Symantec
Latest
Chinese government drops foreign security software (update: with limits)
China's government isn't just giving the boot to foreign operating systems; it's doing the same for security software, too. A national procurement agency has dropped Kaspersky and Symantec from its antivirus supplier list, leaving only Chinese companies as options. It's not clear that the move is directly linked to the country's concerns about foreign software being used for espionage. Kaspersky tells Reuters that it's in "conversations with authorities" about the move, but there isn't an official statement on the subject just yet. It wouldn't be shocking if there was a connection, however, since security tools are at the very heart of China's fears. The real surprise is the nature of the targets -- while many would expect China to distrust an American outfit like Symantec, it may be treating a Russian developer (Kaspersky) with a similar level of suspicion. Update: Symantec says the list only applies to "certain types of procurement," and that it's not an out-and-out ban. Still, the company is looking into the report -- and any significant contract losses still represent significant problems.
Symantec's COO credits his WoW credentials with boosting his resume
Symantec COO Stephen Gillett is proud of his past accomplishments, including high-ranking positions at Starbucks, CNET, and Best Buy. But it may be his level 70 Paladin and Priest in World of Warcraft that got him in the door and up that ladder. Gillett believes that adding his World of Warcraft guild leadership stats to his resume has helped him land these tops jobs. "Here's my guild. Here's my ranking. Here's my biggest online achievement," Gillett said in a CNN interview. "Some people look at it and say, 'What the hell is this?' And others will be like, 'That's exactly what I'm looking for.'" "I think gamification and the way of thinking about it is applicable to any industry," Gillett continued. "Right now we get really good information on malware -- what it does, how it acts. But we have no telemetry on the human part of it -- what people were doing, thinking and believing when they encountered that particular threat."
Symantec declares antivirus 'dead' as it focuses on damage control
Given how hard antivirus software makers push you to sign up, you'd think that business was booming. Far from it, according to Symantec's Brian Dye. He tells the Wall Street Journal that antivirus tools like his company's Norton suite are effectively "dead." The utilities now catch less than half of all attacks, according to the executive -- to him, the focus is on minimizing the damage whenever there's a successful hack or infection.
PGP inventor doesn't use PGP "because it doesn't run well on a Mac"
Phil Zimmermann is a legend in the world of online privacy, having invented PGP (Pretty Good Privacy) in 1991 to create a way of creating cryptographic privacy and authentication to keep digital communications -- and entire computers -- safe from prying eyes. Zimmermann was in the news last Friday when a company he founded -- Silent Circle -- decided to shut down and delete all email messages on its servers rather than have the US government force them to hand over customer data. One fascinating item in the Forbes article about the Silent Circle email shutdown was Zimmermann's admission that he doesn't use email much anymore because "PGP doesn't run very well on a Mac these days." PGP Corporation was purchased by software giant Symantec in 2010 for US$300 million, and according to Mac user Zimmermann, "Symantec hasn't kept that up. So I hardly ever run PGP." In lieu of email, Zimmermann says that he uses Silent Circle's mobile texting service and iOS app Silent Text instead. Forbes' Parmy Olson asked Zimmermann if he expected more people to move from using email to more secure mobile messaging systems. In his reply, Zimmermann noted, "Mobile messaging is less clunky than email. Email has its place. Sometimes you want to have an audit trail of business communication. Sometimes that's a feature rather than a liability. So email is not going to go away, but if you want to send secure messages, there are more streamlined ways to do it now." A CNET article earlier this year noted that the US Drug Enforcement Administration is unhappy with Apple's iMessage encryption, saying that that "It is impossible to intercept iMessages between two Apple devices" even with a court order approved by a federal judge. The moral of the story? If you want to keep prying eyes from your personal communications, start shifting away from email and use encrypted messaging instead.
Symantec: work on Stuxnet worm started two years earlier than first thought
Most of us think we know the tale of Stuxnet: it's a possibly government-sponsored worm that played havoc with Iranian centrifuges in 2009, setting back the country's uranium enrichment program without involving any traditional weapons. Researchers at Symantec, however, now claim there's an untold narrative. They've discovered a Stuxnet 0.5 version that may have been in development or active as soon as November 2005, two years before the commonly accepted timeline. It first surfaced on trackers in November 2007, and would have created wider-ranging chaos at Iran's Natanz nuclear facility by closing vital pressure valves instead of using the subtler centrifuge technique. Symantec also noticed that this pre-1.0 malware shares traits with the Flamer code base, putting it in the context of an even larger effort than seen so far. Moreover, it would have required extensive knowledge of the Natanz infrastructure -- this was no casual attack, according to the researchers. While we may never know exactly what prompted the revamp, IAEA evidence suggests that Stuxnet wasn't truly effective until the better-known version came into play. We mostly know that modern cyberwarfare had its fair share of growing pains -- and that it's not as fresh-faced as we assumed.
