This week, fans of the Denver Broncos and Seattle Seahawks have been tweeting in anticipation of Super Bowl XLVIII, but many have been subjected to a torrent of spam from Twitter bots. Fans of pop star Miley Cyrus have also been plagued with an identical spam campaign using targeted keywords.

Last summer, we published a blog about a similar campaign that focused on the BET Awards and fans of Justin Bieber, One Direction, and Rihanna. The latest campaign follows the same blueprint with improvements.

The scam starts with Twitter users tweeting specific keywords which are monitored by spam bots on the service. The keywords could be about the Super Bowl, the Broncos, Seahawks, or individual players on the team, such as Denver Broncos quarterback Peyton Manning or Seattle Seahawks cornerback Richard Sherman. In the case of Miley Cyrus, mentions of her full name or her first name alone may receive a response from spam bots.

The response is a tweet with an attached photo that shows the targeted users’ Twitter handle in an effort to personalize the message.

Figure 1. Twitter spam bot replies using photo attachments that claim to offer prizes related to the NFL or Miley Cyrus

These spam bots do not tweet links or include links in their Twitter profiles’ biography section. Instead, they rely on users to manually type the URL found in the picture that was tweeted to them. This is an adaptive measure to ensure that antispam filters do not flag their accounts.

Figure 2. Scam websites ask users to verify Twitter usernames

Both of the sites that were mentioned in the photos follow the same template. The sites first request a user’s Twitter username, claiming that they need to check the username to confirm eligibility. After that, the site requests the user’s personal information, such as their full name, home and email address. and phone number.

Figure 3. Users asked to participate in a survey and download mobile apps

Before a user can proceed, the supposed sponsors claim that the user needs to complete a “special offer” in order to have a chance to win the prize. Typically, this leads to a survey, but since this scam is mobile-based, users are asked to install a mobile application, earning the scam operators money for each successful installation through affiliate programs. This incentivizes the scammers to aggressively spam users.

The rise in popularity of social networking services over the last few years has encouraged spammers and scammers to target these large pools of users discussing major events and public figures, similar to how marketers do. The question is, which event or public figure will be targeted next?

Previo al Super Bowl XLVIII los aficionados de los Broncos de Denver y Seattle Seahawks han estado tuiteando sobre el juego y Symantec ha identificado que muchos de ellos han recibido diversos mensajes de spam generados por bots de Twitter. Adicionalmente, los fans de la estrella del pop Miley Cyrus también se han visto envueltos en una campaña de spam muy similar que usa palabras clave específicas.

El verano pasado, publicamos un blog sobre una campaña similar que se centró en los BET Awards y los fans de Justin Bieber, una dirección y Rihanna. La campaña en esta ocasión sigue el mismo modelo pero ahora mejorado.

La estafa comienza con los tuiteros, quienes sin saberlo usan en sus mensajes palabras clave específicas que controlan los robots de spam en el servicio. Las palabras clave pueden ser acerca del Super Bowl, los Broncos , Seahawks , o los jugadores individuales en el equipo , como el quarterback Peyton Manning de los Broncos de Denver o el esquinero Richard Sherman de los Seattle Seahawks. En el caso de Miley Cyrus, las menciones de su nombre completo o su primer nombre por sí solo puede recibir una respuesta de los robots de spam .

Los robots identifican los mensajes y responden con un tuit (mensaje) mencionando al usuario y ofreciendo un supuesto premio o boleto para un sorteo y una imagen.

Figura 1. Ejemplo de spam de Twitter generado por bots que utilizan fotos adjuntas con supuestos premios relacionados con la NFL o Miley Cyrus

Estos robots de spam no tuitean links o incluyen links en la sección de biografía de sus perfiles de Twitter, en lugar de ello esriben manualmente la dirección URL en los mensajes que envían a los usuarios junto con la imagen. Esta es una medida que han adaptado para asegurar que los filtros antispam no identifiquen o bloqueen sus cuentas.

Figura 2. Los sitios web fraudulentos solicitan a los usuarios a verificar los nombres de usuario de Twitter

Los sitios Web que se mencionan en las fotos siguen el mismo método y cuando el usuario da clic, en la página de inicio solicitan el nombre de Twitter del usuario alegando que lo necesitan para comprobar su identidad y confirmar la elegibilidad para el premio. Después de eso, el sitio solicita la información personal del usuario, como su nombre completo, domicilio,  correo electrónico y número de teléfono.

Figura 3. Los usuarios son invitados a participar en una encuesta y les piden descargar aplicaciones móviles.

Antes de que un usuario pueda continuar y obtener el supuesto premio, se les dice que los patrocinadores solicitan que complete una "oferta/encuesta especial" con el fin de tener la oportunidad de ganar el premio. Por lo general, esto conduce a una encuesta, pero ya que esta estafa está basada en móviles, a los usuarios se les pide que instalen una aplicación móvil y así les generan ganancias económicas a los estafadores por cada instalación exitosa a través de programas de afiliados. Esto incentiva a los estafadores de spam a ser más agresivos con los usuarios pues entre más usuarios contacten por medio de mensajes de Twitter, más posibilidades tienen de obtener ganancias.

El aumento de la movilidad y la popularidad de los servicios de redes sociales en los últimos años ha animado a los spammers y estafadores para dirigirse a estos grupos de usuarios aprovechando los comentarios sobre los principales acontecimientos y personajes públicos, de forma similar a como lo hacen los fabricantes o vendedores. La pregunta es, ¿qué evento o figura pública será la próxima que utilicen?

Frente este tipo de estafas Symantec recomienda a los usuarios tener cuidado y evitar dar clic en este tipo de ligas, además de seguir las mejores prácticas de seguridad, incluyendo el uso de software en sus dispositivos móviles.

Better Backup for VM Sprawl

The following chart is data from IDC data:

Two things immediately stand out when looking at this data: 1) VM growth is going to continue into the predicted future (not surprising), and 2) physical server presence is constant over the same time frame (also not suprising).

As organizations increase their use of virtualization technology, lower time-to-provision drives ever-faster rates of virtual server growth.  As the number of servers multiplies, the challenge of protecting these systems grows in proportion.  

