Security company McAfee made a research for the most dangerous search terms. The research was made with more than 2,500 popular keywords. The report shows that chances to end up browsing malicious site are the highest with terms like "free music downloads" or "screensaver". The most dangerous search terms varied a lot between the countries.
The report can be viewed here.
Sunday, May 31, 2009
Friday, May 29, 2009
Vulnerability In DirectShow Component Of DirectX
There has been found a vulnerability in DirectShow component of Microsoft DirectX. The vulnerability is related to handling of QuickTime media file. By luring a user to open specially crafted QuickTime media file an attacker may be able to execute arbitrary code in target system. According to Microsoft the vulnerability has been exploited in attacks.
Affected software:
* Windows 2000 SP4, DirectX 7.0, 8.1 and 9.0 versions
* Windows XP SP2 and SP3, DirectX 9.0 version
* Windows Server 2003 SP2, DirectX 9.0 version
Microsoft says that the vulnerability doesn't affect different versions of Windows Vista or Windows Server 2008.
More information (including available workarounds) can be read from correspondent Microsoft Security Advisory.
Affected software:
* Windows 2000 SP4, DirectX 7.0, 8.1 and 9.0 versions
* Windows XP SP2 and SP3, DirectX 9.0 version
* Windows Server 2003 SP2, DirectX 9.0 version
Microsoft says that the vulnerability doesn't affect different versions of Windows Vista or Windows Server 2008.
More information (including available workarounds) can be read from correspondent Microsoft Security Advisory.
Thursday, May 28, 2009
MessageLabs Intelligence Report: May 2009
MessageLabs has published their Intelligence report that sums up the latest threat trends for May 2009.
Report highlights:
• Spam – 90.4% in May (an increase of 5.1% since April)
• Viruses – One in 317.8 emails in May contained malware (a decrease of 0.01% since April)
• Phishing – One in 279.0 emails comprised a phishing attack (an increase of 0.11% since April)
• Malicious websites – 1,149 new sites blocked per day (a decrease of 67.7% since April)
• Spammers continue to abuse reputable domains and web-based malware more likely to be found on older domains
• Geographic location determines at what time of day you receive spam
• “Russian” spam squarely rooted in Cutwail botnet
The report can be found here.
Report highlights:
• Spam – 90.4% in May (an increase of 5.1% since April)
• Viruses – One in 317.8 emails in May contained malware (a decrease of 0.01% since April)
• Phishing – One in 279.0 emails comprised a phishing attack (an increase of 0.11% since April)
• Malicious websites – 1,149 new sites blocked per day (a decrease of 67.7% since April)
• Spammers continue to abuse reputable domains and web-based malware more likely to be found on older domains
• Geographic location determines at what time of day you receive spam
• “Russian” spam squarely rooted in Cutwail botnet
The report can be found here.
Monday, May 25, 2009
Scammers Fool P2P Users With Fake P2P Download Booster
What would be attractive enough to trick heavy P2P users? Of course a program that makes it possible to download torrents faster than normally. Scammers are taking advantage of that and post spam messages to torrent forums advertising Bittorrentbooster program that they say will take download speeds to totally new level. In truth the program doesn't improve download speeds but installs aggressive advertising program.
Full story here.
Full story here.
Sunday, May 24, 2009
Google Users Targeting Gumblar Worm Spreads Fast
"A computer virus that targets Google users is mutating rapidly, turning it into what some are calling the biggest threat to online security today," writes The Guardian.
Gumblar worm exploits vulnerabilities in some unpatched Adobe PDF Reader and Flash player versions. After infecting the system the worm redirects victim's Google search results to sites that serve malware or allow criminals to do "phishing" attacks to steal login details.
The worm has been spreading for a while already but recently its authors changed attacking method so that malicious code is downloaded from a China based website. New techniques have also been developed to avoid worm getting detected.
According to security company Sophos the spread of Gumblar has over doubled itself in a week. The worm was responsible for 42% of all cases of malicious code found on websites.
US-Cert has issued a related warning about Gumblar. Security company ScanSafe recommends that people concerned about the security of their own sites should visit a third-party site called "Unmask Parasites".
Gumblar worm exploits vulnerabilities in some unpatched Adobe PDF Reader and Flash player versions. After infecting the system the worm redirects victim's Google search results to sites that serve malware or allow criminals to do "phishing" attacks to steal login details.
