Garman Technical Services

Web Attack Ahead of Tax Season

Patrick Garman — Tue, 07 Feb 2012 16:50:00 +0000

At 3 AM, on February 6, 2012, Symantec Security Response observed spam carrying malicious links which target the upcoming tax season. The spam volume spiked between 6 AM and 1 PM, identifying over 200 unique URLs which lead to a Blackhole toolkit.

Purchases From This Super Bowl Sale Will Not Take You Anywhere

Patrick Garman — Sat, 04 Feb 2012 14:15:00 +0000

You may not need pills to watch the super bowl but spammers feel that this definitely is an occasion to do so! The most exciting annual championship of the NFL - the Super Bowl XLVI – starts tomorrow. And as expected, spammers are playing a different ball game with the crazy Super Bowl fans.

Spam related to Super Bowl can be spotted with the subject listed below:

Server-side Polymorphic Android Applications

Patrick Garman — Wed, 01 Feb 2012 17:53:00 +0000

Phony ICC Promotion Award

Patrick Garman — Tue, 31 Jan 2012 19:13:00 +0000

Nothing can more enticing than to be chosen for some free goodies—be it mementos, a cash prize, or a ticket to watch a game. It gets even more interesting if you are from a cricket crazy continent and suddenly, out of the blue, you receive an email saying that you are “the chosen one”!

An Update on Android.Counterclank

Patrick Garman — Mon, 30 Jan 2012 17:45:00 +0000

Last week, we posted a blog informing Android users of the discovery of new versions of Android.Tonclank, which we have named Android.Counterclank.

Email with Malicious HTML Attachments

Patrick Garman — Mon, 30 Jan 2012 14:08:00 +0000

Malware is often embedded in email as compressed attachments (such as .zip, .rar, etc.). Recently, however, Symantec has noticed an increase in malicious email attacks with .htm (HTML) attachments.

Here is what the message looks like in your inbox:

MIDI exploit in the wild

Patrick Garman — Fri, 27 Jan 2012 07:06:00 +0000

Symantec Security Response is aware of in-the-wild malware exploiting the Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Buffer Overflow Vulnerability (BID 51292).

Android.Counterclank Found in Official Android Market

Patrick Garman — Fri, 27 Jan 2012 06:49:00 +0000

Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank.

Indian Movie "Bodyguard" Featured in Phishing

Patrick Garman — Thu, 26 Jan 2012 18:13:00 +0000

Co-Author: Avdhoot Patil

Insight into Sykipot Operations

Patrick Garman — Thu, 26 Jan 2012 06:33:00 +0000

The Sykipot campaign has been persistent in the past few months targeting various industries, the majority of which belong to the defense industry. Each campaign is marked with a unique identifier comprised of a few letters followed by a date hard-coded within the Sykipot Trojan itself.