Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Report - RED Team Cyber Security

Symantec Intelligence
Quarterly
April - June 2010
Quarterly Report: Symantec Intelligence Quarterly
Symantec Intelligence Quarterly
April - June 2010
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Overview: The Microsoft Help and Support Center Zero-day Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Overview: The Adobe Flash Zero-day Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Overview: The Month of PHP Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Symantec Intelligence Quarterly
April - June 2010
Introduction
Symantec has established some of the most comprehensive sources of Internet threat data in the world with the
Symantec™ Global Intelligence Network. More than 240,000 sensors in over 200 countries and territories monitor attack
activity through a combination of Symantec products and services such as Symantec DeepSight™ Threat Management
System, Symantec™ Managed Security Services, Norton™ consumer products, and third-party data sources.
Symantec also gathers malicious code intelligence from more than 133 million client, server, and gateway systems that
have deployed its antivirus products. Additionally, the Symantec distributed honeypot network collects data from around
the globe, capturing previously unseen threats and attacks and providing valuable insight into attack methods.
Spam and phishing data is captured through a variety of sources including: the Symantec probe network, a system of more
than 5 million decoy accounts; MessageLabs™ Intelligence, a respected source of data and analysis for messaging security
issues, trends and statistics; and, other Symantec technologies. Over 8 billion email messages (as well as over 1 billion
Web requests) are processed each day across 16 data centers. Symantec also gathers phishing information through an
extensive antifraud community of enterprises, security vendors, and over 50 million consumers.
These resources give Symantec security analysts unparalleled sources of data with which to identify, analyze, and provide
informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. This report will discuss
notable aspects of malicious activity that Symantec has observed in the second quarter of 2010 (April to June).
An important note about these statistics
The Symantec Global Intelligence Network uses automated systems to map the IP addresses of the attacking systems to
identify the country in which they are located. However, because attackers frequently use compromised systems situated
around the world to launch attacks remotely, the location of the attacking systems may differ from the location of the
attacker.
Highlights
• The United States was the top country for malicious activity in this quarter, accounting for 21 percent of the
total;
• The top Web-based attack for the quarter was related to malicious PDF activity, which accounted for 36 percent
of the total;
• Credit card information was the most commonly advertised item for sale on underground economy servers
known to Symantec in this quarter, accounting for 28 percent of all goods and services;
• Symantec created 457,641 new malicious code signatures during this quarter;
• The most common malicious code sample by potential infections during this quarter was the Sality.AE virus;
• Symantec observed 12.7 trillion spam messages during this quarter, accounting for approximately 89 percent
of all email messages observed;
• The majority of brands used in phishing attacks this quarter were in the financial sector, which accounted for
73 percent of the total.
1
Symantec Intelligence Quarterly
April - June 2010
Metrics
Malicious activit
activityy by countr
country/re
y/region
gion
This metric will assess the countries and regions in which the highest amount of malicious activity took place or
originated. Rankings are determined by calculating the average of the proportion of malicious activity that originated in
each country or region.
The United States was the top ranked country for malicious activity this quarter, accounting for 21 percent of the total
(table 1). Within specific category measurements, the United States ranked first in all categories except spam zombies.
Table 1. Malicious activity by country/region
India had the second highest amount of overall worldwide malicious activity this quarter, accounting for six percent.
Within specific category measurements, India ranked first in spam zombies by a significantly large margin.
Top W
Web-based
eb-based attacks
This metric will assess the top distinct Web-based attacks that originate either from compromised legitimate sites or
malicious sites that have been created to intentionally target Web users.
In this quarter, the top Web-based attack was related to malicious PDF activity, which accounted for 36 percent of Webbased attacks (table 2). Attempts to download suspicious PDF documents were specifically observed. This may indicate
attempts by attackers to distribute malicious PDF content to victims via the Web. The attack is not directly related to a
specific vulnerability, although the contents of the malicious file would be designed to exploit an arbitrary vulnerability in
an application that processes it. This attack may be popular due to the common use and distribution of PDF documents on
the Web, and to the practice of configuring browsers to automatically render PDF documents by default.
