Scary internet stuff - Phishing the video!

Phishing continues to evolve.  Much as with spam, the bad guys and scammers continue to reinvent themselves and their tricks. They have become more brazen and sophisticated in their methods and as ever, their ultimate recourse is that of just sheer perseverance in flooding the ‘net with phishing messages.

To help contain phishing and as a precursor to ultimately managing and defeating it, requires effort and activity on many fronts. We have seen the popular browsers being updated to have ‘anti-phishing’ capabilities built into them. Many of the internet security suites also build in additional levels of anti-phishing protection. This is all necessary and effective. However, what is still vitally important  is to continue to educate people about phishing. We need to keep it front of mind, provide practical information to help combat it and to provide reassurance that the ‘phishers’ do not,  and will not, have it all their own way.

If you follow this link you will see an new and updated educational piece we have created on ‘Phishing’. I hope you like it and importantly find it useful. If you do like it, please help do your bit to push back against ‘phishing’, share it with friends, family and colleagues.

September 24, 2008 | Filed Under Identity theft, Security | Leave a Comment 

Norton 2009: Standing on the shoulders of giants

This week has seen the launch of the Norton Antivirus and Norton Internet Security 2009. I have had the great pleasure of helping in the formal Press launch of these exciting new products, in Madrid, Spain. How good are they? Well, what would you expect me to say! But, let me offer you this one vignette.

I have been in IT for nearly 20 years now, and throughout that time I have had the opportunity to help and participate in the launch of the many new products. Invariably, this involved the ‘live’ demo of the product. As soon, as the mention of this comes up from the marketing folk, you see the product people, starting to wince and recoil. Excuses are proffered, as to why this might not be necessary (read for that advisable).  The IT press have had the pleasure of experiencing, a veritable treasure trove of failed ‘live demos’. It is the stuff of legend in our industry.

We are making some very big claims with Norton 2009. We have a game changing product and it challenges many of the preconceptions and realities about security software.  So, I decided to proactively tell the PR and marketing folk that we needed to ‘walk the talk’. It was game-on for  the full live demo in front of some one hundred IT journalist from across Europe.

So, I did a full live demo of an install of the product in one minute. Norton Pulse updates streamed onto the machine every few minutes. The Press saw Norton Insight, our new real-time Whitelisting technology, determine that it need only scan 7% of the files running on the system.  They were able to see for themselves, the minimal impact that NIS 2009 was having on CPU cycles and memory and our new idle time scheduler purring away in the background.

So, I left the stage with a spring in my step. NIS 2009 had simply done what it was built to do and that which we are telling people it will do. But in doing so, it made a positive impact on those in the room.  I left the stage, safe in the knowledge, that Norton 2009, would not be joining the ‘hall of shame’ of live demos.

NAV and NIS 2009 are superb products. Many people have come up to me in the past days, to tell me how impressed they are. I stand there and take the plaudits. But my thanks and admiration are for the team, who worked long and hard, with passion, innovation and tenacity to bring to market NAV and NIS 2009. Give yourself a treat, go and download a trial of them.

September 20, 2008 | Filed Under Announcements, Events, Security, Technology | Leave a Comment 

The state of Spam - September update

Symantec has released its latest ‘State of Spam’ report for September. As ever, it is a useful and insightful read. The overall percentage of email that we define as spam remains at over 80%. This has been consistent, if not annoying, for some time now.  What we have seen increase this month, is the percentage of spam emails that contained links to malware, designed to infect computers with viruses and trojans, rather than simply promoting a spam product.

The spammers plumbed new depths this month. There were emails sent to parents, declaring that they had kidnapped their children and that a ransom must be paid. As proof, they offered an attachment with a photograph of the child. Suffice to say, the attachment is bogus and contains malware. They were hoping that in the panic of getting such an email, a parent would not think and immediately click on the attachment.  It is depressing and outrageous in equal measure.

The spammers are also picking on and using the challenging economic and employment climate to peddle their wares. Given the credit crunch and the rising cost of living, many people find themselves considering an additional part-time job to help make ends meet. We detected bogus recruitment ads this past month. The messages purported to come from an employer offering a part-time position, where its compensation included many enticing benefits. To apply for the position, you had to click on a link, which had an executable attached to it, wherein the malware resided.