The worm has been spreading for a while already but recently its authors changed attacking method so that malicious code is downloaded from a China based website. New techniques have also been developed to avoid worm getting detected.
According to security company Sophos the spread of Gumblar has over doubled itself in a week. The worm was responsible for 42% of all cases of malicious code found on websites.
US-Cert has issued a related warning about Gumblar. Security company ScanSafe recommends that people concerned about the security of their own sites should visit a third-party site called "Unmask Parasites".
Thursday, May 21, 2009
Possible Vulnerability In Microsoft Internet Information Server (IIS)
Microsoft tells that it's investigating reports of possible vulnerability in Microsoft IIS. "An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication."
More information:
http://www.microsoft.com/technet/security/advisory/971492.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1535
http://www.auscert.org.au/render.html?it=11001
http://isc.sans.org/diary.html?storyid=6397
http://www.milw0rm.com/exploits/8704
More information:
http://www.microsoft.com/technet/security/advisory/971492.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1535
http://www.auscert.org.au/render.html?it=11001
http://isc.sans.org/diary.html?storyid=6397
http://www.milw0rm.com/exploits/8704
Friday, May 15, 2009
Rogue Antivirus Program Takes System A Hostage
McAfee writes in their blog about fake antivirus program, branded as System Security 2009 and detected as FakeAlert-CO, that disables ability to run any application if user doesn't pay activation of the rogue. User is offered two subscription types: 2 year license for $49.95 or lifetime support license at a "discount". Rogue product website is made to look professional trying to make user more convinced.
Removal of the rogue is tricky since it doesn't offer remove -option and it doesn't appear in add/remove programs -window. Removal has to be done by rebooting system into safe mode and then remove it there.
Removal of the rogue is tricky since it doesn't offer remove -option and it doesn't appear in add/remove programs -window. Removal has to be done by rebooting system into safe mode and then remove it there.
Wednesday, May 13, 2009
Adobe Reader & Acrobat Updates Available
Adobe has released fixes for two vulnerabilities which were reported a few weeks ago.
Instructions for updating can be found in the correspondent Adobe Security bulletin.
Instructions for updating can be found in the correspondent Adobe Security bulletin.
Tuesday, May 12, 2009
Security Update Of May 2009 From Microsoft
Microsoft has released an update (MS09-017) that fixes 14 vulnerabilities in Microsoft Office PowerPoint. The Update is categorized as critical. By luring user to open specially crafted PowerPoint file an attacker may have a possibility to execute arbitrary code in target system.
New version of Microsoft Windows Malicious Software Removal Tool was released too.
More information of the update can be read from here.
For consumer the easist way to get the update is to use Microsoft automatic update service.
New version of Microsoft Windows Malicious Software Removal Tool was released too.
More information of the update can be read from here.
For consumer the easist way to get the update is to use Microsoft automatic update service.
Saturday, May 9, 2009
PDF Most Used File Type In Targeted Attacks At The Moment
F-Secure have published in their Weblog some results related to file types used in targeted attacks.
In 2008 they identified about 1968 targeted attack files. The most popular file type was DOC (Microsoft Word) having 34.55% of the files. The second common was PDF (Adobe Acrobat Reader) 28.61% share. This year, F-Secure have discovered 663 targeted attack files and the most common file type has been PDF with 48.87% of the files. DOC is now second common with 39.22% share.
According to F-Secure explanation for this is mainly cos Adobe Acrobat & Reader have had more vulnerabilities than Microsoft Office applications. Two vulnerabilities are still waiting for patching. Adobe expects to have resolving updates ready by May 12th, 2009.
F-Secure's video about targeted attacks is watchable in YouTube.
In 2008 they identified about 1968 targeted attack files. The most popular file type was DOC (Microsoft Word) having 34.55% of the files. The second common was PDF (Adobe Acrobat Reader) 28.61% share. This year, F-Secure have discovered 663 targeted attack files and the most common file type has been PDF with 48.87% of the files. DOC is now second common with 39.22% share.
According to F-Secure explanation for this is mainly cos Adobe Acrobat & Reader have had more vulnerabilities than Microsoft Office applications. Two vulnerabilities are still waiting for patching. Adobe expects to have resolving updates ready by May 12th, 2009.
