シマンテックは、「モノのインターネット」を狙う目的で設計されたと思われる新しい Linux ワームを発見しました。このワームは、従来のコンピュータだけでなく、さまざまな種類の小型のインターネット対応デバイスも攻撃する機能を備えています。家庭用ルーター、セットトップボックス、防犯カメラといったデバイスに通常搭載されているチップアーキテクチャごとに亜種が存在します。このようなデバイスへの攻撃はまだ確認されていないものの、その危険性があることに多くのユーザーは気付いていません。これは、自分が所有するデバイス上で Linux が稼働していることを知らないためです。

ワーム Linux.Darllozは、PHP の脆弱性を悪用して自身を拡散します。ここで利用されているのは、「PHP の「php-cgi」に存在する情報漏えいの脆弱性」（CVE-2012-1823）で、2012 年 5 月にはパッチが公開されている古い脆弱性です。攻撃者は最近、2013 年 10 月末に公開された概念実証（PoC）コードに基づいてこのワームを作成したようです。

Linux.Darlloz は、実行されるとランダムに IP アドレスを生成し、よく使われている ID とパスワードの組み合わせでデバイス上の特定のパスにアクセスして、HTTP POST 要求を送信します。これが脆弱性を悪用しています。標的にパッチが適用されていない場合には、悪質なサーバーからワームをダウンロードして次の標的を探します。現在、このワームは Intel x86 系システムにしか感染しないようです。というのは、悪用コードのダウンロード URL が、Intel アーキテクチャ用の ELF バイナリにハードコード化されているからです。

Linux は、最もよく知られているオープンソース OS で、各種のアーキテクチャに移植されています。Intel ベースのコンピュータに限らず各種の CPU を搭載した小型デバイス、たとえば家庭用ルーターやセットトップボックス、防犯カメラから、産業用制御システムなどでも稼働しています。デバイスによっては、Apache Web サーバーや PHP サーバーなど、設定や監視に使う Web ベースのユーザーインターフェースも用意されています。

シマンテックは、この攻撃者が、同じサーバー上で ARM、PPC、MIPS、MIPSEL など Intel 以外のアーキテクチャ用の亜種をすでにホストしていることも確認しています。

図. ELF ヘッダーの "e_machine" 値を見ると、このワームが ARM アーキテクチャ用であることがわかる

これらのアーキテクチャのほとんどは、前述したようなデバイスで使われています。攻撃者は、Linux が稼働している各種のデバイスに攻撃範囲を広げることで、感染の可能性を最大限に拡大しようと試みているようですが、PC 以外のデバイスに対する攻撃はまだ確認されていません。

組み込みのオペレーティングシステムとソフトウェアを使うデバイスの製造元では、ユーザーに確認することなく製品を設定しているので、事態が複雑になっています。多くのユーザーは、家庭やオフィスで脆弱なデバイスを使っているとは認識していません。デバイスの脆弱性を仮にユーザーが認識していたとしても、製品によっては製造元から更新版が提供されないという別の問題もあります。これは、デバイスのメモリが不足していたり CPU が低速すぎたりして新しいバージョンのソフトウェアをサポートできないなど、旧式の技術やハードウェアの制限が原因となります。

Linux.Darlloz への感染を防ぐために、以下の処理を実行することをお勧めします。

1. ネットワークに接続されているすべてのデバイスを確認する。
2. デバイスのソフトウェアを最新のバージョンに更新する。
3. デバイスで使用できる場合には、セキュリティソフトウェアを更新する。
4. デバイスに強力なパスワードを設定する。
5. 以下のパスに対する着信 HTTP POST 要求が不要な場合には、ゲートウェイまたは各デバイスで遮断する。

• -/cgi-bin/php
• -/cgi-bin/php5
• -/cgi-bin/php-cgi
• -/cgi-bin/php.cgi
• -/cgi-bin/php4