What’s interesting to me is that the battle we find ourselves in today, with a single-solution to protect both physical and virtual vs. separate solutions for physical and virtual will still be raging in the future.  The biggest difference though is that in the future, there’ll be many more virtual machines than there are today.

Scalability

When we think of scale in the enterprise, it’s often associated with the amount of data under management – in the backup world, this might mean how many terabytes or petabytes are being backed up.

Tomorrow however, scale will take on new meaning.  And from the data, it looks like scale will mean the sheer number of virtual machines that need to be backed up, in addition to the amount of data.

One very simple way to think of this is with my iPhone 5s.  

It’s a 32GB model and I have to sync it to iTunes and manage my photos, apps, music, etc.  Once in a while I need to update the OS and certainly I make sure it’s backed up.  If my data on that iPhone grows from 32GB to 64GB how painful is it?  Well, considering I’m still doing the same tasks on the same device, I’d argue that it isn’t that bad.  Since I outgrew my 32GB model and was forced to buy the 64GB model, there was definitely a cost factor, but overall management of that device remains basically the same.

However, let’s say instead of growing just the data on one device, I introduce an iPad into the mix. 

If I’m doing the same tasks, only now across two devices instead of one, you can see that life just got much more complex.  If you also factor in data growth there’s now a considerable cost factor as well as the increase in management complexity.

For organizations to be confident that their systems and data are adequately protected, the backup product needs to be highly scalable – both in terms of the amount of data AND in the number of virtual machines it protects.

Little known to many is that Symantec operates one of the largest (if not THE largest) Software-Defined Data Centers in the world, with over 200,000 virtual machines and built on VMware’s vCloud Director.  You can see a great video done by VMware here: http://www.youtube.com/watch?v=jyPYobRJiI4. 

NetBackup 7.6 has been stress-tested in this environment to make sure that it not only meets the data growth challenges of the world’s largest enterprises, but also the scale (or number) of virtual machines these companies have to manage and protect. 

It’s no wonder then that 10 of the top Global Fortune 10 companies (80 of the top 100) – arguably the largest data centers with the most data under management and the most virtual machines to protect – trust NetBackup to backup their data.  Drew Meyer, Director of Product Marketing has a great blog about this here: http://www.symantec.com/connect/blogs/what-really-makes-market-leader.

Symantec is the leader in the Enterprise Backup and Recovery Software Market and the fastest growing in the Purpose-Built Backup Appliance Market.  When it comes to protecting thousands of virtual machines and petabytes of data see why the largest enterprises choose NetBackup.  Check out the top reasons to upgrade to NetBackup 7.6 here: http://www.symantec.com/content/en/us/enterprise/fact_sheets/b-top-reasons-to-upgrade-to-symantec-netbackup-7.6-ds-21304210.pdf and call your Symantec rep to learn more.

If you’ve attended or promoted Symantec Vision in the past, a few things will feel familiar in 2014. Vision continues as Symantec’s flagship conference for enterprise and commercial customers and partners. It’s still being held in sunny springtime Las Vegas (May 5-8). And once again, we’re expecting people from around the world to gather for information and insights into the latest Symantec offerings.

But the big news isn’t about what’s staying the same—it’s about what’s changing.  As Symantec has transformed into a market-led, customer focused organization, Vision has transformed right along with it—from a strictly technical user conference into a premiere thought leadership and networking event. That means this year, even more of our customers and partners can look forward to a broader, more personalized and hands-on Vision experience. This includes:

• More diverse, multi-faceted and targeted experiences for managers, directors, executives and even small business customers—from IT strategy roundtables and real case studies to enhanced networking opportunities.
• New opportunities to explore, interact and learn about the latest Symantec technology first-hand—including more major announcements, demos of pre-release software and detailed roadmaps that Symantec customers and partners won’t find anywhere else.
• A revamped content structure that aligns with and supports Symantec 4.0 segment priorities. This includes four all-new knowledge tracks that target both Functional AND Strategic IT audiences:
  • Enabling the Modern Data Center (FIT)
  • Embracing Proactive Cyber Security  (FIT)
  • Supporting the Evolving Endpoint  (FIT)
  • Turning Complex Trends into Competitive Advantages  (SIT)
• Increased attendance is a critical goal for Vision as we look to get the Symantec message to a larger audience of 3,000 participants.

Prepare for a new kind of Vision conference this May. Look for more information on Symantec employee registration, which will open in mid-February. And make sure the customers and partners you work with understand the full value of attending the most relevant, diverse future-focused and hands-on Vision conference ever.

Key Links:

• Vision Global Website
• Vision Microsite on SymInfo

This year, we're making Symantec Vision an even smarter investment in your IT future, and you can explore our new to find out why. Then, join us in Las Vegas for a personalized, hands-on experience that will accelerate your efforts to secure and manage the information that powers your business.

Register for Vision by January 31st to save $300, then explore the new Vision 2014 Session Catalog for a sampling of session titles in each of our all-new knowledge tracks

• Enabling the Modern Data Center. Discover new insights into what it really takes to protect massive VMware environments, learn what the evolution of OpenStack and Storage Foundation means for your business, and more.
• Embracing Proactive Cyber Security. Get an inside look at the protection technology Symantec uses to secure your business, perform a no-nonsense reality check on how cyber criminals could take down your organization in 10 easy steps, along with other relevant sessions.
• Supporting the Evolving Endpoint. Explore Symantec's vision and roadmap for managing remote and mobile users, gain a deeper understanding of the full protection capabilities of Symantec Endpoint Protection and much more.
• Turning Complex Trends into Competitive Advantages. Find out how Symantec can help you stay ahead of today's complex and fast moving IT trends—and quickly turn them into new business opportunities.

GET THE LATEST ON THE VISION PERKS AND OPPORTUNITIES YOU CAN'T AFFORD TO MISS

Today marks the last day that my community status will display Symantec Employee.

I will endeavour to maintain a community presence; however, I do not know how frequent this will be.

