https://orcid.org/0000-0002-9097-2246
An advanced piece of malware, known as ‘Regin’, has been used in systematic spying campaigns against a range of international targets including government agencies and businesses
since at least 2008 vide IT security firms Symantec and Kaspersky Lab
reports both released on 24th Nov 2014.This ppt brings you an overview
of the threat in brief.The piece of malware is unique in the sense that it's structure displays a degree of technical competence rarely seen.Stuxnet looks a decent past....with this complexity
Showing posts with label symantec. Show all posts
Showing posts with label symantec. Show all posts
Tuesday, November 25, 2014
Tuesday, July 23, 2013
Best IT SECURITY INFO & NEWS SItes
1. IT Security enthusiasts guys/girls always keep looking forwards to discovering new sites that keep them enriched with latest happenings in the buzzing IT SECURITY world...I am listing out a list of sites that I keep abuzz with.These are not necessarily in the order of my preference or have any kind of ratings or ranking....but a whole lot of enriching info is available for every cyber security guy!!!
http://www.schneier.com/
http://thehackernews.com/
https://www.privacyrights.org/
https://www.owasp.org is specific to web application security subjects
http://www.itsecurity.com/
http://technet.microsoft.com has more of MS related aspects
http://csrc.nist.gov/
http://www.sans.org/
http://www.securityfocus.com/ : by Symantec
http://www.cert.org/
http://www.scmagazine.com/
http://www.securityweek.com/
http://nakedsecurity.sophos.com/
http://www.darkreading.com/
....surf few of them and enrich your self!!!!all the best
http://www.schneier.com/
http://thehackernews.com/
https://www.privacyrights.org/
https://www.owasp.org is specific to web application security subjects
http://www.itsecurity.com/
http://technet.microsoft.com has more of MS related aspects
http://csrc.nist.gov/
http://www.sans.org/
http://www.securityfocus.com/ : by Symantec
http://www.cert.org/
http://www.scmagazine.com/
http://www.securityweek.com/
http://nakedsecurity.sophos.com/
http://www.darkreading.com/
....surf few of them and enrich your self!!!!all the best
Thursday, July 18, 2013
Keep Changing Your Antivirus : CRUDE but EFFECTIVE Solution to curb Virus menace
1. We all understand the importance of anti virus today.From a naive user point of view, a user can go for the cheapest of the lot or may be if some one is worried enough he would go for the costliest one....but does that matter in an overall context? I mean w.r.t to the serious business model that this antivirus corporate sector has emerged like....lets see it here down below that brings out the country association of each leading antivirus company :
AVG : Czech Republic
Kaspersky : Russia
Avast : Czech Republic
Norton Symantec : U.S
Avira : Germany
E-Set : Slovakia
F-Secure : Finland
McAfee : U.S
MSE(Microsoft Software Essentials) : U.S
Panda :Spain
2. Sadly we see,there are no Indian companies in this short list.Besides these,if we get specific to India we can quote two companies viz : Quick-heal and K7 Computing..well....that's not the point that I am here to share....the thing to note here is that all these leading companies have got a affiliation with some other country and none is Indian.So when we blindly load a antivirus or a internet security suite in our systems just on faith and word of mouth publicity from peers and friends...are we doing the right thing ? Do we know what is running in the background ? In the name of uploading our dumps what actually goes to their servers? What information does it contain?How does that company identify a virus or a malware?what's the logic that finds a virus?...all these questions are critical because this all is happening in our own machines.....but most of us hardly bother about all this...coz we have faith!!! :-)...and also because there are no standards existing for defining a QR for a antivirus....there is none to cross check what's being cooked?
3. Besides having a question mark on the privacy issues...lets think about the logic being applied or the signatures being released to thwart the known threats....but do we know that more then the known virus list it is the ZERO DAY threats that are getting serious by the day....off-course few bright companies are trying to check that by working on behavioral aspects of a virus or a suspected file...but that has it's set of constraints and is often limited in detecting....so whats the solution.....i recommend using all trial versions for a month each of all leading companies that will pass your one year and then format your windows PC and then start again.....a cheap...crude method of using the best without spending a penny!!!!!!!!!!!!
4. By the way,just for info...virus detection by various companies have their own speeds...a company like kaspersky may be able to detect a virus soon and another company may detect it later or may not even at times detect one....and this time lag of detection is critical to all users!!!!!a second of compromise is enough on your PC with loads of bytes to upload in a matter of a seconds!!!
Comments invited!!!!
AVG : Czech Republic
Kaspersky : Russia
Avast : Czech Republic
Norton Symantec : U.S
Avira : Germany
E-Set : Slovakia
F-Secure : Finland
McAfee : U.S
MSE(Microsoft Software Essentials) : U.S
Panda :Spain
2. Sadly we see,there are no Indian companies in this short list.Besides these,if we get specific to India we can quote two companies viz : Quick-heal and K7 Computing..well....that's not the point that I am here to share....the thing to note here is that all these leading companies have got a affiliation with some other country and none is Indian.So when we blindly load a antivirus or a internet security suite in our systems just on faith and word of mouth publicity from peers and friends...are we doing the right thing ? Do we know what is running in the background ? In the name of uploading our dumps what actually goes to their servers? What information does it contain?How does that company identify a virus or a malware?what's the logic that finds a virus?...all these questions are critical because this all is happening in our own machines.....but most of us hardly bother about all this...coz we have faith!!! :-)...and also because there are no standards existing for defining a QR for a antivirus....there is none to cross check what's being cooked?
