Emerging Threats

Emerging IT Security Threats. See how the IT Security threat landscape is changing

If you are a user of Norton Antivirus software, this is not the news you want to hear. According to reports Symantec has confirmed that they were compromised by a group of hackers known as “The Lords of Dharmaraja”.  This hacking group claim they have possession of the Norton Antivirus source. According to Symantec the code is from old Norton versions, some ov which are no longer sold.

The hacking group made claim that they will publishing the source code on line. The fear is that other hackers will use this information to craft virus/code to exploit the antivirus. Knowing how the software identifies malicious processes could allow a hacker to work around it. However the potential damage this code can cause is only something Symantec knows.

We have seen some reports that claim the code was not stolen from Symantec directly but from a Third Party.

The hackers claim to be from India and call themselves The Lords of Dhamaraja.


  1. —   ——–  —–  
  2. \  \ \ \_\   \/  /\ \
  3.  \  \ \ \_\  / \ \_\ \
  4.  /  _\/_/  \_\  \_\ \_\,,,^++^,,,
  5. /__/TEAM++The Lords of Dharmaraja++
  6. Releze 003+
  7. +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Now we release confidential documentation we encountered of Symantec corporation and it’s Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies


The Stuxnet Worm was first discovered in July 2010 by a security firm in Belarus, but did not make global headlines until months later when Iranian state media announced the Middle East nation had been the target of a coordinated attack.

The Stuxnet worm was "the first of its kind. It was written to specifically target mission critical control systems running a specific combination of software and hardware.

There are a lot of concerns that the Stuxnet worm could be altered to attack key components of any nation's infrastructure, from electricity grids to oil rigs.

Many experts believe that the Stuxnet worm was only the beginning of a new kind of cyber attacks against critical infrastructure.

It’s quite possible the in 2011 or 2012 that we will see copycat versions of Stuxnet been used by terrorists to try and cripple the infrastructure of some of the major powers.

Where do we draw the line between protecting user and putting users at risk? Has data protection stepped across the line and because our data protection experts have been so busy protection our data that they have now put laws in place the protect criminals and buy putting our data at risk?

According to a study from McAfee, cyber thieves are increasingly targeting intellectual property.  Some attackers are specializing in stealing data from corporate computer systems.  In particular, information thieves seem to be looking for trade secrets, research and development reports, marketing plans and source code.  The report also noted that many companies are not taking adequate measures to protect information and are not going public with news of data security breaches.  Of the companies that reported experiencing a data security breach, just half said they had taken steps to improve cyber security.


Read More

Spotify has apologized for an attack that exposed users of the free version of its music streaming service in Europe to malware through tainted  advertisements.  The ads served content that attempted to infect users' machines with scareware.  Spotify disabled third-party advertisements on Friday, March 25 after learning of the problem.  The company isolated and removed the offending ad, and service was back to normal in the next few days.

NSS Labs, Inc., a leading independent security testing organization, announced the release of two test reports of Endpoint Protection Products (EPP). The reports reveal new shortcomings in these widely deployed products. They cover multi-vector attacks (malware delivered from the web, email, network file sharing and USB flash drives), memory-only attacks, and anti-evasion techniques.

Key findings from the reports show:

  • Malware caught via one entry point may not be detected when introduced via another entry point. E.g. malware that is detected via a web download could be missed if downloaded from a USB drive or network file server.
  • Products missed between 10% and 60% of the evasions typically used by cybercriminals.
  • Less than a third of the tested vendors had protection for memory-only malware, leaving a significant evasion gap in their products.

All of the products tested had been certified by multiple organizations. However, traditional antivirus test and certification labs are simply not performing this level of gloves-off testing. Enterprises basing purchasing decisions off such vendor-funded reports are therefore blind to the holes in their endpoint security defences.

“IT organizations worldwide have a false sense of security in part due to tests that have been too easy,” said Vik Phatak, CTO, NSS Labs. “Our test results point towards the need for more realistic testing based on what cybercriminals are actually doing to breach corporate defences.”

