One of the things which was noted in the most recent Compatibility List updates was that Enterprise Vault now co-exists and works with Exchange 2010 SP 3. This was an update from Microsoft which, as well as fixing many issues, allows co-existence of Exchange 2010 and Exchange 2013 in the same Exchange organisation. So the fact that Enterprise Vault now works in this same environment is great. 

It's worth noting that the support/certification matrix includes a small caveat around the running of the Enterprise Vault Throttling Script. This is the script which releases the throttling that Exchange imposes on a regular 'user'. It's necessary because the Vault Service Account needs to act in a way as a 'super user' and not have limits imposed on it relating to connections to Exchange and so on.

The article describing the issue with the throttling policy is: www.symantec.com/docs/TECH205513

最近、Microsoft Windows XP 上では動作しないバックドア型のトロイの木馬プログラム（Backdoor.Trojanとして検出されます）が確認されました。今回はこの脅威について、なかでもマルウェア作成者がこのトロイの木馬の機能に組み込んだ特殊なテクニックについて詳しく報告しようと思います。このマルウェアを標的型攻撃で使うために設計されたと思われるテクニックです。

fseek 関数

この脅威で作成者は fseek 関数を使っています。通常はデータ処理に使われる関数なので、これは異例なことです。たとえば、ファイルの先頭から 100 バイトのデータを読み込むプログラムでは、fseek 関数のプロセスを使って 100 バイトを移動します。

図 1.マルウェアで使われている fseek コードのテクニック

ところが、今回見つかったマルウェアには、ループで連続する 3 つの関数が存在します。

1. 別の文字列に文字列を追加する（strcat）。
2. ファイルの末尾から 0 バイトを移動する（fseek）。
3. 文字列をトークンに分割する（strtok）。

通常、コードは fseek 関数の後でデータを読み書きしますが、このマルウェアの場合にはそのプロセスが発生していません。このような関数がループで記述されているのも奇妙です。

このコードをさらに詳しく見てみると、fseek 関数はファイルハンドルに NULL ポインタを指定して動作していることがわかります。つまり、制御するファイルがないということです。fseek 関数が存在しないファイルを制御するため、このマルウェアは Windows XP 上で実行されるとクラッシュします。

図 2. Windows XP 上で実行されるとマルウェアがクラッシュする

同じファイルを Windows Vista 以降で実行すると、正常に動作します。では、Windows XP と Vista 以降の Windows では何が違うのでしょうか。

Microsoft Visual Studio 2005 以降の MSDN ライブラリによれば、fseek 関数は次のように説明されています。

「streamが null ポインタの場合、または originが次に説明するいずれの値でもない場合、「パラメータの検証」に説明されているように、fseekおよび _fseeki64は無効なパラメータ ハンドラを呼び出します。実行の継続が許可された場合、これらの関数は errnoを EINVALに設定し、-1 を返します。」

しかし、Microsoft Visual Studio .NET 2003 の MSDN ライブラリには、この説明がありません。

以上のことから、NULL ポインタを指定したファイルハンドルをパラメータとして渡されたときの fseek コードの動作が変更されたのだと考えられます。マルウェア作成者は、この変更を意図的に利用して、Windows XP 上では動作しないプログラムを作成したのです。

Windows XP は、2013 年 3 月の時点でもオペレーティングシステム市場において 40% を若干下回る程度のシェアを保っています。Windows XP で動作しないプログラムを作成したら、大量のコンピュータに感染させる絶好のチャンスを逃していることになります。とすれば、わざわざそのようなマルウェアを作成した理由はどこにあるのでしょうか。

Windows XP で動作しない理由

1 つ考えられるのは、マルウェアの真の動作がサンドボックスで明らかにされるのを回避しようと試みている可能性です。インターネット上で見つかった 8 つの自動脅威解析システムにサンプルファイルを送信してみたところ、どのシステムでもサンプルファイルの動作はログに記録されませんでした。これは、fseek 関数によるテクニックの後で悪質なコードが見つかったためと考えられます。サンプルのテストに使われるサンドボックスが Windows Vista など、Windows XP よりも新しいオペレーティングシステムで実行されている場合、マルウェアの動作が記録されない可能性があります（セキュリティ企業が自動の脅威解析システムを利用してマルウェアを解析する方法について詳しくは、以前のブログを参照してください）。

有害あるいは破壊的な活動を実行することなく密かに動作するマルウェアは、長期にわたってコンピュータへの侵入を続けることができるので、マルウェア作成者にとってそのメリットは無視できません。

バックドア型のトロイの木馬プログラムは通常、オペレーティングシステムや CPU のクロック数、インストールされているウイルス対策ソフトウェアを調べますが、今回のマルウェアは、以下の情報も収集する点で独特です。

• 侵入先のコンピュータに無線ネットワークカードが搭載されているかどうか
• シンクロナス DRAM、キャッシュ DRAM、3DRAM、SDRAM など、ダイナミックランダムアクセスメモリ（DRAM）のタイプ
• BIOS のメーカー設定、シリアル番号、バージョン
• プリンタのキャプション
• バッテリの詳細とデバイス ID

通常、マルウェア作成者はコンピュータ上のバッテリのことまで考えたりしません。ところが、今回のマルウェアの作成者は明らかに、標的企業に強い関心を示しているようです。

まとめ

このブログの執筆時点で、シマンテックの大口のお客様からこのマルウェアのサンプルが集まったのはわずかに 2 例だけで、大規模な感染は記録されていません。

これまでの解析結果から言えるのは、このマルウェアは標的型攻撃に使われ、作成者は、標的企業のコンピュータで Windows Vista 以降が使われていることを知りつつ、Windows XP では動作しないマルウェアでネットワークへの感染を試みたということです。

標的企業の管理者が、疑わしいファイルの不審な動作に気付き、自動の脅威解析システムでそのファイルをテストしたとしても、テスト段階で悪質な活動は見られず、管理者もこのファイルの本当の動作については何もわからなかった可能性があります。

シマンテックは、今回ご報告した悪質なコードとそのテクニックを引き続き監視していく予定です。疑わしいプログラムは実行しないようにして、オペレーティングシステムやウイルス対策ソフトウェアを最新の状態に保つことをお勧めします。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

