Computer Internet network security News

Symantec Corp has released a report recently in which it describe Philpine has the lowest level of malicious software activities across the Asia Pacific region. Symantec told reporters that malicious activity coming from the Philippines comprises only two percent of the total in the APJ, unchanged since the last reporting period in 2007.

In the countries where internet and broadband grows the malicious software activity also  grows. In case of India the malicious software growth is at alarming stage due to pirated softwares too.

The low penetration of broadband service in the country may be correlative to the low malicious activity in the Philippines. The Philippines ranked 10th in the APJ and fourth in Southeast Asia for malicious activity in 2008.

The top 10 malicious codes experienced  were Trojans and worms, along with gampass, gammima, fujacks, pagipef, runauto, almanahe, rontokro, imaut, sajity and vundo. Among others, these codes steal online game account credentials, modify HTML files and registries to display offensive text in browser windows, infect executable files, end security software-related processes and download additional threats, perform DoS attacks, display advertisements and remove security applications.

News malicious software, philpines, symantec

A report by an In Indian newspaper showed that cyber attacks are increasing in India. There is a need of cyber security awareness among users. It is evident from the steep rise in malicious attacks from web-based sources originating mostly from the US and China, a study by global security solutions provider Symantec has revealed.

The malicious attcks which are being exercised constantly is due to increase in the usage of internet along with the usage of pirated softwares which lack security updates and even some pirated softwares contain malicious codes which harm the systems.

According to the Symentac Internet Security Threat report, which is based on data pooled by Internet sensors, first-hand research and monitoring of hacking communications during January-December 2008, computers from the US and China were the leading source of web-based attacks targeting India.

Web surfing remained the primary source of new infections in 2008. Attackers rely on customised malicious code toolkits to develop and distribute their threats, targeting confidential information of computer users.

News cyber attcks, india computer security, symantec

New conficker E is spamming around to damage computers, this was revealed by Symentac.  This new version has started to reisde itself on computers that were previously infected and in many fashions seems to behave like the first version, Conficker.A that emerged in November 2008.

Manager at Symantec Security Response, Orla Cox, stated that the ability of Conficker.E to exploit Microsoft security flaw resembles the way in which Conficker.B previously exploited. Yahoo!News published this on April 9, 2009.

The new Conficker.E, as per the reports of security analysis, is that the worm communicates and proliferates by using ports that are generated randomly over the range 1,024 to 10,000.

Symantec notes that the latest version Conficker.E downloads and plants Waledac, another prominent bot that analysts found to be virulent for the past many months. According to them, Waledac is probably famous as the descendant of the notorious Storm worm of 2008.

Computer security Research conficker, conficker e, symantec

Symantec is facing complaints due to malfunctioning of a program file called PIFTS.exe in its productr Norton Internet Security and Norton Antivirus 2006 and 2007. PIFTS.exe is a update from symantec.

Users are reporting that the error messages are being popping out asking them if they wanted to install the PIFTS.exe file. Norton’s firewall would have let it pass, had it been digitally signed.

The update was available for about three hours and was pushed out to a small, “limited number” of Norton users, said Jeff Kyle, a group product manager of consumer products with Symantec.

PIFTS  is a diagnostic program that Symantec update to users frequently to anonymously collect information such as the operating system and version number of the product being used in order to get the usage of end user. The troublesome, unsigned PIFTS.exe file is no longer being distributed, but it never represented any kind of security threat, Kyle said. “If a user would have accepted it they should have been fine, and if they declined it they should have been fine.

The problem will raise the worries of Symantec as it seem to be a hacking act because criminals began posting malicious Web pages that would pop up high on Google searches for PIFTS.exe.

News exe file, norton antivirus, security update, symantec

A worm that exploits the bug Microsoft patched in an emergency update 11 days ago is actively attacking systems, several security companies and researchers said Monday.

