[SecurityRatty] tag: symantec

Symantec's vision...

Fri, 10 Oct 2008 07:24:00 +0000

And so it begins...

Symantec bought out MessageLabs and is (in their own words) "combining MessageLabs’ deep expertise in the SaaS market with Symantec’s rich portfolio of technologies".

The interesting thing is that Symantec does not really lead in the anti-virus market (in terms of quality, not market share. All antivirus products are about the same) or antispam (MessageLabs is excellent here).

So, what could they possibly bring to the party that MessageLabs doesn't already have?

DLP.

MessageLabs has DLP but it is very simple and not really worth very much. The framework is certainly there though. Add some good DLP and voila - you have a product that is worth something.

Links for 2008-10-08 [del.icio.us]

Wed, 08 Oct 2008 20:00:00 +0000

M&A Patterns in the Security Space

Wed, 08 Oct 2008 10:12:27 +0000

Mergers and acquisitions in the information security industry always come in waves, just like they do in the IT industry. After every wave, there is always talk of "consolidation" and "enterprises want one stop shopping" and that talk is always proven wrong. Just as in the overall IT industry, the majority of mergers and acquisitions do not succeed and the ones that do are all about rationalization, not consolidation adjacent areas of the market coming together into platforms that make sense to deliver security controls that have lower total cost of ownership to deal with older threats or provide more effective security against evolving threats.

There are some clear failure patterns for mergers and acquisitions in the security space:

Those that only have the single vendor argument as justification see Symantec exiting the network security space it got by acquiring Raptor and Recourse and CA selling what was left of SilentRunner.
Those that are essentially two sinking ships roping themselves together too numerous to mention.

Some clear patterns that can lead to success:

Host or network based security "platforms" acquiring technology to add protection vs. building it themselves: firewall companies acquire and integrate network IPS, AV companies acquiring anti-spyware and host-based IPS to integrate into end point protection platforms.
Major IT platform companies acquiring let the good guys in technology such as IAM products to embed access control and authentication capabilities into these business-driven products

Easily six out of 10 mergers fit the failure pattern. Plus, after every wave of acquisitions, for every company that disappears two or three new ones pop up. That's one of the reasons why the information security space is so interesting and complex between changing threats, changing business practices, and changing technology, nothing stays still.

Symantec to buy e-mail security vendor MessageLabs

Wed, 08 Oct 2008 00:00:00 +0000

Symantec said today it will pay $695 million for MessageLabs, a security vendor that filters out spam and malicious Web traffic. The deal is expected to close by the end of December.

Symantec to buy e-mail security vendor MessageLabs

Tue, 07 Oct 2008 20:00:00 +0000

Symantec will pay US$695 million for MessageLabs, a security vendor that offers a hosted spam and Web traffic filtering service.

Symantec updates DLP endpoint, antispam gateway

Mon, 06 Oct 2008 20:00:00 +0000

Symantec plans to release updated versions of its antispam gateway and data-loss-prevention agent.

Symantec tests a 'Net watchdog for kids

Thu, 02 Oct 2008 20:00:00 +0000

Symantec has developed a new online service to protect children from Internet dangers.

A Diverse Portfolio of Fake Security Software - Part Seven

Tue, 30 Sep 2008 12:35:15 +0000

In case you haven't heard - Microsoft and the Washington state are suing a U.S based -- naturally -- "scareware" vendor Branch Software :

"We won't tolerate the use of alarmist warnings or deceptive 'free scans' to trick consumers into buying software to fix a problem that doesn't even exist," Washington Attorney General Rob McKenna said. "We've repeatedly proven that Internet companies that prey on consumers' anxieties are within our reach."

Sadly, Branch Software is the tip of the iceberg on the top of the affiliates participating in different affiliation based programs, which similar to IBSOFTWARE CYPRUS and Interactivebrands, which I've been tracking down for a while, are the aggregators of scareware that popped up on the radars due to their extensive portfolios. These three companies offering software bundles or plain simple fake software, are somewhere in between the food chain of this ecosystem, with the real vendors paying out the commissions on a per installation basis slowly starting to issue invitation codes that they've distributed only across invite-only forums/sections of particular forums.

Behind these brands is everyone that is participating in the franchise and is putting personal efforts into monetizing the high payout rates that the fake security software vendor is paying for successful installation. These high payout rates -- with the financing naturally coming straight from other criminal activities online -- are in fact so high, that I can easily say that the last two quarters we've witnesses the largest increase of such domains ever, and they're only heating up since the typosquatting possibilities are countless and they seem to know that as well.

