Contributor: Binny Kuriakose
Spammers continue to leverage the crisis in Syria for their personal gain. Besides taking advantage of a scam message that claimed to be from The Red Cross, spammers are now taking advantage of emails about the news in Syri…
They say popularity has its price. This saying holds a new weight when it comes to the growing influence of social media. In fact, your “Likes” may be worth more to hackers than your credit card number. As counterintuitive as it may seem, your social clout has become the new target of hackers. And they’re Read more…
A recent ruling by the New Jersey Court of Appeals has sparked a nationwide debate over exactly who is liable when an accident is caused by a distracted driver. According national reports, the court considered the claim of two victims who both lost their legs when a texting teen driver ran into their motorcycle. While Read more…
The AVAST #SecurityTip contest has begun, and everyone is invited to participate. It’s easy! Just write a security tip that we can share with other computer and mobile users and you’ll get the chance to win a Nexus device or a free 1-year license for avast! Internet Security! Each week in September, we will ask […]
The AVAST #SecurityTip contest has begun, and everyone is invited to participate. It’s easy! Just write a security tip that we can share with other computer and mobile users and you’ll get the chance to win a Nexus device or a free 1-year license for avast! Internet Security! Each week in September, we will ask […]
標的型攻撃は日常的に発生するようになり、攻撃者は最新のニュース記事をすぐさまソーシャルエンジニアリングの材料として利用しています。最近確認された標的型攻撃は、ペイロードとして Backdoor.Korplug を送信するもので、Symantec.cloud サービスで捕捉されました。この攻撃では、シリアでの化学兵器使用疑惑に関連して最近ワシントンポスト紙に掲載された記事が利用されています。攻撃者は、この記事の全文を悪質な文書に利用していますが、これは被害者を騙して、あたかも正規の文書であるかのように思わせることが目的です。
図 1. 記事を盗用した悪質な文書の一部
この攻撃は、Backdoor.Korplug による標準的な手口に従っています。以前のブログでお伝えしたように、「Microsoft Internet Explorer に存在する解放後使用のリモートコード実行の脆弱性」(CVE-2013-2551、Bloodhound.Exploit.497)を含む悪質な .doc ファイルを電子メールで標的に送り付ける手口です。
図 2. シリアでの化学兵器使用疑惑に関する報道を悪用した標的型攻撃の電子メールの例
シマンテックは、今回のブログで解説したような新しい脅威やそれに類似した脅威について監視を続けます。疑わしい電子メールはそもそも開封しないことをお勧めします。また、いつものことですが、このような攻撃から保護するために、シマンテックの最新技術をお使いいただき、シマンテックのコンシューマ向けまたはエンタープライズ向けの最新ソリューションを導入してください。
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。
Most parents and kids I speak to regarding online safety seem to have a bad case of the ‘it-will-never-happen-to-me’s.’ Stories of hacking and social engineering seem like far away ideas, or things that happen in a Spielberg movie, but not an everyday occurrence. I get it. In fact, I used to be one of these people. Read more…
Targeted attacks are a daily occurrence and attackers are fast to employ the latest news stories in their social engineering themes. In a recent targeted attack, delivering a payload of Backdoor.Korplug and caught by our Symantec.cloud services, we obs…
Hesperus, or Hesperbot, is a newly discovered banker malware that steals user information, mainly online banking credentials. In function it is similar to other “bankers” in the wild, especially Zbot. Hesperus means evening star in Greek. It is very active in Turkey and the Czech Republic and is slowly spreading across the globe. This sophisticated Read more…
Millions of users access social networks every day in order to share, engage, and look for information as well as entertainment. The transparency of social networks come with a risk and we very often expose ourselves to hackers and scammers that can take advantage of information we share. Social platforms constantly improve security and privacy […]