The worm, which Symantec labeled “Wecorl” but was dubbed “MS08-067.g” by Kaspersky Lab and Microsoft itself, likely originated in China, said Kevin Haley, a director with Symantec’s security response team. “It may have come out of China,” said Haley, who added that it appeared to target Chinese language versions of Windows 2000.

Haley confirmed that the worm is both different from the information-stealing Trojan horse that prompted Microsoft to issue the out-of-cycle patch on October 23, and circulating in the wild.

Other researchers echoed Symantec’s take that the worm installs multiple components on victimized PCs, including a Trojan downloader and rootkit code to mask it from security software. Helsinki-based F-Secure, for example, identified the former as “Trojan-Dropper.Win32.Agent.yhi” and the rootkit bits as “Rootkit.Win32.KernelBot.dg.”

According to Haley, if the worm manages to infect a Windows PC, it also tries to attack all the machines on the same subnet. “If it can get behind the [fire]wall, then it can infect other systems,” Haley said.

“That circumvents the firewall mitigation that Microsoft noted,” said Andrew Storms, director of security operations at nCircle Network Security. “Enterprises typically have laptops configured to be location aware so when they’re on the company network, parts of the firewall are disabled, or port 139 is allowed from known IP addresses.”

In the security bulletin it released two weeks ago, Microsoft said that “standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.”

More at Arnnet

News symantec, systems, wecori

Symantec Corp. (Nasdaq: SYMC) today announced its executives will be speaking at the following investor conferences in the June 2008 quarter:

• Merrill Lynch Technology Conference on May 6 at 11:15 a.m. ET in New York City
• JPMorgan Technology Conference on May 19 at 8 a.m. ET in Boston

A live webcast and replay of the presentation will be available.  Interested parties can view the webcast and the replay over the Internet through Symantec’s Investor Relations Web site at www.symantec.com/invest.  Please go to the Web site at least 15 minutes early to register, download and install any necessary software.

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help businesses and consumers secure and manage their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.

News investor conferences, necessary software, security storage, symantec

Symantec client management solutions offer speed, reliability, and ease-of-use for Windows Vista migration. Leveraging our industry-leading expertise in Windows migration, Symantec provides integrated, automated, and comprehensive solutions to assist in all phases of Vista migration, including planning, implementation, and ongoing system management. Symantec’s solution provides hardware and software inventories, a centralized management console, accelerated deployments, extensive PC user personality migration, and real-time status reporting. Symantec enhances Microsoft’s Vista migration best practice procedures and offers the most widely used corporate imaging solution in the industry. For complete, end-to-end Vista migration with confidence, think Symantec.

Planning Your Migration

Planning starts with a system inventory and an assessment of the current environment. This allows you to identify PCs that fall short of the minimum requirements and to create a plan for upgrading or securely retiring those systems. Migration to new or existing hardware will determine whether users’ personality settings need to be captured.

Performing the Migration

The actual migration involves deployment of the new image and restoration of users’ personality setting packages. A best practice for reducing migration costs is to eliminate duplication wherever possible. For example, minimize the overall number of tools required for migration as well as the number of system configurations.

More at http://www.symantec.com/

Windows security symantec, vista, vista-migration, Windows security, Windows-security

Symantec Corp. (Nasdaq: SYMC) concludes that cyber criminals are increasingly becoming more professional – even commercial – in the development, distribution and use of malicious code and services. While cybercrime continues to be driven by financial gain, cyber criminals are now utilizing more professional attack methods, tools and strategies to conduct malicious activity.“As the global cyber threat continues to grow, it has never been more important to remain vigilant and informed on the evolving threat landscape,” said Dan Lohrmann, chief information security officer, State of Michigan. “Symantec’s Internet Security Threat Report continues to provide us with critical information on the most current online security trends, helping us better protect our state’s infrastructure and citizen information.”