きたる 4 月 30 日火曜日、午前 9:00（太平洋標準時）（日本時間の 5 月 1 日水曜日午前 1:00）より、シマンテックセキュリティレスポンスの専門家 Kevin Haley と Paul Wood による Twitter 討論会が開催されます（ハッシュタグは #ISTR）。テーマは、最新の『インターネットセキュリティ脅威レポート』第 18 号（英語）で焦点を当てられている主な傾向についてです。ぜひご参加ください。

今回の『インターネットセキュリティ脅威レポート』では、2012 年にシマンテックが確認した主な脅威の傾向を取り上げ、個人情報や重要な知的財産にアクセスしようとするサイバースパイ活動が著しく増加していること、そしてこうした情報窃盗犯罪の手口がどのように変遷しつつあるかを明らかにしています。2012 年に標的型攻撃が最も増えたカテゴリは、従業員数 250 人未満の企業であり、標的型攻撃の総数のうち 31 パーセントを占めています。2011 年と比べると 3 倍にも達したことになります。

ハッシュタグ #ISTRの Twitter 討論会を今すぐカレンダーに追加し、サイバー犯罪者が企業の知的財産を狙う最新の手口と攻撃経路についての議論にぜひご参加ください。

テーマ: 『インターネットセキュリティ脅威レポート』第 18 号 - データが教えてくれるもの

日付: 2013 年 4 月 30 日火曜日（日本時間 5 月 1 日）

時刻: 午前 9:00（太平洋標準時）（日本時間午前 1:00）より

時間: 1 時間

サイト: Twitter.com。ハッシュタグ #ISTRをフォローしてください。

討論に参加する専門家:

• シマンテックセキュリティレスポンス担当ディレクター、Kevin Haley（@kphaley）
• サイバーセキュリティインテリジェンス担当マネージャー、Paul Wood（@paulowoody）

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

シマンテックは、URL のトップレベルドメイン（TLD）に .pw が含まれるスパムメッセージの増加を確認しています。元々はパラオを表す国別コードトップレベルドメインでしたが、現在は Directi 社を通じて、「Professional Web」を意味するドメインとして誰でも利用できます。
 

図 1. TLD が .pw のスパムメッセージが急増
 

まず過去 90 日間の状況を見てみると、.pw は TLD 別の分布リストで 16 位でした。
 

図 2. 過去 90 日間の TLD 別の分布リスト
 

ところが、直近の 7 日間を見ると、.pw を含む URL が 4 位に急上昇しています。
 

図 3. 過去 7 日間の TLD 別の分布リスト
 

Global Intelligence Network で見つかったメッセージを調べたところ、URL に .pw を含むスパムメッセージの大多数は一撃離脱タイプのスパム（「かんじきスパム」とも呼ばれます）であることが判明しました。

.pw を含む URL スパムについて、過去 2 日間の上位 10 件の件名は以下のとおりです。

• 件名: How to sell your Timeshare（タイムシェアを売る方法）
• 件名: Reusable K Cup for Keurig or single-brew coffee maker（キューリグのシングルカップコーヒーメーカー用、再利用可能な K-Cup）
• 件名: Reusable single-brew coffee cup you can fill with your coffee blend.（再利用可能なシングルブリューコーヒーカップで、自分だけのブレンドを）
• 件名: Are your home possessions covered in case of a  catastrophe?（大災害のそのとき、あなたの家の保障は大丈夫?）
• 件名: Elmo's Learning Adventure Gift Package（エルモの学習アドベンチャーギフトパック）
• 件名: Make Learning Fun - With Elmo & the Sesame Street Gang!（お勉強が楽しくなる - エルモとセサミストリートの仲間たちが一緒!）
• 件名: Are your appliances and home systems covered?（電化製品やホームシステムは保障されていますか?）
• 件名: Refinance Today, Save Tomorrow（今すぐ借り換え、明日のために）
• 件名: Nothing is more EFFECTIVE for High Blood Pressure（高血圧に最高の効果）
• 件名: Mortgage Rates（住宅ローン金利）

図 4. .pw を含むスパムメッセージの例
 

シマンテックでは、引き続きこの傾向を監視し、こういった攻撃を絞り込むためのフィルタの作成を続ける予定です。また、企業や個人ユーザーの皆さまは、シマンテックインテリジェンスレポートに掲載されている基本的なセキュリティ対策（ベストプラクティス）を実施するようお勧めします。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

寄稿: Avhdoot Patil

フィッシング詐欺の世界では最近も変わらず、サッカーが大人気のようです。2012 年にも、サッカーを利用したさまざまなフィッシング攻撃が確認されましたが、フィッシング詐欺師は早くも 2014 年の FIFA ワールドカップに熱い視線を注ぎ、有名選手やサッカークラブを狙っています。リオネル・メッシ選手のファンを狙った詐欺や、FC バルセロナを利用した詐欺は、そういったフィッシングの一例です。たくさんのファンが付いている有名選手を利用すれば、標的も膨大な数にのぼり、結果的に個人情報を収集できるチャンスも大きくなることを詐欺師は知っています。2013 年 4 月にもこの傾向は続き、同じようなフィッシング詐欺の手口が横行しています。今回のフィッシングサイトは、フランスにある無料の Web ホスティングサイトを利用していました。

このフィッシングサイトでは Facebook のログイン情報を入力するよう要求します。ページにはリオネル・メッシ選手、FC バルセロナ、あるいはクリスティアーノ・ロナウド選手が目立つようにデザインされています。フィッシングページには彼らの画像が掲載され、いずれかの正規の Facebook ページであるかのような印象を与えます。なかには、「first social networking site in the world（世界で最初のソーシャルネットワークサイト）」というタイトルの偽サイトまでありました。ユーザーは、Facebook ページにアクセスするために Facebook のログイン情報を入力するよう求められます。ログイン情報を入力すると、ログインが有効であると思い込ませるようにリオネル・メッシ選手、FC バルセロナ、またはクリスティアーノ・ロナウド選手の正規のコミュニティページにリダイレクトされます。この手口に乗ってログイン情報を入力したユーザーは、個人情報を盗まれ、なりすまし犯罪に使われてしまいます。
 

