Slashdot Mirror

← Back to Domains

Domain: symantec.com

Stories and comments across the archive that link to symantec.com.

Stories · 152

  1. McAfee Disclaims Claims of Chinese Involvement in 'Shady RAT'

    It · China · · posted by timothy · from the not-in-so-many-words dept. · 56 comments
    hackingbear writes "In an interview with Chinese official Xinhua news agency, McAfee said no direct evidence suggests a particular nation such as China is behind Operation Shady RAT, a five-year cyber campaign discovered by McAfee. Alperovitch told Xinhua that they 'don't have direct evidence that conclusively points to a particular nation state' behind the scheme. So the same online security industry that has propagated Chinese cyber threats in front of Western media denies they made such suggestion of China, another of their major markets." Also on the Shady RAT front, reader kermidge writes with a post from Hon Lau at Symantec containing details lacking in McAfee's Wednesday report; included are examples of the vectors and commands used, along with cogent commentary.

  2. Trojan Goes After Bitcoins

    It · Bitcoin · · posted by Soulskill · from the strict-inevitabilities dept. · 344 comments
    Orome1 writes "Bitcoin has definitely caught the attention of criminals. Even though it has been calculated that the use of botnets for Bitcoin mining is still not quite as lucrative as renting them out for other purposes, targeting people who have them in their digital wallets is quite another matter. Symantec researchers have spotted in the wild a Trojan dedicated to this specific purpose. Named Infostealer.Coinbit, it searches for the Bitcoin wallet.dat file on the infected computer and sends it to the criminal(s)."

  3. Trojan Goes After Bitcoins

    It · Bitcoin · · posted by Soulskill · from the strict-inevitabilities dept. · 344 comments
    Orome1 writes "Bitcoin has definitely caught the attention of criminals. Even though it has been calculated that the use of botnets for Bitcoin mining is still not quite as lucrative as renting them out for other purposes, targeting people who have them in their digital wallets is quite another matter. Symantec researchers have spotted in the wild a Trojan dedicated to this specific purpose. Named Infostealer.Coinbit, it searches for the Bitcoin wallet.dat file on the infected computer and sends it to the criminal(s)."

  4. New Malware Simulates Hard Drive Failure

    Tech · Security · · posted by timothy · from the just-a-healthy-reminder dept. · 294 comments
    An anonymous reader writes "A nasty strain of malware goes beyond mere sensational alerts, it makes it seem the user's hard drive is failing. It moves files from All Users and the current Windows user's profile into a temporary location, making it appear as though problems with the hard drive are causing files to disappear. It also disables a user's ability to change wallpaper images and sets registry keys to hide certain icons — giving the impression that programs are going missing as well. Of course, it's all done in an attempt to get people to buy the software that will fix it."

  5. Stuxnet Struck Five Targets In Iran

    It · Security · · posted by CmdrTaco · from the behind-the-scenes dept. · 59 comments
    Batblue writes "Researchers at Symantec said that the notorious Stuxnet worm targeted five separate organizations, and attacks against those objectives — all with a presence in Iran — started in June 2009, more than a year before independent experts raised the alarm."

  6. Stuxnet Analysis Backs Iran-Israel Connection

    It · Security · · posted by Soulskill · from the my-god-has-a-bigger-firewall-than-your-god dept. · 307 comments
    Trailrunner7 writes "Liam O'Murchu of Symantec, speaking at the Virus Bulletin Conference, provided the first detailed public analysis of the worm's inner workings to an audience of some of the world's top computer virus experts. O'Murchu described a sophisticated and highly targeted virus and demonstrated a proof of concept exploit that showed how the virus could cause machines using infected PLCs to run out of control. Though most of the conversation about Stuxnet is still based on conjecture, O'Murchu said that Symantec's analysis of Stuxnet's code for manipulating PLCs on industrial control systems by Siemens backs up both the speculation that Iran was the intended target and that Israel was the possible source of the virus. O'Murchu noted that researchers had uncovered the reference to an obscure date in the worm's code, May 9, 1979, which, he noted, was the date on which a prominent Iranian Jew, Habib Elghanian, was executed by the new Islamic government shortly after the revolution. Anti-virus experts said O'Murchu's hypothesis about the origins of Stuxnet were plausible, though some continue to wonder how the authors of such a sophisticated piece of malware allowed it to break into the wild and attract attention." Symantec has also issued a lengthy and detailed dossier on Stuxnet (PDF).

