.com/news/Symantec-Online-Store-Hacked-127726.shtml