Home and Home Office Security Report
This podcast highlights some of the threats and dangers Symantec reported on in January 2007 and offers suggestions on how to stay protected.
More information at:
Hello and welcome to the Security Response Podcast brought to you by Symantec, the world leader in providing solutions to help individuals, small businesses, and enterprises ensure the security, availability and integrity of their information. Today’s podcast will present an overview of the January 2007 issue of the Symantec Home and Home Office Security Report. The Symantec Home and Home Office Security Report provides an overview of internet security concerns that may affect home and home office users and provide solutions for protecting the valuable data stored on their computers. In this podcast, we will take a look at a security flaw in Apple iChat that could allow hackers to break into your computer.
We will also discuss one of the biggest online bank heists in history, which involved, and elaborate, and targeted phishing attack. In addition, we will take a look at a new type of spam that is disguised to resemble a newsletter from a well known brand in order to await spam filters and arrive in your inbox, and we will also discuss security flaws in Sun’s Java Runtime Environment and in the Microsoft Windows Vector Markup Language or VML processing functionality that could allow hackers to gain control of your computer and finally, we will take a look at a recent Trojan that made headlines over the past few weeks.
We will start today by examining a flaw in Apple’s iChat that was reported on 01/20/07. Hackers could use the flaw to break into your computer allowing them to read you e-mail messages and address books, steal your files and software, and use your computer to carry out further hacking attempts. A hacker could also take advantage of the flaw by enticing you to visit a malicious website or open a malicious file. When the website is loaded or the file is opened, the malicious content will take advantage of the flaw and allow the attacker to gain control of your computer. At the time of publication, Apple had not yet released solutions for all of these problems, but you can protect yourself. Ensure that you are running up-to-date antivirus software to keep yourself as secure as possible.
You should also never view, open, or click on any files or e-mail attachments unless they are expected and come from a known trusted source. Customers of a large bank in Sweden were recently targeted by a Trojan attack, which resulted in one of the biggest online bank heists in history. A variant of the Haxdoor Trojan was sent to bank customers claiming to be a program from the bank to block spam. Once installed on the computers the Trojan would wait for users to access the bank site and then redirect them to a website that was controlled by the attackers. This elaborate and targeted phishing attack was used to compromise the online banking accounts of up to 250 of the bank’s customers.
In total, the bank estimates that the attack landed the thieves approximately $1.1 million. To protect yourself against attacks such as these, you should make sure that your antivirus definitions are up-to-date. Also using an anti-fraud toolbar with your web browser can help you detect phishing sites. Most banks do not usually send files or e-mail with links to websites. If you are uncertain whether an e-mail message from your bank is legitimate, then call the customer service number on your bank card to verity. Never call a customer service number that is included in the e-mail message since it also maybe fraudulent.
A new type of spam has been detected that is disguised to resemble a popular newsletter from famous brands such as the NFL, Wall-Mart, ESPN, eBay, or Amazon, but also contains advertisements for the spammer’s products by copying the format of real newsletters, inserting some of their own content; spammers are helping to get passed spam filters and into your inbox. This spam tries to trick people into believing that are reading a real newsletter that they might already subscribe to. The devious message of this type of spam is that more people are likely to trust an advertisement if it appears to be a sponsor of a respected brand making the spammers ad seem more legitimate than they really are.
In order to deal with this type of spam use a regularly, updated antivirus product as well as anti spam software and be weary of newsletters with unusual advertising content. On 01/16/07, a security flaw was reported in the Sun Java Runtime Environment that could allow a hacker to break into your computer. The Java Runtime Environment is a software that allows you to run Java applications and allows your web browser to run Java applets. Java applets are commonly used to add interactive media to web pages. A hacker could take advantage of this flaw by enticing you to load a website that contains a malicious Java applet. The malicious website forces the affected Java Runtime Environment to process some malicious GIF format image triggering the flaw.
A successful attack would let the hackers gain access to your computer allowing them to read your e-mail messages and address books, steal your files and software, as well as use your computer to carry out further hacking attempts. To protect yourself from this flaw, you should insure that you keep your software patched and up-to-date. Also never follow unknown links on web forums, message boards, blogs or unsolicited e-mails. On 01/09/07, a security flaw in the Microsoft Windows Vector Markup Language or VML processing functionality was reported. Hackers could use the flaw to break into your computer, allowing them to read your e-mail messages and address books, steal your files and software, and use your computer to carry out further hacking attempts.
A hacker could advantage of the flaw by enticing you to visit a malicious website. When the website is loaded, the malicious content will take advantage of the flaw and allow the attacker to gain control of your computer. To retract yourself, you should ensure that you keep your software patched and up-to-date and also never follow again unknown links and web forums, message boards, blogs, or unsolicited e-mails and finally on Friday, 01/19/07, Symantec reported on a new Trojan named Peacomm that was discovered in the wild. Over the following weekend, reports of this Trojan from Symantec customers reached a high enough level to cause it to be classified at a risk level of 3 on a scale of 1 to 5. This Trojan must be seen as a file attachment to spam e-mail messages.
If the Trojan successfully infects your computer it will try to hide its presence by using rootkit techniques. A rootkit is a component that uses stealth to maintain a persistent and undetectable presence on the machine. Actions performed by a rootkit such as installation in any form of code execution are done within an enduser’s consent or knowledge. The Trojan also tries to set up a peer-to-peer botnet using infected computers. Botnets are a network of infected computers on which hackers have installed software that listens for commands allowing them to be remotely controlled. Additionally, Peacomm tries to download other pieces of malicious code. Infected computers can then be used to participate in denial-of-service attacks, relay spam, or let the hackers steal files from the computer.
To protect yourself against Peacomm, you should make sure that your antivirus definitions are up-to-date. You should also never open any file attachments to do e-mail messages especially when they originate from someone you don’t know. You should also never open files that are expected and come from an unknown or untrusted source. That concludes our Security Response Podcast for today. For the complete text of this month’s Symantec Home and Home Office Security Report, point your browser to www.symantec.com/home_homeoffice/index.jsp.
Thank you for downloading and listening to the Security Response Podcast brought to you by Symantec, the global leader in information integrity providing software, appliances, and services to help individuals and enterprises secure and manage their most important asset, their information. For more information about this subject, related products, or additional podcast, make sure to visit www.symantec.com.