Tag Archives: Messaging Gateway

Personalize Protection Against Unwanted Email with Symantec Messaging Gateway

We’ve been holding off on the news, but as many of you have realized, Symantec Messaging Gateway 9.5 (formerly Symantec Brightmail Gateway) is now available – in fact, over 1,800 customers have already upgraded to the new release. We mentio…

???????????????

      No Comments on ???????????????

2 日ほど前から、シマンテックは悪質な脅威の拡散を狙った電子メール攻撃の急増を確認しています。確認されたサンプルはすべて、UPS または Post Express から送られてくる、配送に関する正規の注意メッセージや通知を偽装しています。メッセージの本文では、荷物を受け取るためには詳しい情報や処理が必要であるとして、ZIP 形式で圧縮された実行可能ファイルを開くように求めます。

このスパム攻撃で確認されたヘッダーの例を以下に示します。

差出人: “United Parcel Service” <info***3@ups.com>
差出人: “UPS Customer Services(UPS カスタマーサービス)”<***@secureserver.net>
差出人: “United Parcel Service” <***@dhl.com>
差出人: “Neil Molina” United Parcel Service <[詳細は削除済み]@[詳細は削除済み]>
差出人: “Kimberley Miner” United Parcel Service <[詳細は削除済み]@[詳細は削除済み]>

件名: United Parcel Service notification 40983(UPS 通知 40983)
件名: Delivery Status(配送状況)
件名: UPS: Your Package(UPS: 荷物)
件名: United Parcel Service notification(UPS 通知)
件名: United Postal Service Tracking Nr.(UPS 追跡番号)

差出人: “Post Express Support(Post Express サポート)” <postmail-int[詳細は削除済み]@[詳細は削除済み]>
差出人: “Post Express Information(Post Express 情報)” <postmail-usa. [詳細は削除済み]@[詳細は削除済み]>
差出人: “Post Express Report(Post Express レポート)” <postmail-usa. [詳細は削除済み]@[詳細は削除済み]>
差出人: “Post Express Office(Post Express オフィス)” <postmail-usa. [詳細は削除済み]@[詳細は削除済み]>
差出人: “Post Express Information(Post Express 情報)” <postmail-usa. [詳細は削除済み]@[詳細は削除済み]>

件名: Post Express Office. Package is available for pickup. NR03909(Post Express オフィス: 集荷準備中 NR03909)
件名: Post Express Office. Delivery refuse. NR4245855(Post Express オフィス: 配送拒否 NR4245855)
件名: Post Express Office. Track your parcel. NR06678(Post Express オフィス: 荷物追跡 NR06678)
件名: Post Express Office. Error in the delivery address. NR4061172(Post Express オフィス: 送付先住所の間違い NR4061172)
件名: Post Express Office. Get the parcel NR31215(Post Express オフィス: 荷物 NR31215 をお受け取りください)

受け取ったユーザーが圧縮ファイルを開いて実行すると、以下の脅威がインストールされます。

UPS tracking number.exeTrojan.FakeAV として検出)
UPS notify.exeBackdoor.Cycbot として検出)
Post_Express_Label.exeTrojan.Sasfis として検出)

以下に、スパムの例を 2 つ示します。


 

シマンテックがこの攻撃を詳しく解析したところ、悪質な電子メールは世界各地から送信されており、それが急増したのは Rustock の活動停止後にスパマーがボットネットを再構築しているためであると判明しました。

上述したようなメールを受信した場合に、不審な添付ファイルを開いたりダウンロードしたりしないという基本的な習慣を守るようにしてください。また、コンピュータやネットワークへの侵入を防ぐために、すべてのセキュリティパッチをインストールし、ウイルス対策定義を常に最新状態に保つことをお勧めします。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。

???????????????????

      No Comments on ???????????????????

シマンテックセキュリティレスポンスは最近、一見して無害そうなプログラムがさまざまな URL でホストされていることを確認しました。このプログラムファイルが異例だったのは、多くのシマンテックユーザーが同じファイルを解析のために送信してきたという事実です。

このプログラムの基本的な動作は、職業適性アンケートに回答させたうえで、次のいずれかの URL にユーザーをリダイレクトするというものです。

hxxp://groupinc-upland.biz/registration/1
hxxp://artby-group.biz/registration/1
hxxp://artby-gorup.net/registration/1
hxxp://callisto-ltdco.net/registration/1
hxxp://kresko-group.biz/registration/1
hxxp://kresko-group.net/registration/1
hxxp://targetmarket-groupllc.net /registration/1
hxxp://neoline-llc.net/registration/1
hxxp://neoline-groupco.cc/registration/1