The following query will display those computer assets that either do not have a department or an owner associated with them:

SELECT vc.Name AS Computer,vado.Department,vauo.[User Name] AS [Owner]
FROM vComputer vc
LEFT JOIN vAssetUserOwner vauo ON vc.[Guid] = vauo._AssetGuid
LEFT JOIN vAssetDepartmentOwner vado ON vc.[Guid] = vado._AssetGuid
WHERE vado.Department IS NULL
OR vauo.[User Name] IS NULL
ORDER BY vc.Name ASC

With the release of Symantec Storage Foundation 6.1, Symantec Cluster File System HA enables customers to take internal storage and "share" that storage across any node in the cluster with the Flexible Storage Sharing (FSS) feature. FSS drastically reduces the OPEX associated with setting up a multi-node environment while providing the same storage management and high availability functionality assocated with SFCFS, but across all-DAS infrastructures.

The advanced FSS technology when coupled with high peformance Solid-State Drives from Intel® combine to provide:

• 4X performance @ ~80% reduction in the cost of SAN

• 90%+ Oracle® Log Writer transactions at under 1 ms

• Full availability and redundancy of internal solid-state drives

See the attached whitepaper for more details on how Symantec and Intel can bring high performance and high availibility to an all-DAS environment through intelligent software and hardware.

先週、デンバーブロンコスとシアトルシーホークスのファンが第 48 回スーパーボウルの予想に関するツイートをしていたところ、Twitter ボットから何度もスパムが送られてくるという被害が相次ぎました。また、ポップスターのマイリー・サイラスのファンも、対象となるキーワードを使った同じスパム活動に狙われました。

シマンテックでは去年の夏、BET アワードや、ジャスティン・ビーバー、ワンダイレクション、リアーナのファンを標的とした同様の活動に関するブログを公開しました。最新の活動でも基本的な手口は同じですが、いくつかの改良が加えられています。

この詐欺ではまず Twitter サービス上にスパムボットを仕込んで、ユーザーがつぶやく特定のキーワードを監視します。キーワードになり得るのは、「スーパーボウル」、「ブロンコス」、「シーホークス」や、個々の選手名（デンバーブロンコスのクォーターバック「ペイトン・マニング」、シアトルシーホークスのコーナーバック「リチャード・シャーマン」など）です。マイリー・サイラスの場合は、彼女のフルネームやファーストネームを挙げただけで、スパムボットから返答を受け取る可能性があります。

この返答は、写真が添付されたツイートで、個人に宛てたメッセージに見せるために対象ユーザーの Twitter ユーザー名が表示されています。

図 1. NFL やマイリー・サイラスに関する賞品当選を謳った、Twitter スパムボットによる写真付きのリプライ

このようなスパムボットは、リンクをツイートすることも、Twitter プロフィールの自己紹介セクションにリンクを含めることもありません。その代わりに、ユーザーにツイートされた画像内にある URL を手動で入力するよう促します。これは、スパム対策フィルタが詐欺師のアカウントを検知しないようにする巧妙な方法です。

図 2.ユーザーに Twitter ユーザー名を確認するよう促す詐欺サイト

上図のどちらのサイトも同じテンプレートに従っています。これらのサイトはまず、賞品当選の資格を確認するためにユーザー名のチェックが必要だとして、ユーザーの Twitter ユーザー名を要求します。その後、ユーザーのフルネーム、住所、電子メールアドレス、電話番号などの個人情報を要求します。

図 3.アンケートに参加してモバイルアプリをダウンロードするようユーザーに促す

ユーザーが先に進もうとすると、架空のスポンサーから、賞品を手に入れるには「特別キャンペーン」を完了しなければならないというメッセージが表示されます。これはアンケートへの誘導であることが一般的ですが、この詐欺はモバイルベースなので、モバイルアプリをインストールするようユーザーに促します。そしてインストールが行われるたびに、アフィリエイトプログラムを通して詐欺師に報酬が入る仕組みになっています。詐欺師たちがこぞってユーザーにスパムを送り付けるのはこのためです。

ここ数年、ソーシャルネットワークサービスの人気上昇に伴い、大勢のユーザーが大きなイベントや有名人について語るようになりました。このような機会はマーケティングにも利用されますが、スパマーや詐欺師の標的にもなりやすいものです。次はどのイベントや有名人が標的になるか、非常に気になるところです。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Cybercriminals have an insatiable thirst for credit card data. There are multiple ways to steal this information on-line, but Point of Sales are the most tempting target. An estimated 60 percent of purchases at retailers’ Point of Sale (POS) are paid for using a credit or debit card. Given that large retailers may process thousands of transactions daily though their POS, it stands to reason that POS terminals have come into the crosshairs of cybercriminals seeking large volumes of credit card data. Download our Attacks on Point of Sales Systems whitepaper for details on how POS attacks are carried out, and how to protect against them.

Right now, there are a number of internet forums openly selling credit and debit card data in various formats. The most common is “CVV2” where the seller provides the credit card number, along with the additional CVV2 security code which is typically on the back of the card. This data is enough to facilitate online purchases. However some sellers also offer the more lucrative “Track 2” data. This is shorthand for the data saved on a card’s magnetic strip. This data is more lucrative as it allows criminals to clone cards, meaning they can be used in brick-and-mortar stores or even ATMs if the PIN is available. The value of the data is reflected in the online sale price and these prices vary widely. CVV2 data is sold for as little as $0.1 to $5 per card while Track 2 data may cost up to $100 per card.

Figure. Credit card data for sale on Internet forums

So how do criminals get this data? Skimming is one of the more popular methods. This involves installing additional hardware onto the POS terminal which is then used to read track 2 data from cards. However as it requires physical access to the POS, and expensive additional equipment, it’s difficult for criminals to carry this out on a large scale. To address this problem criminals have turned to software solutions in the form of POS malware. By targeting major retailers with this malware criminals can accrue data for millions of cards in a single campaign.

POS malware exploits a gap in the security of how card data is handled. While card data is encrypted as it’s sent for payment authorization, it’s not encrypted while the payment is actually being processed, i.e. the moment when you swipe the card at the POS to pay for your goods. Criminals first exploited this security gap in 2005 when a campaign orchestrated by Albert Gonzalez lead to the theft of data for 170 million cards.

