Monday, June 29, 2009

Malware Riding on Michael Jackson's Death

The tragic death of Michael Jackson, the "King of Pop", has made bad guys to take advantage of the situation. The most recent attacks try to make news hungry users install irc bot with backdoor capability to their systems.

Michael Jackson Malware

Michael Jackson Video Leads to Malware Download

Wednesday, June 24, 2009

New Version of Shockwave Player Available

There has been released a new version of Adobe Shockwave Player. Version 11.5.0.600 fixes a critical vulnerability which could allow an attacker to take control of the affected system.

Adobe recommends Shockwave Player users on Windows uninstall Shockwave version 11.5.0.596 and earlier on their systems, restart, and install Shockwave version 11.5.0.600.

More information:
Adobe's security bulletin
Secunia advisory

Vulnerability In Google Chrome

There has been found a vulnerability in Google Chrome -web browser:
CVE-2009-2121: Buffer overflow processing HTTP responses
Google Chrome is vulnerable to a buffer overflow in handling certain responses from HTTP servers. A specially crafted response from a server could crash the browser and possibly allow an attacker to run arbitrary code.


The vulnerability is categorized as critical and affects users of Google Chrome versions below 2.0.172.33. Users of vulnerable versions can update browser to patched version with in-built automatic updater or alternatively install new version from Google Chrome homepage.

More info here.

Saturday, June 20, 2009

Security Update For Foxit Reader Available

Foxit software has released an update to Foxit Reader 3.0 that fixes following two vulnerabilities:
1. Fixed a problem related to negative stream offset (in malicious JPEG2000 stream) which caused reading data from an out-of-bound address. We have added guard codes to solve this issue.
2. Fixed a problem related to error handling when decoding JPEG2000 header, an uncaught fatal error resulted a subsequent invalid address access. We added error handling code to terminate the decoding process.


Instructions for updating are provided here.

Thursday, June 18, 2009

Nine-Ball Compromises more than 40,000 Legitimate Web Sites

Websense reports about a large mass injection attack that has so far compromised thousands of web sites. "We have been tracking the Nine-Ball mass compromise since 6/03/2009. To date, over 40,000 legitimate Web sites have been compromised with obfuscated code that leads to a multi-level redirection attack, ending in a series of drive-by exploits that if successful install a trojan downloader on the user's machine", writes Websense.

This is the third time within a short period when a big amount of web sites gets compromised. Earlier two mass injections were made by Gumblar and Beladen.

Friday, June 12, 2009

New Firefox Update Available

Mozilla has released a new version of its Firefox web browser. Version 3.0.11 contains fixes to nine vulnerabilities of which four are critical, one high, two moderate and two low.

Update can be obtained thru the browser's in-built updater or from Firefox download site.

Release Notes for Firefox 3.0.11

Wednesday, June 10, 2009

Updates For Adobe Reader & Acrobat Available

Adobe has released updated versions of Adobe Reader and Acrobat. Versions 9.1.1 and older contain vulnerabilities that would cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe has categorized the update as critical and recommends that users of Adobe Reader/Acrobat update their versions to 9.1.2, 8.1.6 or 7.1.3. At the moment, updated versions are available for Windows and Macintosh platforms. Security updates for Adobe Reader on the UNIX platform are expected to be available on June 16, 2009.

More information about vulnerabilities and update instructions can be found from the correspondent security bulletin.

Updated Version Of Apple Safari Available

Apple has released an updated version of Apple Safari web browser that fixes multiple vulnerabilities. Part of those allow an attacker to run arbitrary code in target system.

Affected are: Apple Safari for Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista versions prior 4.0.

Users of affected version should update by getting updated version here.

More information can be read from the correspondent support documentary.

Tuesday, June 9, 2009

Microsoft Security Update For June 2009

Microsoft has released security update packet for June. This time vulnerabilities have fixed with ten separate update packets. Of those six are critical, three important and one moderate.

New version of Microsoft Windows Malicious Software Removal Tool was released too.

More information of the update and its contents can be read from here.

For consumer the easist way to get the update is to use Microsoft automatic update service.

Friday, June 5, 2009

FTC Shuts Down Web Hosting Firm

US Federal Trade Commission (FTC) has shut down web hosting provider Pricewert that operated at least under 3FN and APS Telecom names. FTC states that Pricewert was criminal ISP that sold services to other cyber criminals. Company hosted botnet servers and also helped in distributing spam, child pornography and rogue antivirus products.

It's not clear yet how the shutdown will affect. Similar shutdown happened in last November when net provider McColo was sent offline. That time spam amounts decreased a lot. Though 3FN was a major provider for Cutwail spam botnet it's possible that criminals have learnt their lessons and have programmed the botnet to use backup commands.

More on the subject:
Washington Post article
The Register article
Court documents

Thursday, June 4, 2009

Rogue Software Campaigned In Twitter

PandaLabs write in their blog about rogue software campaigns that cyber-criminals are having in Twitter. In the attack, criminals are using zombie Twitter accounts to post messages with url links included. Clicking these links starts a series of redirections that finally ends up to malware serving websites.

Yesterday, all links were posted in messages under "PhishTube Broadcast" topic. However, new PandaLabs' blog entry states that over the past 24 hours the Twitter trends based attack has expanded to several thousand tweets targeting trendy topics on Twitter and the figures keep rising.

Tuesday, June 2, 2009

Security Updates For Apple iTunes And QuickTime

Apple has released new versions of iTunes and QuickTime products. iTunes version 8.2 fixes a vulnerability that would cause an unexpected application termination or execution of arbitrary code if maliciously crafted website is visited. QuickTime 7.6.2 version itself fixes ten vulnerabilities that could all lead to an unexpected application termination or execution of arbitrary code.

New versions can be downloaded and installed from Apple Downloads.