図 1.リオネル・メッシ選手の画像が掲載された偽の Facebook ページ
 

図 2. FC バルセロナの画像が掲載された偽の Facebook ページ
 

図 3.クリスティアーノ・ロナウド選手の画像が掲載された偽の Facebook ページ
 

インターネットを利用する場合は、フィッシング攻撃を防ぐためにできる限りの対策を講じることを推奨します。

• 電子メールメッセージの中の疑わしいリンクはクリックしない。
• 電子メールに返信するときに個人情報を記述しない。
• ポップアップページやポップアップ画面に個人情報を入力しない。
• 個人情報や口座情報を入力する際には、鍵マーク、「https」の文字、緑色のアドレスバーなどが使われていることを確かめ、その Web サイトが SSL で暗号化されていることを確認する。
• ノートン インターネットセキュリティやノートン 360 など、フィッシング詐欺およびソーシャルネットワーク詐欺から保護する統合セキュリティソフトウェアを使う。
• 電子メールで送られてきたリンクや、ソーシャルネットワークに掲載されているリンクがどんなに魅力的でも不用意にクリックしない。
• 偽の Web サイトや電子メールを見かけたら報告する（Facebook の場合、フィッシング報告の送信先は phish@fb.com）。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Hey everyone, we're attending VMworld this year and we've got the most awesome story to tell you about our own real-life software-defined datacenter.

The Symantec internal IT team uses our own stuff to provision complete environments - yes, networks, servers, applications, configured on the fly - for deployment on demand to any of Symantec's global users. If you want to see it and hear from the guys who built it, vote us up here:

http://ow.ly/kz6Qj Symantec IT’s Real-World Experience with a VMware Software-Defined Data Center 

There are other great sessions to see too. Exercise your right! Demand the topics you want to hear!

• http://ow.ly/kz5h9 Session 5851 with @AbdulRasheed127 & 5449 with @BackupMikko
• http://ow.ly/kz5Ce 4745 – Crowd-sourcing your cloud’s content – never go stale again!
• http://ow.ly/kz5Rr 5600 – Maximize Private Cloud ROI w/Extreme Efficiencies of Scale
• http://ow.ly/kz65A 5639 – Driving #Symantec Strategic vCD Story – Step By Step
• http://ow.ly/kz6ri 5675 – Implementing 1 of the World's Largest VMware vCloud Director Environments
• http://ow.ly/kz6Ib 5688 – Partner Security Service Orchestration in the Software Defined Data Center
• http://ow.ly/kz6Y5 5807 – Partner Security Service Orchestration with NSX
• http://ow.ly/kz7b3 VMware Backups that Work w/@AbdulRasheed127

And in case you missed it, check out the recent Google Hangout with the Backup Exec Appliance team here.

Hello all,

We are putting together the content for the panel discussion on migrating from ITMS 6x to ITMS 7x, and we would like your feedback. Please put any questions you would want answered or any migration related topics you would like to see covered in the comment section below. If you have any questions, please reach out to me at jon_eyre@symantec.com.

Thanks!

Jon Eyre
User Group Program Manager

There has been a lot of discussion of late around Apple's reported push towards flatter designs. Others, such as Microsoft are already said to be bucking this trend with it's Window's Phone metro design, along with Facebook and it's new 'f' icon design.

Designs with more 3-D and life-like appeal have been popular for some time. Such designs were highly popularized by Apple for their skeuomorphic qualities. This approach added more realism, richness, and familiarity to design elements and helped bridge the gap between the physical and virtual worlds for users.

The trend and chatter now seems to be revolving around the antiquity of this approach and suggests that it is potentially not meeting the needs of today's modern users. For instance, younger users might not be familiar with some of the real-world metaphors commonly used such as a rolodex, and highly stylized, multi-dimensional elements might be overly complex for today's mobile needs.

Either way, the push for a flatter design direction is an indication of evolving esthetics, needs, and demands by users. Flat designs would introduce a more streamlined and contemporary feel; it would help reduce elements to their core elements thereby eliminating any unnecessary visual detail; and it could aid in making downloads faster especially on mobile platforms.

While a flat design might suggest basic and unimaginative, flatter doesn't have to mean less visually appealing. Interfaces can still be clean, colorful, and have some dimensionality and layers yet still appear elegant and lightweight.

Perhaps, it is time to move the design needle forward to simple and modern yet effective designs which are a reflection of our busy lives and need for quick and easy access.

In today’s connected world, many of us are members of at least one, if not more, social networking services. The influence and reach of social media enterprises, such as Facebook (more than 600M active users per month) and Twitter (more than 140M active users), is staggering and as communications tools they offer a global reach delivering almost instantaneous communications to huge multinational audiences. Social media is attractive for hacktivists because it is a forum for people on the Internet and where big discussions take place. Hijack a forum like this and you have an effective soapbox to get your message across. Hardly a day passes without news of another high profile breach by hacktivists and social media influencers are in the crosshairs. Are social media and hacktivism two ideas that are made for each other? Let's explore some thoughts and ideas and you can make up your own mind.

Two sides of social media

The ability of social media to spread news quickly is powerful, and obviously, has great potential for positive use but, like many things in life, it also has potential to be abused. In the case of the recent tragic events in Boston, the tweets started almost immediately and helped keep people informed and also warned people away from the area. Many of the tweets came from “citizen journalists” who were actually on the ground as the events unfolded and were able to describe first-hand what they witnessed. Even in the aftermath of that event, social media played a major part in helping to track down the suspects behind the tragic event. Law enforcement issued a general plea for information and the public gladly did what they could by publishing information, pictures, and videos of the event on the public forums provided by social media sites. Law enforcement was able to utilize this information available to put the pieces together.

The downside of this highly visible means of public participation when looking for suspects in a highly charged situation, such as this, is that individuals may be wrongly accused. This is exactly what happened on certain social media sites where, notably, the Reddit service drew the most criticism. On their site users took the role not only of citizen journalist, but as citizen investigator too. Users began to look at the details and photos posted on the site and pieced together their own—and, as it turned out, incorrect—conclusions on the matter. False information and allegations began to circulate and took on a life of their own.

Power of social media

The business of news is all about influencing people and social media provides a large audience to be influenced. Influence is such a fundamental concept in social media that there are even services which attempt to measure how much influence a user has in the social media space. Services, such as Klout, are designed to address how much influence a user has by using algorithms to measure a person’s “clout,” reflected by a number between 1 and 100, with a higher score indicates a higher level of influence.