Since then a market has grown in the supply and sale of malware, which reads Track 2 data from the memory of the POS terminal. Most POS systems are Windows-based, making it relatively easy to create malware to run on them. This malware is known as memory-scraping malware as it looks in memory for data, which matches the pattern of the Track 2 data. Once it finds this data in memory, which occurs as soon as a card is swiped, it saves it in a file on the POS, which the attacker can later retrieve. The most well-known piece of POS malware is BlackPOS which is sold on cybercrime forums. Symantec detects this malware as Infostealer.Reedum.B.

Armed with POS malware, the next challenge for attackers is to get the malware onto the POS terminals. POS terminals are not typically connected to the Internet but will have some connectivity to the corporate network. Attackers will therefore attempt to infiltrate the corporate network first. They may do this by exploiting weaknesses in external facing systems, such as using an SQL injection on a Web server, or finding a periphery device that still uses the default manufacturer password. Once in the network, they will use various hacking tools to gain access to the network segment hosting the POS systems. After the POS malware is installed, attackers will take steps to make sure their activity goes unnoticed. These steps could include scrubbing log files or tampering with security software, which all ensures that the attack can persist and gather as much data as possible.

Unfortunately, card data theft of this nature is likely to continue in the near term. Stolen card data has a limited shelf-life. Credit card companies are quick to spot anomalous spending patterns, as are observant card owners. This means that criminals need a steady supply of “fresh” card numbers.

The good news is that retailers will learn lessons from these recent attacks and take steps to prevent the re-occurrence of this type of attack. Payment technology will also change. Many US retailers are now expediting the transition to EMV, or “chip and pin” payment technologies. Chip and Pin cards are much more difficult to clone, making them less attractive to attackers. And of course new payment models may take over. Smart-phones may become the new credit cards as mobile, or NFC, payment technology becomes more widely adopted.

There’s no doubt that cybercriminals will respond to these changes. But as retailers adopt newer technologies and security companies continue to monitor the attackers, large-scale POS thefts will become more difficult and certainly less profitable.

For more details on how POS attacks are carried out and how to protect against them, see our whitepaper: Attacks on Point of Sales Systems.

As Symantec continues to pursue our Symantec 4.0 vision and looks to lead the way in developing technology for tomorrow, expanding the pool of talent and insuring diversity of perspective is critical to our success. Today, I’m honored to announce that I will serve as champion of Symantec’s Women’s Initiative, a program focused on attracting, engaging, and developing women at Symantec so that we can be more competitive and produce superior business outcomes.

Changing the perception of women in technology

According to the U.S. Department of Commerce, “women fill close to half of all jobs in the U.S. economy; yet hold less than 25 percent of science, technology, engineering and mathematics (STEM) jobs.” While this statistic is U.S.-based, the fact is around the world women are underrepresented in the field of technology. Even more concerning, the enrollment of women in the field of computer science is declining.

Computer science and engineering offer extremely promising careers—for not just women, but everyone. However, when we look at attracting and retaining women within the field, there are many key hurdles to overcome, including development opportunities, too few high-level female role models, and a lack of broad support from peers. Our programs for technical women focus on changing this. By providing a sense of community, networking, and mentoring we hope to further develop our female technical talent here at Symantec as well as improve female representation in the overall field of technology.

Highlighting technical women’s activities around the world

Over the past few months, Symantec’s technical women have participated in numerous events and have received strong accolades around the world. Recent highlights include:

• TechWomen empower the next generation: As part of the Women's Initiative, Symantec participated in TechWomen, a program sponsored by the U.S. Department of State's Bureau of Educational and Cultural Affairs (ECA) that aims to empower, connect, and support the next generation of women leaders in STEM. One of the highlights of the program is a five-week international mentorship and exchange program that pairs emerging women leaders from Middle East and North Africa with U.S. counterparts at leading technology companies such as Symantec. The selection process for mentees is highly competitive, with only 78 women chosen - four of which were from Symantec. Symantec had eight employees participate in the program. They included professional mentors Sheri Rhodes, Shalaka Prabhune, Eileen Brewer, Sowmya Simha, and Geeta Gharpure; and cultural mentors Mohna Dhomse, Neeti Gowda, and Andria Bouskos. As part of the program, Symantec hosted a TechWomen Mentee Showcase Event in our Mountain View headquarters where mentees and mentors shared their projects and cultural experiences with Symantec employees. 
• Grace Hopper conferences connect Symantec with women pursuing careers in technology: This year, Symantec was once again the Silver Sponsor of the Grace Hopper Celebration (GHC) of Women in Computing conferences in the United States and India, hosted annually by the Anita Borg Institute (ABI). Symantec sent more than 100 technical women to the conferences, participated in panel discussions and workshops, and hosted career fair booths. “Grace Hopper is much more than a conference, says Charmy Ruparel, Program Manager, Diversity and Inclusion. “First and foremost it’s a celebration of technical women. Symantec’s participation provided an opportunity to develop the skills of our technical talent, recruit future employees and build our brand as a great place to work for technical women.”
• Symantec funds student-run programs to increase number of women studying computer science: Symantec is a long-standing corporate partner of non-profit organizations focused on technical women such as the Anita Borg Institute (ABI) and the National Center for Women and Information Technology (NCWIT), organizations that help Symantec achieve its goal of motivating and inspiring technical women. Last year, Symantec partnered with NCWIT and awarded $10,500 USD in seed funding to 14 student-run projects that aim to increase the number of women studying computer science and information technology disciplines. Since 2010, the NCWIT Student Seed Fund, sponsored by Symantec, has distributed $43,250 USD in funding to 70 student-run projects at universities and colleges nationwide. 
• Symantec sponsors study on “Women in the Information Security Profession”: Symantec partnered with (ISC)2, the world’s largest not-for-profit information security professional organization, and released a report, “Agents of Change: Women in the Information Security Profession.” The study highlights a severe shortage of woman in the information security industry and why organizations globally need to shift attention to this critical problem. “Symantec believes it is critical that we bring more qualified women into the cyber security profession. Through our support of this study, and our broader commitment to women in STEM professions, we hope to increase the representation of women in technology,” says JJulie Talbot-Hubbard, chief security officer at Symantec. “In working with partners such as (ISC)², we are able to bring a greater awareness to this important issue."
• Industry recognition: Symantec’s female employees continue to shine. Most recently, Shalaka Prabhune, Director of IT Global Applications at Symantec was featured in the December 2013/January 2014 edition of Diversity/Careers, as part of a series titled: Women of Color in IT: few, confident, learning and leading. The article describes Shalaka’s background, role, and the experiences and people that led to her success. Wei Lin, Senior Director of Engineering at Symantec, was not only featured in Minority Engineer Magazine's fall issue, but was also on the cover.
• Mountain View opens its doors to middle school students: In November, Symantec hosted students from Techbridge, a non-profit organization dedicated to inspiring underrepresented girls in science, technology, and engineering. Throughout the day, the students participated in hands-on stations taking apart servers, constructing electromagnetic motors, and exploring the world of malware, and had opportunities to interact with Symantec leaders and hear stories of determination, passion, and teamwork.