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

スイスで、ある裁判官が、ソーシャルネットワークに投稿したコメントについて罰金の支払いを若者に命じる判決がありました。報道によると、この若者はソーシャルネットワーク上の 290 人の友人から自分の誕生日に届いたお祝いのコメントが足りないと感じたと言います。若者が投稿したコメントは、ざっと翻訳するとこんな内容でした。「誰も僕の誕生日を祝ってくれないんだな（中略）みんな、ぶっ殺してやる。今さら後悔しても、もう手遅れだよ。バーン、バーン、バーン」若者は後から、このコメントはただの嫌みのつもりで殺人の意図はなかったと釈明しましたが、裁判官はこのコメントにユーモアを認めず罰金の支払いを命じました。

これは、最近頻繁に起きている偽の脅迫的な投稿のほんの一例にすぎません。なかには、「Facebook で脅迫的な内容」を投稿したとしてテキサス州の 10 代の若者が禁固 5 カ月の判決を受けたように、もっと重い処罰を受けた例もあります。脅迫と受け取られかねないコメントは、たちまち地元当局の目にとまって手痛い結果をもたらす可能性があります。

ウインクの顔文字を付けたところで、冗談だという意図を示すには足りないということを忘れないでください。司法当局は脅迫を冗談とは見なさず、顔文字は通用しません。写真でもコメントでも、ソーシャルネットワークに投稿する前には十分に考慮することが肝心です。

ソーシャルネットワーク上のコンテンツは、またたく間に広まります。たとえば今年の初めにも、人気のスマートフォンアプリに関するデマメールが飛び交いました。デマにはいくつものパターンがありましたが、あるメッセージはコンピュータで生成された音声で「Send this message in the next 20 minutes to 20 friends or you will be dead by tomorrow.（20 分以内に 20 人の友人にこのメッセージを転送せよ。さもないと明日までの命だ）」と告げるものでした。通常であれば、これほど露骨であれば、受信したユーザーは誰も相手にせずメッセージを削除して終わるはずでした。ところが、このとき使われたのは 10 代に非常に人気のあるインスタントメッセージサービスだったため、多くの学生が怖がり、心配して次々とメッセージを転送したのです。ドイツではこのデマが山火事のように広まり、あまりに多くの未成年者の間に広がったため、このデマメールについて警察が警告を始めたほどです。

どのような内容でも、オンラインに投稿する場合にはその影響を考えることが重要です。きわどい冗談は本物の脅迫と受け取られかねないと心得るべきでしょう。投稿内容について自信がない場合には、常に控え目にしておく（あるいは可愛いネコの写真を投稿する）ほうが無難です。もちろん、自信がないのなら、そもそも投稿しないに越したことはありません。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Exchange 2013 CU3 was released 4 days ago (25th Nov) and we are working our way through our standard certification and compatibility testing. Our standard certification guidelines state that we will certify within 60-90 days from the day of release. I expect that we will certify CU3 quicker and so look out for updates to this blog for the most up to date information.

I have just released version 9 of Zero Day Patch with a couple of interesting features that I am going to detail here.

/exclude-on-fail

What is interesting here is not necessarily this new switch, but rather the work that went on to create it. In effect I started from a few customer reported problems: if ZeroDayPatch encounters a problem during the staging (for example not all files can be downloaded) or during the policy creation (the process is choosen as a deadlock victim) then ZeroDayPatch would simply terminate, causing the expected output to be delayed until the next scheduled run.

In order to avoid such problem I decided to catch exceptions around the critical paths (when we stage the bulletin or create the policy) and retry. At first I planned on retrying download and policy creations steps 4 times and exllude the bulletin on failure.

However during the test phase I noticed that the bulletin staging process already retires when a patch cannot be download, with a 180 seconds delay. So retrying a process that already retries with delay didn't make sense and I reverted to skip the bulletin on exception.

For the policy creation retrying up to 3 times still made sense, but as for the stagging excluding the bulletin seemed to be too harsh so I decided to make the feature option.

/retarget

This new feature comes from one of my customer needs. They are using ZeroDayPatch every month to create the new policies. The new policies are created with a monthly target until they reach maturity (2 month) at which point they are retargeted to a global target (so any computers with the Software Update Agent will always receive applicable updates older than 2 month - whilst the other will be receive depending on the current test cycle and local admin own schedules).

So instead of manually editing all the existing policies to switch the target I thought I'd add the command line switch to simplify operations and reduce the Patch Admin chores.