The news industry has long recognized the power of social media, not only for influencing people but also for gathering information. Today, just about all news outlets have a social media presence to receive and broadcast news to interested audiences. Twitter is the default choice to quickly get information out there. The 140 character limit on tweets forces users to be succinct and focus on main points when communicating. Since many Twitter users use the service on their mobile device and people generally have their mobile device near them all day, information can quickly reach people and be shared again (retweeted) propagating throughout the service's user population (“going viral”).

Indeed, services like Twitter reach mass audiences and in turn hold a strong level of influence. Then when trusted media brands enter the social media space, their power of influence and reach is further magnified. We have seen how big news stories often drive follow-up events. Major disasters or terrorist acts have an immediate impact on stock markets. For example, the stock market crashed immediately following the September 11 attacks in 2001—and that happened before the advent of modern day social media services. Recently it was reckoned that the next market crash will be tweeted and given the role social media now plays in society there is no reason to doubt that. What is to stop criminals from perpetrating "pump and dump" stock market fraud by spreading market-moving rumors in social media which cause wild movements in stock prices? This is particularly true as professional trading systems are now even designed to “read” news headlines and react to news autonomously.

Hacktivism and social media

Hacktivism is a modern-day evolution of traditional activism brought about by a confluence of technology, politics, and people power. While traditional activism still has its place, activist activity is increasingly being conducted online. There are likely a myriad of reasons why this is the case but one thing is for sure, activists have caught on to the powers of social media and the Internet as tools to further their cause. Many of them actively use Twitter to communicate and coordinate worldwide activities.

Ultimately, hacktivists aim to draw attention to their causes which, naturally, makes big influencers their biggest targets. With so much power and influence under the control of trusted brand’s social media accounts it is not too difficult to see that hacktivists would try compromise these accounts and leverage some of the influence for themselves. We have all heard of various celebrity, politician, and corporate social media accounts being hacked, bogus messages being sent, and much of it relatively harmless. But what if a highly influential account is hacked and a plausible but fake message about some disaster or terrorist attack is broadcast to a nation? The possibility for causing panic and disruption is clear. Unfortunately, this type of activity is set to be become an increasingly common phenomenon.

While much of the hacktivists’ attention is focused on the perceived injustices of governments and big business, along with global issues, they also zone in on local issues too.

How are attackers getting in?

In recent months, there has been an increase of hacktivism activity. This activity is largely focused on hacking into legitimate social media service accounts and defacing them or posting false messages. In general, these social media accounts are protected only by password based authentication. The only thing that stands between an attacker and your loyal base of social media followers is a short series of characters. While in some cases, passwords may be guessed due to a bad choice of passwords, there are other ways in which an attacker could get at the password and gain access. It has been proven that people are often the weakest link in many security systems, so it makes sense to exploit this weakness through social engineering. In recent attacks of this type, attackers gained access by sending phishing emails that, at their core, just asked the user for the login details, but disguised the request to make it look legitimate. For example, phishing emails may present users with a link and ask them to log in using the link to verify their account, but in reality their password is being stolen. Attacks of this type have been tried and tested, and found to be effective.

Another way in is to exploit weaknesses in the lost password feature. The feature is not only convenient for users, but also for mischief makers too. There are a plethora of implementations for handling lost user passwords. Some will just ask the user to specify an email address and it will send a new password. Other types will ask a security question, but often times the security questions themselves are insecure, and ask where the user was born or where they went to school. This type of information can be obtained relatively easily on the Internet. Couple this with password reuse and users who do not change their passwords frequently and it is easy to see that there is an opportunity for attack here.

No silver bullet

The Internet and the social media services enabled by it are truly revolutionary, but many of them are built in such a way that enables anonymous and irresponsible messaging. For example, when a person signs up for a social media account, they are asked for personal details during the sign process, but how many people actually provide real names and contact details when signing up for these accounts? There may be legitimate reasons for providing false information, particularly in the light of all the data breaches into large and well known websites in recent times, but the ability to access these services without being traceable makes them ripe for abuse. It’s interesting to consider whether people would be as inclined to carry out malicious activities on the Web if they knew they could be easily traced and held accountable for their actions.

Given the potential influence behind the brands who own social media accounts, the question for legitimate account owners and social media service providers is: shouldn’t the protection of these accounts be of the highest priority? We are all waking up to the risks posed but unfortunately, there is no single silver bullet that can stop all misuse. Responsibility for account protection is a shared one. The social media industry could do more to help protect against misuse and unauthorized access, but at the same time, account owners could do more too.

Social media service provider’s role

Social media sites could ensure that if account login attempts fail repeatedly, further attempts are either delayed by temporary suspensions to slow down brute force attempts or have the account locked and notification sent to the owner. Some services even track the list of IP addresses used to access the service and will notify the owner if a new IP is used to access the service, which could indicate a possible breach of the account.

Social media service providers can help by implementing improved security around authentication and authorization, and more secure storage and handling of personal information. Many websites are increasingly turning to two factor authentication (2FA) to increase account login security. This is a welcome and necessary measure, but they could potentially do more. How about requiring two factor authorization before messages can be sent? This could help prevent unauthorized messages from being sent, even if the main account password was compromised.

Service providers could also introduce tiered accounts with different access levels; this would be particularly useful for business users on social media. Not everybody in a business needs to be able to send messages, so the ability to manage user access controls would be beneficial. HootSuite is an example of a service that offers granular user access controls for managing social media accounts and may be a helpful add-on service for business users. Subscriber and follower management is another feature area that could be explored. Google had an interesting idea with the concept of circles, which allows for selective sharing of information, and goes some way towards addressing this. When you boil it down, the problem is this: accounts in most social networking sites are designed around a person, who is unlikely to need or want different access control levels for their own account, and not a brand or a company. This situation makes the current mapping of requirements between a commercial or brand entity and a personal social media user account a somewhat uncomfortable fit.

User’s role

Users can help matters by being better educated against social engineering attacks, equipping themselves with good quality protection software, and practicing better security hygiene such as better choice and handling of passwords. For example, according to a recent report by Ofcom (UK communications industry regulator), over half of the adults in the UK use the same password across multiple websites. This statistic is very likely mirrored in other parts of the world and is not encouraging at all from a security standpoint. Users of social media would be well advised to beef up on their security awareness training because technology only represents a small part of the solution to this problem.