  7. Microsoft Helps Adobe Block PDF Zero-Day Exploit

    News · Security · · posted by Soulskill · from the damage-control dept. · 93 comments
    CWmike writes "Microsoft has urged Windows users to block ongoing attacks against Adobe's popular PDF viewer by deploying one of Microsoft's enterprise tools. Adobe echoed Microsoft's advice, saying the Enhanced Migration Experience Toolkit (EMET) would stymie attacks targeting Reader and Acrobat. Called 'scary' and 'clever,' the in-the-wild exploit went public last week when security researcher Mila Parkour reported it to Adobe after analyzing a rogue PDF document attached to spam. Adobe first warned users Wednesday of the threat, but at the time gave users no advice on how to protect themselves until a patch was ready. Microsoft stepped in on Friday. 'The good news is that if you have EMET enabled ... it blocks this exploit,' said Fermin Serna and Andrew Roths, two engineers with the Microsoft Security Response Center in an entry on the group's blog." A Symantec blog post suggests the people exploiting this vulnerability may be the 'Aurora' group responsible for the attacks on Google late last year.

  8. Symantec Finds Server Containing 44 Million Stolen Gaming Credentials

    Games · Botnet · · posted by Soulskill · from the who-wants-to-buy-a-level-80-paladin dept. · 146 comments
    A Symantec blog post reports that the company recently stumbled upon a server hosting the stolen credentials for 44 million game accounts. It goes on to explain how the owners of the server made use of a botnet to process that mountain of data: "Now it's time to turn those gaming credentials into hard cash. But how do you find out which credentials are valid and thus worth some money? Three options come to mind: 1) Log on to gaming websites 44 million times! 2) Write a program to log in to the websites and check for you (this would take months). 3) Write a program that checks the login details and then distribute the program to multiple computers. Option one naturally seems next to impossible. Option two is also not very feasible, since websites typically block IP addresses after multiple failed login attempts. By taking advantage of the distributed processing that the third option offers, you can complete the task more quickly and help mitigate the multiple-login failure problems by spreading the task over more IP addresses. This is what Trojan.Loginck's creators have done."

  9. 75% of Enterprises Have Suffered Cyber Attacks, Costing $2M+ On Average

    News · Business · · posted by CmdrTaco · from the that's-a-lot-of-green dept. · 81 comments
    coomaria writes "OK, even allowing for the fact this comes from a newly published study (PDF) from a security company, that's still one heck of a statistic. The fact that it's Symantec, and so has access to perhaps more enterprises than most, makes it a double-heck with knobs on. Or how about this one for size: 'every enterprise, yes, 100 percent, experienced cyber losses in 2009.'"

  10. Y2.01K

    It · Security · · posted by kdawson · from the wait-till-two-oh-thirty-eight dept. · 269 comments
    After our recent discussion of decimal/hexadecimal confusion at the turn of 2010, alphadogg writes in with a Network World survey of wider problems caused by the date change. "A decade after the Y2K crisis, date changes still pose technology problems, making some security software upgrades difficult and locking millions of bank ATM users out of their accounts. Chips used in bank cards to identify account numbers could not read the year 2010 properly, making it impossible for ATMs and point of sale machines in Germany to read debit cards of 30 million people since New Year's Day, according to published reports. The workaround is to reprogram the machines so the chips don't have to deal with the number. In Australia, point-of-sales machines skipped ahead to 2016 rather than 2010 at midnight Dec. 31, rendering them unusable by retailers, some of whom reported thousands of dollars in lost sales. Meanwhile Symantec's network-access control software that is supposed to check whether spam and virus definitions have been updated recently enough fails because of this 2010 problem."

  11. Google Groups Used To Control Botnets

    It · Security · · posted by Soulskill · from the easier-than-by-carrier-pigeon-in-most-cases dept. · 63 comments
    oDDmON oUT writes "'Maintaining a reliable command and control (C&C) structure is a priority for back door Trojan writers. ... Symantec has observed an interesting variation on this concept in the wild. A back door Trojan that we are calling Trojan.Grups has been using the Google Groups newsgroups to distribute commands,' writes Symantec employee Gavin O Gorman. He goes on to state that 'the Trojan itself is quite simple. It is distributed as a DLL,' and while the decrypted commands indicate it is used 'for reconnaissance and targeted attacks,' he does go on record as saying, 'It's worth noting that Google Groups is not at fault here; rather, it is a neutral party. The authors of this threat have chosen Google Groups simply for its bevy of features and versatility.'"

