Symantec
Latest
Pirated iWork contains botnet trojan, breaks hearts
The tubes are ablaze today with news from CNN of the first ever latest malicious program to be found on the Mac. The trojan was first discovered in January but it did not receive wildfire-like popularity until recently when two experts at Symantec published a bulletin on the subject of the malware.The trojan, named "iBotnet" (get it?), has only affected a few thousand Macs in the wild and it is currently not known to do any real harm. Should you be concerned? Well, the answer to that depends on whether you're a software pirate or not. The distribution method for this particular piece of malware is through the downloading of certain bootlegged copies of Apple's iWork.Brian Krebs over at the Washington Post details some information about the actual first botnet specifically for the Mac. He points out that the current media storm is for a trojan that was actually discovered in January. He goes on to mention that the first botnet for the Mac was actually released in 2006 and targeted both Macs and PCs alike.In other news, sales of Symantec's Norton AntiVirus shot up following the release of the security bulletin and subsequent frenzy of coverage. Actually, this is not true (at least to this humble blogger's knowledge); but it does pose an interesting question. Who profits most from the release of malware on any platform? One thing we know for sure, though, is that the end-user is definitely losing out in this game.The moral of this story: stop all the downloading! Thanks G.I. Joe! In all seriousness, though, the majority of malware on the Mac (and on the PC) is distributed through nefarious chains of content acquisition. Be careful out there when clicking links and downloading files or programs from sites that you may not trust.Thanks to everyone who sent this in!
Flash hungers for your keystrokes [updated]
Have you got Flash player 9,0,115,0 or earlier? Check. No, really, do it now. These versions are apparently vulnerable to an exploit that can put malicious software on your system, including keyloggers that are set to swipe MMO passwords and credentials, like your World of Warcraft account. This is happening right now, according to Symantec. The latest update, version 9,0,124,0 is apparently not vulnerable to the exploit according to Adobe. You should probably get that version now, if you trust Adobe's information. If you trust Symantec's alert, only versions 115 and 124 are vulnerable, and this is a new exploit, and not the one that Adobe is talking about. If you want to play it safe, go plug the No-Script add-on or Flashblock into your Firefox browser, and breathe a huge sigh of relief until everyone gets their story straight (but check your system for malware first, okay?) [via Macnn] Update: Symantec and Adobe agree that 124 is not vulnerable. If you have any other version, you should upgrade.
Symantec, McAfee announce new mobile security wares
As unfortunate as it is that the world needs such products, the mobile antivirus industry is actually pretty well matured at this point with offerings from big players like McAfee and Kapersky already several versions deep. Both McAfee and Symantec have chosen this week to announce their latest mobile goods; in McAfee's case, it's really just a rehashing of the company's existing VirusScan Mobile software, which is now available to purchasers of its Triple Play offer for comprehensive security from PC to phone and offers protection for Windows Mobile 5 and 6 devices. Symantec meanwhile is introducing its Norton Smartphone Security software, which it claims to be the first to offer protection for Windows Mobile and Symbian devices in a single product. Grab it now (don't want the baddies infecting your N95, do ya?) for $29.99 for a 1-year subscription.[Via Slashphone]Read - Symantec Norton Smartphone SecurityRead - McAfee VirusScan Mobile
Symantec redefines viral marketing with costumed Norton Fighter
So we've heard of viral marketing before, but marketing with anthropomorphic viruses? Well sure enough, Symantec's latest Japanese campaign for its 360 antivirus software pits costumed "trojan horses" and "worms" against the Mighty Morphin Power Rangers-esque Norton Fighter: vigilant protector of truth, justice, and hard drives worldwide (those with valid Norton subscriptions, at least). You can watch an Akihabara street play featuring Japan's latest superhero after the break, but for the best effect, check out the full-screen flash mini-site by following the Read link...[Via Japan Probe, thanks Gaijin-san]
Symantec demonstrates the Internet channel 'hack'
We were a little worried that nobody would consider the Internet Channel a fully-featured Web browser unless it crashed all the time. Some jerks on YouTube are working right now to make that happen! Symantec has posted an explanation of the recent Wii security issue, which, as far as security goes, is a non-issue. You can also see it in "action" after the break! Basically, people can post hacked YouTube videos that freeze browsers. This affects any system that can run Flash, the Wii included. An exploit that takes advantage of this hack has already been devised for Windows, but other Flash-capable systems are safe right now. Yes, this means no homebrew code yet, but it also means that some dude isn't ... uh, stealing your Miis? What would someone even do to a Wii?[Thanks, Almadi!]