7.1 and 7.5 builds

Also note that I now attach the 7.1 and 7.5 build to the main download page [1]. Both builds are running the very same code, with only a change in the Altiris.PatchManagementCode.Web.dll references.

It is no secret to those who know me that I have become very interested in the coming together of IT (something that I know about) and Social Science (something that I don’t…. yet).

For those of you that are not familiar with the Social Sciences as a field of expertise, they comprise a number of disciplines (the well known ones being Psychology, Criminology, Politics and Sociology) and their goal is to try to make sense of how society is made, broken and repaired.

Why is this relevant to us in IT? Well, the Harvard Business School and many of the world’s leading technology movers and shakers are very concerned about a shortage of skills in the industry that span technology (“how do we create and manage data?”) with social science (“what does the data mean once we have it ?”).

The topic of Big Data, of course, is the driver of this concern about a skills gap. It’s all very well having access to a lot of data but who is going to tell us what insight that data provides? In my meetings with our customers and partners, I am frequently witnessing an “empty chair” in the room. The business would like to make some kind of strategic decision, it feels like IT should have the data somewhere but it’s the person not sitting in that empty chair that would bring the human (social) element of the equation to the mix.

Only yesterday, I met with a CTO from a prominent central government department who was hugely excited about what combining his huge data repository with social media could provide to his organization in terms of insight. In this particular case, the social sciences of Criminology and Sociology needed to contribute.  This CTO was right on the edge of doing something truly remarkable for his organization but did not have the skills to follow through.

So, who are these mystical professionals that can start to solve this problem and fill the skills gap? Well, Harvard call them “Data Scientists” and, from where Harvard are sitting, these individuals will have the sexiest jobs in IT in the coming few years.

Symantec have already recognized the importance of the IT/Social Science blend (as have many other tech. companies). One small example of this might be me. I am a CTO working in a Marketing organization that has sponsored my further education in Social Science. I’ll be posting updates as I embarked with many others in the industry on this new adventure in my career!

On November 27, Microsoft issued a security advisory regarding the recent discovery of a zero-day vulnerability in a kernel component of Windows XP and Windows Server 2003. The advisory states that the Microsoft Windows Kernel 'NDProxy.sys' Local Privilege Escalation Vulnerability (CVE-2013-5065) can allow an attacker to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers.

Symantec is aware of the attacks attempting to exploit the vulnerability and confirms the attacks have been active since the beginning of November. The attack arrives as a malicious PDF file with file names such as syria15.10.pdf or Note_№107-41D.pdf, likely by an email attachment, although there is a possibility that targeted users are being enticed to download the malicious file from a website prepared by the attacker.

Upon successful exploitation of the vulnerability, another malicious file, observed since mid-October, is dropped onto the compromised computer which Symantec detects as Trojan.Wipbot. This Trojan collects system information and connects to a command-and-control (C&C) server. Symantec telemetry is currently reporting a small number of detections for malicious PDFs in various countries including India, Australia, United States, Chile, Hungary, Germany, Norway, and Saudi Arabia.
 

Figure. Distribution of attacks exploiting the vulnerability
 

Symantec may also detect this attack as Trojan.Pidief and Suspicious.Cloud.7.F. The following antivirus detection and Intrusion Prevention System (IPS) signature has also been added to detect the exploit code and block any downloads:

• Bloodhound.Exploit.499
• Web Attack: Malicious PDF File Download 6

No patch is available for the Windows vulnerability, however, Microsoft has provided a workaround in its security advisory.

As always, we recommend computers be kept up to date with the latest software patches and to use the latest Symantec technologies and incorporate the latest Symantec consumer and enterprise solutions to best protect against attacks of this kind.