  12. Attacks Against Unpatched Microsoft Bug Multiply

    It · Security · · posted by kdawson · from the how-not-to-excel dept. · 122 comments
    CWmike writes "Attacks exploiting the latest Microsoft vulnerability are quickly ramping up in quantity and intensity, several security companies warned today as they rang alarms about the developing threat. Symantec, Sunbelt Software, and SANS' Internet Storm Center bumped up their warnings yesterday after Microsoft announced that attackers were exploiting a bug in an ActiveX control used by IE to display Excel spreadsheets. There is no patch for the vulnerability; Microsoft didn't release one in today's Patch Tuesday. A temporary fix that sets the 'kill bits' of the ActiveX control is available, but experts believe it's likely most users won't take advantage of the protection. Symantec raised its ThreatCon ranking to the second of four steps. "We're seeing it exploited, but currently on a limited scale," said Symantec's Ben Greenbaum. Sunbelt also bumped up its ranking, to high." Firefox users can't be too complacent; Secunia is warning of a 0-day in version 3.5.

  13. Central Anti-Virus For Small Business?

    It · Security · · posted by kdawson · from the keeping-them-safe-despite-everything dept. · 359 comments
    rduke15 writes "I'm trying to find a centrally managed anti-virus solution for a small business network, which has around 20 Windows XP machines with a Linux server. It is too big to manage each client manually. However, there is no no full-time IT person on site, and no Windows Active Directory server — just Linux with Samba. And the current solution with Symantec Endpoint Protection seems too expensive, and too complex for such a simple need. On the Linux server side, email is handled by amavisd and ClamAV. But the WinXP clients still need a real-time anti-virus for the USB disks they may bring to work, or stuff they download from their personal webmail or other sites. I'm wondering what others may be using in similar situations, and how satisfied they are with it."

  14. Malicious Activity Grew At a Record Pace In 2008

    It · Security · · posted by Soulskill · from the until-the-record-is-broken-in-2009 dept. · 56 comments
    An anonymous reader writes "Symantec announced that malicious code activity continued to grow at a record pace throughout 2008, primarily targeting confidential information of computer users. According to the company's Internet Security Threat Report Volume XIV (PDF), Symantec created more than 1.6 million new malicious code signatures in 2008. This equates to more than 60 percent of the total malicious code signatures ever created by Symantec — a response to the rapidly increasing volume and proliferation of new malicious code threats. These signatures helped Symantec block an average of more than 245 million attempted malicious code attacks across the globe each month during 2008." Another anonymous reader notes a related report from Verizon (PDF), which says 285 million records were compromised in 2008, more than the total of the previous four years combined.

  15. Conficker Worm Asks For Instructions, Gets Update

    It · Worms · · posted by CmdrTaco · from the wormed-its-way-into-my-heart dept. · 285 comments
    KingofGnG writes "Conficker/Downup/Downadup/Kido malware, that according to Symantec 'is, to date, one of the most complex worms in the history of malicious code,' has been updated and this time for real. The new variant, dubbed W32.Downadup.C, adds new features to malware code and makes the threat even more dangerous and worrisome than before."

  16. Computer Virus Aboard the ISS

    Science · Space · · posted by timothy · from the like-a-little-piece-of-home dept. · 290 comments
    chrb writes "BBC News is reporting that laptops taken to the International Space Station by NASA astronauts are infected with the Gammima.AG worm. The laptops have no net connection; officials suspect the worm may have been transferred via a USB flash drive owned by an astronaut. NASA have said this isn't the first time computer viruses had travelled into space."

  17. Your Identity Is Worth Less Than $15

    Yro · Privacy · · posted by kdawson · from the less-than-your-fillings dept. · 178 comments
    I Don't Believe in Imaginary Property writes "One of the more interesting tidbits in Symantec's Global Internet Threat Report (PDF, 105 pages) is the price sheet, which suggests that someone's 'full identity' is worth in the range of $1-$15. Your email password goes for $4-$30 and your bank account might fetch $10-$1000. With those prices, I wonder how often they pay more for the bank account than is actually in it? There's also an executive summary (PDF, 36 pages)."