2
Symantec Intelligence Quarterly
April - June 2010
Table 2. Top Web-based attacks
The second most common Web-based attack this quarter was associated with the Microsoft Internet Explorer®
ADODB.Stream Object File Installation Weakness,1 which accounted for 33 percent of the total globally. The weakness
allows attackers to install malicious files on vulnerable computers when users visit websites hosting an exploit. To carry
out this attack, an attacker must exploit another vulnerability that bypasses Internet Explorer® security settings, allowing
the attacker to execute malicious files installed by the initial security weakness. This issue was published on August 23,
2003, and fixes have been available since July 2, 2004. The continued popularity of this Web-based attack may indicate
that many computers running Internet Explorer® have not been patched or updated and are running with this exposed
weakness.
Under
Underground
ground econom
economyy ser
servers—goods
vers—goods and ser
services
vices a
avvailable ffor
or sale
This section discusses the most frequently advertised items for sale observed on underground economy servers, which are
online black market forums for the promotion and trade of stolen information and services.
In this quarter, the most frequently advertised item observed on underground economy servers was credit card
information, accounting for 28 percent of all goods (table 3). Prices for credit card information ranged from $1 to $30
depending on the type of card, the country of origin, and the amount of bundled personal information used for card holder
verification.2 Symantec observed bulk purchase offers of 1000 credit cards for $1,500.
1-http://www.securityfocus.com/bid/10514
2-All currency in U.S. dollars
3
Symantec Intelligence Quarterly
April - June 2010
Table 3. Goods and services available for sale on underground economy servers
The second most commonly advertised item for sale on underground economy servers during this quarter was bank
accounts, accounting for 24 percent of all advertised goods. The advertised price for bank accounts ranged from $10 to
$125 and bank balances ranged from $373 to $1.5 million.
Top malicious code samples
The most common malicious code sample by potential infections during this quarter was the Sality.AE virus (table 4).3
This virus infects executable files on compromised computers and removes security applications and services. Once
the virus is installed, it also attempts to download and install additional threats onto infected computers.
Table 4. Top malicious code samples
The second ranked malicious code sample causing potential infections during this quarter was Mabezat.B.4 This worm
propagates by copying itself to any mapped or remote drives, and is also programmed to copy itself to network shares by
attempting to connect with weak passwords. It also attempts to propagate through email, to modify the built-in Microsoft
Windows® CD burning feature to include the worm in burned CDs, and to encrypt numerous different file types.
3-http://www.symantec.com/security_response/writeup.jsp?docid=2008-042106-1847-99
4-http://www.symantec.com/security_response/writeup.jsp?docid=2007-120113-2635-99
4
Symantec Intelligence Quarterly
April - June 2010
Top phishing sectors
The majority of brands used in phishing attacks this quarter were in the financial services sector (table 5). These attacks
accounted for 73 percent of the total reported phishing attacks. The financial sector is commonly the largest sector
targeted in phishing attacks because the various associated services are the most likely to yield data that could be directly
used for financial gain. Many phishing attacks that spoof financial services brands will prompt users to enter credit card
information or banking credentials into fraudulent sites. If these tactics are successful, the phishers can then capture and
sell such information in the underground economy.
Table 5. Top phishing sectors
The second largest percentage of brands used in phishing attacks was in the ISP sector, accounting for 10 percent of the
total number of phishing attacks reported this quarter. ISP accounts can be valuable to phishers because they may contain
email accounts, Web-hosting space, and authentication credentials.
Overview: The Microsoft Help and Support Center Zero-day Vulnerability
On June 9, 2010, a third-party researcher reported a zero-day vulnerability affecting the Help and Support Center
application in Windows® Server 2003 and Windows® XP. Help and Support Center is the default application used for
handling access to online Microsoft Windows® documentation. Documentation can be accessed directly through other
applications such as Web browsers by using Help and Support Center protocol (HCP) URIs. When the application receives
an HCP request, the requested file is verified using a whitelist to restrict untrusted sites from accessing unauthorized data.
The reported vulnerability occurs because of a flaw in the way that the application handles errors while checking the
whitelist. By adding specially crafted data to an HCP URI, the flaw can be manipulated to bypass restrictions that are
defined by the whitelist. This can result in unauthorized access to restricted help documents. The report included a proofof-concept URI to demonstrate exploitation of the vulnerability. Limited, targeted attacks using the proof-of-concept code
were confirmed in the wild by June 15.