This Symantec Encryption Desktop howto covers the following topics:
-Download and install
-Reviewing Your Keys in SED
-Export Your Public Key
-Import Your Public Key
-Encrypt a file
-Decrypt a file

Manali is among the almost all exceptional hillside channels connected with Himachal Pradesh. It truly is a classic regal position in which holidaymakers acquire surprised. The nice organic beauty with the location create holidaymakers can feel rejuvenating. Visitors coming from each corner and crevices from the earth pay a visit to that wonderful spot to help to make their particular getaways pleasurable. Vacation goers benefit from the great and breezy surroundings with the location and help to make the trip amazing. Your attractive ambiances with the area get the guts involving people and create think almost like there're with bliss. Yearly the a lot of people look at the spot and help to make their own getaways appreciated forever time period. Vacationers right here examine variety of sights which are based from unique sites. A number of the extensively stopped at areas in this slope channels tend to be the following:

Rohtang Complete

Yearly many travelers go to through across the world to take pleasure from using near kinds. This exciting excellent skiing conditions prescribed a maximum Himalaya and gorgeous dynamics help to make tourists as being a baby. Since it's a paradise poker regarding experience buffs therefore in this article vacationers delight in a lot of exciting pursuits for instance hiking and snowboarding. Visitors delight in towards the fullest extent and accumulate many lovely thoughts.

Hadimba Devi Forehead

The particular reviving and rich eco-friendly attractiveness with this brow can make visitors experience surprising. This quiet and comforting mood on this brow produce tourists ignore their particular just about all sorrows and obtain contain from the practice things to do. Vacationers within this forehead take pleasure in within one more fashion and find spellbound.

Solang Pit

Solang Pit is just about the many genuinely giving sites connected with Manali wherever visitors once more get yourself a superb possiblity to delight in and still have huge exciting. A lot of the amazing activities of which tourists take pleasure in about tour to Manali tend to be paragliding, roller skating and zorbing.

Aside from these about three sites holidaymakers also can hangout with a few other points of interest on the spot. A lot of them usually are such as Manu Brow, Vashisht Bathrooms, Gadhan Thekchhokling Gompa, Naggar fort and Roerich memorial. Your search of most most of these areas could make visitors spellbound.

Manali tours travelers to relish awesome and look at the location all the time. Visitors can have entertaining with this great spot because of their shut types consequently a single need to prepare the vacation trips to assemble several excellent reminiscences. Visitors might take aid from Manali excursion bundles to find the suitable offer for vacation. Manali Tour Packages can be well-known amid fresh couples.

Article provided by :- Manali Tour Packages.

India is a big and one of the most diverse countries around the world. It has been the center of attraction for all kind of tourists since years. The country is known for its varied culture, diverse geographical situations, scenic hill towns, historical monuments, adventures tourist spots, soft and sandy beaches and romantic backwaters.

These are the only few attractions of the country. Apart from these, the country has much to explore and feel. In a single line, traveling in India is filled with the amazing fun and feelings. Let us have a look at some most striking options for holidaymakers in India.

For a first time visitor, the golden triangle circuit of the country is the most fantastic option. This tourist circuit provides a chance to visitors for exploring the heart of the country by including three most sought after cities, the national capital Delhi, city of the Taj Mahal – Agra, and the pink city – Jaipur.

On their golden triangle tours holidaymakers will get chance to visit various world famous historical monuments such as the Red Fort in Delhi, the Taj Mahal and the Agra Fort in Agra and the City Palace and the Amer Fort in Jaipur. Apart from these, attractions, they will enjoy delicious cuisines and warm hospitality in national capital Delhi, sightseeing of Mughal’s capital of India - Fatehpur Sikri nearby Agra and shopping at the colorful markets of Jaipur.

Rajasthan is another popular tourist spot of India. It is also one of most visited places in India by foreign travelers. The state is known for its sandy desert, historical monuments and wide range of wildlife species. 

There are hundreds of historical monuments scattered across the state. These monuments represent the golden area of the country. Apart from its historical monuments, Rajasthan tours are also preferred by wild life lovers. It has four national parts and fifteen wildlife sanctuaries. The Ranthambore National Park is the world-famous wild tourist destination nestled in this state about 130 km away from the state capital, Jaipur.  The park is considered as one of the finest destinations for tiger watching around the world.

There are much more to visit on India tours. Kerala beaches and backwaters, hill stations around the Himalayas and thousands of years old heritage temples in southern region of the country are some other popular attractions of India Tour Packages. For a full filled holiday, India is a promising destination. It has the world-class hospitality, amazing tourist attractions and beautiful people. On a well planned India trip you will enjoy your holidays at the fullest.