As some commentators say, it’s a bit of a wild west in the social media space right now, freedom of speech and civil liberties is hugely important, but so is the responsibility that comes with it. Back to my original question: Are social media and hacktivism made for each other? Of course that is not true, both can exist quite happily without the other. Social media was not created to be a platform for hacktivism and it would be beneficial if hacktivism was not carried out through it. However, social media does amplify the power of hacktivism and because of that, it represents a highly effective and attractive avenue for hacktivists to carry out their activities.

A question which is asked more and more often is how to export an archive back to the original mailbox (or PST) and remove the items from the archive in the process.  It's quite straight forward to do inside the Export Archive wizard. The only thing to remember is that you have choose specific options, as shown below:

If you just choose the 'Export all Items' option, then unfortunately you don't get the option to remove the items from the archive itself. So to get around this you choose to export everything from root ('\') and you can then remove the items from the archive.

In this video, Antelope Valley Hospital CIO Humberto Quintar discusses the reasons his organization selected Symantec NetBackup, including support for both physical & virtual environments, faster, more granular backup and recovery, improved staff productivity, and reduced costs. Check out the video here: http://bit.ly/YRe0gh    

Transported to a more secure environment

Virtual private networks (VPNs) are a real boon when it comes to reducing the cost of business communication, while at the same time extending secure remote access to teleworkers, travellers and mobile professionals. But deploying and managing a secure VPN can be challenging, to say the least. So, what are your options, if you want to be really safe?

Transport Layer Security (TLS) – successor to Secure Sockets Layer (SSL) – should certainly be high in your thoughts. For those not too familiar with the technology, this is a point-to-point communication encryption mechanism that can be used in a variety of applications for securing traffic (HTTPS, SMTPS, POP3S etc). A TLS-based VPN enables otherwise non-encrypted traffic to travel down an encrypted path. The upshot is the safeguarding of sensitive data on websites, intranets and extranets.

A VPN can be configured to only route secure traffic, destined for the remote site, down the VPN; or the remote site can act as a gateway for the local workstation, thus encrypting all traffic between that workstation and the VPN router. Like other VPN technologies, a TLS-based VPN will encapsulate the underlying data into TLS-encrypted packets. This means that you can have VPN packets which are TLS-encrypted HTTP packets – the VPN acting as a lower level in the OSI model stack.

That’s what’s happening inside. What about the view from the outside, where the reputation and success of your business is measured by the trust your customers place in the security of their online transactions? Naturally, this faith is something you will always want to ensure is beyond rebuke. To that end, SSL/TLS has been the key to trust on the Internet for more than a decade and will continue to be so when it comes to providing the highest levels of protection against evolving cyber security threats. While TLS 1.2 is not yet enabled for all web platforms and programs, there is little doubt that it represents the transport layer of a more secure future.

This is where Symantec’s Website Security Solutions (WSS) can help, combined with a top-notch VPN vendor. And the measure of their effectiveness?  100%  of Fortune 500 companies employ Symantec’s SSL certificates within their businesses. So they have been put through the hottest part of the fire, in some of the most demanding and highly trafficked environments.

Symantec’s SSL suite uses a military-grade data center infrastructure – scalable and robust, and averages  over 4.7 billion SSL/TLS validations a day. And that’s an awful lot of hits! All this with zero downtime in more than eight years.

And while the technology is sophisticated the goal is simple: To make the internet safer to transact business – for you and your customers. TLS is one part of the puzzle; for an additional factor of security for your VPN you could consider a 2 factor authentication solution such as Symantec Validation and ID protection that enables companies to secure access to networks and applications while preventing access by malicious unauthorised attackers.

Putting modesty firmly to one side for a moment, there is no more trusted marque than the Norton Secured Seal. Protecting the things we value most in life is something on which none of us ever wants to compromise. Doubtless the same principles extend to the reputation and security of your business. Symantec’s solutions can help to ensure that both remain beyond reproach.

For more information on how security can help grow your online business download our free whitepaper now

Sécurisez Vos Communications En Ligne

Les réseaux privés virtuels (VPN) représentent la solution idéale pour garantir un accès sécurisé et économique aux télétravailleurs et autres collaborateurs mobiles de l’entreprise. Mais voilà, le déploiement et la gestion d’un VPN sécurisé peuvent s’avérer pour le moins complexes. Heureusement, des solutions existent. État des lieux.

Le protocole TLS (Transport Layer Security) – qui succède aux certificats SSL (Secure Sockets Layer) – constitue sans aucun doute l’une des meilleures solutions. Pour ceux qui connaissent mal cette technologie, il s’agit d’un mécanisme de cryptage des communications point à point sous de nombreux protocoles (HTTPS, SMTPS, POP3S, etc.). Un VPN TLS permet à des échanges autrement non cryptés d'emprunter un canal sécurisé. Résultat : vos données sensibles sont protégées sur vos sites Web, intranets et extranets.

Un VPN peut être configuré de manière à transmettre des communications sécurisées vers le site distant, en aval du VPN. Le site distant peut aussi servir de passerelle. L’intégralité du trafic entre le poste de travail local et le routeur VPN est alors cryptée. Un VPN TLS encapsule les données sous-jacentes dans des paquets cryptés selon le protocole TLS. En d’autres termes, des paquets VPN pourront être des paquets HTTP cryptés en TLS – le VPN agissant comme une couche inférieure du modèle OSI.

Au terme de ce bref aperçu des rouages du dispositif, peut-être vous demandez-vous ce qu’il en est vu de l’extérieur, là où la confiance de vos clients décide de la réputation et de la réussite de votre entreprise. Tout naturellement, vous souhaitez garantir une protection de tous les instants aux visiteurs de vos sites Web. Dans cette optique, et face à des cybermenaces en constante évolution, la technologie SSL/TLS s’est imposée comme la pierre angulaire de la protection et de la confiance des internautes depuis plus de 10 ans, et ce pour encore longtemps. Le TLS 1.2 ne peut pas encore être utilisé avec tous les platforms web et tous les programmes, mais il se traite, sans doute, du protocole TLS du future.

C’est à ce niveau que Symantec Website Security Solutions (WSS), combinés avec les TLS d’excellente qualité,intervient. Aujourd’hui, 100 % des entreprises du Fortune 500 font appel à Symantec. Nos produits de sécurisation des sites Web ont donc largement fait leurs preuves dans des environnements aussi exigeants que fréquentés.

