Tag Archives: Symantec Protection Suites (SPS)

Announcing the Symantec Email Submission Client Beta

One of the great things about working in the Messaging & Web Security BU is the amount of cool new technology and functionality we work on.  Some times, this is behind the scenes on our backend systems and other times this is new functionality for existing products.

This time, however, I’m really excited to announce the beta program of a brand new application:

Symantec Email Submissions Client

This application allows you to automate the submission of missed spam (aka false negatives) to Symantec, directly from your end user mailboxes.

Symantec Email Submission Client takes advantage of the Exchange Web Services framework built into Microsoft Exchange Server to provide a submissions solution that:

  • Does NOT require any installation to you endpoint devices.
  • Does NOT require any updates to be managed/pushed to your endpoint devices. 
  • Does NOT require any complex end user training.
  • Does NOT require any additional licensing from Symantec.  

 

Deploying the Symantec Email Submission Client allows you to:

  • Provide your end users with a consistent answer to the question “What do I do with this spam message?”
  • Reduce helpdesk calls by providing a simple process for your end users to follow.
  • Increase antispam effectiveness and block even more threats from entering your environment.
  • Take full advantage of our antispam technology today and in future Messaging Security product updates. 

 

In order to participate in this beta program, you must be running Microsoft Exchange Server 2010 or 2007 SP1 (or above).

To receive more information and to register for this beta program, use the following link:

http://symbeta.symantec.com/callout/?callid=6DFF3025F2654CE0AB37629981C7988E

 

When the final release ships, the Symantec Email Submission Client will be provided to all customers using a Symantec mail security product as part of your existing product entitlement.  This includes customers using:

  • Symantec Messaging Gateway (formerly known as Symantec Brightmail Gateway)
  • Symantec Mail Security for Microsoft Exchange
  • Symantec Protection Suite

 

This beta program supports our commitment to product quality and customer satisfaction, enabling customers to download pre-release versions of our products and to provide feedback directly to members of the Symantec product team.

Personalize Protection Against Unwanted Email with Symantec Messaging Gateway

We’ve been holding off on the news, but as many of you have realized, Symantec Messaging Gateway 9.5 (formerly Symantec Brightmail Gateway) is now available – in fact, over 1,800 customers have already upgraded to the new release. We mentio…

???????????????

      No Comments on ???????????????

2 日ほど前から、シマンテックは悪質な脅威の拡散を狙った電子メール攻撃の急増を確認しています。確認されたサンプルはすべて、UPS または Post Express から送られてくる、配送に関する正規の注意メッセージや通知を偽装しています。メッセージの本文では、荷物を受け取るためには詳しい情報や処理が必要であるとして、ZIP 形式で圧縮された実行可能ファイルを開くように求めます。

このスパム攻撃で確認されたヘッダーの例を以下に示します。

差出人: “United Parcel Service” <info***3@ups.com>
差出人: “UPS Customer Services(UPS カスタマーサービス)”<***@secureserver.net>
差出人: “United Parcel Service” <***@dhl.com>
差出人: “Neil Molina” United Parcel Service <[詳細は削除済み]@[詳細は削除済み]>
差出人: “Kimberley Miner” United Parcel Service <[詳細は削除済み]@[詳細は削除済み]>

件名: United Parcel Service notification 40983(UPS 通知 40983)
件名: Delivery Status(配送状況)
件名: UPS: Your Package(UPS: 荷物)
件名: United Parcel Service notification(UPS 通知)
件名: United Postal Service Tracking Nr.(UPS 追跡番号)

差出人: “Post Express Support(Post Express サポート)” <postmail-int[詳細は削除済み]@[詳細は削除済み]>
差出人: “Post Express Information(Post Express 情報)” <postmail-usa. [詳細は削除済み]@[詳細は削除済み]>
差出人: “Post Express Report(Post Express レポート)” <postmail-usa. [詳細は削除済み]@[詳細は削除済み]>
差出人: “Post Express Office(Post Express オフィス)” <postmail-usa. [詳細は削除済み]@[詳細は削除済み]>
差出人: “Post Express Information(Post Express 情報)” <postmail-usa. [詳細は削除済み]@[詳細は削除済み]>

件名: Post Express Office. Package is available for pickup. NR03909(Post Express オフィス: 集荷準備中 NR03909)
件名: Post Express Office. Delivery refuse. NR4245855(Post Express オフィス: 配送拒否 NR4245855)
件名: Post Express Office. Track your parcel. NR06678(Post Express オフィス: 荷物追跡 NR06678)
件名: Post Express Office. Error in the delivery address. NR4061172(Post Express オフィス: 送付先住所の間違い NR4061172)
件名: Post Express Office. Get the parcel NR31215(Post Express オフィス: 荷物 NR31215 をお受け取りください)

受け取ったユーザーが圧縮ファイルを開いて実行すると、以下の脅威がインストールされます。

UPS tracking number.exeTrojan.FakeAV として検出)
UPS notify.exeBackdoor.Cycbot として検出)
Post_Express_Label.exeTrojan.Sasfis として検出)

以下に、スパムの例を 2 つ示します。


 

シマンテックがこの攻撃を詳しく解析したところ、悪質な電子メールは世界各地から送信されており、それが急増したのは Rustock の活動停止後にスパマーがボットネットを再構築しているためであると判明しました。

上述したようなメールを受信した場合に、不審な添付ファイルを開いたりダウンロードしたりしないという基本的な習慣を守るようにしてください。また、コンピュータやネットワークへの侵入を防ぐために、すべてのセキュリティパッチをインストールし、ウイルス対策定義を常に最新状態に保つことをお勧めします。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。

???????????????????