If you have the time, take a look at the report. It will amaze you as to the audacity of the spammers and reinforce the scepticism you need when reading through your email.

September 9, 2008 | Filed Under Security, Spam | Leave a Comment 

Norton Labs

I want to introduce you to Norton labs. This is a new venture for us. Norton labs will preview some experimental projects that Symantec engineers are currently working on. It will provide a unique and useful insight into some of the things we are thinking about.  It comes with the usual riders with respect to the software still being in development, or, there may also be times when we do not decide to take a piece of software forward into a product. That being said, I hope and expect that there will always be something useful and interesting for you. We launch with two interesting bit’s of software for you to ‘road test’.

The ‘User Account Control tool’ has been designed to replace the Vista UAC, to simultaneously make your system more secure while significantly improving user-friendliness. The ‘Norton Safe Web’ tool makes it easier for you to differentiate safe sites from malicious ones by providing ratings within everyday search results from top search sites like Google, Yahoo! And Live Search.  Additionally, due to the nature of security threats on the Web, Norton Safe Web will also warn you before you visit a site that contains malicious content.

September 8, 2008 | Filed Under Announcements, Technology | Leave a Comment 

A new browser enters the fray: Google Chrome

Word of a new open-source based browser leaked from Google yesterday. It will be officially introduced today. Google, by their own admission, hit the ‘send button’ a bit too early and details of Chrome appeared yesterday. Creatively, they outline the ideas behind and techniques used in Chrome using the metaphor of a comic-book.

When FireFox 3 launched in June, I wrote that it was good to see competition in the browser space as it would spur innovation and choice. Well, with Google now getting into this space it is going to get plenty interesting. The timing is of note. Microsoft are continuing to push the BETA development of IE8. Now with the arrival of Chrome it will be interesting to see what this does for the development and launch of IE8.

Now, not  every ‘ball’ that Google ‘swipes at’, do they hit out the ‘ground’, to use a baseball metaphor. OpenSocial and Android, whilst met with a lot of excitement and interest are still very much still just making their way.

September 2, 2008 | Filed Under Announcements, Miscellaneous, Technology | Leave a Comment 

Space, the final frontier for Malware

By now, we are all aware that malware respects no boundaries. A reminder of this comes from NASA. They confirmed that laptops used on the International Space Station have been infected with a worm.

The malware in question here is W32.TGammina.AG. This is a worm that steals passwords for various online games. The worm spreads by copying itself onto removable media devices e.g. USB sticks. A ‘number’ of laptops were found to have been infected, so the worm clearly did manage to be effective. The laptops were not being used for mission critical purposes, but nevertheless, it is both worrying and embarrassing.

We have noted upon and cautioned, about the presence of worms and USB storage devices. It is a hark-back to the early days, prior to the ubiquitous presence of the internet, when malware was transmitted via physical means, most notably floppy-disks. There is an interesting juxtaposition here:  we see one of the most high-profile examples of technology being afflicted by one of the oldest infection methods in the book.

August 27, 2008 | Filed Under Security | Leave a Comment 

Beware of the ‘antivirus’

As we approach this time of year, many security vendors refresh their products.  We are in the process of finishing the BETA of our Norton Antivirus 2009 and Norton Internet Security 2009 products and getting ready to release them to market. Many of our fellow competitors have launched, or are, launching their new products. So, in turn this starts to get people thinking about ‘new’ security products.

The last few days have seen reports of ‘malvertizements’ that ultimately lead to fraudulent products. Newsweek.com is one of several high-profile websites suspected of running rogue banner ads that try and trick visitors into installing fraudulent anti-malware programmes. This opens up an interesting dimension. People implicitly expect and trust that the web sites owners have checked into the people who have placed ads on their sites. The web site owners do, but incidents like this point out that they are not infallible and need to do more.

The trick of the bad guys pretending to be an anti-malware utility or antivirus product has been around for a some time. However, in recent weeks we have seen a number of examples of this resurface.  Symantec’s security response blog has written about this.