In addition to supporting the development of technical women at Symantec, we’re proud to offer a robust collective of programs dedicated to advancing and empowering all women in the workplace.

Ultimately, diversity is fuel for our future. Without it, we are missing out on untapped talent, differing points of view, and innovation that can make a real difference on both the culture and the bottom line. Symantec has recognized that attracting, developing, and retaining women is an area of opportunity and competitive advantage for some time, and has made some significant strides – including reaching our goal of 27 percent of leadership positions being held by women, commensurate with their overall representation in the company. However, more can – and must – be done. I want to see us develop clear plans, and track the impact we’re having – ultimately, our efforts need to contribute to making Symantec an employer of choice for the best and brightest talent. Being able to demonstrate progress against this is personally important to me, and I am excited to lead the Women’s Initiative and champion our commitment to developing a diverse employee base and strong future workforce.

For more information, visit the diversity and inclusion page of the Corporate Responsibility website. 

Roxane Divol is Symantec's Senior Vice President of Alliances, and serves as the executive champion of the company's women's initiative. 

This quotation is very appropriate when we consider protecting information against cyber threats. Putting this quote into context, means that as the maturity of an organizations Information Security Management System (ISMS) increases; the organization becomes less susceptible to successful cyber threats and, in many cases, prevents those threats from causing damage to the organization.

To eliminate any confusion in this blog, let’s define what we mean by “maturity” in this context. Maturity is not about the age of the ISMS program. Although many successful mature ISMSs have been developed and used over multiple years, it’s about the degree or extent of integration between the information security policy, standards and processes together with inter-dependence of associated technologies used to affect the security controls. Additionally, the maturity of the ISMS is also about how well integrated and supportive the program is with the overall goals and objectives of the organization and its business units and operational entities.

Mature ISMS implementations are not standalone programs that only consider Information Security and IT. They are inextricably linked to many other parts of the organization and the business focused policy, goals and objectives that they must follow to support the overall organization’s goals and objectives. It is this cohesive and integrated approach that bolsters an organization’s defenses against cyber threats. Where the ISMS--with its process, training and technologies used--is strongly internally coherent and integrated with the organization as a whole; the entire organization and its infrastructure become a huge cyber threat sensor. This supplements the usual technical sensors that less integrated and less mature ISMS programs typically use. Using the entire organization as a cyber-threat sensor means that the organization benefits from the combined optical, audio, and brain driven sensory detection mechanism that all members of the organization have.

Intentionally or not, humans often pick up snippets of information and quickly combine them together in ways that security technologies find very difficult or time consuming. This ‘human capability’, combined with a strong integrated ISMS program that consumes such information snippets and combines them with technical indicators in an information security intelligence process, often gives such an organization an early warning of an impending threat, or one that is in the early stages of being launched against the organization. Such an early warning means additional defenses can be proactively implemented to stop or mitigate the threat before it causes any, or too much damage.

The combination and support of a human sensory network, with the traditional information security technologies, policy, standards and processes, and the integration with the rest of the organization is indicative of a sophisticated and very mature ISMS program that truly follows Benjamin Franklin’s sage advice that "An ounce of prevention is better than a pound of cure."

Remove the Rust: Unlock DAS and go SAN-free white paper explains how Symantec and Intel can bring high availability to an all-DAS environment through intelligent software and hardware.

The attached deployment guide explains step by step how to easily achieve that implementation using Symantec Storage Foundation 6.1. This guide covers all the details needed, from configuring Infiniband and RDMA, deploying and configuring Flexible Storage Sharing, tune the Intel SSDs, configure File Systems and setup Fast Failover for Oracle.

Contributor: Sean Butler

As it’s the start of a Football World Cup year it’s only natural that we will see many campaigns in relation to this global event. There will be many marketing and promotional campaigns taking advantage of the hype and excitement surrounding this event. Amongst all of the legitimate marketing and promotion emails, you may also receive emails promising anything from free match tickets, to competitions and lottery prizes stating that you have won a car.

Sound too good to be true? Well, you would be right in thinking that!

Fraudsters will be looking to exploit the enthusiasm that comes with the FIFA World Cup, which will be taking place in Brazil this June. The ramifications of you being scammed could be very serious indeed. Not only could you become a victim of fraud by having your bank account emptied by these fraudsters, you could also end up with malware on your computer. This malware could do anything from stealing your personal details by downloading a Trojan, to compromising your computer and making it part of a botnet.

Symantec has already spotted several FIFA World Cup related scam emails. The first scam sample Symantec discovered, relating to the FIFA World Cup, is an email that contains a link to malware.

The email has the following headers:

From: Parabens Voce foi o ganhador de um Par de ingressos atendimento.promo5885631@Domain.com

Subject: Copa do Mundo FIFA 2014

This email header can be translated as:

From: Congratulation you were the winner of a pair of tickets atendimento.promo5885631@Domain.com

From: FIFA World Cup 2014

Figure 1. Malware attack email related to FIFA World Cup

This email can be translated as:

You are the winner of a pair of tickets to the FIFA World cup 2014 Brazil!

Print your e-Ticket copy and collect the ticket from the ticket center in your city

Print Ticket

Check out the address of the ticket center in your city here

The recipient is enticed to click the on the link and print the match tickets. However, the link leads to a malicious URL that downloads the file eTicket.rar, which contains an executable file named eTicket.exe.