An attacker can exploit this issue by enticing a victim to follow a malicious URI. A successful attack would grant the
attacker unauthorized access to restricted help documents on the victim’s computer. The attack could be combined with
exploits of other vulnerabilities—such as the Microsoft Help and Support Center “sysinfo/sysinformation.htm” cross-site
5
Symantec Intelligence Quarterly
April - June 2010
scripting weakness—to execute malicious code on the target computer. An attacker who successfully exploits this issue
can gain control of target computers and carry out additional malicious activities, such as stealing confidential
information or using the victimized computers to send spam email.
On June 10, Microsoft released a security advisory to acknowledge its awareness of the report and that it was
investigating the issue. Microsoft is currently developing a security update to address the vulnerability; in the interim, an
automated workaround solution is available immediately to mitigate the vulnerability by unregistering HCP.
Overview: The Adobe Flash Zero-day Vulnerability
On June 4, 2010, Adobe issued a security bulletin indicating that it had received reports of the exploitation of an
unpatched, previously unknown zero-day vulnerability affecting its Flash Player application.5 As security researchers
scrambled to identify the problem, knowledge of the bug spread to more attackers, slowly exacerbating the situation. With
limited mitigations available, security vendors were under pressure to release detections and mitigation procedures, and
for the vendor to create, test, and distribute an out-of-band patch.
Timeline
• June 4, 2010 – Adobe receives information that an unknown, unpatched issue exists in Flash Player;6
• June 4, 2010 – Symantec issues BID 40586;7
• June 4, 2010 – Adobe issues security advisory APSA10-01;8
• June 7, 2010 – Adobe indicates that its quarterly security update regularly scheduled for July 13 would be
pushed up, to June 29 for Adobe Reader® and to July 10 for Flash Player;9
• June 10, 2010 – The Metasploit Project publishes a reliable public exploit;10
• June 10, 2010 – Adobe provides an update for Flash Player; Reader is still vulnerable;11
• June 14, 2010 – Symantec analysts identify link between this vulnerability and IEPeers targeted attacks, and
possibly other targeted attacks, from as far back as 2008;12
• June 29, 2010 – Adobe issues an update for Reader.13
Vulnerabilit
ulnerabilityy
The bug is a class of vulnerability referred to as an invalid or dangling pointer.14 Discovering these bugs using binary static
analysis is difficult, but not impossible.15 The Flash file used in this attack came from a public source and it is highly
unlikely that the file was originally intended to be malicious.16 However, a specific, single-byte modification to the file
results in an easily exploitable condition. There is a high possibility that this bug was found using a fuzzer tool.17
5-http://www.adobe.com/support/security/advisories/apsa10-01.html
6-http://www.adobe.com/support/security/advisories/apsa10-01.html
7-http://www.securityfocus.com/bid/40586
8-http://www.adobe.com/support/security/advisories/apsa10-01.html
9-http://www.adobe.com/support/security/advisories/apsa10-01.html
10-http://www.metasploit.com/redmine/projects/framework/repository/revisions/9473
11-http://www.adobe.com/support/security/advisories/apsa10-01.html
12-http://www.symantec.com/connect/blogs/zero-day-connection
13-http://www.adobe.com/support/security/bulletins/apsb10-15.html
14-http://www.memorymanagement.org/glossary/d.html; the exploitation details of which can be found on the Symantec Security Response blog at http://www.symantec.com/connect/blogs/analysis-zero-day-exploitadobe-flash-and-reader
15-Static analysis is a technique for software verification that relies on analyzing the application without executing it.
16-http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash
17-Fuzzers test an application for buffer overflows, format string vulnerabilities, and other errors that can subsequently be exploited; see http://www.cgisecurity.com/questions/securityfuzzer.shtml
6
Symantec Intelligence Quarterly
April - June 2010
Vulnerabilities in Flash are valuable to attackers. Flash is prolific and there are versions for virtually every browser on all
major operating systems. The wide distribution of Flash, combined with the number of affected operating systems, makes
it an appealing target for attackers. The return on investment for this vulnerability is very high, especially if it was
discovered using a fuzzer, because this often requires less time investment on the attacker’s part.
An exploitable weakness in Reader is also highly attractive to attackers because Reader is widely used for rendering PDF
files and PDFs can contain embedded content. For example, Reader can render an embedded Flash file inside a PDF.
Unlike JavaScript, there is currently no easy way to disable Flash from the user interface in Reader, which means the
process of mitigating a Flash vulnerability in Reader is difficult for less technical users.
