Tuesday, August 31, 2010

TDSS Disguised As Tweetdeck Update

Trend Micro warns in their company blog about fake Tweetdeck (popular Twitter application) update that in its true form is a variant of TDSS (aka Alureon, TDL3, Hiloti, Tidserv) rootkit. Tweetdeck has also published a warning announcement on their site.

Saturday, August 28, 2010

MessageLabs Intelligence Report: August 2010

MessageLabs has published their Intelligence report that sums up the latest threat trends for August 2010.

Report highlights:
• Spam – 92.2% in August (an increase of 3.3 percentage points since July)
• Viruses – One in 327.6 emails in August contained malware (a decrease of 0.02 percentage points since July)
• Phishing – One in 363.1 emails comprised a phishing attack (an increase of 0.10 percentage points since July)
• Malicious websites – 3,360 websites blocked per day (a decrease of 24.1% since July)
• 34.3% of all malicious domains blocked were new in August (an increase of 3.8 percentage points since July)
• 12.9% of all web-based malware blocked was new in August (a decrease of 0.2 percentage points since July)
• Battle of the botnets - Rustock remains dominant
• US hosts the greatest number of bots, but Europe becomes home to new botnet hotspots
• Less is more: Rustock moves away from TLS encrypted spam

The report can be found here.

Friday, August 27, 2010

TDL Goes 64-bit

64-bit Windows versions have so far been pretty secure to use. However, that thing is changing now. Researcher Marco Giuliani from Prevx writes in the company blog about new variant of TDL, advanced rootkit, that has successfully rooted itself into 64-bit Windows. Marco's blog post can be read here.

Links to other related articles:
http://www.computerworld.com/s/article/9182238/Rootkit_with_Blue_Screen_history_now_targets_64_bit_Windows
http://www.symantec.com/connect/fr/blogs/tidserv-64-bit-goes-hiding

Wednesday, August 25, 2010

Adobe Shockwave Player Updated

Adobe has released a new version of their Shockwave Player. Update contains fixes to several critical vulnerabilities that can be exploited to execute arbitrary code in target system.

Users with Shockwave Player 11.5.7.609 or older should update their players. The latest version (11.5.8.612 at the moment) can be downloaded here.

More information can be read from the correspondent security bulletin.

Monday, August 23, 2010

Rogue Behaving Like A Retrovirus

Symantec writes in their blog about a rogue that pushes user to uninstall present antivirus protection. Rogue named as AnVi Antivirus shows a message about detected, uncertified antivirus software presence. Clicking on "ok" or "close" button (x on the top right corner of the window) triggers uninstall process of current antivirus protection by using that protection's own legit uninstaller.

At least solutions from Symantec, Microsoft, AVG, Spyware Doctor, and Zone Labs are detected by the pest. If any of these are present the pest will push user to uninstall.

Source

Friday, August 20, 2010

Patches For Adobe Reader And Acrobat Available

Adobe has released their earlier promised out-of-band update for Adobe Reader and Adobe Acrobat.

Affected versions:
Adobe Reader 8.2.3, 9.3.3 and earlier versions
Adobe Acrobat 9.3.3 and earlier versions

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
Acrobat 3D


More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Wednesday, August 18, 2010

Opera 10.61 Available

Opera Software has released an update for their Opera web browser. Version 10.61 contains fixes to three found security vulnerabilities (high, moderate and low) and to a batch of other bugs.

Opera users are strongly recommended to update to 10.61 version. New version can be downloaded here.

Opera 10.61 for Windows changelog

Saturday, August 14, 2010

Security Patch For QuickTime Player

Apple has released a new version of their QuickTime media player. New version fixes a vulnerability that may make it possible for an attacker to cause system crash or to execute arbitrary code on target system. To exploit the vulnerability attacker can lure user to open specially crafted file.

The vulnerability affects QuickTime 7 for Windows versions prior 7.6.7. Users of vulnerable version should update to the latest one available.

More information about the security content of QuickTime 7.6.7 can be read here.

Wednesday, August 11, 2010

Security Update For Adobe Flash Player

Adobe has released updated version of their Flash Player. The new version fixes some critical categorized vulnerabilities:
- a memory corruption vulnerability that could lead to code execution (CVE-2010-0209)
- a memory corruption vulnerability that could lead to code execution (CVE-2010-2188)
- multiple memory corruption vulnerabilities that could lead to code execution (CVE-2010-2213)
- a memory corruption vulnerability that could lead to code execution (CVE-2010-2214)
- a vulnerability that could lead to a click-jacking attack. (CVE-2010-2215)
- a memory corruption vulnerability that could lead to code execution (CVE-2010-2216)

Users of Adobe Flash Player 10.1.53.64 and earlier should update to Adobe Flash Player 10.1.82.76. Also, users of Adobe AIR version 2.0.2.12610 and earlier should update to Adobe AIR 2.0.3.

More information can be read from Adobe's security bulletin.

Microsoft Security Bulletin Summary For August 2010

Microsoft has released security updates for August 2010. This month update contains 15 updates (14 new among earlier released out-of-band update, MS10-046) of which nine are categorized as critical and six as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Monday, August 9, 2010

FreeType Library Vulnerable

FreeType is generally used open source library for font type handling. There has been found a vulnerability in its Compact Font Format (CFF) font processing. The vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability is being used in the iPhone PDF JailBreak exploit.

Affected vendors are:
- Apple Inc
- Foxit Software Company
- RedHat, Inc

More information:
- http://www.kb.cert.org/vuls/id/275247
- http://secunia.com/advisories/40816
- http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#iphone

Saturday, August 7, 2010

Tips for Safer Facebooking From F-Secure

F-Secure has published a 6 tips containing list for safer facebooking. Those can be viewed in the company's Safe and Savvy blog here.

Adobe To Release Out-of-band Updates

Adobe is planning to release out-of-band updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues. Adobe expects to make these updates available during the week of August 16, 2010.

More information:
Adobe Blog
Security Advisory

Tuesday, August 3, 2010

Out-of-band Update For Windows

Microsoft has released a fix for actively exploited vulnerability in shortcut icon loading. The vulnerability is categorized as critical and the fix for it should be installed as soon as possible. All supported editions of Windows are affected by this vulnerability.

More information can be found from the security bulletin MS10-046.

For consumer the easist way to get the update is to use Microsoft Update service.

Monday, August 2, 2010

Vulnerabilities In Wireshark

There has been found vulnerabilities in Wireshark, free open source program for analyzing network protocols. By exploiting the vulnerabilities an attacker may be able to make Wireshark crash, hang, or execute code by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.

Vulnerable versions are all versions prior 1.0.15, 1.2.10 or 1.4.0rc2.

Non vulnerable version of Wireshark can be downloaded here.

More information can be read from these advisories:
http://www.wireshark.org/security/wnpa-sec-2010-07.html
http://www.wireshark.org/security/wnpa-sec-2010-08.html