Figure 2.Clicking on the link leads to malicious download

Next, a file named thanks.exe (Infostealer.Bancos) is dropped in the following location so that it runs every time Windows starts:

Programs/Startup/thanks.exe

The Trojan will continue to run in the background and try to evade security measures, steal confidential financial information, log the stolen data, and send it to a remote attacker at a later time. We have also discovered that the malware is customized to target Brazilian financial institutions.

Symantec customers would have been protected against this attack because our ‘Link following’ technology, which checks all Web pages referenced within an email for viruses and other threats, correctly identified the malware at the end of the URL. Detection was then created so that future emails containing different links to this malware will be treated as though they are infected and then quarantined.

Another scam involves a fraudulent CIELO Brazil promotion. CIELO is a Brazilian credit and debit card operator.

Figure 3. Phishing email related to FIFA World Cup 2014

This email can be translated as:

Congratulations, you have been chosen to take part in the Cielo Cup 2014.

To promote World Cup 2014, you must register to compete for prizes worth 20 thousand Reais,

Tickets, accommodation in exclusive places during the 2014 world cup and you could also win a Fiat Doblo 0 Km. (Sic)

Don’t waste time! PURCHASE Register right now at no extra cost and avail the benefits of our promotion.

Join this Mega Promotion and compete for these Super Prizes.

Click here to unlock your promo code

If the recipient clicks the “Click Here” button, they are redirected to the following URL:

http://cielobrasil2014l.fulba.com/[REMOVED]/BR.FIFA=2,0,1,4/f&ulec0&id/sele,ca.o&id=br/home.html

The webpage asks for a username, date of birth, and a Brazilian tax registration number (CPF).

Figure 4.Spoofed Web page asking for personal credentials

On providing the required information, the user is sent to the page shown in Figure 5, which asks for the user’s banking credentials.

Figure 5.Spoofed Web page asking for banking credentials

On further analysis, we found that the domain conteudo.casavilaverde.com used in the phishing scam had been hacked.

Figure 6. Hacked domain used in phishing scam

Finally, the third example is a Nigerian scam.

Figure 7. Nigerian FIFA World Cup scam email

The email contains an attachment that claims to be about a lotto sponsored by major brands. The scam ultimately asks the recipient for personal information. The email also contains a notice to try and look legitimate, but this looks amateurish in comparison to the other examples referenced in this blog. There are no images or URLs contained within the email and the fact that it only contains an attached Word document would make anyone suspicious.

Symantec’s advanced monitoring systems were able to identify the above scam emails and protect our customers from receiving them.

While the first two example emails are composed in Portuguese and aimed at people in Brazil, they can easily be customized for different regions, countries, and languages. Considering the influence football has across the globe, such spam mail could potentially trick many people.

Global events can be very lucrative for scammers as they have the potential to scam more victims by appealing to peoples’ interest and curiosity. As a consequence, Symantec expects such scams to increase as we get closer to the 2014 World Cup.

Symantec advises users to be on their guard and to adhere to the following security best practices:

• Exercise caution when receiving unsolicited, unexpected, or suspicious emails
• Avoid clicking on links in unsolicited, unexpected, or suspicious emails
• Avoid opening attachments in unsolicited, unexpected, or suspicious emails
• Keep security software up-to-date
• Update antispam signatures regularly

Symantec constantly monitors spam attacks to ensure that users are kept up-to-date with information on the latest threats.

Don’t be caught offside when it comes to special offers, especially ones that look too good to be true!

As I has said many times to our various partners, customers have (or should have) their own legal counsel to recommend an appropriate retention and preservation policy in regards to data. And it is up to us to find a solution that will meet their requirements. But we owe it to our customers to provide to them (if possible) the broadest protection for the solution that meets their requirements.

One of hats that I wear at QUADROtech is testing one of our top products, Archive Shuttle.  In order to test it, and really in order to test many aspects of Enterprise Vault I often have the need to have repeatable testing.

Repeatable in terms of:

- Being able to export the same archived data to PST from a mailbox archive

- Being able to ingest the same data over and over to multiple archives in multiple vault stores, across multiple test systems

I've found so far that the easiest way to achieve this is to build up a mailbox how I want it to be in terms of:

- The folder structure (number of folders, and depth)

- The names of folders (simple folder names, long folder names, foreign character folder names)

- The items within each folder (lots of small items, a few very large items)

Once you've got the mailbox set up like that you can then archive it. In fact what I often do when setting up a particular mailbox archive and ingesting data from multiple locations, eg mail generation tools, is that I archive the mailbox every few hours, just to keep up-to-date.

Once the archiving is completed you then have your 'single' nice archive.

How do you get that to work on another system, or another archive, or another vault store?  

Well..  the easiest way that I have found so far is to then export that archive to PST.  With the changes in the Enterprise Vault 9 world you can now get sizeable PST files (eg more than 2 Gb).  That PST once it's been created can then be copied to other environments as needed, and it can be used to ingest from into other archives. Of course if it's in the same vault store you're likely to get Single Instance Storage coming in to play which means when you ingest it you don't massively increase the footprint of partition-stored data.  (This depends on your sharing settings).

In the end it's quite a neat, simple way of making sure that the work you do, if it needs to be, can be easily repeated.

Com aproximidade da Copa do Mundo da FIFA 2014 é natural que muitas campanhas de marketing e promoções relacionadas a este evento global sejam veiculadas para aproveitar o entusiamo deste momento. Porém, entre todos os e-mails e mensagens legítimas, muitos golpes online também já comecaram a ocorrer, com promessas de entradas grátis para os jogos e até um carro ao vencedor de um sorteio.

Os fraudadores e golpistas digitais já iniciam seus ataques e exploram o tema ligado à Copa do Mundo da FIFA no Brasil. As ramificações para o usuário ser uma vítima pode ter consequências de longo alcance. Não só o internauta pode ter sua conta bancária esvaziada pelos fraudadores, mas também infectar seu computador com ameaças, como malware. O que poderia acontecer, por exemplo, após a instalação dessa ameaça é o golpista roubar dados e informações pessoais do proprietário da máquina por meio do download de um Trojan, ou comprometer o computador e torná-lo parte de um Botnet.

A Symantec identificou vários emails maliciosos sobre a Copa do Mundo da FIFA. Na primeira amostra o golpe contém um link para um malware.