  18. Your Identity Is Worth Less Than $15

    Yro · Privacy · · posted by kdawson · from the less-than-your-fillings dept. · 178 comments
    I Don't Believe in Imaginary Property writes "One of the more interesting tidbits in Symantec's Global Internet Threat Report (PDF, 105 pages) is the price sheet, which suggests that someone's 'full identity' is worth in the range of $1-$15. Your email password goes for $4-$30 and your bank account might fetch $10-$1000. With those prices, I wonder how often they pay more for the bank account than is actually in it? There's also an executive summary (PDF, 36 pages)."

  19. Firefox Susceptible To QuickTime Security Flaw

    It · Security · · posted by kdawson · from the exploit-available-in-the-wild dept. · 231 comments
    Hugh Pickens writes "Apple's QuickTime media player software contains a previously undocumented security weakness in the way QuickTime handles the RTSP media-streaming protocol. The vulnerability is present in QuickTime versions 4.0 through 7.3 (the latest version) on both Windows and Mac systems. Symantec has tested the publicly available exploit code and found that it failed to work properly against Internet Explorer 6/7 or Safari 3 Beta but the exploit works against Firefox if users have chosen QuickTime as the default player for multimedia formats. Firefox users are more susceptible to this attack because Firefox farms off the request directly to the QuickTime Player as a separate process outside of its control, while IE loads the QuickTime Player as an internal plugin and when the overflow occurs, standard buffer-overflow protection is triggered, shutting down the affected processes before any damage can occur."

  20. Death Knell For DDoS Extortion?

    Tech · Security · · posted by kdawson · from the greener-pastures dept. · 101 comments
    Ron writes "Symantec security researcher Yazan Gable has put forward an explanation as to why the number of denial of service attacks has been declining (coincident with the rise of spam). His theory is that DoS attacks are no longer profitable to attackers. While spam and phishing attacks directly generate profit, he argues that extortion techniques often used with DoS attacks are far more risky and often make an attacker no profit at all. Gable writes: 'So what happens if the target of the attack refuses to pay? The DoS extortionist is obligated to carry out a prolonged DoS attack against them to follow through on their threats. For a DoS extortionist, this is the worst scenario because they have to risk their bot network for nothing at all. Since the target has refused to pay, it is likely that they will never pay. As a consequence, the attacker has to spend time and resources on a lost cause.'"

  21. US Leads the World In Malware Creation

    It · Security · · posted by kdawson · from the scratch-a-criminal dept. · 126 comments
    PetManimal writes "Symantec says that China, Russia, and the other developing countries usually blamed for the increasing amount of malware are not the biggest culprits. The security software company released a report (PDF) claiming that the US leads the world in a number of malware categories, ranging from the 'amount of malicious activity originating from their networks' to 'underground economy servers.' Preston Gralla says the US lead should come as no surprise, considering the capitalist way of life and the high level of technical knowledge. He also suggests that the some of the 'criminals' may actually be Internet entrepreneurs who crossed over to the dark side: 'It's an inevitable result of a thriving free market and tech expertise. An underground economy often mirrors the legal, above-ground one. Scratch a criminal, and sometimes you find a misguided entrepreneur, looking to get rich a little too quick.'"

  22. IBM Refuses To Certify Oracle Linux

    Linux · Ibm · · posted by kdawson · from the doesn't-look-red-to-me dept. · 124 comments
    Andrew writes "IBM has thrown a spanner in the Oracle Linux works by refusing to certify that IBM's software portfolio will run and be supported on Oracle Unbreakable Linux. If IBM applications turn out to be incompatible with Oracle Linux, then it will be up to Oracle to resolve any issues. This conservative stance of IBM's is unlikely to help Oracle sell Linux subscriptions to businesses that use any of IBM's large software portfolio."

  23. Demo Virus For Mac OS X Released

    · posted by ryuzaki0 · from the i-don't-think-i'll-download-that-demo dept. · 268 comments
    Juha-Matti Laurio writes "Heise Security has a report about new Proof of Concept virus for Mac entitled as OSX.Macarena by AV vendor Symantec. Symantec suffered from a slight lapse when it recommended in the first version of the virus description that users clean the system by deactivating the system restoration (Windows ME/XP). It is known that the virus infects other data in the folder in which it is started, regardless of extension, says Heise."