Attacks
Upon initial disclosure of the vulnerability, Symantec identified two cases in the wild that exploited Web and PDF
documents, respectively. While these attacks exploited the same vulnerability, they did so in different products, with each
having a separate, specific goal. Both attacks appeared to use the same malicious Flash file, with only a slight variation
(the Flash file had to be tweaked slightly to be used either in a PDF or in a Web browser). Although they appeared to use
the same Flash file, each attack delivered a unique piece of malicious code using distinctly different pieces of shellcode.18
PDF
PDF-based
-based attack
While a good file format exploit19 will replace a malicious document with a benign one, post-exploitation, this particular
PDF attack made no such attempt. This could be a sign that the attacker was either not very sophisticated or was not
concerned about the vulnerability being discovered and fixed. An unpatched vulnerability is a commodity for an attacker.
There is a correlation between the number of people that know about an unpatched vulnerability and the value that it has.
For example, an unpatched vulnerability that is exploitable and known by only a select few people has high value, while
conversely, a vulnerability that is known by many and readily patched has low value. Often, once a bug is publicly known
and more attackers gain access to it, there will be a surge of attacks that attempt to exploit any remaining unpatched
systems. These attacks often lack the finesse of the original, with less regard for protecting the vulnerability because it is
already well known (at least to more knowledgeable users).
The shellcode in this attack made use of return oriented programming (ROP) techniques to disable Data Execution
Prevention (DEP) on Windows® XP systems, indicating some technical prowess. The malicious PDF was delivered to victims
as an email attachment, while the email message was crafted to lure the victim into opening the attached malicious PDF.
The malicious code installed by the PDF attack was unremarkable. It provided a rudimentary backdoor to attackers, but
did not include direct functionality to harvest credentials or obtain sensitive information in an automated fashion.
Web-based attack
The Web-based attack was tailored toward users of Microsoft Internet Explorer®. While the bug could be used against any
browser that supports Flash, due to the nature of the vulnerability, making it work on different browsers required
additional modifications. The way the Web-based attack was written implied a greater desire to protect the vulnerability.
Whoever developed the shellcode implemented a number of checks to ensure that the application terminated quickly and
without generating a crash report to leave few traces about the nature of the bug. Interestingly, high-quality exploits are
18-A shellcode is an assembly language program that executes a shell; shellcode can be used as an exploit payload
19-A file format exploit is a software exploit that makes use of a maliciously crafted file format used by the affected application
7
Symantec Intelligence Quarterly
April - June 2010
usually those that attempt to continue execution of the application uninterrupted. An application that terminates
immediately after loading a new file usually indicates that there is something amiss. Additionally, unlike the PDF-based
attack, the shellcode did not attempt to disable DEP.
The IEP
IEPeers-tar
eers-targeted
geted attack link
The shellcode used in the Web-based attack is eerily familiar to that used in the targeted attacks against the Microsoft
Internet Explorer® “iepeers.dll” Remote Code Execution Vulnerability,20 which occurred in March 2010 and which targeted
attacks against the Microsoft Internet Explorer® XML Handling Remote Code Execution Vulnerability.21 The only major
differences in this shellcode appeared to be reliability enhancements.
Attackers sharing and reusing shellcode is common and often not a definitive sign of the same exploit author; however,
there are some convincing similarities in the malicious code used in the two attacks. For example, once a computer is
compromised, the malicious code injects a DLL file named “wshipm.dll” into applications such as Internet Explorer®,
Firefox®, and Outlook®. Comparing this file at the binary level with the DLL that is used in the IEPeers targeted attack
shows a number of distinct similarities in the source code. This lends credibility to the possibility that the malicious code
in this attack is a derivative of the same malicious code used in the IEPeers targeted attacks. Whoever wrote the code for
this attack definitely had access to the source code for portions of the malicious code used in the IEPeers targeted attack.
As with the IEPeers attack, sensitive information can be harvested from the exploited applications and sent to the attacker
in a remote location.
Conclusion
While these attacks exploited the same vulnerability, they did so in different ways with different agendas. The Web-based
attack appears to be more tailored to obtaining sensitive information, while the PDF-based attack simply provided limited
backdoor functionality, possibly for building a bot network or for the later distribution of additional malicious code. The
Web-based attack appears to have been much more targeted and is far more sophisticated in both its attempts to hide the
vulnerability and its post-exploitation activity.