F-Secure's video about targeted attacks is watchable in YouTube.
Wednesday, May 6, 2009
Adobe Flash Media Server Vulnerability
There has been found a potential vulnerability in Flash Media Server. This RPC (remote procedure call) execution issue could potentially allow an attacker to execute remote procedures within a server side ActionScript file running on Flash Media Server.
Vulnerability affects Adobe Flash Media Streaming Server 3.5.1, Adobe Flash Media Interactive Server 3.5.1 and earlier.
To resolve the issue, Flash Media Server administrators should install Flash Media Server 3.5.2 or 3.0.4 update.
Related Adobe's security bulletin can be read here.
Vulnerability affects Adobe Flash Media Streaming Server 3.5.1, Adobe Flash Media Interactive Server 3.5.1 and earlier.
To resolve the issue, Flash Media Server administrators should install Flash Media Server 3.5.2 or 3.0.4 update.
Related Adobe's security bulletin can be read here.
Tuesday, May 5, 2009
Taking Over The Torpig Botnet - Report
The researchers of Santa Barbara University of California have published report of their ten days long takeover of Torpig (a.k.a. Sinowal,
Anserin) botnet took place at the beginning of 2009. Over this period, they observed more than 180 thousand infections and recorded more than 70 GB of data that the bots collected.
Collected data contained e.g. over 1,200,000 Windows passwords, over 54,000 mailbox account items and near 12,000,000 form data items which means the content of HTML forms submitted via POST requests by the victim’s browser.
Even more severe is that Torpig obtained credientals of over 8,310 accounts at 410 different financial institutions and 1,660 unique credit and debit card numbers.
"Quantifying the value of the financial information stolen by Torpig is an uncertain process because of the characteristics of the underground markets where it may end up being traded. A report by
Symantec indicated (loose) ranges of prices for common goods
and, in particular, priced credit cards between $0.10–$25 and bank
accounts from $10–$1,000. If these figures are accurate, in ten days
of activity, the Torpig controllers may have profited anywhere be-
tween $83k and $8.3M"
Complete report can be found here.
Anserin) botnet took place at the beginning of 2009. Over this period, they observed more than 180 thousand infections and recorded more than 70 GB of data that the bots collected.
Collected data contained e.g. over 1,200,000 Windows passwords, over 54,000 mailbox account items and near 12,000,000 form data items which means the content of HTML forms submitted via POST requests by the victim’s browser.
Even more severe is that Torpig obtained credientals of over 8,310 accounts at 410 different financial institutions and 1,660 unique credit and debit card numbers.
"Quantifying the value of the financial information stolen by Torpig is an uncertain process because of the characteristics of the underground markets where it may end up being traded. A report by
Symantec indicated (loose) ranges of prices for common goods
and, in particular, priced credit cards between $0.10–$25 and bank
accounts from $10–$1,000. If these figures are accurate, in ten days
of activity, the Torpig controllers may have profited anywhere be-
tween $83k and $8.3M"
Complete report can be found here.
Monday, May 4, 2009
Time for PDF Reader Change
All these exploits targeting vulnerabilities in Adobe Reader around it makes many of us wonder if the time was right for a PDF reader change. It certainly is. There are lots of different alternatives available for popular Adobe Reader. Not only are those more secure but also much smaller in size than the most famous one. I made a decision to switch to a lighter solution a few years ago when Adobe's product seemed to become larger and larger.
What product am I using then? Well, instead of telling that I give a link to a site with a list of free software PDF readers: http://pdfreaders.org/ :-) Not on the list but still also a good alternative is Foxit Reader from Foxit Software. If you're going to install Foxit Reader be careful with options during the install or otherwise you may end up with Foxit Toolbar installed. To avoid this, uncheck all three boxes in "Foxit Toolbar powered by Ask.com" -screen during the install.
What product am I using then? Well, instead of telling that I give a link to a site with a list of free software PDF readers: http://pdfreaders.org/ :-) Not on the list but still also a good alternative is Foxit Reader from Foxit Software. If you're going to install Foxit Reader be careful with options during the install or otherwise you may end up with Foxit Toolbar installed. To avoid this, uncheck all three boxes in "Foxit Toolbar powered by Ask.com" -screen during the install.
Subscribe to:
Posts (Atom)