Tuesday, November 30, 2010

GpCode Makes A Comeback

Kaspersky warns about a new version of nasty Gpcode ransomware pest that encrypts files on infected system and tries to make victim pay for getting those decrypted. Preliminary analysis indicate that RSA-1024 and AES-256 crypto-algorithms are used to encrypt part of files, starting from the first byte.

The program spreads via malicious websites and P2P networks. Kaspersky detect the pest as Trojan-Ransom.Win32.Gpcode.ax.

More information can be read from Kaspersky blog.

Kaspersky's Spam Report of October 2010

Kaspersky has published their spam report of October 2010.

October in figures:
* The amount of spam in email traffic fell by 3.7 percentage points compared to September’s figure and averaged 77.4%.
* Phishing emails accounted for 0.87% of all mail traffic.
* Malicious files were found in 1.47% of all emails, a decrease of 2.86 percentage points compared with the previous month.
* In October, there were lots of emails containing links that exploited the Halloween theme.

The whole report can be read here.

Saturday, November 20, 2010

Safari Security Updates Available

Apple has released new versions of their Safari web browsers. The new versions contain fixes to 27 different vulnerabilities. These may lead to an unexpected application termination or allow an attacker to execute arbitrary code in affected system.

Affected are Safari versions earlier than 5.0.3 or 4.1.3. Users of vulnerable Safari versions can get the latest version here.

More information of security content of 5.0.3 and 4.1.3 versions can be read here.

Wednesday, November 17, 2010

Security Patch For Adobe Reader And Adobe Acrobat

Adobe has released a security update for Adobe Reader and Adobe Acrobat.

Affected versions:
Adobe Reader 9.4 and earlier versions
Adobe Acrobat 9.4 and earlier versions

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
Acrobat 3D


More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Saturday, November 13, 2010

Links Temporarily Disabled In Messenger 2009 To Prevent A Malicious Worm

Microsoft has temporarily turned off links (=made links appear as normal text instead of them being clickable) in Windows Live Messenger 2009 clients. Reason behind this is currently actively in instant messaging and social networks spreading worm. "The worm spreads by inserting a link into an IM conversation with a person whose computer is already infected. When someone clicks the link, it opens in a browser, downloads the worm on the recipient’s computer, and then repeats this process."

New Messenger 2011 isn't known to be affected in the same way thanks to its "Link Safety" feature.

More information can be read about related post in Windows Live Blog.

Tuesday, November 9, 2010

Microsoft Security Updates For November 2010

Microsoft has released security updates for November 2010. This month update contains fixes for three vulnerabilities - one critical and two important ones:
MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
MS10-088: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)
MS10-089: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Friday, November 5, 2010

Update For Google Chrome

Google has released a new version of their Chrome web browser. The new version contains fixes to ten "high" categorized vulnerabilities + updated version of Flash. Details about the vulnerabilities hasn't been made public yet.

Chrome users with version 7.0.517.44 or older should update to the latest version. The easiest way is to use Chrome's in-built updater. Fresh version can be downloaded also from http://www.google.com/chrome.

More information can be read from Google Chrome Releases blog.

MessageLabs Intelligence Report: October 2010

MessageLabs has published their Intelligence report that sums up the latest threat trends for October 2010.

Report highlights:
• Spam – 87.5% in October (a decrease of 4.2
percentage points since September)
• Viruses – One in 221.9 emails in October contained
malware (a decrease of 0.01 percentage points
since September)
• Phishing – One in 488.0 emails comprised a
phishing attack (a decrease of 0.06 percentage
points since September)
• Malicious websites – 2,280 websites blocked per day
(a decrease of 23.9% since September)
• 51.3% of all malicious domains blocked were new in
October (an increase of 17.7 percentage points
since September)
• 24.7% of all web-based malware blocked was new in
October (an increase of 2.9 percentage points since
September)
• A review of targeted attacks, what they are, how they
work and how MessageLabs Intelligence measures
them
• In October the Retail sector becomes the most
targeted industry; a closer look at one retailer that
may have fallen victim to a targeted attack without
Skeptic™
• Defending against targeted attacks

The report can be viewed here.

Flash Player Security Update

Adobe has released updated version of their Flash Player. The new version fixes a bunch of vulnerabilities:
- a memory corruption vulnerability that could lead to code execution (CVE-2010-3654). More information

- an input validation issue vulnerability that could lead to a bypass of cross-domain policy file restrictions with certain server encodings (CVE-2010-3636).

- a memory corruption vulnerability that could lead to code execution (ActiveX only) (CVE-2010-3637).

- an information disclosure vulnerability (Macintosh platform, Safari browser only) (CVE-2010-3638).

- a Denial of Service vulnerability. Arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-3639).

- multiple memory corruption vulnerabilities that could lead to code execution:
* (CVE-2010-3640)
* (CVE-2010-3641)
* (CVE-2010-3642)
* (CVE-2010-3643)
* (CVE-2010-3644)
* (CVE-2010-3645)
* (CVE-2010-3646)
* (CVE-2010-3647)
* (CVE-2010-3648)
* (CVE-2010-3649)
* (CVE-2010-3650)
* (CVE-2010-3652)

- a library-loading vulnerability that could lead to code execution (CVE-2010-3976)



Users of Adobe Flash Player 10.1.85.3 and earlier should update to Adobe Flash Player 10.1.102.64. More information can be read from Adobe's security bulletin.

Wednesday, November 3, 2010

Unpatched Vulnerability In Internet Explorer

Microsoft is investigating public report of new vulnerability in supported versions of Internet Explorer. "The vulnerability exists due to an invalid flag reference within Internet Explorer. It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution." Microsoft states that they are aware of targeted attacks trying to exploit the vulnerability.

Information about workarounds and mitigations for the issue can be read from Microsoft's security advisory.