Thursday, May 29, 2008

Detected Adobe Flash Player Vulnerability Fixed Already

Yesterday I wrote about reported SWF file handling vulnerability in Adobe Flash Player. Adobe researched the issue together with Symantec and it was found out that reported vulnerability is same one that's already fixed in latest, 9.0.124.0 version.

So, users who already have that version are not affected. Those who have version below 9.0.124.0 are instructed to update their software. Instructions can be found here

Wednesday, May 28, 2008

Flash Player Vulnerability Without A Patch At The Moment

There's been found a vulnerability related to SWF file handling in Adobe Flash Player. At the moment of writing this there's no detailed information of the found vulnerability available. Fixing update isn't available yet so vulnerable are all current Adobe Flash Player versions (9.0.124.0 and older).

Symantec has observed that this issue is being actively exploited in the wild. Malicious code is being injected into other third-party domains (approximately 20,000 web pages), most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.

More information:
Report of the found vulnerability
Adobe's Blog

Monday, May 26, 2008

Windows Vista's UAC detects Rootkits

Vista's User Account Control (UAC) has been in the news quite much lately. Some love it while others hate. Anyway, it has one great feature compared to other type of Windows security programs - it can detect rootkits before they install.

The finding was noted down in a report published in two German computer magazines some months ago after testing by the respected AV-Test.org, which set out to find out how well antivirus programs fared against known rootkits.

The answer was not particularly well at all, either for Windows XP, or Vista-oriented products. Only four of the 14 specialized anti-rootkit tools managed to achieve a perfect score finding all used 30 rootkits. Those four were AVG Anti-Rootkit Free, GMER, Rootkit Unhooker LE, and Trend Micro Rootkit Buster. None of the seven AV suites found all 30. The best of these was Avira Antivir Premium Security Suite finding 29 active rootkits.

"The results for Vista products were harder to assess because only six rootkits could run on the OS, but the testers had to turn off UAC to get even this far. Vista's UAC itself spotted everything thrown in front of it.", writes PC World. That UAC can tell a user when a rootkit is trying to install itself is not in itself surprising, as Vista is supposedly engineered from the ground up to intercept all applications requests of any significance.

In a period of weeks when Vista has received criticism for its rate of vulnerabilities, the test at least shows that UAC is efficient at stopping those infections from happening automatically.

Thursday, May 22, 2008

Antivirus Is 'Completely Wasted Money' Says Chief Security Officer of Cisco

Cisco's chief security officer John Stewart thinks that current antivirus protection doesn't work and that's why it's complete waste of money. Stewart shared his thoughts at Auscert 2008 security conference. According to him companies have so many virus infections that they've got used to them. Infections exist even if antivirus protection software is installed. Data criminals create new malware so quickly that antivirus protection can't match its speed.

"If patching and antivirus is where I spend my money, and I'm still getting infected and I still have to clean up computers and I still need to reload them and still have to recover the user's data and I still have to reinstall it, the entire cost equation of that is a waste.", says Stewart according to Zdnet Australia.

Stewart sees using of whitelists as a better solution. This would mean that only authorized and approved software would have permission to execute. That way malware couldn't access the system even if other protection fell down.

Nowadays antivirus protection companies have made their product packages include also pre-defensive protection fixing weak points of traditional antivirus protection.

Wednesday, May 21, 2008

KvmSecure Rogue Anti-Spyware Program Raises Its Head

KvmSecure is a rogue anti-spyware program - a fake spyware remover, which uses trojans, such as Zlob, to infiltrate the system. This parasite displays popups and fake system notifications to mislead the user so that he would think he's infected and therefore needs an anti-spyware program to dispose of the threats. KvmSecure's "licensed version" doesn't work and shouldn't be bought.

Bleeping Computer has a good removal tutorial here.

Monday, May 19, 2008

Srizbi Is World's Largest Botnet At The Moment

"The prodigious Srizbi botnet has continued to grow and now accounts for up to 50 percent of the spam being filtered by one security company", says PC World's article. Estimated amount of spam currently sending out daily is about 60 billion spam messages.

"Srizbi is the single greatest spam threat we have ever seen. At its peak, the highly publicized Storm botnet only accounted for 20 percent of spam. Srizbi now produces more spam than all the other botnets combined." said Bradley Anstis from security company Marshal. What has probably made Srizbi so successful is that it appears to spread by as part of the spam messages it sends, meaning that its lifecycle extends to reproducing itself and not just distributing email.

Microsoft told recently about its success combating the Storm botnet with their Malicious Software Removal Tool (MSRT) and now Anstis expects it to turn its sights on Srizbi and the other major botnets.

Wednesday, May 14, 2008

Biggest Anti-spam Judgement In History: $230 Million

Spam king Sanford "Spamford" Wallace and his partner, Walter Rines, have been judged to pay about $230 million to MySpace for spamming other MySpace members. Total amount of spam the pair sent was more than 730,000 messages. This isn't first time Wallace is judged for spamming. In 2006 he was judged to pay $4 million for internet service provider AOL.

MySpace won't probably ever collect its award but sees the judgement as a big victory for the company. "Anybody who's been thinking about engaging in spam are going to say, `Wow, I better not go there,'" MySpace's chief security officer, Hemanshu Nigam, told The Associated Press on Tuesday.


Source

Monday, May 12, 2008

Microsoft Security Bulletin Advance Notification for May 2008

Microsoft will release its monthly security update packet on the 13th of May. Packet will include four updates: one for Windows, two for Office and one for several Microsoft security products.

Critical Windows update fixes vulnerability in Jet database engine. Vulnerable operating systems are: Windows 2000, XP and 2003 Server versions.

Office security patches fix one vulnerability in Publisher program and one in Word program. Vulnerable Office versions are all versions from Office 2000 to the latest Office 2007 SP1.

The fourth update of the security update packet of May removes vulnerability from several Microsoft's security products. Included are Windows Live Onecare, Windows Defender, Microsoft Antigen and Microsoft Forefront Security products.

Thursday, May 8, 2008

PHP 5.2.6 Released

There's been released a new version of scripting language PHP. New version fixes over 120 bugs, several security related among these. PHP users are advised to upgrade their current versions to this latest one.

More information can be read here

Wednesday, May 7, 2008

Storm Worm Evolving

Symantec's professionals have found a group of domains containing Storm worm. What is interesting though is that domains don't (currently) maintain active websites and that there is no spam sent from these domains.

"This is very unusual", writes Vikram Thakur in Symantec's blog.

Also, it's been noticed that Storm has started exploiting web browser vulnerabilities. In the past, Storm didn't do checks for vulnerabilities until it had started infecting the system.

Currently these tracked domains are not being linked to. It's still unsure if the sites are still under development or are the Storm authors planning to use some different technique to spread their creations. It's possible that there'll be a spam wave approaching in the next couple of days using upcoming Mother's Day as a lure.

Sunday, May 4, 2008

Nigerian Scam 2.0 Targets Social Networking Sites

Social networking sites have become new attractive target for spammers and scam letter posters says security company Softwin in its report. Recent Nigerian Scam spreads for example in LinkedIn social network.

In Nigerian scam 2.0 there's invitation phase before actual money begging phase. User is asked to join interesting sounding community. This is used to win user's trust. When this is achieved begins money begging.

By using social networking sites spammers and scammers can bypass many antispam filters because scams are sent only between networking site's user accounts.

LinkedIn's Director of Corporate Communications Kay Luo reminds LinkedIn's users that they should accept invitations only from people they know and trust.