      No Comments on ???????????????????

シマンテックセキュリティレスポンスは最近、一見して無害そうなプログラムがさまざまな URL でホストされていることを確認しました。このプログラムファイルが異例だったのは、多くのシマンテックユーザーが同じファイルを解析のために送信してきたという事実です。

このプログラムの基本的な動作は、職業適性アンケートに回答させたうえで、次のいずれかの URL にユーザーをリダイレクトするというものです。

hxxp://groupinc-upland.biz/registration/1
hxxp://artby-group.biz/registration/1
hxxp://artby-gorup.net/registration/1
hxxp://callisto-ltdco.net/registration/1
hxxp://kresko-group.biz/registration/1
hxxp://kresko-group.net/registration/1
hxxp://targetmarket-groupllc.net /registration/1
hxxp://neoline-llc.net/registration/1
hxxp://neoline-groupco.cc/registration/1

適性テストのダウンロードと回答を行わずに、これらのページをただ閲覧することはできません。

このプログラムは、登録ページにアクセスするための一意の URL を生成します。

このプログラムで気になる点は、入力を求められる情報の仔細さです。

100 ドルの特典と引き換えに、オンラインバンキングの口座情報として URL、ログイン名、パスワードまで要求されます。

最後のステップでは、入力したアドレスに電子メールが送信され、契約に合意したうえで身分証明か公共料金請求書のスキャンコピーをアップロードするように求められます。

契約書には、この仕事の目的が次のように記載されています。

「The Contractor undertakes the responsibility to receive payments from the Clients of the Company to his personal bank account, withdraw cash and to effect payments to the Company’s partners by Western Union or MoneyGram money transfer system within one (1) day(契約者は、当社の顧客からの支払いを個人の銀行口座で受け取り、現金を引き出したうえで、Western Union または MoneyGram の送金システムを利用して 1 日以内に当社のパートナーへの支払いを実効させる責任を負うものとする)」

また報酬についても触れられています。

「The Contractor is engaged by the Company on terms of thirty-days (30) probationary period. During the probationary period the Company undertakes to pay to the Contractor the base salary amounting to 2300 USD per month plus 8% commission from each payment processing operation. After the probationary period the Company agrees to revise and raise the base salary to 3000 USD.(契約者は、30 日間の試用期間を条件として当社と契約する。試用期間中、当社は 1 カ月当たり 2,300 米ドルの基本給と、支払い処理操作 1 件ごとに 8% の手数料を契約者に対して支払うものとする。試用期間の終了後には、3,000 米ドルを上限として基本給の見直しと昇給を行うことに当社は合意する。)」

そして、オンラインバンキングの口座情報を入力すると特典の 100 ドルが手に入るということを思い出してください。

いわゆるマネーミュールは、取引の分け前を手に入れ、残りの現金を第三者の口座に送金します。このような行為は不正であり、これまでにも多くの例で、法的に責任を問われる結果になっています。

http://www.theregister.co.uk/2010/09/30/zeus_money_mules_charged/

http://www.wired.com/beyond_the_beyond/2010/10/the-zeus-money-mules-the-federal-complaints/

この詐欺行為が行われている間、重要な情報はすべて HTTPS ではなく HTTP で送信されているので、銀行口座情報は平文で送信されている点にも注意が必要です。

一般的に、ユーザー自身が意図して取引を開始した場合を除いて、個人情報(パスワードや銀行口座などの情報)は誰とも、またどんなサイトでも共有すべきではありません。個人情報の入力が必要なページにアクセスする場合でも、URL に HTTPS が含まれているかどうかを調べて、サイトが暗号化を利用していることを確認してください。また、ブラウザに鍵マークが表示されていれば、SSL が使われていることがわかります。

シマンテックでは、このアンケートアプリケーションを Fakesurvey として検出します。

http://jp.norton.com/security_response/writeup.jsp?docid=2011-032307-1016-99&tabid=2

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。

Symantec Brightmail Gateway – Beta for 9.5 release

The Symantec Enterprise Security team is now accepting applications to participate in the Symantec Brightmail Gateway 9.5 Beta program. Symantec Brightmail Gateway is also part of the Symantec Protection Suites.

The beta process is a great way for participants to get an early look at exciting new features in our upcoming release, and also get direct access back to the product development team on product feedback.