3. Besides having a question mark on the privacy issues...lets think about the logic being applied or the signatures being released to thwart the known threats....but do we know that more then the known virus list it is the ZERO DAY threats that are getting serious by the day....off-course few bright companies are trying to check that by working on behavioral aspects of a virus or a suspected file...but that has it's set of constraints and is often limited in detecting....so whats the solution.....i recommend using all trial versions for a month each of all leading companies that will pass your one year and then format your windows PC and then start again.....a cheap...crude method of using the best without spending a penny!!!!!!!!!!!!
4. By the way,just for info...virus detection by various companies have their own speeds...a company like kaspersky may be able to detect a virus soon and another company may detect it later or may not even at times detect one....and this time lag of detection is critical to all users!!!!!a second of compromise is enough on your PC with loads of bytes to upload in a matter of a seconds!!!
Comments invited!!!!
Wednesday, November 02, 2011
DUQU's MICROSOFT LINK!!!
1. While as on date the security and anti virus teams and experts across the globe are racing to find and unlock the details on DUQU,some useful information on the subject bug has been released by Microsoft,which says that hackers exploited a previously unknown bug in its Windows operating system to infect computers with the Duqu virus."We are working diligently to address this issue and will release a security update for customers," Microsoft said.But on the other hand the odds are that Microsoft won't patch the Windows kernel bug next week that the Duqu remote-access Trojan exploits to plant itself on targeted PCs.
2. Meanwhile,Symantec researchers said they consider hackers sent the virus to targeted victims via emails with infected Microsoft Word documents attached. If a recipient opened the Word document and infected the PC, the attacker could take control of the machine and reach into an organization's network to propagate itself and hunt for data, Symantec researcher Kevin Haley told Reuters.
Monday, October 31, 2011
SOME MORE ON DUQU
Some more good info and FAQs on DUQU.....AT
http://www.secureworks.com/research/threats/duqu/
http://www.secureworks.com/research/threats/duqu/
Sunday, October 30, 2011
DUQU : FROM THE GEN STUXNET????
1. Do u remember the gr8 STUXNET...who hit the cyber theatres about a year back?....i call it gr8 since that was the first piece of trojan which the experts called with words like marvelous,the world's first 'open source weapon'.....the code which shocked the experts...though it was meant to target Siemens industrial software and equipment running Microsoft Windows....but the percentage affected was enough to do the early damage and show the trailor of what can come ahead....now comes another in the offering which Researchers from Symantec say is likely written by the same authors and based on the same code.This is known as DUQU.....also coming to be known as “Son of Stuxnet” and a “precursor to a future Stuxnet-like attack.”
2. But another analyses by security researchers from Dell suggest Duqu and Stuxnet may not be closely related after all. That’s not to say Duqu isn’t serious, as attacks have been reported in Sudan and Iran. But Duqu may be an entirely new breed, with an ultimate objective that is still unknown.“Both Duqu and Stuxnet are highly complex programs with multiple components,” Dell says. “All of the similarities from a software point of view are in the ‘injection’ component implemented by the kernel driver. The ultimate payloads of Duqu and Stuxnet are significantly different and unrelated.
3. The security vendor Bitdefender has also cast doubt on the supposed Duqu/Stuxnet link in its Malwarecity blog. “We believe that the team behind the Duqu incident are not related to the ones that released Stuxnet in 2010, for a number of reasons,” BitDefender’s Bogdan Botezatu writes. While a rootkit driver used in Duqu is similar to one identified in Stuxnet, that doesn’t mean it’s based on the Stuxnet source code.
4. Now till date,DUQU was reportedly seen infecting machines in and around IRAN......but now the Symantec version reported is that a server machine in aamchi Mumbai is effected by this new VIRUS!!!!!!!Indian authorities seized computer equipment from a data center in Mumbai as part of an investigation into the Duqu malicious software that some security experts warned could be the next big cyber threat. Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu.
5. So DUQU is here in INDIA.......and I m sure with the high percentage of pirated software users in India....we r the most vulnerable to such kinds of threat.....be updated...buy genuine....keep taking updates to avoid being EXPLOITED by EXPLOITS..................
6. Thanks http://arstechnica.com
Monday, June 13, 2011
SYMANTEC SPOTS ONE INTERESTING E-MAIL CAMPAIGN
1. A fresh spam outbreak has been detected online that's drawing attention widely and effects users with e-mails laced with malicious software. Reportedly, there's one web-link embedded in the spam messages supposedly providing details, while the same messages try to pull down a .zip file attachment.The interesting aspect regarding the new spam mail relates to the inclusion of a password that the recipient earlier used.Now if I see a passowrd which at one point of my cyber surfing I had used it is bound to stirr up doubts of it being actually genuine.Once i donwload this zip file ,the eventual aim is achieved ie downloading the inevitably malware.
2. Reportedly, the malware as mentioned above has been identified as Trojan.Zbot or Zeus a Trojan which tries to grab secret data after compromising an end-user's PC. Further, it may take down updates and configuration files online, according to Symantec.
3. Additionally the e-mail ids and their corresponding passwords within the above unsolicited electronic mails, arrive from one prominent social gaming website, known internationally and currently being most widespread inside Asia.
4. Hence, Symantec advises all those who think they've fallen prey to compromised accounts to scan their PCs with an AV program followed with resetting all vital passwords, particularly online banking passwords. Additionally, they must also keep a watch over their accounts should they suspect any fraudulent operation.
5. Thanks http://www.spamfighter.com
Subscribe to:
Posts (Atom)