Article Provided by :- India Tour Packages.

Golden Triangle Excursion routine can be an amazing visit routine in India. It can be most widely used trip bundle in India regarding each home-based and worldwide visitors. The idea contains trip to three well-known towns of India - Delhi, Agra and Jaipur. These kind of locations are notable for the outstanding record & politics magnitude, enchanting honor and Golden story and more issues. There are various visitor interest web sites in these types of metropolitan areas. Why don't we discover a brief history, is important and found attraction these urban centers that has a hire car. These kinds of metropolitan areas can be found for a managing length of 6-7 hrs. That is why it really is a good idea to seek the services of a car to advance perfectly from town to be able to additional also to stroll inside location in order to examine different websites from the urban centers. Having a car hire you possibly can attain the vacation extremely easily and pleasantly.

You'll find deluges of car hire corporations. Many people allows you to check out almost all spots which come underneath Golden Triangle Travels routine nevertheless many of them will certainly only permit you to find an understanding. They're not going to enable you to check out just about every attractions with the spots simply because they use a benefit driven car hire enterprise. That they simply concentrate on the business enterprise facet and are also not really guests welcoming. To be able to examine almost all sights exactly you are able to seek the services of a car through Rajasthan dependent firms. Nearly all car hire of Rajasthan tend to be guests pleasant besides getting income focused. These people significantly fully grasp the value and experience of vacation and travel and leisure. These people allow his or her clientele discover just about all critical web sites from the particular metropolitan areas. car hire Rajasthan will assist you to create your current vacation really victorious and pleasurable.

Start off ones quest together with Delhi town expedition. Delhi may be the nationwide and politics funds of India. It's haven area regarding sightseeing, entertainment, consuming and purchasing. Delhi is quite full of traditional web sites, modern-day developing and modern day historical past web sites. Delhi presents just about all selection of circumstances to entertain and amuse vacationers. Jama Masjid, Reddish Fortification, Qutub Minar, Chandani Chowk, substantial stores, Akshardham Brow, Jantar Mantar, Lotus Forehead, Museums, for example are generally value viewing places in Delhi. You are unable to quit your self by praising every 4 corners of Delhi. The night time existence and delectable cuisines in the town is usually extensive. Staying funds location of India, it truly is generally frequented by simply persons coming from all point out. Therefore, traveller can discover a good combinations of social developments in Delhi.

Agra could be the town of Taj Mahal. This kind of area is quite popular and many often been to by means of overseas and every day visitors. Taj Mahal is extremely well-known and amazing monument. Every single traveller favors to travel to Agra at least one time in life time. Taj Mahal is really a extremely stunning formation of old years. It turned out internal memory space of Mumtaj Mahal, the favorite of Emperor Shah Jahan. For that reason, it's also deemed as token of "LOVE". That is probably the Several Magic of Ancient Planet. Check out Agra and obtain some sort of exceptional watch of Taj Mahal. Likewise check out additional fascination on the town.

Jaipur will be the investment capital area of Rajasthan. The item is among the original thought out locations of India. Most houses with the area happen to be developed and architected by the solitary builder. The majority of the houses are generally white in shade. So it's also referred to as Green Town. the popular destinations of Jaipur are generally Emerald Fortification, Jaigarh Fortification, Jantar, Mantar, Metropolis Building, Hawa Mahal, and so forth. Travelers may also get pleasure from hippo trip in Jaipur.

Hire a car or vehicle in from one car rentals in Rajasthan to explore|discover|investigate|check out|examine} the elegance of Rajasthan Tour Package. Go to the many three urban centers and vacationer magnet web sites for making the golden triangle tour unforgettable and pleasurable.

Article provided by :- Rajasthan Tour Package.

After a short but nice break (just two days without a computer) I am back to work looking forward to what week 49 has to offer.