  24. Windows Rootkit Wars Escalate

    · posted by ryuzaki0 · from the most-secure-version-of-windows-ever dept. · 342 comments
    An anonymous reader writes "The rootkit wars have started to escalate with a rootkit named Rustock which is able to remain hidden from all the popular anti-rootkit tools. It uses some new techniques including not only putting itself in a ADS (NTFS alternate data stream) which isn't seen by normal file system enumeration tools, but even blocks ADS aware tools from seeing the stream. Works in Vista, too! Analysis in both Symantec and F-Secure blogs."

  25. Windows Rootkit Wars Escalate

    · posted by ryuzaki0 · from the most-secure-version-of-windows-ever dept. · 342 comments
    An anonymous reader writes "The rootkit wars have started to escalate with a rootkit named Rustock which is able to remain hidden from all the popular anti-rootkit tools. It uses some new techniques including not only putting itself in a ADS (NTFS alternate data stream) which isn't seen by normal file system enumeration tools, but even blocks ADS aware tools from seeing the stream. Works in Vista, too! Analysis in both Symantec and F-Secure blogs."

  26. Malware Installed by LiveJournal Ad

    · posted by ryuzaki0 · from the egg-on-face dept. · 199 comments
    Jamesday writes "LiveJournal recently introduced an ad-supported level. Over the last few days an advertiser used an ad to install the ErrorSafe malware that tried to trick people into believing they had a fault on the computer that needs them to purchase a fix. The ad used a server-side setting and targetted only those outside the US, to prevent LiveJournal's own checks from noticing it. LiveJournal has apologized for the ad and slow response." Even our readers have had to endure more than one browser-crashing ad campaign from time to time. Thanks for sticking around.

  27. Zotob Worm Hits CNN and Goes Global

    It · Worms · · posted by ScuttleMonkey · from the hack-the-planet dept. · 522 comments
    securitas writes "The Zotob MS05-039 worm mentioned on Slashdot last Sunday may be the most recent virus that has gone global, hitting Windows 2000 desktops at CNN, ABC, the New York Times, and many others. The virus is spreading around the world rapidly as compromised systems become bots and propagate the worm, with reported outbreaks in Germany and China. InformationWeek has a decent article titled Zotob Proves Patching "Window" Non-Existent. Microsoft calls it a "low impact" threat and tells you What you should know about Zotob. Symantec has W32.Zotob.D removal instructions. Trend Micro thinks that this is a new, different worm altogether and says it is one of the fastest-spreading infections in history."

  28. Internet Security Warnings

    It · Security · · posted by CmdrTaco · from the we-have-a-code-yellow-people-this-is-not-a-drill-omg-freak-out dept. · 296 comments
    Juha-Matti Laurio writes "Internet Storm Center's Diary reported today: Due to a number of very well working Windows exploits for this weeks patch set, and the zero-day Veritas exploit, we decided to turn the Infocon to yellow. The following Internet Threat Level meters are at level 2/4 because of Windows Plug and Play vulnerability's several exploit codes too: Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon."

  29. Symantec's AntiVirus 10 Deployment Woes?

    Ask · Bug · · posted by Cliff · from the stuck-with-buggy-commercial-software dept. · 102 comments
    loraksus asks: "We recently deployed Symantec AV Corporate version 10 across on our network and have been having nothing but problems. The new client breaks the MS Office install and causes machines to slow down significantly - some almost to the point of being completely unusable. The client (doscan.exe) also crashes very frequently (daily), and tends to take other things down with it. Symantec's 'workaround' is to drop by every workstation and insert the Office (or Wordperfect, it screws up both applications) CD, remove some office shortcuts and disable some virus scans. Since we manage clients over WAN links hundreds of miles away, this really isn't an option, nor is it an acceptable option given the number of workstations we manage. Are there any other admins dealing with this? Any advice? Solutions?" "It seems that more and more closed source companies are now rushing software out the door that not only has a couple bugs, but glaring errors that would have easily been caught in even the most basic testing. Of course, we in IT usually have no recourse against these companies other than never buying their products, again.

    Do you folks have any advice when it comes to dealing vendors who release software that is unusuable and can't provide an acceptable resolution?"