Security researchers dissect Flame's handling program, find three new viruses 'at large'
It seems Stuxnet and Flame aren't the only out-of-control cyber-weapons roaming around the Middle East. Security researchers from Symantec and Kaspersky have found that the Flame malware had the electronic equivalent of a "handler," a program called NEWSFORYOU, which is also in charge of three further viruses that are code-named SP, SPE and IP. The trio have yet to be analyzed, because although a cache of data has been discovered on a command-and-control server, decoding it has proved "virtually impossible." While both security companies have declined to point a finger as to the viruses' origin, Reuters' sources suggest they're from the United States, while The Washington Post has been told that the project was a joint-enterprise with Israel -- in keeping with the existing narrative that this is the pair behind Stuxnet.
Flame malware extinguishes itself, Microsoft protects against future burns
The folks behind that nasty Flame trojan that burned its way through the Middle East aren't the kind to brag -- the malware's manufacturers apparently started dousing their own fire last week. According to Symantec reports, several compromised machines retrieved a file named browse32.ocx from Flame controlled servers, which promptly removed all traces of the malware from the infected systems. Although the attackers seem spooked, Microsoft isn't taking any chances, and has issued a fix to its Windows Server Update Services to block future attacks. The update hopes to protect networked machines from a similar attack by requiring HTTPS inspection servers to funnel Windows update traffic through an exception rule, bypassing its inspection. The attackers? "They're trying to cover their tracks in any way they can," Victor Thakur, principal security response manager at Symantec told the LA Times, "They know they're being watched." Check out the source link below for the Symantec's run down of the trojan's retreat.
Flashback was earning about $10K per day
People often wonder about what motivates the creators of malware. In the case of the Flashback malware that infected several hundred thousand Macs, it turns out that the motivator was money. A post on the Symantec official blog listed the stages of infection from Flashback: A user visits a compromised website. The browser is redirected to an exploit site hosting numerous Java exploits. CVE-2012-0507 is used to decrypt and install the initial OSX.Flashback.K component. This component downloads a loader and an Ad-clicking component. That ad-clicking component is what made the money for the scoundrels who wrote the malware. As the Symantec post explains, the malware specifically targets searches made on Google. Depending on the search query, the malware redirected the Mac user to another page chosen by the attacker, and the attacker received revenue from the click-through. Since Google never received the intended ad click, they lost revenue. Symantec analyzed a similar botnet last year and determined that about 25,000 infected machines could net the attacker about US$450 per day. Based on the breadth of the Flashback attack, they estimated that the malware was earning its creators almost $10,000 per day. If you haven't updated your Mac to counteract a possible Java malware attack, or run Apple's free tool for removing the malware from Macs that don't have Java installed, be sure to run Software Update as soon as possible to protect yourself. [via Macworld]
Norton Identity Safe locks your passwords in the cloud, spares your failing memory
Norton's Identity Safe is a free online service that aims to end the curse of forgotten passwords. If you've got a few social networking accounts, then keeping track of all your keys can be tough. This service remembers all of your log-in details and inputs them automatically when you next visit. It'll warn you about malicious websites and even lock away sensitive data (credit card numbers, social security codes) so if your paperwork goes missing -- you aren't in too much trouble. The companion smartphone / tablet app offers the same integration across all of your devices and is available now for Windows, OS X, iOS and Android gear from today.
Flashback infections down from over half a million to under 150,000 in eight days
According to Symantec, the OSX.Flashback.K infection is declining each day. The current number of infected Macs is now around 140,000, down from 600,000 a week ago. If you think you may be infected, you can run a Flashback removal tool from either Kapersky or F-Secure. Apple also has a tool for Lion users without Java installed. OS X users should install the latest Java update from Apple which will protect you from a future infection.
