iPad – First the Hype, Now the Threat

This Blog Post comes from “View From the Bunker” – a blog about security and availability from some of the folk at Symantec. We will continue to check this blog and share its insights here regularly.

iPad’s domination of the news agenda has provided a golden opportunity for cybercriminals to target consumers hungry for more information on Apple’s new creation.

As soon as the announcement was made, we observed that related search terms had become targets for Blackhat SEO attacks and phishing attacks. People interested in finding out more about the iPad over the internet must be on guard. 

The excitement over the iPad has been building for months now, so it’s only to be expected that its announcement would spark a huge spike in search traffic relating to certain terms. Sadly, this is just the kind of opportunity fraudsters like to exploit by poisoning search terms, and we can also expect to see iPad-related spam and phishing attacks hitting consumers hard over the coming weeks. We’d advise the curious to be on their guard. 

Tips for avoiding iPad pain:

  •  Avoid clicking on suspicious links in email or IM messages as these may be links to spoofed Web sites
  • Symantec security experts suggest typing Web addresses directly into the browser rather than clicking on links within messages.
  • If an email offer looks too good to be true, it probably is. Go through authorised and known suppliers or information sources
  • Always be sure that your operating system is up-to-date with the latest updates, and employ a comprehensive security suite
  • Delete all spam

 Candid Wueest


  • No Related Posts

Slides and Notes from the South Florida Security & Compliance User Group Meeting -1/28/10

The South Florida Security & Compliance User Group Board of Directors would like to thank everyone who attended the meeting at the Citrix Building on January 28, 2010.  Here attached are the powerpoint presentations that took place.  If anyone would like to present or host a future meeting please let us know.  Please spread the word about our group!  If our group continues to grow so will our experience and knowledge.

The Powerpoint presentation file

  • BE12_VCB is titled : Symantec Backup Exec 12.5 VMware – Virtual Consolidate Backup 
  • SIMs is titled: Security Information Managers [SIM/SIEM]

More to come in the near future please continue to benefit from using our resources at Symantec.


Critical Infrastructure Protection Now

Recent reports of cyber attacks on Google and other American companies have raised concerns about protecting the critical infrastructure of a company or a country against a coordinated, targeted cyber attack. The recent cyber attack on Google used exploits targeting zero-day client side vulnerabilities to insert a backdoor trojan called HydraQ into the corporate networks. The attack has drawn much attention to the viability of the United States’ critical infrastructure to ward off similar attacks in the future, perhaps on a broader scale. The concern around this issue is warranted, justified and echoed throughout the industry.

It is important to bear in mind that there are steps that can be taken right now by Congress – steps that have the support and involvement of the cyber security industry and other private sectors — to address some of these concerns and further secure the United States’ critical infrastructure:

  • Pass the Federal Information Security Management Act Reform bill, authored by Sen. Tom Carper (D-DE), which updates the cyber security policies and processes for government agencies to follow that was originally passed in 2002 and is badly in need of being updated to respond to today’s threats.
  • Pass the Critical Electric Infrastructure Act – legislation that provides guidelines and policies needed to establish a base form of security to protect the nation’s electronic grid from cyber attack.
  • Pass legislation championed by Sen. Patrick Leahy, (D-VT) and Rep. Bobby Rush, (D-IL) stipulating a process for entities to notify individuals if their information has been compromised. 85 percent of the nation’s critical infrastructure is privately owned. By establishing a framework of minimum security precautions that companies must take to protect customer information — such as the use of encryption — the bill contributes to the overall security of the nation’s critical infrastructure.

Finally, with the appointment by the Obama Administration of Howard Schmidt as the nation’s cyber security coordinator, the White House should waste no time in implementing the findings of the 60-day Cyber Security Review to help secure the nation’s critical infrastructure. We support the Administration’s lead to establish a new partnership between the public and private sectors to increase coordination and improve the exchange of information on the threat landscape. The partnership between the private and public sector should also extend to more funding for the research and development of cyber security technologies and processes. The report also stipulates a greater emphasis also needs to be placed on efforts to promote better cyber security education and awareness. The report also identifies the end user is a key factor in reducing risk and protecting against threats. Better practices online as well as the use of security products like, anti-virus, anti-spam and anti- phishing can play a significant role in reducing cyber threats. Finally, the US needs to take a strong leadership position with other nations to improve cooperation on cyber crime prosecution and also improve protection against threats to the critical infrastructure.

While security is an integral step to protect networks, it must be combined with a means to organize, prioritize, and store information seamlessly for enterprises and governments to truly withstand today’s cyber attacks.

These are steps to improve the protection of critical infrastructure should be emulated around the world as cyber security is a global issue affecting the critical infrastructures of every country.

Francis deSouza Sr. Vice President, Symantec Enterprise Security Group


Seeing Past Trojan.Hydraq’s Obfuscation

While Trojan.Hydraq has been described as sophisticated, the methods used to obfuscate the code are relatively straight forward to deobfuscate.  Trojan.Hydraq has spaghetti code, which is a technique used to make analyzing the code of program more difficult.  The basic blocks of a function are identified, and then completely rearranged so one cannot easily follow the code in a linear fas
Read More


  • No Related Posts