  30. Symantec's AntiVirus 10 Deployment Woes?

    Ask · Bug · · posted by Cliff · from the stuck-with-buggy-commercial-software dept. · 102 comments
    loraksus asks: "We recently deployed Symantec AV Corporate version 10 across on our network and have been having nothing but problems. The new client breaks the MS Office install and causes machines to slow down significantly - some almost to the point of being completely unusable. The client (doscan.exe) also crashes very frequently (daily), and tends to take other things down with it. Symantec's 'workaround' is to drop by every workstation and insert the Office (or Wordperfect, it screws up both applications) CD, remove some office shortcuts and disable some virus scans. Since we manage clients over WAN links hundreds of miles away, this really isn't an option, nor is it an acceptable option given the number of workstations we manage. Are there any other admins dealing with this? Any advice? Solutions?" "It seems that more and more closed source companies are now rushing software out the door that not only has a couple bugs, but glaring errors that would have easily been caught in even the most basic testing. Of course, we in IT usually have no recourse against these companies other than never buying their products, again.

    Do you folks have any advice when it comes to dealing vendors who release software that is unusuable and can't provide an acceptable resolution?"

  31. Symantec's AntiVirus 10 Deployment Woes?

    Ask · Bug · · posted by Cliff · from the stuck-with-buggy-commercial-software dept. · 102 comments
    loraksus asks: "We recently deployed Symantec AV Corporate version 10 across on our network and have been having nothing but problems. The new client breaks the MS Office install and causes machines to slow down significantly - some almost to the point of being completely unusable. The client (doscan.exe) also crashes very frequently (daily), and tends to take other things down with it. Symantec's 'workaround' is to drop by every workstation and insert the Office (or Wordperfect, it screws up both applications) CD, remove some office shortcuts and disable some virus scans. Since we manage clients over WAN links hundreds of miles away, this really isn't an option, nor is it an acceptable option given the number of workstations we manage. Are there any other admins dealing with this? Any advice? Solutions?" "It seems that more and more closed source companies are now rushing software out the door that not only has a couple bugs, but glaring errors that would have easily been caught in even the most basic testing. Of course, we in IT usually have no recourse against these companies other than never buying their products, again.

    Do you folks have any advice when it comes to dealing vendors who release software that is unusuable and can't provide an acceptable resolution?"

  32. Schneier on Attack Trends: More Complex Worms

    It · Worms · · posted by timothy · from the malice-on-the-loose dept. · 189 comments
    Gary W. Longsine writes "Bruce Schneier has posted an interesting entry on expected attack trends to his blog. Of particular interest is the increasing sophistication of automated worm-based attacks. He cites the developing W32.spybot.KEG worm -- once inside a network it scans for several vulnerabilities and reports its findings via IRC. Trend Micro also has information on a scanning-capable version of this worm, which they call: WORM_SPYBOT.ID"

  33. What Does a Spreading Worm Look Like?

    It · Worms · · posted by CmdrTaco · from the can-i-disenchant-it-for-reagents dept. · 233 comments
    quibbs0 writes "When a new worm spreads around the world, people want to know if they are protected. How fast is it? How does it spread? A new simulation program developed by Symantec Research Labs not only has the answers, it also provides pictures."

  34. What Does a Spreading Worm Look Like?

    It · Worms · · posted by CmdrTaco · from the can-i-disenchant-it-for-reagents dept. · 233 comments
    quibbs0 writes "When a new worm spreads around the world, people want to know if they are protected. How fast is it? How does it spread? A new simulation program developed by Symantec Research Labs not only has the answers, it also provides pictures."

  35. Pros and Cons of Firefox Critically Evaluated?

    Tech · Mozilla · · posted by timothy · from the but-all-I've-got-is-cancer dept. · 674 comments
    A Dafa Disciple writes "Fred Langa of Information Week has written an article claiming to discuss the 'Pros and Cons of Firefox'. At first I was excited because I thought I was going to get to finally read an enlightening, in-depth article that critically examined the browser. I should have known better. Aside from the usual criticism of open source software, it contains a reference to a Symantec Internet Security Report which claims that more security vulnerabilities in the last six months of 2004 were found in Firefox than IE. I'll leave it to you to analyze Mr. Langa's opinion and scrutinize Symantec's study and reputation as a security software developer."