適性テストのダウンロードと回答を行わずに、これらのページをただ閲覧することはできません。

このプログラムは、登録ページにアクセスするための一意の URL を生成します。

このプログラムで気になる点は、入力を求められる情報の仔細さです。

100 ドルの特典と引き換えに、オンラインバンキングの口座情報として URL、ログイン名、パスワードまで要求されます。

最後のステップでは、入力したアドレスに電子メールが送信され、契約に合意したうえで身分証明か公共料金請求書のスキャンコピーをアップロードするように求められます。

契約書には、この仕事の目的が次のように記載されています。

「The Contractor undertakes the responsibility to receive payments from the Clients of the Company to his personal bank account, withdraw cash and to effect payments to the Company’s partners by Western Union or MoneyGram money transfer system within one (1) day(契約者は、当社の顧客からの支払いを個人の銀行口座で受け取り、現金を引き出したうえで、Western Union または MoneyGram の送金システムを利用して 1 日以内に当社のパートナーへの支払いを実効させる責任を負うものとする)」

また報酬についても触れられています。

「The Contractor is engaged by the Company on terms of thirty-days (30) probationary period. During the probationary period the Company undertakes to pay to the Contractor the base salary amounting to 2300 USD per month plus 8% commission from each payment processing operation. After the probationary period the Company agrees to revise and raise the base salary to 3000 USD.(契約者は、30 日間の試用期間を条件として当社と契約する。試用期間中、当社は 1 カ月当たり 2,300 米ドルの基本給と、支払い処理操作 1 件ごとに 8% の手数料を契約者に対して支払うものとする。試用期間の終了後には、3,000 米ドルを上限として基本給の見直しと昇給を行うことに当社は合意する。)」

そして、オンラインバンキングの口座情報を入力すると特典の 100 ドルが手に入るということを思い出してください。

いわゆるマネーミュールは、取引の分け前を手に入れ、残りの現金を第三者の口座に送金します。このような行為は不正であり、これまでにも多くの例で、法的に責任を問われる結果になっています。

http://www.theregister.co.uk/2010/09/30/zeus_money_mules_charged/

http://www.wired.com/beyond_the_beyond/2010/10/the-zeus-money-mules-the-federal-complaints/

この詐欺行為が行われている間、重要な情報はすべて HTTPS ではなく HTTP で送信されているので、銀行口座情報は平文で送信されている点にも注意が必要です。

一般的に、ユーザー自身が意図して取引を開始した場合を除いて、個人情報(パスワードや銀行口座などの情報)は誰とも、またどんなサイトでも共有すべきではありません。個人情報の入力が必要なページにアクセスする場合でも、URL に HTTPS が含まれているかどうかを調べて、サイトが暗号化を利用していることを確認してください。また、ブラウザに鍵マークが表示されていれば、SSL が使われていることがわかります。

シマンテックでは、このアンケートアプリケーションを Fakesurvey として検出します。

http://jp.norton.com/security_response/writeup.jsp?docid=2011-032307-1016-99&tabid=2

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。

Mail & Web Security – 2011 Projects

      No Comments on Mail & Web Security – 2011 Projects

I can’t believe we’re already one month in to the new year!  It has been a busy January for the Mail & Web Security business at Symantec, as we plan for a full slate of product releases in the coming months.  We have releases planned for all three of our Brightmail products, our web gateway solution, and our groupware products planned in 2011. We also have follow-on releases planned for our exciting new Next Generation Network Protection platform for service providers.

The threat landscape continues to evolve in dynamic and unexpected ways.  We saw a remarkable drop in spam levels right after Christmas when some major botnets stopped sending out spam for a few weeks.  The botnets did not go away, however, and we’ve seen spam bounce back in recent weeks.  Check out www.symantec.com/brightmail/iqservices to see a clear illustration of this drop and recover, as well as a number of recent blog postings on threats.  Don’t forget our monthly State of Spam & Phishing Report, which is posted to www.symantec.com/spam. And don’t forget our more general blog on the threat landscape from the Symantec Security Response team, posted here on Connect at https://www-secure.symantec.com/connect/symantec-blogs/sr.

Stay tuned for some exciting announcements about our portfolio in the coming months.  If there any questions you would like us to tackle on this blog, please drop us a note in the comments below – we look forward to continuing the dialogue!

On behalf of the entire mail and web security product team at Symantec, I wanted to wish you all a very Happy New Year – we may be a bit late for the traditional New Year holiday, but we are just in time for the Chinese New Year – gong hay fat choy! 

