Clik here to view.
Cross-Platform Frutas RAT Builder and Back Door
Contributor: Val S.We recently came across a sample of a back door remote access tool (RAT) written entirely in Java. The RAT is freely distributed on underground forums, free for any registered forum...
View ArticleClik here to view.
Zeus Now Setting its Sights on Japanese Online Banking Customers
As we have bloggedin the past, Zeus (Trojan.Zbot) and other banking Trojans have been a headache to online banking customers all over the world for years. Certain countries such as Japan have in the...
View ArticleMicrosoft Patch Tuesday – February 2013
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 12 bulletins covering a total of 57 vulnerabilities. Eighteen of this month's issues are rated...
View ArticleClik here to view.
Man Arrested in Relation to the “Remote Control Virus”
Back in October 2012, we published a couple of blogs about Backdoor.Rabasheeta, a back door Trojan that was used to make numerous death threats from compromised computers, resulting in four wrongful...
View ArticleClik here to view.
New Adobe Vulnerabilities Being Exploited in the Wild
Adobe posted a vulnerability report warning that vulnerabilities in Adobe Reader and Acrobat XI (11.0.1) and earlier versions are being exploited in the wild. Adobe is currently investigating this...
View ArticleClik here to view.
Trojan.Ransomgerpo Criminal Arrested
Spanish police have reported the arrest of an individual involved with a particular strain of police Ransomware known as Ransom.EY, detected by Symantec as Trojan.Ransomgerpo.This variant is one of the...
View ArticleClik here to view.
New Adobe PDF Zero-day Unleashes Trojan.Swaylib
In a previous blog, Symantec reported on a new Adobe zero-day vulnerability (CVE-2013-0640, CVE-2013-0641) affecting Adobe Reader and Acrobat XI (11.0.1) and earlier versions, that was being actively...
View ArticleClik here to view.
APT1: Q&A on Attacks by the Comment Crew
Today Mandiant released a detailed report dubbed "APT1" which focuses on a prolific cyber espionage campaign by the Comment Crew going back to at least 2006 and targeting a broad range of industries....
View ArticleClik here to view.
Malicious Mandiant Report in Circulation
The report, APT1: Exposing One of China's Cyber Espionage Units, published by Mandiant earlier this week has drawn worldwide attention by both the security world and the general public. This interest...
View ArticleClik here to view.
How Attackers Steal Private Keys from Digital Certificates
Regular readers of the Symantec blog may sometimes read blogs that mention a fraudulent file that is signed with a valid digital certificate or that an attacker signed their malware with a stolen...
View ArticleAPT1: Additional Comment Crew Indicators of Compromise
Mandiant recently released a document containing indicators of compromise (IOCs) related to multiple espionage campaigns by a group known as the Comment Crew. Symantec has been actively tracking this...
View ArticleClik here to view.
Russian Spammers Eye International Women’s Day
February is a short month, but not too short for spam events to make an impact. Valentine's Day and its associated threats has passed, so now it is time for International Women's Day—celebrated on...
View ArticleClik here to view.
Ichitaro Vulnerability: Another Zero-Day Exploit in the Wild
Contributor: Masaki SuenagaWe have already seen a handful of zero-day vulnerabilities being exploited in the wild this year. These vulnerabilities have affected users globally leaving both individuals...
View ArticleClik here to view.
Stuxnet 0.5: The Missing Link
In July 2010, Stuxnet, one of the most sophisticated pieces of malware ever written, was discovered in the wild. This complex malware took many months to analyze and the eventual payload significantly...
View ArticleClik here to view.
Stuxnet 0.5: Command-and-Control Capabilities
Similar to Stuxnet 1.x versions, Stuxnet 0.5 has limited command-and-control (C&C) ability. In particular, Stuxnet 0.5 does not provide fine-grained control to its authors. Instead, Stuxnet 0.5 can...
View ArticleClik here to view.
Stuxnet 0.5: How It Evolved
IntroductionStuxnet stores a version number within its code. Analysis of this code reveals the latest discovery to be version 0.5. Based on website domain registration details, Stuxnet 0.5 may have...
View ArticleClik here to view.
Stuxnet 0.5: Disrupting Uranium Processing at Natanz
When Symantec first disclosed details about how Stuxnet affected the programmable logic controllers (PLCs) used for uranium enrichment in Natanz, Iran, we documented two attack strategies. We also...
View ArticleClik here to view.
As Russians Ready for Fatherland Day, Spammers Take Advantage
Major events and holidays have always been a time for celebrations. Unfortunately, it also attracts unscrupulous spammers searching to make a quick offer. Symantec observes that spam email usually...
View ArticleClik here to view.
Fake Adobe Flash Update Installs Ransomware, Performs Click Fraud
Adobe Flash is one of the most widely distributed products on the Internet. Because of its popularity and global install base, it is often a target of cybercriminals. Cybercriminals are using social...
View ArticleClik here to view.
Fake Antivirus Renewal Email Rises from the Dead
Over the last few years, many reports, white papers, and blogs have been released detailing targeted attacks. For example, some attacks employ sophisticated infection methods, such as watering hole...
View Article