  36. Large Prize Offered For Writing Mac Virus

    Apple · Security · · posted by Zonk · from the come-get-some dept. · 669 comments
    Mordant writes "Some experienced Mac developers are offering a $25K prize to the first person to successfully infect two 'naked' Internet-connected Macs running stock Apple software. The best part is that if any Symantec employee succeeds in infecting the Macs, the prize goes up to $50K (Symantec has been fanning the flames of totally bogus "Macs aren't more secure, it's just that Windows is a bigger target" technical-equivalence propaganda)!" Update: 03/26 20:24 GMT by Z : Well, that was quick. Jack Campbell has cancelled the contest, after he "...was contacted by a large number of Mac users, and Mac software professionals who shared their thinking with me about the contest."

  37. Symantec Antivirus May Execute Virus Code

    It · Security · · posted by Zonk · from the antivirus-not-so-anti dept. · 388 comments
    An anonymous reader writes "Symantec has admitted that a serious vulnerability exists in the way its scanning engine handles Ultimate Packer for Executables. According to a ZDNet article, this means the scanner would execute the malicious program instead of catching it. Tim Hartman, senior technical director for Symantec Asia Pacific, said: "A vulnerability is not a vulnerability till somebody discovers it but because this is now known, somebody could craft an e-mail, mass mailer or a virus that takes advantage of it. It affects our firewalls, antispam, all the retail products and the enterprise products as well"" Symantec recommends you immediately patch your software.

  38. Who's Really Responsible In Online Banking Fraud?

    Yro · Court · · posted by timothy · from the firefox-did-it dept. · 463 comments
    TheRealStyro writes "According to this article a Miami businessman is suing a bank because of a fraudulent fund transfer possibly caused by the coreflood virus/trojan. He claims the bank is responsible because the bank failed to protect him from known online banking risks. It is obvious that this guy should have had an anti-virus package active, but shouldn't the bank have questioned such a large transfer to a republic of the former Soviet Union (these republics having gained the unfortunate notoriety of being dens of villainy and hackerdom)?"

  39. New Trojan Threatens Windows XP SP 2

    Tech · Windows · · posted by michael · from the unplug-your-computer-for-protection dept. · 241 comments
    lightdarkness writes "Symantec is reporting about a new virus called Phel (Anagram of 'help') which is a Trojan which spreads via a HTML file. All the user needs to do is go to the page, and it takes advantage of the vulnerability in the IE Help control component files. This allows the attacker to download malicious programs on to the machine. Worst part is, this is one of the exploits that even effects SP2. Microsoft is said to be working to stop the spread, and to release a patch." The exploit is apparently not the same as the help file problems disclosed last week.

  40. 'Opener' Malware Targets OS X

    Apple · Macosx · · posted by michael · from the laugh-it-up-fuzzball dept. · 400 comments
    the_webmaestro writes "Macintouch.com is covering the "opener" malware, a new and potential vulnerability which affects Mac OS X. If true (it's not on HoaxBusters yet), this could become a Mac user's worst nightmare... Worse even than Microsoft Word macro viruses (heretofore the only real 'viruses' which threatened Mac users)! Normally, when ever I'd see virus alerts, I'd revel in the fact that as a Mac user, I was immune (except for the slow-down of the net, the loss in productivity of my colleagues, and the increase in SPAM--often coming from my friends and colleagues). [Sigh] Perhaps, my days of telling friends and family that there are no viruses for Macs may be coming to an end. There have been stories."

  41. 'Opener' Malware Targets OS X

    Apple · Macosx · · posted by michael · from the laugh-it-up-fuzzball dept. · 400 comments
    the_webmaestro writes "Macintouch.com is covering the "opener" malware, a new and potential vulnerability which affects Mac OS X. If true (it's not on HoaxBusters yet), this could become a Mac user's worst nightmare... Worse even than Microsoft Word macro viruses (heretofore the only real 'viruses' which threatened Mac users)! Normally, when ever I'd see virus alerts, I'd revel in the fact that as a Mac user, I was immune (except for the slow-down of the net, the loss in productivity of my colleagues, and the increase in SPAM--often coming from my friends and colleagues). [Sigh] Perhaps, my days of telling friends and family that there are no viruses for Macs may be coming to an end. There have been stories."

