Sunday, June 29, 2008

Storm Spreads Under Love Theme Again

Over a week ago MX Logic wrote in their security blog about new Storm worm variant claiming news of a new earthquake in China. Now a bunch of new domains has been added to spread Storm. Theme of Storm spam messages has been changed to love which is common theme for earlier Storm variants.

Below is an example of these new Storm messages:

From:
Date: 2008/6/29
Subject: Missing you


Missing you hxxp://latinlovesite.com/



Thus far identified domains are:
theloveparade.com NS ns5.lollypopycandy.com
latinlovesite.com NS ns5.lollypopycandy.com
youronlinelove.com NS ns5.lollypopycandy.com
yourloveletter.com NS ns5.lollypopycandy.com
makinglovedirect.com NS ns5.lollypopycandy.com
lollypopycandy.com NS ns5.lollypopycandy.com


It's difficult say how long this new theme will be used. China earthquake theme lasted from 6/18/2008 to 6/27/2008 so this new 'old' theme may not last much longer either.

Wednesday, June 25, 2008

Updates For Adobe Reader And Acrobat Products

Adobe has released updates for their PDF handling Acrobat and Reader products. Update fixes vulnerability which can be used by luring the user to open attacker's modified specific PDF file. Vulnerability provides attacker to execute own code remotely.

Vulnerable versions are Adobe Reader versions before 7.1.0 and versions 8.0 - 8.1.2. Adobe Acrobat versions before 7.1.0 and versions 8.0 - 8.1.2 are vulnerable too.

Users are recommended to update their software according to Adobe's instructions.

Saturday, June 21, 2008

Update For Safari For Windows Web Browser Released

There's been released an update for Windows version of Safari web browser. This update fixes four vulnerabilities.

  • Viewing a maliciously crafted BMP or GIF image may lead to information disclosure

  • Saving untrusted files to the Windows desktop may lead to the execution of arbitrary code

  • Visiting a malicious website which is in a trusted Internet Explorer zone may lead to the automatic execution of arbitrary code

  • A memory corruption issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.


Safari users are instructed to update their versions to 3.1.2 version.

More information about update can be read on Apple's site.

Source

Thursday, June 19, 2008

Vulnerability In Mozilla Firefox Web Browser

There's been reported about a vulnerability in Mozilla Firefox web browser. Vulnerability can be exploited by malicious people to compromise a vulnerable system.


The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code e.g. when a user visits a specially crafted web page.

Vulnerable versions are at least versions 3.0 and 2.0.x. Other versions may be affected too.

At the moment there isn't a fix for this vulnerability available. Users are instructed not to follow untrusted links nor browse untrusted web sites.

Source

Wednesday, June 18, 2008

FireFox 3 Final Released

Mozilla has released final version of its FireFox 3 web browser. There're over 15,000 changes made in total containing also security improving changes. New features for making FireFox 3 more secure are:

  • One-click site info: Click the site favicon in the location bar to see who owns the site and to check if your connection is protected from eavesdropping. Identity verification is prominently displayed and easier to understand. When a site uses Extended Validation (EV) SSL certificates, the site favicon button will turn green and show the name of the company you're connected to.

  • Malware Protection: malware protection warns users when they arrive at sites which are known to install viruses, spyware, trojans or other malware.

  • New Web Forgery Protection page: the content of pages suspected as web forgeries is no longer shown.

  • New SSL error pages: clearer and stricter error pages are used when Firefox encounters an invalid SSL certificate.

  • Add-ons and Plugin version check: Firefox now automatically checks add-on and plugin versions and will disable older, insecure versions.

  • Secure add-on updates: to improve add-on update security, add-ons that provide updates in an insecure manner will be disabled.

  • Anti-virus integration: Firefox will inform anti-virus software when downloading executables.

  • Vista Parental Controls: Firefox now respects the Vista system-wide parental control setting for disabling file downloads.

  • Effective top-level domain (eTLD) service better restricts cookies and other restricted content to a single domain.

  • Better protection against cross-site JSON (JavaScript Object Notation) data leaks.


More information about new features in FireFox 3 Release Notes.

Monday, June 16, 2008

New Version of Opera Web Browser Released

There has been released a new version of Opera web browser. Released version contains fixes to a couple of vulnerabilities and also some new security features like a support for EV-certificates (Extended Validation Certificates).

Opera users are advised to update their browsers to this latest 9.50 version.

Full changelog for Opera 9.5 Windows version can be found here.

Friday, June 13, 2008

Gpcode Returns

Security company Kaspersky tells in its blog that there's been detected a new variant of Gpcode. Gpcode is a dangerous file-encryptor which encrypts a whole variety of user files, targeting files with extensions such as DOC, TXT, PDF, XLS, JPG, PNG, CPP, H. First version of Gpcode was seen in 2006.

Gpcode.ak, as Kaspersky calls it, encrypts files of infected machine using RSA encryption with public key coded in the malware itself. These encrypted files can only be decrypted by using private, 1024 bit key that in this case is in possession of the author or the owner of Gpcode. It's estimated that cracking that key would take 15 million modern computers running for about a year.