Read more at Symantec

Computer threats computer-threats, cyber-crimes, security-news, symantec

Wireless phones and devices become more prevalent in today’s society, it is inevitable that these devices become more difficult to properly secure. Antivirus giant Symantec suggests users are wising up to a growing threat of mobile phone viruses. But one company which handles support for major mobile operators claims the threat is being blown well out of proportion and the latest figures reveal a gulf between “perception and reality”.”If you look at the viruses out there currently there are about 14 core viruses, the majority of which are fairly benign. They are mostly developed as proof of concept to warn manufacturers of handsets and operating systems or the antivirus industry about potential vulnerabilities,”

There are only few viruses for mobile phones but still the research is needed in this area. As the technology is growing the more high tech phones are being produced by the companies. These phones are more vulnerable than the older ones due to the facilities like accessing internet, emails etc through the phones.

Be careful use the phone as you are using your computer. Microsoft give some tips on securing your mobile device, the tips are as follow

1- Only download or accept programs and content (including photos, video clips, ring tones, mobile device themes, and games) from a source you trust.

2- If your phone is equipped with Bluetooth, turn it off or set it to non-discoverable mode when you’re not using it. Only accept incoming data from a source you trust. For more information, see the instructions that came with your mobile device.

3- If your phone is equipped with Beam (also known as Infrared), only allow it to receive incoming beams when you’re receiving data from a source you trust.

You can find more at Microsoft 

Computer security technology accessing_internet, Computer-security-technology, handsets, mobile_phone_viruses, symantec, Vulnerabilities, wireless_phones

Regular readers of my blog know that one of my many duties at work is to administrate what was once known as IMLogic (now known as Symantec IM Manager). I’ve complained loudly and frequently here ever since Symantec bought IMLogic . This post is more of the same.
IMLogic would keep me up to date about new releases. Symantec released version 8.2 without letting me know.
IMLogic worked hard to stay on top of new developments in the IM industry and let me know what actions I should take. Yahoo announced their web IM a few days ago. I still haven’t heard from Symantec about the best way to make sure that Yahoo Web IM is either blocked or monitored.
When Symantec bought IMLogic and Microsoft bought Sybari, I predicted that the Sybari – IMLogic integration was not long for this world. As I read the Symantec IMManager release notes for version 8.2, I see that Antigen for IM is no longer integrated. Here’s a support article about that.
Fortunately, it seems this version doesn’t have a lot new that I care about.
Real-time Enterprise Vault export capability
Groups and Group policies based on IP address ranges
File transfer control by type
Internationalization And Localization Changes
VMWare Support
Oracle 10g Support

Unfortunately, 8.1 the version I’m using is EoL in the fall.

Read more at ivanr

Antivirus antigen, Antivirus, internationalization, new_developments, symantec

A weekend spam run tried to dupe recipients into downloading the infamous “Storm Trojan” by attaching files that posed as videos of a bogus missile strike by the U.S. against Iran, antivirus vendors said today.The unsolicited e-mail, which arrives with provocative subject lines that include “Missle [sic] Strike: The USA kills more then [sic] 20000 Iranian citizens,” “USA Declares War on Iran,” and “USA Just Have Started World War III,” include attached executable files such as video.exe and readme.exe, said Symantec Corp.

“The underlying threats are actually nothing new,” said Symantec researcher John McDonald on the company’s security response team’s blog. “They are simply minor variants of Trojan.Peacomm and W32.Mixor, which have been repacked in an attempt to avoid existing detection and appear to have been largely successful at that.” Symantec added that executable file attached to the war-scare spam is actually a worm that downloads and install both Trojan horses.

According to data from MessageLabs Ltd., Peacomm — also known as Zhelatin — was the most prevalent piece of malware in the past 24 hours. It accounted for 32% of all malicious code being distributed worldwide, said MessageLabs.

By early today, other security companies, including F-Secure Corp., Fortinet Inc., Kaspersky Lab Inc. and Sophos PLC, had released updated signatures to detect the tweaked threat.

Computer security Systems Antivirus, Computer security Systems, spam, symantec