  42. New IM Worm On The Loose

    It · Worms · · posted by CmdrTaco · from the head-for-the-hills dept. · 407 comments
    elfarto writes "Techweb is reporting that a new worm that spreads via Microsoft's instant messaging client began badgering users Monday, several security firms said. Dubbed Funner, the worm propagates by sending itself to all the contacts listed in the user's copy of MSN Messenger, Microsoft's IM client. There is an analysis on Symantec Security Response Site; apparently the worm tries to download stuff from www.78p.com and adds entries to the hosts file pointing to more that 400 Chinese porn sites. The worm also sends itself to the whole contact list as funny.exe so it requires the user interaction to actually execute it. "

  43. Zombie Networks On The Rise

    It · Security · · posted by Hemos · from the that-might-be-high-but-still dept. · 235 comments
    A reader writes " According to Symantec via the BBC online, Zombie PC nets are growing very fast. Of course, it should also note that Symantec may want those numbers to be as scary as possible. " ITMJ is part of OSTG, like Slashdot. There's also a NY Times story on the article as well.

  44. Symantec Acquires @Stake

    It · Security · · posted by timothy · from the assimilation dept. · 134 comments
    halligas writes "You may have noticed that last month McAfee acquired security firm Foundstone. Not to be outdone, McAfee rival Symantec has gone out a bought up their very own bunch of hackers, @Stake."

  45. Virus Writers Look Ahead: Target 64-bit Windows

    Hardware · Security · · posted by timothy · from the yes-ma'am-just-testing-your-alarm-system dept. · 205 comments
    Ashcrow writes "A new virus, named W64.Shruggle.1318 by Symantec, is being 'tested' on AMD64 machines running 64-bit Windows. While it is not currently a danger to 64-bit Windows users, it does show that virus writers are looking toward the future. The exploitable software in questions is currently unreleased outside of beta. News.com has the full article."

  46. First Trojan for Windows CE Released

    Hardware · Handheld · · posted by CowboyNeal · from the handheld-infestation dept. · 213 comments
    Tuxedo Jack writes "Symantec and The Register are reporting that the first Windows CE trojan horse, known as Brador, has been mailed to Trend Micro. This cannot spread on its own; it must be mailed or transmitted, then opened. Once opened, it opens a TCP port, allowing the remote-controller to connect and establish control over it. As expected, this will most likely be used to make new botnets, and it leads me to wonder: will we soon need firewalls for Windows Embedded?"

  47. First Trojan for Windows CE Released

    Hardware · Handheld · · posted by CowboyNeal · from the handheld-infestation dept. · 213 comments
    Tuxedo Jack writes "Symantec and The Register are reporting that the first Windows CE trojan horse, known as Brador, has been mailed to Trend Micro. This cannot spread on its own; it must be mailed or transmitted, then opened. Once opened, it opens a TCP port, allowing the remote-controller to connect and establish control over it. As expected, this will most likely be used to make new botnets, and it leads me to wonder: will we soon need firewalls for Windows Embedded?"

  48. 'Stealth' Worm Hinders Sandbox Analysis

    It · Security · · posted by timothy · from the analysis-says-your-sandbox-has-cats dept. · 461 comments
    Tuxedo Jack writes "The Register reports that the new Atak worm cannot be analyzed or debugged by antivirus companies without quite a bit of work, due to the author being sloppy with his or her code. Windows machines, as per the norm, are the only vulnerable ones, and it still requires user intervention to infect. Perhaps future worms will start including this 'bug' in their releases. We can only hope not." It doesn't sound like a bug at all, from the virus writer's perpective.

  49. Bagle/Beagle Variant Includes Source Code

    It · Security · · posted by timothy · from the let's-call-it-shared-source dept. · 219 comments
    NASAdude writes "Sunday brought a lot of fireworks... and the release of two new Bagle/Beagle variants. One of the variants includes a copy of its source code as an attachment as it spreads via email. It is expected the inclusion of the source will result in numerous variants. It's been dubbed Beagle.Y and Beagle.Z by Symantec and Bagle.ad and Bagle.ae by McAfee. ZDNet ran a story that covers these new variants."

  50. Bagle/Beagle Variant Includes Source Code

    It · Security · · posted by timothy · from the let's-call-it-shared-source dept. · 219 comments
    NASAdude writes "Sunday brought a lot of fireworks... and the release of two new Bagle/Beagle variants. One of the variants includes a copy of its source code as an attachment as it spreads via email. It is expected the inclusion of the source will result in numerous variants. It's been dubbed Beagle.Y and Beagle.Z by Symantec and Bagle.ad and Bagle.ae by McAfee. ZDNet ran a story that covers these new variants."