I havea few things high on the list for this week:

• Duplicating problem with the Package Access Credntial store in Rollup v7 agent on fresh (Scripted or CD install) Windows 7
• Drill down into MS12-024, 12-025 ad 12-060 for which compliance as been steadily and surely erroding over te past month (we're down below the 90% mark)
• Research a problem with user access and database
• Check why the Patch Agent from rollup v7 is not installing on computers that are in the policy target (and the policy is scheduled to run every 2 hours on a 24 hours window).

Then there'll be te usual incoming events and working on cases.

Oh, one final point: we're about 1 week away from patch Tuesday. Which is just 4 weeks since the last one. And given we release updates to production ~ 1 week after Patch Tuesday this makes the November campaign the shortest I've followed since July.

The Christmas season is a time to loosen up a few strings.  The ‘how’ is obvious, and the ‘where’ is situated in your pocket.

Now that’s no joke. You draw your plans and fix your expenditure. After all, you know the frontiers of your funds. But, the one who values it the most after you is the one who pries on you! It’s amazing to see how easily they do it. All it takes is a little bit of greed, a little bit of fear and a little bit of urgency and you lose your resolutions.  It’s only moments after you have allowed yourself to be cheated that you feel the remorse. After all, you have struggled for months to build your bank account balance to spend for Christmas only to have it burgled in an instance. If this detour does not bring you goosebumps, a little analysis on one such phishing sample should do the needful.

The header of the phishing email reads:

Subject: [Brand name] is giving you a chance to shop for free!
From: "[Brand name] Card" [name]@[domain].com

Figure 1. A spam email about a Christmas Phishing attack

The mail seems to come from a reputed financial institution, allegedly doling out ‘free shopping vouchers’ for Christmas. The mail also adds a hyperlink, stating ‘Kindly Click here now’ for users to qualify for a shopping voucher, and informing them the offer is valid till 31st December, 2013.

The most interesting part is that the voucher will be sent to users after they validate the voucher. It means, users must click first to be eligible! Now, that would not require second thoughts but be wary before you do it. There are many fraudulent tricks doing the rounds this Christmas.

Be aware when dealing with every financial transaction, check for discrepancies, and be absolutely certain before you click any link mailed to you. Verify that the hyperlink embedded in the email truly belongs to the financial institution to make sure you are not being taken for a ride. Don’t forget to regularly change your password and keep them secret, strong and unpredictable.

Such offers seem enticing but can wield a scattering blow to your tote and no amount of lamenting thereafter will bring back your possession. While we make every effort to protect you from online illegal activities and phishing attacks, we encourage you to follow best security practices to avoid fraudulent misdemeanors.

Symantec wishes you a safe and merry Christmas.

11 月 27 日、Microsoft 社は Windows XP と Windows Server 2003 のカーネルコンポーネントにゼロデイ脆弱性が最近発見されたとして、セキュリティアドバイザリを公開しました。アドバイザリによると、Microsoft Windows カーネル 'NDProxy.sys' に存在するローカル特権昇格の脆弱性（CVE-2013-5065）により、攻撃者がカーネルレベルの特権を使って任意のコードを実行できる恐れがあります。攻撃者が脆弱性の悪用に成功すると、影響を受けるコンピュータは完全に危殆化してしまいます。

シマンテックは、この脆弱性を悪用しようとする攻撃を認識しており、11 月始めから攻撃が活発になっていることを確認しています。この攻撃では主に、syria15.10.pdf や Note_№107-41D.pdf といった名前の悪質な PDF ファイルが電子メールに添付されて送られてきます。また、攻撃者が用意した Web サイトから、標的のユーザーが騙されて悪質なファイルをダウンロードしてしまう場合もあります。

この脆弱性の悪用に成功すると、侵入先のコンピュータに別の悪質なファイルが投下されます。この悪質なファイルは 10 月中旬以降確認されており、シマンテックでは Trojan.Wipbotとして検出します。このトロイの木馬は、システム情報を収集し、コマンド & コントロール（C&C）サーバーに接続します。シマンテックの遠隔測定によると、現在、インド、オーストラリア、米国、チリ、ハンガリー、ドイツ、ノルウェイ、サウジアラビアなど、さまざまな国や地域で、悪質な PDF が少数ながらも検出されていることが報告されています。
 