La gamme Symantec SSL repose sur une infrastructure évolutive et fiable.En moyenne, nos services de validation SSL traitent 4,7 milliards de hits par jour, le tout sans interruption de service depuis plus de 8 ans. Ça n’est pas rien !

Même si la technologie sous-jacente s’avère élaborée, l’objectif reste simple : sécuriser les transactions en ligne, pour vous comme pour vos clients. À cet égard, le protocole TLS ne constitue bien entendu qu’une pierre de l’édifice. Pour renforcer encore davantage la protection de votre VPN, vous pourriez notamment adopter Symantec Validation and ID Protection (VIP), une solution d’authentification à deux facteurs qui permet aux entreprises de sécuriser l'accès à leurs réseaux et à leurs applications contre d'éventuelles intrusions.

Toute modestie à part, il n’existe aucune marque de confiance plus reconnue que le sceau Norton Secured. Or, lorsqu’il s’agit de protéger nos biens les plus précieux, personne n’est enclin aux compromis. Il en va sans aucun doute de même pour la réputation et la sécurité de votre entreprise. Là encore, les solutions Symantec vous aident à rester exempt de tout reproche.

Pour découvrir comment un dispositif de sécurité efficace peut vous aider à développer votre activité en ligne, téléchargez gratuitement notre document technique

Schützen Sie den Datenverkehr in Ihrer Umgebung mit TLS

Virtuelle private Netzwerke (VPN) sind eine hervorragende Lösung, wenn Sie die Kommunikationskosten Ihres Unternehmens senken und Telearbeitern, Mitarbeitern auf Geschäftsreise und mobilen Nutzern dennoch sicheren Fernzugriff bieten möchten. Die Bereitstellung und Verwaltung eines wirklich sicheren VPN sind jedoch, gelinde gesagt, eine Herausforderung. Wie lässt sie sich bewältigen?

An erster Stelle ist das Protokoll Transport Layer Security (TLS) zu nennen, der Nachfolger von Secure Sockets Layer (SSL). Dieses Punkt-zu-Punkt-Verschlüsselungsverfahren kann zur sicheren Datenübertragung in zahlreichen verschiedenen Anwendungsfällen genutzt werden, darunter HTTPS, SMTPS und POP3S. Ein TLS-basiertes VPN ermöglicht die verschlüsselte Übertragung normalerweise unverschlüsselter Daten. So können vertrauliche Daten auf Websites, in Intra- und Extranets geschützt werden.

Ein VPN kann so konfiguriert werden, dass es den Netzwerkverkehr sicher an seinen Bestimmungsort, normalerweise eine Remote-Site, weiterleitet. Die Remote-Site kann aber auch als Gateway für eine lokale Workstation konfiguriert werden, so dass der gesamte Netzwerkverkehr zwischen der Workstation und dem VPN-Router verschlüsselt wird. Eine TLS-basierte VPN schließt alle zu übertragenden Daten in mit TLS verschlüsselte Pakete ein. Das heißt, Ihre VPN-Pakete werden beispielsweise zu TLS-verschlüsselten HTTP-Paketen; das VPN übernimmt also die Funktion einer der unteren Schichten des OSI-Modells.

All das spielt sich im Inneren ab. Wie erscheint es jedoch von außen, wo der gute Ruf und der Erfolg Ihres Unternehmens von dem Vertrauen abhängen, das Kunden in die Sicherheit ihrer Online-Transaktionen haben? Dieses Vertrauen möchten Sie natürlich gewinnen. Seit über zehn Jahren ist SSL/TLS eine der wichtigsten Maßnahmen zum Aufbau von Vertrauen und zum Schutz vor immer neuen Bedrohungen im Internet. Daran wird sich auch in Zukunft nichts ändern.

TLS 1.2 ist noch nicht mit allen Webplattformen und Programmen kompatibel, aber es handelt sich hierbei zweifellos um das TLS der sichereren Zukunft.

Hier kommen Symantec Website Security Solutions (WSS), kombiniert mit erstklassigen TLS, ins Spiel.. Dass sämtliche Fortune 500-Unternehmen Symantec-Lösungen einsetzen, zeugt von deren absoluter Zuverlässigkeit: Sie haben sich in einigen der brenzligsten Situationen, schwierigsten Umgebungen und meistgenutzten Netzwerke der Geschäftswelt bewährt.

Die SSL-Suite von Symantec beruht auf einer skalierbaren und robusten Infrastruktur - im Internet. Die SSL-Validierungsdienste von Symantec bearbeiten durchschnittlich 4,7 Milliarden Anfragen pro Tag. Angesichts dieser Anfragenflut ist es ein eindrucksvolles Ergebnis, dass der letzte Ausfall dieser Dienste nun schon über acht Jahre zurückliegt.

Diese hochmoderne Technik dient einem ganz einfachen Zweck: Sie soll die Abwicklung von Geschäftstransaktionen über das Internet für Sie und Ihre Kunden sicherer machen. TLS ist ein Teil der Lösung. Wenn Sie Ihr VPN darüber hinaus absichern möchten, sollten Sie eine Lösung für die Zweifaktoren-Authentifizierung in Betracht ziehen, beispielsweise den Symantec Validation and ID Protection Service. Dieser ermöglicht autorisierten Benutzern den sicheren Zugriff auf Unternehmensnetzwerke und -anwendungen. Unbefugten, wie beispielsweise Hackern, wird der Zugriff verwehrt.

Zum Abschluss sollte ich trotz aller Bescheidenheit erwähnen, dass keine andere Vertrauensmarke im Internet so viel Vertrauen genießt wie das Norton Secured-Siegel. Niemand möchte beim Schutz der wirklich wichtigen Dinge Kompromisse eingehen. Zweifellos zählen hierzu der gute Ruf und die Sicherheit Ihres Unternehmens. Mit Symantec-Lösungen können Sie sicherstellen, dass beide tadellos bleiben.

Weitere Informationen darüber, wie Sicherheitslösungen das Wachstum Ihres Online-Geschäfts fördern können, finden Sie in unserer kostenlosen Zukunftsstudie.

