これに続いて、シマンテックは有償版の Java RAT も確認しています。これが Adwind(Backdoor.Adwind)で、すでに複数のオペレーティングシステムに対応しているうえに、AndroRAT のオープンソースコードに基づいて Android モジュールを取り込みつつあるようです。有償版のこの RAT にも、リモートで RAT を管理制御できるグラフィカルユーザーインターフェースが装備されています。
Techniques used by malware developers to evade detection by security software have changed drastically in recent years. Encryption, packers, wrappers, and other methods were effective for various lengths of time. But eventually antimalware programs gained detection techniques to combat these steps. Malware authors next started frequently changing code and other data; now malware binaries are Read more…
Be honest. Do you really read the warning messages that your browser displays to you? Or do you blindly click the phishing site warnings or the SSL mismatch dialog away? Apparently most users don’t seem to care too much about those warnings and c…
Improving effectiveness of phishing bait is always at the top of any phishers’ agenda. They prefer to use bait that reflects enticing subjects in order to catch the attention of as many users as possible. Recently, we have seen phishers moving one step ahead. In addition to having eye-catching bait, they are compelling users to spread the word. In today’s example, phishers used free cell phone airtime as the phishing bait.
The phishing site requested Indian Facebook users to verify their account by entering their login credentials in order to get the fake offer of free cell phone airtime. But phishers, not content with just duping one user and eager to target even more, start off by saying the offer is only valid after posting this same offer on the profile pages of a number of friends. Phishers devised this strategy because obviously receiving messages from friends is more convincing than from unknown sources. The method phishers are using in effect enlists unsuspecting users into spamming for them.
Figure 1. Facebook account verification
Figure 2. “Like us” enticement
Figure 3. Sharing enticement
Figure 4. Sharing enticement and personal information request
The first page of the phishing site asked users to verify their Facebook account. Users were then alerted that all information should be entered correctly. The second page of the phishing site displayed an image of a selection of Indian cell phone network operators. The phishing page stated that free airtime worth “Rs. 500” is available from the offer after following four additional steps. The steps were essentially to like, subscribe, share, and post the offer to at least 10 friends. Finally, in order to complete the process, the phishing site asked users for personal information including name, email address, cell phone number, network operator, and cellular zone. If any user fell victim to the phishing site, phishers would have successfully stolen personal user information for identity theft.
Users are advised to follow best practices to avoid phishing attacks:
Do not click on suspicious links in email messages
Do not provide any personal information when answering an email
Do not enter personal information in a pop-up page or screen
Ensure the website is encrypted with an SSL certificate by looking for the padlock, “https,” or the green address bar when entering personal or financial information
Use comprehensive security software such as Norton Internet Security or Norton 360, which protects you from phishing scams and social network scams
Report fake websites and email (for Facebook, send phishing complaints to phish@fb.com)
En el panorama actual de amenazas las divisiones entre las herramientas cibernéticas de investigación y las de espionaje se vuelven cada vez más borrosas. El descubrimiento reciente de dos nuevas amenazas es un hecho que confirma …
In the sales world when we look at the sales cycle we tend to see everything as a funnel. It has a wide open mouth at the top with narrower pipe at the end representing our sales. As a business leader you look at each portion of the sales process to evaluate your success at each point to maximize the effectiveness of your marketing efforts. Customer conversion rates are highly important. Abandoned shopping carts are worrisome. The checkout process for online retail sales is critical. So how can you use security technology to drive customer conversion? How can you widen the portion of the sales “funnel” at the checkout process and drive more sales?
At Symantec we have two very strong options you can leverage.
Leverage the power of the Norton Secured Seal, the most trusted seal on the web. Take a look at this interesting infographic by Conversion Voodoo, specialists in online retail optimization. This infographic takes 6 of the most common problems in the online retail process and provides solid solutions. Scroll down to the second problem “Customers don’t trust the site.” What is the first solution? “Clearly display security logos.” US Cutter used the Norton Secure seal and they saw an 11% increase in their conversion rate and a 52% lift in sales from paid search. If you have Symantec SSL/TLS certificates for your site you can use the Norton Secured Seal free of charge; just go to the install page. Need some? Visit our site.
Using Extended Validation (EV) certificates makes a strong impact to anyone visiting your site. Why? It will turn the address bar on site green. Customers will see the lock and will know you have a secured site. Furthermore any potential customers using Norton AntiVirus will see the Norton Secured Seal next to your site’s listing in search results. This drives more traffic to your site. See the address bar on this blog? Note the green bar, lock, and the “s” after “http.”
The added benefits that Symantec SSL certificates bring to the table are:
Daily malware scanning
Vulnerability assessments
Expanded warranty coverage
SGC (Server gated cryptography) which means customers using older web browsers can access your site safely.
Trust is paramount in converting browsers to buyers and the Norton Secured Seal drives that customer confidence. Curious about what our customers think? Click here to see how the seal has increased trust and revenue for ecommerce sites everywhere. Do you have a seal success story you’d like to share? Please feel free to contact me at Brook_Chelmo@symantec.com
In a previous blog, we talked about the rise of remote access tools (RAT) written in Java that are capable of running on multiple operating systems. With the growing popularity of the Android operating system, it comes as no surprise that the Android O…
Whether it’s customers visiting an eCommerce site via their smartphone, or cashiers using a mobile device to accept payments, chances are mCommerce has played a big role in how retail transactions are carried out today. However, despite the ubiquity, mobile devices also present a whole new array of security risks for both businesses and shoppers Read more…
It’s that time again: long sunny days, vacations in warm locales—the last thing you want to worry about as you’re planning your next summer getaway is being duped by travel-related scams on phony websites or having your identity stolen if your mobile device goes missing while on vacation. Previously, we’ve discussed best practices to keep Read more…