The 9.5 release includes:

  • New Dispositions: New configurable verdicts for unwanted email categories allow customers to configure policies regarding marketing mail, newsletters, and email with suspicious URLs.
  • Enhanced Spam Scanning: Updates to the Brightmail Antispam Engine allow better scanning of text-based attachments for spam and malicious URLs.
  • Match Logging: Enhanced message audit logs capture matching policy, text, and message part for content filtering policies.
  • TLS Logging: Enhanced message audit logs track TLS delivery status, allowing confirmation of TLS delivery for auditing.
  • Enhanced Integration with Symantec Protection Center: Symantec Protection Center provides unified management across Symantec security products, including single sign-on, composition of product management within the Protection Center console, and unified reporting across multiple products.
  • Software Update: Improved software update process within the Control Center UI allows for staging of updates and rich logs and update status. Note that this enhancement will impact updates subsequent to the 9.5 release.
  • DRAC Support: Expanded support for Integrated Dell Remote Access Controller functionality in the Symantec 8360 and 8380 hardware appliances allows customers to remotely monitor and manage their hardware environment.
  • More Flexible Backup & Restore: Restore process has been enhanced to allow a backup to be restored to a separate instance while preserving network configuration, enabling easier appliance migration and disaster recover.
  • Expanded Localization in Spanish and French: Product configuration has been fully localized into Spanish and French, in addition to the existing translations into Japanese, Simplified and Traditional Chinese, and Korean.

Quality is one of the key Symantec deliverables and we strive to deliver a first class product with every release. So we want to get as much customer feedback as possible before we ship. By participating in this beta program, you can help to ensure this release is as successful as possible.

All participants must be members of the Customer Advisory Program, which is free to join for all customers entitled to support and maintenance.

http://www.symantec.com/connect/groups/symantec-customer-advisory-program-enterprise-security

Applying for the beta is simple, once you’ve registered for the CAP just complete the registration form at the following link.

https://symbeta.symantec.com/callout/default.html?callid=57918D6D4DCA486B86B16D586405477B

This is a great opportunity to receive an early release in order to plan your implementation and provide us with feedback to ensure issues are prioritized. We hope you can join us as we prepare for this exciting product release!

Welcome to the new Mail & Web Security Blog!

      No Comments on Welcome to the new Mail & Web Security Blog!

Welcome to the new Mail & Web Security Blog!  Brightmail isn’t going away, but we wanted to expand our coverage to include news about our complete email and web security portfolio, including the Brightmail products (Brightmail Gateway, Brightmail Message Filter, and Brightmail Traffic Shaper), the Mail Security products (Mail Security for Microsoft Exchange and Mail Security for Domino), and Symantec Web Gateway.

In addition, Symantec’s messaging and web security products are core components of the Symantec Protection Suites.

Stay tuned for more updates, including an expanded cast of authors as we grow our coverage across a broader slice of the Symantec portfolio.

VBSpam Results

      No Comments on VBSpam Results

Virus Bulletin just published their September 2010 test results (http://www.virusbtn.com/vbspam/index), and Symantec Brightmail Gateway once against received a VBSpam designation – our 5th consecutive recognition. 

In this month’s test, Symantec Brightmail Gateway registered an effectiveness score of 99.64%, with 0 false positives!  It is great to see external validation for the premium that Symantec places on balancing very high effectiveness (over 99%) with accuracy (low false positives) in fighting spam.

You may be familiar with the Virus Bulletin name – Virus Bulletin is an independent third party that has been running comparative tests on antivirus technologies for over a decade.  Symantec’s antivirus engines have achieved over 40 VB100 awards during this time. 

Our team is thrilled with the latest results on the VBSpam testing. Symantec Brightmail Gateway is a core component of Symantec Protection Suite (Enterprise Edition and Advanced Business Edition), and is also available as a stand-alone enterprise product and the Symantec Brightmail Gateway Small Business Edition, for customers with fewer than 250 employees.

Messaging & Web Security at Symantec Vision 2010 in Barcelona

I can’t quite believe it’s September already, this year is flying by at a crazy pace.
This means that the Symantec Vision conference in EMEA has come around quickly too.

This year, we are at the CCIB in Barcelona, Spain, during the first week of October – Tuesday 5th through Thursday 7th.

Amongst the many, many sessions over the 3 day conference, there are a number of Mail & Web security sessions that you shouldn’t miss (not least because I’m co-presenting them smiley ), so in no particular order.

  1. Best Practices for Email Security.
  2. Anatomy of a Web Attack.
  3. Hands On Lab – Best Practices for installing and Configuring Symantec Brightmail Gateway.
  4. Hands On Lab – Best Practices for installing and Configuring Symantec Web Gateway.
  5. Deploying Symantec Protection Suite: Architecture and Best Practices.

Other interesting sessions in the messaging and web security realm:

  • The State of Spam
  • Cost of Email Security – Calculating your risks
  • Protecting against Botnets
  • Best Practices for installing and configuring Symantec Mail Security for Exchange
  • Running Security Operations with Symantec Protection Center

If you are joining us at EMEA Vision this year, what are you looking forward to most?

Be sure to let me know if you are coming along, there are going to be plenty of opportunities to talk to our product specialists, engineers, decision makers and of course to network with your peers.

//ian