What we have observed is a combination of attack elements being used in concert. First a spam email, with an Olympic led fake new story. The user is encouraged to click on a link, the link in turns asks the user to ‘get_flash_update.exe ’ or get_flash_codec.exe. These files then host a number of variants, one of which is a fake antivirus product: ‘Antivirus XP 2008’. A cursory glance would lead you to believe that it looks legitimate: it is far from that.  Once it is installed, ‘Antivirus XP 2008’ basically gives false reports on the security of a system, claiming it has multiple threats running. The software interrupts the user constantly by popup messages, balloon reminders and such, asking the user to register to remediate the threats. The victim’s desktop background is changed to show a virus warning message. The goal of this threat is to get the victim to pay for what they think is a fully-functional legitimate security product, which of course it isn’t.

Now, you will think this blog to be pretty self serving – guilty as charged! With many new (legitimate) antivirus products making their way onto the market, you need to be mindful. If you see something about some new product from someone you have not heard of, then do your homework: ensure they really are who they say they are.

August 20, 2008 | Filed Under Security, Spam, Uncategorized | Leave a Comment 

Netflix in need of a fix

At the time of writing this, the US online video service, Netflix is still attempting to recover from an outage. This is now the third day, that the company has been affected. They cannot send confirmations back to customers to have returned DVDs to them, nor process orders for new rentals. Ouch!

There have been no details, that I can see, as to what has caused the problems.  In a curious turn of events however, the streaming video service is up and online and still being able to service customers. Is this a case of the companies online business showing its worth versus the off-line business? Well maybe not, we have to remember the off-line (no pun intended) business is down, is due to ‘IT system’ issues. 

This is yet another reminder of just how dependent companies are on their systems. The implications are significant. The loss of revenue and hence, one would assume, profit. The inconvenience to the customer of not being able to get the films they wanted. All this ends up in a significant hit to the brand image – this can be seen in comments left on the company Blog site. A timely reminder to all of us, to ensure that we have a plan in place ‘just in case’. I am off to run a backup of my laptop!

August 15, 2008 | Filed Under Backup and restore, Customer service | Leave a Comment 

A new front opens up in Georgia: Cyberspace

It would appear that the conflict between Georgia and Russia is not confined to the ‘real’ world. There are reports that another front has opened up: Cyberspace.

It would appear that a significant Distributed Denial of Service attack has been visited upon various Georgian Government sites and other Georgian internet servers.  A variety of Government sites have been targeted, the Ministry of Foreign Affairs, the Ministry of Defense, and the country’s president, Mikhail Saakashvili, have been blocked completely, or traffic to and from those sites’ servers have been redirected to servers actually located in Russia and Turkey.

The speculation is that infamous Russian Business Network (RBN)is behind these attacks. The RBN is a notorious malware and criminal hosting network, albeit there actual involvement is yet to be proven.

There is a trend here. Going back to April 2007, we witnessed a DDoS on Estonia that took out parts of the internet infrastructure for some days.  The attacks coincided with a dispute between Estonia and Russian nationalists about the relocation of WWII era monuments.

I am sure that as part of any countries preparations for War now, include plans and preparations as to how they can protect and defend their internet infrastructure.

August 11, 2008 | Filed Under Events, Security | Leave a Comment 

Be alert to the ‘CNN Alert’!

Many of you may have received a SPAM email with the subject line, “CNN Alerts: My Custom Alert”.   This turned up in  my personal email folder. It was a very authentic looking email.  I thought it clever as, whilst I do not use the CNN site on a regular basis, I have used it now and again.  The interesting thing about this SPAM was that it did have a link to a legitimate CNN story about the discovery of the World’s smallest snake. Clicking on this would have given the email that feel of credibility.  The malicious link still exists in the e-mail but you must click the FULL STORY link to get there. 

The ‘FULL STORY’ link leads to a botnet of compromised machines which host a page prompting the user to download an updated version of Video ActiveX Object. If agreed to, you’ll download ‘adobe_flash.exe’ which is detected by us here at Symantec as ‘Downloader’.

August 11, 2008 | Filed Under Security, Spam | Leave a Comment 

« Previous PageNext Page »