FUD: Windows is "most secure OS"
Andy Patrizio has an incredibly sloppy story entitled "Surprise, Microsoft Listed as Most Secure OS" at internetnews.com, which purports to summarize the recently released Symantec Internet Security Thread Report Volume XI. But if you look closely at the actual report (PDF), you'll see that this claim that Windows is "Most Secure" is based merely on Microsoft's relative speediness in patching security holes. That is, what apparently makes Windows "most secure" is that in the Jul-Dec 2006 timeframe Microsoft took an average of only 21 days to patch holes, while Red Hat (linux) took took 58 and Apple took 66. Okay, so Microsoft is best right? But that's silly, why would the speed of responding to holes by itself determine which OS is most secure? It should clearly matter how serious the holes were in the first place! If you're slow to patch relatively innocuous holes, is that not better than quickly patching a larger number of more serious holes? And when we look at the breakdown we see that in this period Microsoft had 39 disclosed vulnerabilities, and "12 were considered high severity, 20 were medium." Apple, on the other hand, issued 43 patches, and only "one was considered high severity, 31 were medium." So basically, Microsoft is quicker at patching 12 times as many high severity vulnerabilities, and that apparently makes Windows "more secure."Now it's worth noting that none of this settles the question of which OS is more secure, but it does show the completely specious reasoning behind that headline claiming Windows is the "Most Secure OS." And of course it's this sort of lazy reporting (compounded by Patrizio's sniffing at Apple's advertising of better security) that creates a meme that others may pick up and pass on without quite realizing that it based on a straightforward misreading. In other words, it's pure FUD.
Unofficial patch for Treo vulnerability loosed
If you've been a bit paranoid of late after hearing that a blatant security hole was found in the now-deceased Palm OS, help has unofficially arrived. Reportedly discovered by Symantec, the vulnerability entailed a hole that allowed the operating system's Find functionality to be accessed even when the device was set to Locked, allowing ill-willed hackers to sift through text message history, calendar entries, tasks, etc. The hole had been confirmed on the Treo 650, 680, and 700p, but now users of the handsets can rest a bit easier after applying this patch. As expected, the update simply disables the Find feature, which essentially closes off the last remaining security loophole and protects prying eyes from seeing that backlog of steamy Valentine's Day texts. So if you're looking to unofficially patch things up with your Palm, be sure to hit the read link and get that install completed, but we're not the ones to come crying to if something goes awry.[Via PalmInfoCenter]
Symantec: No file infecting viruses for OS X
Every time I write about Mac security the comments fill up with people telling me that I am an idiot (actually, come to think of it, that happens with most of my posts). Therefore, I thought some of you would enjoy this post from Symantec that which states categorically that there are no known file infecting viruses for OS X. Hurrah! Macs rulez!! W00t!Hold your horses, spanky. Todd Woodward, the author of the post, rightly points out that while there are no viruses for OS X there are worms, rootkits, and vulnerabilities in the OS itself. So, it is like I always say, Mac users might not have to worry about viruses now but that doesn't mean that OS X is somehow magically immune to viruses.
Symantec offers an update for OSX.Leap.A
Well, here's something you don't see very often. Symantec has issued an update that offers protection agains OSX.Leap.A, the Mac Trojan Horse that we wrote about earlier. They classify it as a "level 1" on a scale of 1 to 5, so there's no need to slip into panic mode. It seems to be PPC only, so you lucky Mactel owners have nothing to worry about. Carry on.
Symantec responds to security issue
Symantec is aware of the flaw that is in almost all of their software (that's gotta hurt) and the most recent virus definitions include a 'heuristic detection for potential exploits of the Symantec decomposer RAR archive vulnerability.'What the heck does that mean? The vulnerability can only be exploited if your copy of Norton scans a RAR file that has been crafted in such a way as to trigger a buffer overload. The update makes sure that your copy of Norton can detect these naughty files without falling prey to their naughtiness, for lack of a better word.They have also posted instructions on how to setup your anti-virus software to skip over scanning .rar files. Definitely worth checking out if you are running any Symantec anti-virus products.