Hacker spites Symantec, puts pcAnywhere's source code out in the open
Symantec said that folks running its pcAnywhere utility were at an "increased risk" when it revealed that the company had been hacked and its source codes pilfered, and advised customers to stop using pcAnywhere for the time being. Sage advice, as a hacker with the handle YamaTough -- who's affiliated with Anonymous -- helped do the deed and has now published the code for all the world to see. Apparently, the hacker and hackee had attempted to broker a deal for $50,000 to keep the code private, but neither side negotiated in good faith -- YamaTough always intended to release the code, and law enforcement was doing the talking for Symantec to catch him and his hacking cohorts. The good news is, Symantec has released several patches to protect pcAnywhere users going forward. As for the stolen code for Norton Antivirus, Internet Security and other Symantec software? Well, the company's expecting it to be disclosed, too, but because the code is from 2006, customers with current versions can rest easy.
Source code theft prompts Symantec to issue warning to customers
Security software publisher Symantec has confirmed it was the victim of a cyber attack, resulting in the theft and disclosure of product source code. Earlier this month, the online-collective Anonymous stated, via Twitter, that it possessed portions of the code in question and planned to release it in support of a class-action lawsuit filed by consumers -- the suit claims Symantec employed scare tactics to encourage users to purchase its wares. Via its website, the company affirmed Anonymous' claims, citing a source code heist dating back to 2006. The post goes on to suggest that users running Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks, Symantec Endpoint Protection 11.0, or Symantec AntiVirus 10.2 apply the latest maintenance patches. If you have the company's pcAnywhere solution deployed, Symantec suggests only using it for "business critical purposes," as this software is "at increased risk." Those looking to stay up-to-date on the breach and what Symantec is doing to ameliorate its effects can get the blow-by-blow from the source link below.
Symantec report on mobile security concludes iOS and Android both vulnerable to attacks
In Symantec's bleak, dystopian world, it doesn't matter whether you choose Android or iOS -- you'll be making yourself vulnerable to attacks regardless of the camp you're in. The company just concluded a study pitting iOS's security against Android's -- an undertaking intended mainly for corporate IT staffs trying to figure out which devices they can safely issue to employees. (Curiously, despite the enterprise focus, you won't find a single comparison against BlackBerrys.) Although iOS won higher marks when it came to thwarting traditional malware and showed a more modest advantage in terms of data loss, data integrity, and service attacks, the two platforms proved equally adept at preventing web-based attacks -- and equally powerless to catch socially engineered ones. And when it came to implementing certain security measures, such as permissions-based controls, Android pulled ahead. Ultimately, Symantec (which sells mobile security software of its own, by the by) concluded that both "are still vulnerable to many existing categories of attacks," not least because both platforms allow users to sync with third-party apps or web services that may or may not be secure themselves. Indeed, Symantec's thesis is that Apple's App Store approval process helps explain its lead in the malware-blocking department. Also, in shocking news, Symantec adds that people using jailbroken are especially attractive targets for attackers, and that these devices are as vulnerable as computers. Don't say no one warned you. Head past the break for a press release with a summary of the findings or, if you're curious, hit the source link for a PDF version of the full report.
Intel working with Symantec and Vasco for IPT, hardware-based security measures
Phishers are getting so good and so numerous that even the most technically adept of online bankers should think twice before typing in that password. Even if it's a legit site, databases can be infiltrated and passwords can be cracked. Time for something more, then. Intel is working on it, teaming up with Symantec and Vasco on what's being broadly termed Identity Protection Technology, or IPT. This tech enables a computer to, in hardware, generate a one-time password (OTP) that a compatible site could accept. That computer would have been earlier paired with the site to ensure that only authorized machines sign on. It's similar to the random generating key fobs you might need to sign on to VPN, but built in to Intel's Core i3, i5, and i7 processors. Of course, that won't help if you e-mail your credit card number to a supposed friend who's supposedly stranded in some supposedly far away land, but it's progress.
Intellectual Ventures begins tech patent offensive, files three lawsuits against nine companies
We've always wondered why former Microsoft CTO Nathan Mhyrvold was stockpiling patents at his new company Intellectual Ventures, and it looks like we're starting to find out why: in addition to licensing the entire portfolio to HTC and Samsung, IV's just filed its first three patent lawsuits against nine tech companies. Details are sparse, but the first suit is against Symantec, McAfeee, Trend Micro, and Check Point Software, the second names Elpida Memory and Hynix, and the third is against Altera, Lattice Semiconductor, and Microsemi. We'd assume the patents in question are all super-technical in nature, but it's really not the specifics we're interested in -- it's more the fact that IV is starting to flex some muscle in the tech world, and that means a lot of money could change hands real fast. We'll see what happens.