Figura 1 – E-mail contendo malware relacionado à Copa do Mundo FIFA 2014

Após o clique, o usuário é direcionado a uma URL maliciosa, que faz o download do eTicket.rar (que abriga o eTicket.exe - Figura 2). Ao ser executado, o arquivo desencadeia o trojan Infostealer.Bancos, que instala o thanks.exe no diretório /Programas/Startup. 

Este arquivo, que irá tentar escapar de medidas de segurança, rouba informações financeiras e confidenciais, registra os dados colhidos e os envia para um criminoso remoto. Também foi descoberto que o malware foi personalizado para atingir instituições financeiras brasileiras.

Figura 2 – Imagem da tela após clicar no hiperlink com malware

Outro exemplo de ataque é uma suposta fraude que utiliza a marca CIELO como chamariz para uma promoção falsa, que leva a uma página de phishing.

Figura 3 – Email de phishing relacionado à Copa do Mundo FIFA 2014

Ao clicar no botão da promoção, a página de phishing

 http://conteudo.casavilaverde.com/logs/copa2014/index.php?%email%é redirecionada para <http://cielobrasil2014l.fulba.com/copa,fuleco.dll/BR.FIFA=2,0,1,4/f&ulec0&id/sele,ca.o&id=br/home.html> e solicita o nome, data de nascimento e CPF do usuário.

Figura 4 – A URL abre uma página da web falsa solicitando dados pessoais

Após fornecer essas informações, uma nova página (Figura 5) é aberta, que solicita os dados bancários do usuário.

Figura 5 – URL solicita os dados de serviços bancários

Em uma análise mais aprofundada, a Symantec descobriu que o domínio conteúdo.casavilaverde.com foi hackeado e abre como na Figura 6.

Figura 6 – Domínio da URL hackeado

Há, também, um golpe nigeriano, que traz um anexo que parece estar relacionado a um sorteio patrocinado por grandes marcas (Figura 7). Para parecer legítimo, esse e-mail contém um aviso, mas, por não conter imagens ou URLs e por ter apenas um documento do Word anexo, esse golpe parece ser mais simples do que os demais.

Figura 7 – Exemplo de golpe nigeriano relacionado à Copa do Mundo FIFA 2014

Eventos globais desse porte podem ser muito lucrativos para os golpistas devido ao aumento do número de interessados no assunto. Até a Copa do Mundo, diversas tentativas para atrair usuários e adquirir informações sensíveis e confidenciais irão ocorrer. Os e-mails de Spam, por exemplo, pode ser personalizados para diferentes países e regiões. Para evitar ser vítima desses golpes, a Symantec aponta as seguintes práticas de segurança online:

• Não compartilhe informações pessoais e confidenciais.
• Esteja atento ao clicar em qualquer link suspeito ou responder a qualquer oferta, especialmente as que parecem muito atrativas.
• Certifique-se de usar fontes autorizadas para fazer transações e procurar dados relacionados à Copa do Mundo.
• Utilize software de segurança original e atualizado em seus equipamentos conectados à Internet, como o  Norton Internet Security.

Estamos iniciando el año en que se jugará el Mundial de futbol y es natural que en los siguientes meses veamos varias campañas relacionadas con este evento. Habrá mucho marketing y promociones asociadas con el entusiasmo y el interés que genera el  evento. Entre todo el marketing y correos electrónicos promocionales legítimos, podríamos recibir correos con premios prometedores como entradas gratuitas o notificaciones de la lotería diciéndonos que hemos  ganado un automóvil, por ejemplo.

Si piensa que suena demasiado bueno para ser verdad podría estar en lo cierto.

Los estafadores trataran de aprovecharse del entusiasmo vinculado con la Copa Mundial que se llevará a cabo en Brasil en junio y las consecuencias de que los usuarios sean víctimas de un fraude podrían ser graves. Los estafadores no solo pueden vaciar una cuenta bancaria sino que también podrían llenar de malware nuestra computadora. Esto puede implicar el robo de datos personales al descargar un Troyano o comprometer nuestro equipo y hacerlo parte de un Botnet.

En los últimos días, Symantec ha detectado varios correos fraudulentos relacionados con el Mundial de futbol, a continuación los detalles.

El primer ejemplo de fraude que Symantec identificó es un correo electrónico similar al que mostramos a continuación, el cual contiene un vínculo a un código malicioso:

Versión en portugués:

De: Parabens Voce foi o ganhador de um Par de ingressos atendimento.promo5885631@Domain.com

Asunto: Copa do Mundo FIFA 2014

Figura 1. Traducción del encabezado del correo electrónico con código malicioso (malware)

Figura 2. Ataque de código malicioso relacionado con el Mundial de la FIFA

Figura 3. Traducción del contenido del correo electrónico con malware

Se invita al usuario a hacer clic en la liga para imprimir el boleto al partido.

Pero, la liga lleva a un URL malicioso que descarga un archivo adjunto llamado eTicket.rar y  que contiene el programa ejecutable: eTicket.exe, como se muestra en la imagen a continuación.

Figura 4. Imagen del archivo adjunto (malware) que se descarga al hacer clic en la liga

Al ejecutarlo, se instala el archivo thanks.exe en el directorio de Programas/Inicio y se activa un Troyano en constante evolución Infostealer.Bancos y ese archivo continuará funcionando en segundo plano sin que el usuario lo note. Luego, tratará de evadir las medidas de seguridad, robar información financiera confidencial, registrar los datos recolectados y finalmente los enviará al atacante remoto. También hemos descubierto que el malware está dirigido especialmente para las  instituciones financieras brasileras.

Los clientes de Symantec están protegidos contra este ataque gracias a la tecnología de “Seguimiento de vínculo” (‘Link following’), que revisa todas las páginas de Internet referidas en un correo electrónico en busca de virus u otras amenazas, lo que permite identificar el malware en el URL incluido en el mensaje. A partir de esto, se creó la detección para que en el futuro los correos que contuvieran diferentes ligas a este malware, sean reconocidos como infectados y puestos en cuarentena.

Otro ejemplo de engaños en Internet relacionados con este tema es una supuesta promoción de la marca CIELO en Brasil. CIELO es un operador de tarjetas de crédito y débito en Brasil.