Read More

This is an update to our previous post :http://www.securityitrust.com/computer-fixing-scam-over-the-phone/

The latest call we observer are from a group that claim to be from a company called "Online PC Care".
On the phone they claim that they are a not part of a scam and that another group is also calling people and pretending to be their company. When asked where they got the phone number for Irish people and details of the Irish people they are calling they were using the phone directory. When asked why they had called the same numbers more that 10 time and harassing people the Indian agent claims that this was not true. She said that the call must be from a company pretending to them.

So “Online PC Care” want us to believe that there is another identical group of people from India using the same sales pitch and pretending to be them. What else could you expect them to say. So I responded by making the agent aware of the Irish telephone regulation, and if here company was not harassing Irish home user could she explain why she was calling a number that was listed as not open to marketing call. I also pointed out to her about the sexual comment used to insult people who did not want to give out and info on their PC by some of the male callers.
From all the call we have listening in on, and also from people who were are aware of that received these call, they all report that the called had an accent that sounder Indian and that despite giving different company name all claimed they were from India.
Reports from US and UK about this scam are also saying that the caller had Indian accents.


Here are some examples of these calls by People who recoded their phone call with the group carrying out these scams.

Scam onlinepccare.com call – The Highlights! 1/3 Scam onlinepccare.com call – The Highlights! 2/3 Scam onlinepccare.com call – The Highlights! 3/3 SupportOnClick Scareware Scam Call part (2/4) SupportOnClick Scareware Scam Call part (3/4) SupportOnClick Scareware Scam Call part (4/4) MICROSOFT COMPUTER SUPPORT SCAM Technical Support Phone Investigation by SymantecScam Microsoft warns computer owners of phone scam PC tech support cold-calling scam




So if this  Online PC Care is a valid company they why would the contact person behind their domain registration be using a Gmail email address. A private individual with a person website might use a Gmail email address but for a company this would appear to be on the unprofessional side. The Gmail address supplied is actually bogus because   ******@gmail.com is not a valid  email address from Gmail. When we looked further in the DNS registration the billing details pointed us to the domain sifcorp.com



Registration Service Provided By: SIFY

Contact: +091.4422540770

Website: http://www.sifycorp.com





    M.K.Shah        ********@gmail.com)

    835,Pblock new alipore


    West bengal,700053


    Tel. +091.3340101614


Creation Date: 12-Aug-2009 

Expiration Date: 12-Aug-2012


Domain servers in listed order:





Administrative Contact:


    M.K.Shah        ********@gmail.com)

    835,Pblock new alipore


    West bengal,700053


    Tel. +091.3340101614


Technical Contact:


    M.K.Shah        ********@gmail.com)

    835,Pblock new alipore


    West bengal,700053


    Tel. +091.3340101614


Billing Contact:

    Sify Limited

    Sify Limited        ***********@sifycorp.com)

    Second Floor, Tidel Park

    No. 4 Canal Bank Road,Taramani


    Tamil Nadu,600113


    Tel. +091.04422540770




The British royal family announced yesterday that Prince William would marry Kate Middleton next year. With an event like this, everyone would naturally be searching the internet for information on the event, so cyber criminal have seen this as an opportunity to take advantage of the news coverage. People who searched for “Kate Middleton” , “Images for Kate Middleton” were ending up on web pages that infected their PC.
According to Websense 22.4% of all searches for current news leads to malicious search results

Attackers have infected over 1 million cell phones in China with a malware virus. The virus sends out text messages automatically. When the malware infects the phones, it sends out information about the infected device SIM cards to the attackers. With the SIM information, the hacker can remotely send messages from the infected mobile phones.

The criminal behind this virus appear to be using this as way to make money because the phones are texting premium-rate numbers.

The virus spreads by texting everyone in the user’s phone book. So far it has been estimates that this virus has cost users over €220,000 Euro