Symantec mobilizes Snoop Dogg's cybercrime unit
You know what? Snoop has really done more than any technology company has to bring products to new audiences. Back in fifth grade we had no idea what indo was or why anyone would ever want to combine gin and juice; 3 weeks after "Doggystyle" came out we were hooked on both. At the beginning of last year we couldn't fathom our Grandpas asking Snoop for directions in the Caddy...but it happened. So why not make the leap to, you know, hawking desktop and internet security to urban markets? Symantec's Hack is Wack campaign aims to "bring the attention level up...just try to make people aware that these [cyber] crimes are happening." Snoop invites you to "raise awareness by making a rap song about cyber crimes" and uploading a video for judgment on "originality, creativity and message." The winner gets a pair of tickets to see Snoop, a chance to meet his "mgmt/agent" and a Toshiba laptop. It's been a while since we hit the mic or had any antivirus software installed, but he's got us thinking pretty hard about throwing down some rhymes and our credit cards for a copy of Norton 360 v4.0.
Dear Friend: 92 percent of all email is spam, says Symantec
This statistic may or may not come as a surprise, depending on how closely you monitor your email inbox. Symantec has released an estimate that 92 percent of all email is spam, up from 89 percent last year. The good news? Phishing attacks declined 5 percent this year, and if we had to make a guess, we'd say attacks of listening to Phish are on an upswing. Check out another one of our favorite example spams below.
Symantec analyzes cache of stolen accounts
Kotaku brings word of a massive cache of stolen gaming accounts brought to light and investigated by computer security software maker Symantec. Massive, in this case, equals around 44 million accounts from game publishers including Blizzard, NCsoft, and Wayi Entertainment. The largest chunk of compromised accounts came from Wayi (around 16 million), while NCsoft held down second place with over 2 million infected accounts (60,000 of which came from Aion). World of Warcraft accounts made up approximately 210,000 of the total number. Symantec identifies the culprit as a Trojan named, appropriately enough, Trojan.Loginck, which worms its way through multiple computers and updates the stolen account database any time it strikes pay dirt. Check out the article over at Kotaku as well as Symantec's Trojan.Loginck blog entry.
Symantec names Shaoxing, China as world's malware capital
It's not the sort of title any city's looking for, but Symantec has now given Shaoxing, China the dubious honor of being the world's malware capital, saying that it accounts for more targeted attacks than any other city. In fact, the company found that while close to 30 percent of all malicious attacks came from China (making it the number one country), 21.3 percent came just from Shaoxing. It was followed by Taipei at 16.5 percent, and London at 14.8 percent. Following China in the country rankings is Romania with 21.1 percent of attempted attacks (most of those are said to be commercial fraud), and the United States at 13.8 percent. That's actually just part of a larger report by Symantec's MessageLabs division, which details everything from the most common types of email attachments (.XLS and .DOC are neck and neck for the lead) to the percentage of emails that contain a virus of phishing attack (one in 358.3 and one in 513.7, respectively). Dive into the PDF linked below for the complete details.
Scammers exploit Apple iPad fever
And now we're at the point in the iPad cycle where there's just enough information out there about it that people are interested, but not enough that they can discern credible information from scammers. That's the report of the BBC, which says that "hi-tech" scammers are using iPad-based searches to prey on users and install various types of "rogue security software." The news here isn't necessarily that scammers are out there scamming people (that happens all of the time), but it's that scammers are cashing in on the iPad frenzy to do so. Then again, that's probably not a huge surprise, either: they probably always latch onto whatever the hottest search topics are, and this past week, of course, it was the iPad. In my own personal opinion, these fearmongering reports are the biggest scam of all. Even the BBC is only reporting this based on information from Symantec, and that's S.O.P. for the antivirus company: a) release a report that claims everyone is in danger and that viruses are everywhere, b) get some less-than-tech savvy journalist to believe it, and c) sell copies of your antivirus software and profit. In reality, if you click links only on trusted sites and keep an eye on everything coming in to your Mac, you don't need Symantec to tell you how to be safe. If you install "security software" that you happened to pick up while searching for iPad news, of all things, then you can't be surprised when your system gets compromised.