Figura 5. Phishingpor correo electrónico relacionado con el Mundial 2014

El mensaje traducido es el siguiente:

Figura 6. Traducción del contenido del contenido del correo de phishing

Al dar clic en la liga dentro del correo con el siguiente URL:

<http://conteudo.casavilaverde.com/logs/copa2014/index.php?%email%>

Se redirige al usuario a:

http://cielobrasil2014l.fulba.com/copa,fuleco.dll/BR.FIFA=2,0,1,4/f&ulec0&id/sele,ca.o&id=br/home.html

Entonces la página de Internet solicita al usuario ingresar su nombre, fecha de nacimiento y el número de identificación fiscal de Brasil (Cpf).

Figura 7. El URL delphishing abre la página de Internet alterada y solicita datos personales.

Al proporcionar la información, el usuario es dirigido a la página que mostramos abajo que solicita los datos bancarios de los usuarios.

Figura 8. La página de Internet alterada solicita datos bancarios.

En un análisis más profundo encontramos que el dominio conteudo.casavilaverde.com está hackeado y se muestra como:

Figura 9. El dominio del URL en el correo está hackeado

Finalmente, el tercer ejemplo detectado por Symantec es una nueva versión de estafa nigeriana con los siguientes encabezados:

De: "FIFA 2014 World Cup Award"<globalpromotions@ @[domain].ru>

Asunto: Window Live Games 2014 FIFA World Cup

Figura10. Adjunto del ejemplo de fraude nigeriano relacionado con el Mundial

El correo incluye un archivo adjunto que supuestamente es un premio patrocinado por grandes marcas y para obtenerlo se solicita al usuario información personal. El correo también contiene una nota que trata de parecer legítima pero inmediatamente se advierte que es algo amateur en comparación con los otros dos ejemplos mencionados. No hay imágenes ni URL en este correo y el hecho de que contenga un adjunto Word hace que resulte sospechoso.

Los sistemas de monitoreo avanzados de Symantec pudieron identificar los tres ejemplos de estafas electrónicas presentadas en este blog protegiendo así a nuestros clientes.

Mientras que los primeros dos correos están redactados en portugués dirigidos a personas en Brasil, los correos no deseados pueden personalizarse fácilmente por regiones, países e idiomas, teniendo en cuenta el interés que existe actualmente en el futbol.

Los eventos mundiales pueden ser muy lucrativos para los estafadores ya que tienen el potencial de estafar a más cantidad de personas debido al interés sobre dichos eventos. Como consecuencia, Symantec espera que la cantidad de correos fraudulentos se incremente a medida que se acerca la fecha del evento.

Como medida preventiva para los usuarios recomendamos no compartir información personal o confidencial. Debido al riesgo de pérdida financiera y de información confidencial en juego, Symantec aconseja a los usuarios estar alerta y seguir los siguientes consejos de seguridad:

• Ser precavido al recibir correos no solicitados, inesperados o sospechosos
• Evitar dar clic en ligas incluidas en correos sospechosos, no solicitados o inesperados
• Evitar abrir archivos adjuntos en correos no solicitados
• Mantener actualizado el software de seguridad
• Actualizar las firmas antispam de forma periódica.

Symantec constantemente monitorea los ataques de spam para asegurarse de informar a los usuarios con información sobre las más recientes amenazas.

¡Que no te tomen fuera de lugar cuando se trata de ofertas y promociones, especialmente aquellas que parecen muy buenas para ser verdad!

Scammers are taking advantage of recent Super Bowl social buzz in a scheme that targets entrants of an Esurance contest. The company premiered a commercial following Super Bowl, where they offered US$1.5 million to one lucky Twitter user who used the hashtag #EsuranceSave30. Following this, Symantec Security Response has observed a number of fake Esurance Twitter accounts being created to leverage the attention generated by this contest.

Many of these Twitter accounts used variations of Esurance’s brand name and logo to convince users they are affiliated with the company. These accounts include the following Twitter handles:

• EsuranceWinBig
• EsuranceGW
• Essurance
• Esurrance
• Esurnace
• Esuranc

There are also other accounts that use logos and imagery making them look like they belong to Esurance, but their names have nothing to do with the brand. An example is an account named @HelpfulTips, whereby the “l” in Help is the capitalized letter “i”.

This account, created in December 2012, has racked up thousands of followers but performed an “account pivot” during the contest – it changed its avatar, bio and header image, and claimed to be part of the Esurance giveaway. The account added thousands of Twitter followers and received more than 40,000 retweets overnight for a tweet related to the contest.

Figure 1. Twitter account that claims to be associated with the Esurance giveaway

Earlier this afternoon, it performed yet another account pivot – after gaining enough followers from the Esurance tweets, it reverted back to a LifeHacks account.

Figure 2. Fake Esurance account pivots back after gaining thousands of followers

Many accounts of such nature focus on gaining retweets and followers, but Symantec has identified further abuse. For example, one of the fake Esurance accounts has asked its followers to donate money to increase their chances of winning the contest.

Figure 3. Twitter account asking for donations to increase chances of winning a contest

This campaign was shut down quickly, but already  received US$261 in donations by then.

These accounts could also be used to send phishing links to followers, asking them to login to Twitter to earn more entries in the contest.

Why are these accounts being created in the first place? By riding on the popularity of the contest and the hashtag, some of these accounts have gained anywhere between 1,000 to 100,000 followers. After that, the owners of these accounts are able to sell these fake accounts to individuals who are looking for accounts with real Twitter followers instead of fake ones. This can then be used for affiliate spam.

As more brands use Twitter for marketing purposes, Symantec advises users to look for and follow updates and contest rules from Twitter accounts that are “verified” and/or officially associated with the brand. In this case, Esurance has provided a set of official rules and frequently asked questions on their website.

If you suspect an account is attempting to mislead users on Twitter, you can report the account to Twitter.

To learn more about social media scams, follow Symantec Security Response team on @threatintel and read our blogs on previous Twitter scams:

• Twitter Spam Bots Target NFL and Miley Cyrus Fans
• BET VIP Concert Ticket Scam Spreading on Twitter