Ponga rumbo a tierras más seguras con el protocolo TLS

Las redes privadas virtuales (VPN) son de gran ayuda para las empresas que desean abaratar la comunicación empresarial y, al mismo tiempo, facilitar el acceso seguro a los datos a quienes necesitan consultarlos desde fuera de la oficina (por ejemplo, teletrabajadores y empleados que viajan con frecuencia o de forma ocasional). Sin embargo, implantar y gestionar una VPN segura no es tarea fácil, así que hay que elegir muy bien el sistema de protección.

El protocolo TLS (Transport Layer Security), sucesor del certificado SSL (Secure Sockets Layer) es una de las mejores alternativas. Para quienes no lo conozcan bien, se trata de un tipo de cifrado de comunicaciones punto a punto que se utiliza en multitud de aplicaciones destinadas a proteger el tráfico (HTTPS, SMTPS o POP3S, entre otras). Básicamente, una red privada virtual basada en TLS hace que el tráfico se transmita a través de una ruta cifrada pese a no haberse cifrado en su origen, lo cual tiene la ventaja de proteger los datos confidenciales alojados en sitios web, intranets y extranets.

Existen dos posibilidades: que la red privada virtual se configure para direccionar únicamente el tráfico seguro destinado a un sitio remoto, o bien que el sitio remoto haga de pasarela de la estación de trabajo local, en cuyo caso cifrará todo el tráfico entre la estación de trabajo y el router de la VPN. Una VPN basada en el protocolo TLS encapsula los datos en paquetes cifrados mediante TLS, esto permite que los paquetes que se transmiten a través de una VPN sean paquetes HTTP cifrados mediante TLS (la VPN sería la capa inferior del modelo OSI).

Eso es lo que sucede en el interior. Desde fuera, lo que importa es lo seguros que se sientan sus clientes al realizar transacciones en su sitio web, ya que de ello dependen la reputación y el éxito de su empresa. Hay que disipar hasta el más mínimo atisbo de desconfianza, y esto es lo que consigue el protocolo SSL/TLS, pilar de la confianza en Internet desde hace más de una década. En adelante, su cometido seguirá siendo el mismo: ofrecer una protección intachable frente a las amenazas que acechan en Internet, que evolucionan constantemente.

Symantec Website Security Solutions (WSS) es sumamente útil en este sentido. Los datos son ilustrativos: el 100 % de las empresas de la lista Fortune 500, que siempre están en el punto de mira de los atacantes y registran un tráfico muy intenso, utilizan soluciones de Symantec.

Los productos de Symantec basados en la tecnología SSL utilizan una infraestructura sólida y escalable similar a la del sistema de nombres de dominio (DNS) de Internet. Y los servicios de validación SSL de Symantec, que procesan una media de 4700 millones de peticiones al día, llevan más de ocho años funcionando de manera ininterrumpida.

Aunque la tecnología es compleja, el objetivo es sencillo: lograr que las transacciones en Internet sean más seguras para usted y para sus clientes. El protocolo TLS es solo una pieza del puzle. Si quiere una VPN aún más segura, quizá le interese una solución de autenticación de dos factores como el servicio Symantec Validation and ID Protection (VIP), pensado para que las empresas garanticen el acceso seguro a sus redes y aplicaciones y, al mismo tiempo, eviten la entrada de quienes pretenden atacarlas.

Aunque pequemos de inmodestia recordándolo, el sello Norton Secured es, de lejos, el distintivo que más confianza inspira en Internet. Nadie se anda con medias tintas a la hora de proteger lo que más valora en la vida; pues lo mismo debería suceder con la reputación y la seguridad de su empresa. Con las soluciones de Symantec, ni una ni otra correrán peligro.

For more information on how security can help grow your online business download our free whitepaper nowMejorar la seguridad le ayudará a impulsar el crecimiento de su negocio en Internet. Descargue nuestro libro blanco gratuito para informarse.

User Facing: Desktop

• Added a "My Notifications" link to the Account menu.
• Updated private message notifications to include the title of the private message in the email subject line.
• Added the ability for authors of Official Symantec Blogs to enable moderation on comments posted to their blogs.
• Enhanced the parent/child group functionality to: (1) allow a child group to have different privacy settings than the parent group; and (2) allow the hiding of child groups from users who are not members of the parent group.
• Improved the reward points transaction logs by adding better descriptions of (and hyperlinks to) the activities the user performed to earn the points.
• Fixed an issue with an "updated" label being displayed on "new" posts.
• Fixed an issue with Videos from the recent Vision conference not playing on Connect.

Admin Facing

• Added the ability for our Group Admins to see the groups a Connect user has joined by viewing the user's profile page.
• Fixed an issue with group membership requests not being delivered to all admins of the target groups.

Last time on Data Center Down, Crash detailed the meeting of several IT “Super Friends” at the 3rd Annual Red Hat Partner Conference, held in January.

Let’s first take a moment to tip our own hats to two Focus Partners who took home awards: Emergent, LLC, was named Partner of the Year for demonstrating the highest level of commitment to Red Hat through their engagement and investments. DLT Solutions was honored as Public Sector Virtualization Partner of the Year for collaborating to create exceptional growth in the virtualization ecosystem.

Now that I’ve acquainted you with my data architecture allies, I’d like to introduce the Lex Luthor of our realm: Storage.

If you’ve ever struggled to integrate paths across physical and virtual environments, suffered from downtime while upgrading applications, or lost data during migration, then you might agree. But it doesn't have to be this way.

Dynamic Multi-Pathing: a friend with benefits

Rebuilding data infrastructure from the ground up is like dating a high-maintenance server (or woman, if you’re into that sort of thing). She eats up your time, burns holes in your checkbook and robs you of your power to accomplish any task not related to her. She wants to be exclusive, but perhaps this is the time in your life to play the field.

Enter Veritas Dynamic Multi-Pathing solution from Symantec. Able to exploit any storage across physical and virtual environments, Symantec gives you the freedom to choose and combine storage options based on your needs.

It offers rolling updates, allowing for upgrades without any application downtime. Your storage is optimized through deduplication, thin reclamation and compression, all of which you can monitor thanks to load-balancing, real-time input/output and performance graphs. Plus, you can add new storage instantly or migrate to storage without impacting end-users, no matter the distance.

Case study

Does it sound too good to be true? Well, if Veritas Cluster File System could destroy the proverbial Kyptonite for a major U.S. government agency, it could certainly do the same for your business.

