Norton Internet Security logo

Frequent updates for always-on protection

Aug 23, 2010


As you know, most antivirus programs use several methods to detect, prevent and remove computer viruses, worms, Trojan horses, adware, spyware, Rootkits and other forms of malware. The most commonly used methods are Heuristic-based detection and Signature based detection.

Targeted scam threatening DDoS attacks

Aug 17, 2010


In a typical 419 scam message, we usually see lottery winning notifications, mentions of next of kin, or fake business offers. Often we observe spammers creating fake stories tying in with disasters or news linked to users' emotions. In a recent targeted scam tactic, spammers have created a fake story threatening users about a DDoS attack on their website.

In this latest spam campaign, the spammer claims to be a hacker owning a huge network capable of a DDoS attack, and threatens users that their website will be brought down with a DDoS attack if they fail to shell out $200. The domain name mentioned in the spam message is legitimate and its registrant dates are old. There are intentional spelling mistakes in the message in an effort to evade content-based antispam filters.

AV-Test release latest security testing results


During the 2nd quarter of 2010 AV-Test have tested 19 security products which ran on Windows 7, in the areas protection, repair and usability. The "Protection" covers static and dynamic malware detection, including real-world 0-Day attack testing. In case of "Repair", AV-Test check the system disinfection and rootkit removal in detail. The "Usability" testing includes the system slow-down caused by the tools and the number of false positives. A product has to reach at least 12 points total in order to receive a certification. 13 products have fulfilled our requirements and received an AV-Test certificate.

Symantec has recently observed phishing websites spoofing courier service brands


Symantec has recently observed phishing websites spoofing courier service brands. There were primarily three brands targeted and fraudsters were attempting to steal customers’ login credentials.

So what’s in the login credentials of courier service brands that fraudsters can take advantage of? Couriers provide their customer with several online features upon registering with the brand’s legitimate website. The features help customers to track their shipments, make online payments for their orders, specify the address for delivery, and so on. If login credentials are stolen, fraudsters can benefit from these features because it may enable them to reroute valuable packages to any address they provide.

In one of the phishing sites, the page prompted the customer to update user details, purportedly because "the account had not been updated for a considerable time." The details that required updating included sensitive information such as login credentials, account name, account number, and billing address. When the requested information is entered, the page redirects to the legitimate website, which creates the illusion that the update is complete. If customers fall victim to these phishing sites, they may end up losing their customer identity with the courier, which would — at the very least — result in the failure of having their packages delivered to the recipients.

Norton Safe Web for Facebook helps protect you and your computer

Aug 15, 2010


To take advantage of this feature, click on the "Enable Auto-Scan" button on the scan summary page to have Safe Web check your News Feed for malicious links every hour and notify you if unsafe links are found.

It’s FREE. It’s effective. And it makes your experience on Facebook safer. The Norton Safe Web for Facebook application scans your news feeds and identifies URLs containing security risks such as phishing sites, malicious downloads and links to unsafe external sites. With this application, you can easily see which links in your News Feed are unsafe for you or your friends to click on. From the scan results page you can click through to view detailed site rating analysis on the Norton Safe Web site (

Facebook Bieber Fans Targeted by Scammers Again


Scammers are trying to exploit the millions of Justin Bieber fans using Facebook by making false claims about their idol in order to lure them onto rogue pages.

The fake messages being posted by users who already fell victim to this scam read: "OMG Justin Bierber trying to flirt, check it out[censored].

The link takes users to a rogue Facebook application page which displays a big button reading "Justin Bieber going crazy! Click to see".

Black Hat 2010: Security industry best practices

Aug 14, 2010


Following an industry conference, I find it a good practice for me to reflect back on what I learned and observed and see how I can apply it to my current work. At the conference there is so much to learn and take in, so I find it helps to let it all marinate for a bit of time and then I can start to uncover the new learning once I’m back at my desk and away from the conference buzz. It’s now been nearly two weeks since BlackHat wrapped up and these are the topics and observations from the conference that have been swilling around in my head. I hope to explore these thoughts more with my industry colleagues and find my way to contribute to improving security industry best practices.

Black Hat


The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world – from the corporate and government sectors to academic and even underground researchers. The environment is strictly vendor-neutral and focused on the sharing of practical insights and timely, actionable knowledge. Black Hat remains the best and biggest event of its kind, unique in its ability to define tomorrow’s information security landscape.

In addition to the large number of short, topical presentations in the Briefings, Black Hat also provides hands-on, high-intensity, multi-day Trainings. The Training sessions are provided by some of the most respected experts in the world and many also provide formal certifications to qualifying attendees. Arrangements can also be made to bring Black Hat’s trainers to your location for private and customized training.

Fraudsters provide false security for Facebook users

Aug 10, 2010


In August 2010, Symantec observed a phishing website that targeted Facebook login credentials, which claimed to provide security to Facebook users. The page was not imitating the legitimate Facebook website, but appeared to be an alternate website that provided this facility. The phishing site was titled as a “Security and Privacy Update” website.

The page stated that Facebook users were vulnerable to threats such as spam messages or hackers that could cause problems with their user profiles. The page further stated that if users confirmed their identity by providing login details, then they would be safe from such threats. On the contrary, if a user gave up their login details to the phishing site, the fraudsters would have succeeded and could steal the details for use in future attacks.

Stuxnet Introduces the First Known Rootkit for SCADA Devices

Aug 7, 2010


As we’ve explained in our recent W32.Stuxnet blog series, Stuxnet infects Windows systems in its search for SCADA programming software. SCADA systems consist of Programmable Logic Controllers (PLCs), which can be thought of as mini-computers that can be programmed from a Windows system. These PLCs contain special code that controls the automation of industrial processes—for instance, to control machinery in a plant or a factory. SCADA programmers use software (e.g., on a Windows PC) to create SCADA code and then upload their code to the PLCs.

Previously, we reported that Stuxnet can steal SCADA code and design projects and also hide itself using a classic Windows rootkit, but unfortunately it can also do much more. Stuxnet has the ability to take advantage of the programming software to also upload its own SCADA code to the PLC. In addition, Stuxnet then hides these code blocks, so when a programmer using an infected machine tries to view all of the code blocks on a PLC, they will not see the code injected by Stuxnet. Thus, Stuxnet isn’t just a rootkit that hides itself on Windows, but is the first publicly known SCADA rootkit that is able to hide injected SCADA code located on a PLC.