Kaspersky recommends to enable all possible anti-malware components that are installed in the system since it's unclear at the moment how the virus spreads.


If following picture appears on the screen then it's possible that system has gotten infected with Gpcode:


In those cases users are advised to keep their systems on and contact Kaspersky (stopgpcode@kaspersky.com) through clean system telling details about the infection: exact time and date that system got infected and what had been done during last 5 minutes before the infection (what programs were run, what web sites were visited etc).



To keep people up-to-date on the situation Kaspersky has set up dedicated forum.

Thursday, June 12, 2008

Vulnerability In OpenOffice.org Software

There's been found a vulnerability in OpenOffice.org software file handling. Vulnerability may allow a remote unprivileged user who provides a OpenOffice.org document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running OpenOffice.org.

Vulnerable are OpenOffice.org versions between 2.0 and 2.4. Users of these versions are instructed to update their software to version 2.4.1.

More information here.

Tuesday, June 10, 2008

New Version of Apple QuickTime Released

Apple has released version 7.5 of QuickTime Player. This version fixes several vulnerabilities related to picture, audio and video content handling. These vulnerabilities make it possible to cause an unexpected application termination and give rights for arbitrary code execution.

Vulnerable versions are all versions below 7.5. Users are advised to update their software according to the instructions here.

Monday, June 9, 2008

New Updates For Windows Coming On Tuesday

Microsoft is going to release new updates for Windows operating systems. Update packet to be released tomorrow (Tuesday 10th of June) include seven updates. Three of the updates are critical, another three important and one moderate.

Critical updates fix vulnerabilities in Bluetooth connections, DirectX graphics and Internet Explorer browser.

In practice, found vulnerabilities affect all supported Windows operating systems. Critical vulnerabilities affect also to Windows Vista. Windows Server 2008 operating system with Server Core installation is only affected by Internet Explorer's vulnerability.


For more information about these coming updates please see
Microsoft Security Bulletin Advance Notification for June 2008.

Thursday, June 5, 2008

McAfee's Report Identifies Dangerous Web Domains

McAfee has released it's "Mapping the Mal Web Revisited" report. Now in its second year report tries to identify the domains populated with the highest concentration of risky sites.

McAfee found the most dangerous domains to navigate to are ".hk" (Hong Kong), ".cn" (China) and ".info" (information). Of all ".hk" sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors; it flagged 11.8 percent of ".cn" sites and 11.7 percent of ".info" sites that way. The most popular domain, .com, is the ninth riskiest overall with a little over five percent share.

The least-risky domain names are ".fi" (Finland), ".gov" (government use) and ".jp" (Japan). ".fi" was the safest domain also last year. This time 0.05 percent of ".fi" domain sites were flagged dangerous, as much as government sites in ".gov" domain. Of ".jp" domain sites 0.13 percent were flagged potentially dangerous.



Source

Wednesday, June 4, 2008

Service Pack 3 For Windows XP Contains Vulnerable Flash

Last week there was much discussion about Flash vulnerabilities and surprise, it's subject also now. It's been found out that XP service pack 3 (SP3) installs an older vulnerable version of the flash player (9.0.115.0). That makes SP3 users vulnerable to these vulnerabilities fixed in 9.0.124.0 version. Microsoft has documented this in its security bulletin MS06-069

SP3 users are advised to update their Flash players according to Adobe's instructions.

Source

Tuesday, June 3, 2008

Vulnerabilities In VMWare Software

There's been found two vulnerabilities in VMWare software. Both make it possible to execute attacker's code on workstation. First one is in folder handling and the other one in VMCI (Virtual Machine Communication Interface) functionality.

Vulnerable software:
- VMware Workstation 6.0.3 and earlier versions
- VMware Player 2.0.3 and earlier versions
- VMware ACE 2.0.3 and earlier versions
- VMware Fusion 1.1.1 and earlier versions

VMware has released new versions which can be downloaded from the links below:
- VMware Workstation 6.0.4
- VMware Player 2.0.4
- VMware ACE 2.0.4
- VMware Fusion 1.1.3


More information regarding found two vulnerabilities and their fixes can be read here.

Monday, June 2, 2008

Web Attacks Are Concentrated - China And USA The Worst Ones

New report tells that attacks in internet keep concentrating strongly to a couple of countries. On the top of the list is China and a bit surprisingly the United States is on the second place. It looks though that there's a reason for this phenomenon.

The report has been collected by web technical company Akamai which has servers over the world. According to Akamai 17 (16.77) percentage of attacks came from China on the first quarter of 2008. Attacks from the United States was 14 (14.33) percentage.

Attacks seem to concentrate since 75% of them came from 10 countries. For example Japan (3.56), Brazil (4.75), Argentina (5.65), Venezuela (8.89) and Taiwan (11.82) are on this list.

Akamai tells that big amount of attacks are from malware programs that are years old. New protectors should basically catch these easily. This may tell that base of the attacks is a large pool of Windows systems which security is left without attention.