This organization faced frequent downtime due to intense I/O. They had 36.5 days of downtime per year on average! At $6 million per day of downtime this was a very expensive affair.  With Veritas Cluster File System from Symantec, we helped them move from a single server setup to a high-performing highly-available clustered server environment. We also setup a separate disaster recovery site 600 miles away from their primary site and enabled data replication across the two sites. We helped them achieve 99.999% uptime with the new setup. The projected cost savings due to the huge improvement in uptime? $219 million per year!

That concludes this episode of Justice League.

According to the 2013 Verizon Breach Report data breaches affect organizations of all sizes, across all sectors with 92 percent of them attributable to outsiders and 14 percent committed by insiders.  What are your top security concerns? We want to hear from you! Answer 7 questions and receive a personalized scorecard with recommended next steps: https://scm.symantec.com/critical-system-protection-survey/en/

Look forward to your responses. 

Thanks for reading!
Neelum 

Whitelisting has been a buzzword used in the industry for the past 18 months or so, and is seen by some as a Panacea to beat Malware spreading within organisations and control threats inside your environment. Indeed, some of Symantec’s products use Whitelisting as an additional method of controlling software behaviour and limiting the applications that employees can or cannot use.

Whitelisting generally involves a process of learning exactly which applications, operating system components and hardware drivers are installed on a server or workstation, collating that information centrally, and then allowing an administrator to approve or deny the use of these tools.

Once this process has initially completed, enforcement of this list of applications is then applied to the target machines. Theoretically, this has given control back to the organisation in relation to what software is allowed to run on the corporate computers.

The flaw here comes from a few factors. Firstly, who exactly is approving these applications to run? Is it an administrator? Is it a member of IT security? Frequently it is neither of those roles, but given to someone in a support function who may not be au fait with every threat, vulnerability and exploit that companies are facing every day. Whomever this person is, your security posture now relies on this person to approve and deny applications to run on corporate computers. Will this person stand up to the MD or VP who wants his new Tablet software synchronising with his laptop NOW? What scans do they run or checks to they perform on the applications requested to be approved? Little or none in my experience, I have even seen this role given to a junior IT intern because it was seen as a thankless task to approve and deny application requests all day long. In fact beyond a quick Google search and maybe a virus scan, applications are rarely fully tested or verified.  Some of the Whitelisting tools associate a reputational score to the application, giving an indication if this is a known good or bad application. This process has failed many times before and even been utilised in 2013 by Malware writers to spread their own “trusted” code within organisations.

The next flaw in this process comes down to the fact that Operating System components are trusted by default. I cannot stress highly enough that this is a bad idea. If a desktop PC was compromised by a Java attack, or an internet Browser vulnerability, such as found in vulnerability testing tools like Metasploit, the first thing an attacker will do is try and access operating system components such as the command prompt (cmd.exe) to do their nefarious business. If cmd.exe is trusted to execute without restriction, say goodbye to any chance of preventing an attack. We have recently seen malware such as Shamoon, Stuxnet and Korplug manipulate existing files that live on every Windows operating system to devastating effect as part of their attack. Nothing can be trusted in my opinion.

However, Whitelisting or Application Whitelisting as it is sometimes described is in no way a substitute for products that place zero reliance on trust when it comes to server security. Policy based security has been around for over 10 years now, and uses the principle of Least Privilege Access Control (LPAC). LPAC works intelligently to only allow an application, service, daemon or Kernel process exactly the right access to relevant resources on a server. Those resources might be the file system, network access, host memory, device or critical configuration file of the operating system itself.

Now this is the important part; there is often a large “gap” between the resources and privileges requested by an application, and those resources and privileges it actually needs to execute correctly and safely. This “gap” is what hackers and cyber criminals look to exploit. LPAC products, such as Symantec’s Critical System Protection, close these gaps to ensure that the system is safe and reliable. Unfortunately not all software developers code with security in the forefront of their minds, hence why these gaps appear. If we substituted the word “gap” for “vulnerability” in that last sentence, would we get your attention more?

The LPAC approach is almost the direct opposite to Whitelisting. It says “we do not trust any user, application, service or operating system component, if that element starts to behave suspiciously”. In this way, policies can be simply applied to a server to make it impenetrable to insider or external attack without having to intently look at which application is running, profile the server or learn what applications are in use day to day.

This approach is looked upon favourably by Compliance and Risk analysts and Auditors alike. The LPAC approach even allows you to remove full administrator or root privileges from your staff, thereby reducing the threats from insider attack or from well-meaning “misconfiguration” of servers.  

Symantec Critical System Protection (SCSP) has been tested at Black Hat for the past two years and has defeated dozens of skilled industry professionals and Hackers alike in their attempts to locate hidden “flags” and critical documents on a server due to the capability of locking down a server and preventing malware from exploiting vulnerabilities in operating systems and applications.  

In summary I would say that Whitelisting as a feature is powerful only when used in conjunction with other complimentary security technologies such as Sandboxing, Policy based Security, network Firewalls and Advanced Memory Protection tools. Symantec Critical System Protection uses Application whitelisting features when protecting retail EPOS systems, cash machines (a.k.a ATM’s) and Industrial control systems in SCADA environments where security of the highest level is required. SCSP trusts no-one, and that is a good thing.

For that past several days, Symantec has observed an increase in spam messages containing hexadecimal obfuscated URLs. Hexadecimal character codes are simply the hexadecimal number to letter representation for the ASCII character set. To a computer, hexadecimal is just one out of the many systems for address expressions on the Internet.

The following samples are different hexadecimal representations for http://www.symantec.com.

Hexadecimal only:

http://www.

symantec.co&#x006d

Hexadecimal and ASCII characters:   

(“http” and “com” are in ASCII characters and the rest of the URL is in hexadecimal)

http://www.sym

antec.com 

(“http://www” is in hexadecimal and the rest of the URL is in ASCII characters)

http://www.symantec.com

Symantec has observed several hexadecimal URL obfuscation techniques used by spammers.
 

Figure 1. Spam email using hexadecimal URL obfuscation techniques
 

Figure 2. Source code of spam email (Figure 1.) using hexadecimal URL obfuscation techniques
 

Hexadecimal URL obfuscation is not a new spamming technique. The technique is used to evade anti-spam filters because anti-spam engines are sensitive to every single character in a message body. With the recent spike in hexadecimal spam volumes, Symantec will continue to monitor these attacks and will react accordingly.