Symantec Brightmail Gateway – Beta for 9.5 release

The Symantec Enterprise Security team is now accepting applications to participate in the Symantec Brightmail Gateway 9.5 Beta program. Symantec Brightmail Gateway is also part of the Symantec Protection Suites.

The beta process is a great way for participants to get an early look at exciting new features in our upcoming release, and also get direct access back to the product development team on product feedback.

The 9.5 release includes:

  • New Dispositions: New configurable verdicts for unwanted email categories allow customers to configure policies regarding marketing mail, newsletters, and email with suspicious URLs.
  • Enhanced Spam Scanning: Updates to the Brightmail Antispam Engine allow better scanning of text-based attachments for spam and malicious URLs.
  • Match Logging: Enhanced message audit logs capture matching policy, text, and message part for content filtering policies.
  • TLS Logging: Enhanced message audit logs track TLS delivery status, allowing confirmation of TLS delivery for auditing.
  • Enhanced Integration with Symantec Protection Center: Symantec Protection Center provides unified management across Symantec security products, including single sign-on, composition of product management within the Protection Center console, and unified reporting across multiple products.
  • Software Update: Improved software update process within the Control Center UI allows for staging of updates and rich logs and update status. Note that this enhancement will impact updates subsequent to the 9.5 release.
  • DRAC Support: Expanded support for Integrated Dell Remote Access Controller functionality in the Symantec 8360 and 8380 hardware appliances allows customers to remotely monitor and manage their hardware environment.
  • More Flexible Backup & Restore: Restore process has been enhanced to allow a backup to be restored to a separate instance while preserving network configuration, enabling easier appliance migration and disaster recover.
  • Expanded Localization in Spanish and French: Product configuration has been fully localized into Spanish and French, in addition to the existing translations into Japanese, Simplified and Traditional Chinese, and Korean.

Quality is one of the key Symantec deliverables and we strive to deliver a first class product with every release. So we want to get as much customer feedback as possible before we ship. By participating in this beta program, you can help to ensure this release is as successful as possible.

All participants must be members of the Customer Advisory Program, which is free to join for all customers entitled to support and maintenance.

http://www.symantec.com/connect/groups/symantec-customer-advisory-program-enterprise-security

Applying for the beta is simple, once you’ve registered for the CAP just complete the registration form at the following link.

https://symbeta.symantec.com/callout/default.html?callid=57918D6D4DCA486B86B16D586405477B

This is a great opportunity to receive an early release in order to plan your implementation and provide us with feedback to ensure issues are prioritized. We hope you can join us as we prepare for this exciting product release!

Welcome to the new Mail & Web Security Blog!

      No Comments on Welcome to the new Mail & Web Security Blog!

Welcome to the new Mail & Web Security Blog!  Brightmail isn’t going away, but we wanted to expand our coverage to include news about our complete email and web security portfolio, including the Brightmail products (Brightmail Gateway, Brightmail Message Filter, and Brightmail Traffic Shaper), the Mail Security products (Mail Security for Microsoft Exchange and Mail Security for Domino), and Symantec Web Gateway.

In addition, Symantec’s messaging and web security products are core components of the Symantec Protection Suites.

Stay tuned for more updates, including an expanded cast of authors as we grow our coverage across a broader slice of the Symantec portfolio.

VBSpam Results

      No Comments on VBSpam Results

Virus Bulletin just published their September 2010 test results (http://www.virusbtn.com/vbspam/index), and Symantec Brightmail Gateway once against received a VBSpam designation – our 5th consecutive recognition. 

In this month’s test, Symantec Brightmail Gateway registered an effectiveness score of 99.64%, with 0 false positives!  It is great to see external validation for the premium that Symantec places on balancing very high effectiveness (over 99%) with accuracy (low false positives) in fighting spam.

You may be familiar with the Virus Bulletin name – Virus Bulletin is an independent third party that has been running comparative tests on antivirus technologies for over a decade.  Symantec’s antivirus engines have achieved over 40 VB100 awards during this time. 

Our team is thrilled with the latest results on the VBSpam testing. Symantec Brightmail Gateway is a core component of Symantec Protection Suite (Enterprise Edition and Advanced Business Edition), and is also available as a stand-alone enterprise product and the Symantec Brightmail Gateway Small Business Edition, for customers with fewer than 250 employees.

Messaging & Web Security at Symantec Vision 2010 in Barcelona

I can’t quite believe it’s September already, this year is flying by at a crazy pace.
This means that the Symantec Vision conference in EMEA has come around quickly too.