図.この脆弱性を悪用する攻撃の分布図
 

シマンテック製品では、この攻撃を Trojan.Pidiefまたは Suspicious.Cloud.7.Fとして検出する場合もあります。また、悪用コードを検出してダウンロードを遮断するために、以下のウイルス対策定義と侵入防止システム（IPS）のシグネチャも追加されています。

• Bloodhound.Exploit.499
• Web Attack: Malicious PDF File Download 6

この Windows の脆弱性に対処するパッチはまだリリースされていませんが、Microsoft 社はセキュリティアドバイザリにおいて回避策を公開しています。

いつものように、最新のソフトウェアパッチを適用してコンピュータを最新の状態に保つことをお勧めします。また、このような攻撃から保護するために、シマンテックの最新技術をお使いいただき、シマンテックのコンシューマ向けまたはエンタープライズ向けの最新ソリューションを導入してください。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Updates deployed to the Connect production servers as a result of the code sprint that ended 26 November 2013.

User Facing: Desktop

• Fixed an issue with forum discussions becoming private when they were associated with a group.

Admin Facing

• Added the ability for blog administrators to display a list of featured authors.
• Added the ability for blog administrators to display a list of related Symantec blogs.
• Resolved an issue with private group content opening as public on the admin-facing edit form.
• Resolved an issue with the reporting server that was keeping admins from getting results when submitting requests for extra large reports.

Performance Wins

• Modified the analytics code that loads with Connect pages to be lighter and to load faster.

User Facing: Mobile

• Removed the voting widgets from forum comments in the mobile UI.

Behind the Scenes

• Added Omniture tracking code to the "Mark this as Spam" flag.

Word Salad, a workaround method invented by spammers to counter Bayesian spam filtering, is an old trick in the spammer’s manual, but cutting edge anti-spam filtering technology has made this ploy blunt.

As a form of Bayesian poisoning, Word Salad is an incongruous string of words. It uses words that are very legitimate and can be seen in any form of legit prose. From the perspective of Bayesian filtering, there is a large volume of legit data in emails which employs Word Salad. The word salad are often seen in the form of HTML, where nonsensical tags are used to break  URLs up so analysers will have a hard time tracking down the spammy URL. The latest trend in word salad is to add the most current keywords, like the hottest news or an upcoming event.

The demise of Paul Walker, the ‘Fast and Furious’ franchise star, in a fiery car accident on Saturday, is the latest example exploited by spammers. Within hours of this breaking news, Symantec observed snowshoe spam or hit-and-run attacks, using "PAUL WALKER" in Word Salad.  This topic is a highly searched topic at the moment, as his fans anxiously wait for his autopsy report. Earlier on, there was also fake news circulating claiming that Paul Walker has survived the crash.

Figure 1: An email body with the keyword "PAUL WALKER" using word salad.

The spam in discussion had no relevant ties to any news on Paul Walker, except for the Word Salad. The preview is that of a TV/Phone/Internet promo spam which has the headers below:

Subject: Cheap Cable-TV, Internet & Phone – Free Equipment, Premium Channels & Install

­­­From: ~CABLETVSpecialS* <[name]@[domain].com>

Figure 2. A preview of the spam

As we remember Paul Walker, we should also be reminded this is another example of how spammers don’t hesitate to manipulate various incidents in their bid to promote spam.

RIP Paul Walker.

Connect Users Receive A Great Deal on Symantec Vision Registration

Register for Symantec Vision 2014 Las Vegas and Receive $100 off your Registration Fee and 500 Symantec Connect Rewards Points.*

Registration Code: V14CONNECT*

May 5-8, 2014

Caeser's Palace, Las Vegas, Nevada

Register Here

*Logistical Note: You must have a Connect account (free) to receive Connect reward points. If you do not have a Connect account, you can register here. Connect reward points will be awarded shortly after the Vision event and you must attend the Vision event to receive the Connect rewards points. (Points are not awarded immediately upon registration.) You must register for Vision using the code listed on this page (V14CONNECT) and you must use the same email address as you use on Symantec Connect to receive rewards points. Registration code is good only for new registrations (not valid if you've already registered) and cannot be combined with any other code.