Overview: The Month of PHP Security
The disclosure of security vulnerabilities in software has historically been a contentious topic between security
researchers and software vendors. Vendors often do not want to publicly discuss security problems in their products on
the chance that doing so will harm sales, make customers unhappy, and give hackers a vector to target with an exploit.
Security researchers, even those who practice responsible disclosure, often feel frustration that vendors reveal few of the
details about vulnerabilities or hold the perception that some vendors do not take security seriously.
In 2006, the first Month of Bugs project was launched as a way to increase awareness of security vulnerabilities in Web
browsers.22 The Month of Browser Bugs was a series of exploits published every day for a month against Internet Explorer®,
Mozilla Firefox®, Apple Safari®, and Opera®. This project helped bring some publicity to browser security and may have
impelled vendors to fix the issues faster than they normally would have. Other researchers have since used this strategy to
help improve the security of various technologies; this includes the Month of Kernel Bugs, the Month of Apple Bugs, and
the Month of PHP Bugs. The latest installment, in May 2010, was the Month of PHP Security (MoPS).
20-http://www.securityfocus.com/bid/38615
21-http://www.securityfocus.com/bid/32721
22-http://www.hardened-php.net/
8
Symantec Intelligence Quarterly
April - June 2010
The purpose of MoPS was to improve the security of PHP and the PHP ecosystem by disclosing vulnerabilities in PHP and
PHP applications. The result was the disclosure of 60 security issues and the publication of a number of additional articles
about PHP application security or tools specific to PHP security. Notably, the majority of the disclosed issues are not
considered exploitable vulnerabilities, because a developer essentially must "attack themselves."
Most of the issues involved interrupting internal functions by using a deprecated feature known as call-time pass-byreference. These bugs require that the "allow_call_time_pass_reference" configuration option is enabled, that an attacker
has local access to his or her Web server, and that the server is configured to permit the execution of custom code.
Of the remaining issues, 10 apply to applications that use PHP:
• Campsite23 is prone to an SQL-injection vulnerability affecting the 'article_id' parameter;24
• ClanSphere25 is prone to SQL-injection vulnerabilities that affect the CAPTCHA generator and the MySQL driver;26
• Clantiger27 is prone to an SQL-injection vulnerability affecting the 's_email' parameter;28
• DeluxeBB29 is prone to an SQL-injection vulnerability affecting the 'memberid' cookie parameter;30
• eFront31 is prone to an SQL-injection vulnerability affecting the 'chatrooms_ID' parameter;32
• Xinha33 and Serendipity34 are prone to a vulnerability that permits attackers to upload arbitrary files;35
• Cacti36 is prone to an SQL-injection vulnerability affecting the 'rra_id' parameter;37
• CMSQlite38 is prone to an SQL-injection vulnerability and a local file-include vulnerability;39
• e10740 is prone to an SQL-injection vulnerability and a vulnerability that allows attackers to execute arbitrary
PHP code.41
The most serious of these issues is the arbitrary PHP code-execution vulnerability against e107, a popular content
manager. Proofs-of-concept are available and the issue has not yet been patched by the vendor. Administrators of
e107-based sites should disable bbcode functionality until a vendor patch is available. At the very least, restrict access to
trusted networks, deploy network intrusion detection, and be sure only to run the application as a non-privileged user.
In PHP itself, four vulnerabilities were reported:
• An integer-overflow vulnerability affects the 'php_dechunk()' function.42 This function is used to decode remote
HTTP chunked encoding streams. To exploit the issue, a PHP script must interact with a malicious Web server.
• Multiple vulnerabilities that allow code-execution affect the PHP ‘sqlite’ module.43 The vulnerabilities reside in
the 'sqlite_single_query()' and 'sql_array_query()' functions, and can be triggered if the 'rres' resource is not
properly initialized before it is used.