This year, we are at the CCIB in Barcelona, Spain, during the first week of October – Tuesday 5th through Thursday 7th.

Amongst the many, many sessions over the 3 day conference, there are a number of Mail & Web security sessions that you shouldn’t miss (not least because I’m co-presenting them smiley ), so in no particular order.

  1. Best Practices for Email Security.
  2. Anatomy of a Web Attack.
  3. Hands On Lab – Best Practices for installing and Configuring Symantec Brightmail Gateway.
  4. Hands On Lab – Best Practices for installing and Configuring Symantec Web Gateway.
  5. Deploying Symantec Protection Suite: Architecture and Best Practices.

Other interesting sessions in the messaging and web security realm:

  • The State of Spam
  • Cost of Email Security – Calculating your risks
  • Protecting against Botnets
  • Best Practices for installing and configuring Symantec Mail Security for Exchange
  • Running Security Operations with Symantec Protection Center

If you are joining us at EMEA Vision this year, what are you looking forward to most?

Be sure to let me know if you are coming along, there are going to be plenty of opportunities to talk to our product specialists, engineers, decision makers and of course to network with your peers.

//ian

Catching up on Symantec Brightmail

Greetings, fellow Symantec Connect community members.  This is Angelos Kottas, Principal Product Manager for Symantec Brightmail Gateway. This is my first blog posting on the Brightmail blog on Symantec Connect, and I look forward to hearing from many of you in the weeks and months ahead.
 
Since last we posted to this blog, the Symantec messaging security team has been very busy!  We successfully released Symantec Brightmail Gateway 9.0 in mid March, and have been pleased to see very rapid adoption of the new release.
 
We also saw several new product releases in our broader messaging security product lines, including Symantec Mail Security for Microsoft Exchange 6.5, Symantec Mail Security for Domino 8.0.5, and Symantec Brightmail Message Filter 6.2.
 
To learn about these new releases, click on the Release Notes from the product support pages.
 
I also hosted a recent webcast on “What’s New in Symantec Brightmail Gateway 9.0” – a recording of the webcast is available here: http://www.symantec.com/offer?a_id=95708
 
In addition to the core product releases, we are also very excited about two new Protection Suite offerings that include our messaging security products: Symantec Protection Suite Advanced Business Edition and Symantec Protection Suite Enterprise Edition for Gateways.  You can read more about the Advanced Business Edition here: http://www.symantec.com/about/news/release/article… ; and our new enterprise suite offerings here: http://www.symantec.com/about/news/release/article…
 
I’ll be back with more updates soon, but in the meantime, please respond to this posting with suggestions for topics that you would like to see covered in future blog postings.

Introducing our Technical Advisory Webcasts

      No Comments on Introducing our Technical Advisory Webcasts

I’ve mentioned before that I’m a really keen advocate of bringing our customer base closer to our product development process.
2 years ago, I started running Customer Advisory Boards for our customers in EMEA.  These annual or bi-annual events were a chance for customers to come together and help us prioritise future development work by discussing their experience and insight into messaging security.
In general, these were really successful and the fruits of those sessions are just coming to light now with last years Brightmail Gateway 8.0 release and the very-soon-to-be-release Brightmail Gateway 9.0.

But, what about our customers that don’t have the budget to travel to another city and participate?
This is more and more common in this economic climate.  Travel budget is often the first belt to be tightened.

Well, this month I’m delighted to kick off the first Messaging & Web Security Technical Advisory Webcast.

Sounds interesting, what are they?

The Technical Advisory Webcasts are regular events, initially covering Symantec Brightmail Gateway and Symantec Web Gateway.
Presented via Webcast and tele-conference, you can expect to hear the following kind of information:

  • General product updates
  • Insight into future roadmap planning
  • Technical Deep Dives
  • Best Practices
  • Ask Us Anything Q & A

I’m keen to make sure we provide information that is interesting and useful to you, our customers.  So, if you have any specific topics you would like to see covered and discussed, please do let me know.

As I mentioned above, we are very close to shipping Symantec Brightmail Gateway 9.0 and this first webcast will introduce this major release.

How do I sign up?

Head over to the Security “Groups” page (https://www-secure.symantec.com/connect/security/g…) and sign up to the “Symantec Customer Advisory Program – Enterprise Security” group.
Be sure to complete your profile as complete as possible and add a comment that you want to register for the Technical Advisory Webcasts.
If you have any problems, feel free to contact me either here on Connect or at ian_mcshane@symantec.com

Cheers!

//ian