It's important to point out that their business model of acquiring traffic is outsourced to all the affiliates that do the blackhat SEO, SQL injections, web sessions hijacking of malware infected hosts in order to monetize, so basically, you have an affiliates network whose actions are directly driving the growth into all these areas. Throwing money into the underground marketplace as a "financial injection", is proving itself as a growth factor, and incentive for innovation on behalf of all the participants.

Here are some of the most recent fake security software domains, a "deja vu" moment with a known RBN domain from a "previous life" that is also parked at one of the servers, and evidence that typosquatting for fraudulent purposes is still pretty active with a dozen of Norton Antivirus related domains, some of which have already started issuing "fake security notices" by brandjacking the vendor for traffic acquisition purposes.

Antivirus-Alert .com (203.117.111.47) where pepato .org a domain that was used in the Wired.com and History.com IFRAME injections, which back in March was also hosted at Hostfresh (58.65.238.59).

softload2008name .com (78.157.143.250)
softload2008nm .com
softload2008n .com
softload2008jq .com

microantivir-2009 .com (91.208.0.223)
scanner.microantivir-2009 .com
microantivir2009 .com
microantivirus-2009 .com
microantivirus2009 .com

ms-scan .com (91.208.0.228)
msscanner .com
ms-scanner .com

Personalantispy .com (93.190.139.197)
freepcsecure .com
quickinstallpack .com
quickdownloadpro .com
advancedcleaner .com
performanceoptimizer .com
internetanonymizer .com

ieprogramming .com (92.62.101.83)
uptodatepage .com
fileliveupdate .com
qwertypages .com
sharedupdates .com
ierenewals .com

norton-antivirus-alert .com
norton-anti-virus-2007 .com
norton-antivirus-2007 .com
norton-antivirus2007 .com
nortonantivirus2007 .com
norton-antivirus-2008 .com
nortonantivirus2008 .com
nortonantivirus2008freedownload .com
norton-antivirus-2009 .com
nortonantivirus2009 .com
norton-antivirus-2010 .com
nortonantivirus2010 .com
nortonantivirus360 .com
nortonantivirus8 .com
nortonantivirusa .com
nortonantivirusactivation .com
norton-antivirus-alert .com
nortonantivirusalerts .com
norton--anti-virus .com
norton-anti-virus .com
norton-antivirus .com
nortonanti-virus .com
nortonantivirus.com
nortonantiviruscom .com
nortonantiviruscorporate .com
nortonantiviruscorporateedition .com
nortonantiviruscoupon .com
nortonantivirusdefinition .com
nortonantivirusdefinitions .com
nortonantivirusdirect .com

Fake Antivirus Inc. is not going away as long as the affiliate based model remains active. If the real vendors were greedy enough not to share the revenues with others, they would have been the one popping up on the radar, compared to the situation where it's the affiliate network's participations greed that's increasing their visibility online.

Related posts:
A Diverse Portfolio of Fake Security Software - Part Six
A Diverse Portfolio of Fake Security Software - Part Five
A Diverse Portfolio of Fake Security Software - Part Four
A Diverse Portfolio of Fake Security Software - Part Three
A Diverse Portfolio of Fake Security Software - Part Two
Diverse Portfolio of Fake Security Software
Cybersquatting Symantec's Norton AntiVirus
Cybersquatting Security Vendors for Fraudulent Purposes
Fake Porn Sites Serving Malware - Part Three
Fake Porn Sites Serving Malware - Part Two
Fake Porn Sites Serving Malware
EstDomains and Intercage VS Cybercrime
Fake Security Software Domains Serving Exploits
Localized Fake Security Software
Got Your XPShield Up and Running?
Fake PestPatrol Security Software
RBN's Fake Security Software
Lazy Summer Days at UkrTeleGroup Ltd
Geolocating Malicious ISPs
The Malicious ISPs You Rarely See in Any Report

Justin Somaini is Blogging

Thu, 25 Sep 2008 13:57:35 +0000

My good friend Justin Somaini the CSO of Symantec is now blogging!

QuickTime Crashing Zero-day Attack Code Published, Malicious Code Execution Possible

Thu, 18 Sep 2008 10:57:04 +0000

According to Aaron Adams, a Symantec Corp.’s DeepSight threat notification network researcher, new attack code that exploits an unpatched vulnerability in Apple Inc.’s QuickTime was published on milw0rm.com in Tuesday, just a week after the company updated the media player to plug nine other serious vulnerabilities. The exploit takes advantage of a flaw in the “<? [...]