23-http://www.campware.org
24-http://www.securityfocus.com/bid/39862
25-http://www.clansphere.net/
26-http://www.securityfocus.com/bid/39896
27-http://www.clantiger.com/
28-http://www.securityfocus.com/bid/39917
29-http://www.deluxebb.com
30-http://www.securityfocus.com/bid/39962
31-http://www.efrontlearning.net/
32-http://www.securityfocus.com/bid/40032
33-http://trac.xinha.org/
34-http://www.s9y.org/
35-http://www.securityfocus.com/bid/40033
36-http://cacti.net/
37-http://www.securityfocus.com/bid/40149
38-http://www.cmsqlite.net
39-http://www.securityfocus.com/bid/40195
40-http://e107.org/news.php
41-http://www.securityfocus.com/bid/40202 and http://www.securityfocus.com/bid/40252
42-http://www.php.net
43-http://www.securityfocus.com/bid/39877
9
Symantec Intelligence Quarterly
April - June 2010
• Multiple format-string vulnerabilities affect the PHP 'phar' extension.44 The phar extension gives developers a
way to place entire PHP applications into a single file—i.e., a PHP archive. The vulnerabilities affect several
functions within the extension that supply unsafe data to the core 'php_stream_wrapper_log_error()' function.
PHP has addressed these issues with patches applied to the project's SVN repository.
• Multiple vulnerabilities affect the PHP 'Mysqlnd' extension.45 This native driver extension is a replacement for
the MySQL client library libmysql.
The four reported vulnerabilities consist of three buffer-overflow vulnerabilities and an information-disclosure issue that
lets attackers harvest the contents of heapbased memory.
Only the issues affecting the 'phar' extension have been addressed by PHP so far. PHP administrators should implement
the following mitigations:
• Run PHP with the least privileges possible;
• Deploy NIDS to monitor network traffic for signs of malicious activity;
• Implement nonexecutable and randomly mapped memory segments if possible;
• Restrict access to PHP-based sites to trusted networks and computers only.
• PHP servers can be made more secure in general by disabling global variables, using a chroot jail, and
restricting file uploads.
44-http://www.securityfocus.com/bid/40013
45-http://www.securityfocus.com/bid/40173
10
Symantec Intelligence Quarterly
April - June 2010
Credits
Marc Fossi
Dean Turner
Executive Editor
Director, Global Intelligence Network
Manager, Development
Security Technology and Response
Security Technology and Response
11
Amanda Andrews
Eric Johnson
Editor
Editor
Security Technology and Response
Security Technology and Response
Trevor Mack
Téo Adams
Editor
Threat Analysis Engineer
Security Technology and Response
Security Technology and Response
Joseph Blackbird
Brent Graveland
Threat Analyst
Threat Analyst
Security Technology and Response
Security Technology and Response
Darren Kemp
Debbie Mazurek
Threat Analyst
Threat Analyst
Security Technology and Response
Security Technology and Response
About Symantec
Symantec is a global leader in providing security,
storage and systems management solutions to help
consumers and organizations secure and manage
their information-driven world. Our software and
services protect against more risks at more points,
more completely and efficiently, enabling
confidence wherever information is used or stored.
For specific country offices
Symantec World Headquarters
and contact numbers, please
350 Ellis St.
visit our website.
Mountain View, CA 94043 USA
+1 (650) 527 8000
1 (800) 721 3934
www.symantec.com
Symantec helps organizations secure and manage
their information-driven world with security
management, endpoint security, messaging security
and application security solutions.
Copyright © 2010 Symantec Corporation. All rights
reserved. Symantec and the Symantec Logo are
trademarks or registered trademarks of Symantec
Corporation or its affiliates in the U.S. and other
countries. Other names may be trademarks of their
respective owners.
NO WARRANTY. The information in this document is
being delivered to you AS-IS and Symantec
Corporation makes no warranty as to its accuracy or
use. Any use of the information contained herein is at
the risk of the user. This document may include
technical or other inaccuracies or typographical
errors. Symantec reserves the right to make changes
without prior notice.
7/2010 21072009
Related documents
2014 Year of the Mega Breach
2014 Year of the Mega Breach
Digital vulnerabilitz atlas of South Asia [PPT, 2.05
Digital vulnerabilitz atlas of South Asia [PPT, 2.05
Abstract
Abstract
An extended misuse case notation
An extended misuse case notation
The Elderwood Project
The Elderwood Project
IMT 551 Foundations of Organizational INFORMATION ASSURANCE
IMT 551 Foundations of Organizational INFORMATION ASSURANCE
BILL ANALYSIS
BILL ANALYSIS
WP6: Water resources vulnerability to climatic change
WP6: Water resources vulnerability to climatic change
Download