The bot code used in the infamous, massive Storm botnet that was taken down nearly two years ago is being used to build another spamming botnet.
Related links:
https://www.honeynet.org/node/539
http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=224700110
http://krebsonsecurity.com/2010/04/infamous-storm-worm-stages-a-comeback/
Thursday, April 29, 2010
Tuesday, April 27, 2010
Malware Targeting iPad Users
Security company BitDefender warns about malware that is targeting iPad owners. E-mail invitation promises to keep iPad software updated “for best performance, newer features and security”. Purpose is to lure user to click included web link that is said to contain new version of iTunes software needed to update iPad. Instead of being iTunes update the file is actually malware that BitDefender detects as Backdoor.Bifrose.AADY.
Read the story here.
Read the story here.
Friday, April 23, 2010
Patched Version Of VLC Player Available
VideoLAN project has released a new version of their VLC media player. Version 1.0.6 fixes several vulnerabilities in different media format handling. By exploiting the vulnerabilities an attacker may be able to execute arbitrary code in target system.
Affected are VLC Player versions 0.5.0 - 1.0.5. Owners of those versions should update to the 1.0.6 version. Version 1.1.0 (currently in pre-release stage) is not affected by these vulnerabilities.
Affected are VLC Player versions 0.5.0 - 1.0.5. Owners of those versions should update to the 1.0.6 version. Version 1.1.0 (currently in pre-release stage) is not affected by these vulnerabilities.
Symantec Internet Security Threat Report
Symantec has published "Global Internet Security Threat Report Trends for 2009" report. The report provides an overview and analysis of Internet threat activity worldwide, a review of known vulnerabilities, and highlights of malicious code. Other covered things are trends in phishing and spam. The report assess also observed activities on underground economy servers.
The report can be viewed here.
The report can be viewed here.
Friday, April 16, 2010
Update For Java Available
New Java version fixes vulnerability in Java Web Start control. The vulnerability is currently actively exploited and so it's important Java users update their versions to the latest version available.
The latest update can be downloaded here.
More information about contents of the update can be read from Release Notes of Java SE 6 Update 20.
The latest update can be downloaded here.
More information about contents of the update can be read from Release Notes of Java SE 6 Update 20.
Wednesday, April 14, 2010
Updates For Adobe PDF Software
There has been detected critical vulnerabilities in Adobe Reader and Acrobat PDF products. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Affected versions:
Adobe Reader 9.3.1 and earlier versions
Adobe Acrobat 9.3.1 and earlier versions
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
Acrobat 3D
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Affected versions:
Adobe Reader 9.3.1 and earlier versions
Adobe Acrobat 9.3.1 and earlier versions
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
Acrobat 3D
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Updates To Oracle Products Released
Oracle has released updates for their products that fix 47 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in July 2010.
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in July 2010.
Microsoft Security Updates For April 2010
Microsoft has released its monthly security updates. This month packet consists of 11 updates of which five are critical, five important and one moderate.
Critical:
MS10-019 - Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
MS10-020 - Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
MS10-025 - Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
MS10-026 - Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
MS10-027 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
Important:
MS10-021 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
MS10-022 - Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
MS10-023 - Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
MS10-024 - Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
MS10-028 - Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
Moderate:
MS10-029 - Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)
Microsoft released a new version of its Windows Malicious Software Removal Tool (MSRT) too.
More information about the updates can be read from the bulletin summary.
For consumer the easist way to get the update is to use Microsoft Update service.
Critical:
MS10-019 - Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
MS10-020 - Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
MS10-025 - Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
MS10-026 - Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
MS10-027 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
Important:
MS10-021 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
MS10-022 - Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
MS10-023 - Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
MS10-024 - Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
MS10-028 - Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
Moderate:
MS10-029 - Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)
Microsoft released a new version of its Windows Malicious Software Removal Tool (MSRT) too.
More information about the updates can be read from the bulletin summary.
For consumer the easist way to get the update is to use Microsoft Update service.
Monday, April 12, 2010
VMWare Patches A Bunch of Vulnerabilities
VMware has released security update to patch several vulnerabilities in their virtualization applications.
Affected versions:
- VMware Workstation 7.0
- VMware Workstation 6.5.3 and earlier
- VMware Player 3.0
- VMware Player 2.5.3 and earlier
- VMware ACE 2.6
- VMware ACE 2.5.3 and earlier
- VMware Server 2.0.2 and earlier
- VMware Fusion 3.0
- VMware Fusion 2.0.6 and earlier
- VMware VIX API for Windows, version 1.6.x
- VMware ESXi 4.0 prior patch ESXi400-201002402-BG
- VMware ESXi 3.5 prior patch ESXe350-200912401-T-BG
- VMware ESX 4.0 without patches ESX400-201002401-BG and
ESX400-200911223-UG
- VMware ESX 3.5 without patch ESX350-200912401-BG
- VMware ESX 3.0.3 without patch ESX303-201002203-UG
- VMware ESX 2.5.5 without Upgrade Patch 15.
Further information including updating instructions can be read from VMware's security advisory.
Affected versions:
- VMware Workstation 7.0
- VMware Workstation 6.5.3 and earlier
- VMware Player 3.0
- VMware Player 2.5.3 and earlier
- VMware ACE 2.6
- VMware ACE 2.5.3 and earlier
- VMware Server 2.0.2 and earlier
- VMware Fusion 3.0
- VMware Fusion 2.0.6 and earlier
- VMware VIX API for Windows, version 1.6.x
- VMware ESXi 4.0 prior patch ESXi400-201002402-BG
- VMware ESXi 3.5 prior patch ESXe350-200912401-T-BG
- VMware ESX 4.0 without patches ESX400-201002401-BG and
ESX400-200911223-UG
- VMware ESX 3.5 without patch ESX350-200912401-BG
- VMware ESX 3.0.3 without patch ESX303-201002203-UG
- VMware ESX 2.5.5 without Upgrade Patch 15.
Further information including updating instructions can be read from VMware's security advisory.
Friday, April 9, 2010
Trapped Mobile Phone Game Making A Mess
F-Secure tells in their blog about trapped Windows Mobile game that calls expensive numbers without owner's awareness. Trojanized version was spread on several Windows Mobile freeware download sites. Long topic about the issue can be found for example on popular XDA-Developers forum.
Wednesday, April 7, 2010
PDF "/Launch" Issue Workarounds
Security researcher Didier Stevens demonstrated last week how it was possible to execute an embedded executable without exploiting any vulnerability. For this he used launch action triggered by the opening of specially crafted PDF file. Adobe Reader shows user a warning asking for permission to launch the action. Still the message could be partially modified to make user allow the action launch. Foxit Reader didn't display any warning letting the action be executed without user interaction.
Both Adobe and Foxit Software have reacted to this finding.
A few days after Stevens' finding, Foxit Software released a new version to fix the vulnerability. Yesterday Adobe published in their blog instructions for Adobe Reader and Acrobat users to mitigate risks. They also said that Adobe is currently researching the best approach for the functionality in Adobe Reader and Acrobat which may be made available in one of their quarterly released updates.
Instructions to mitigate the issue in Adobe Reader and Acrobat:
1. Open up the Preferences panel
2. Click on "Trust Manager" in the left pane.
3. Clear the check box "Allow opening of non-PDF file attachments with external applications".
There is also registry related solution available for administrators in the correspondent entry in Adobe's blog.
Both Adobe and Foxit Software have reacted to this finding.
A few days after Stevens' finding, Foxit Software released a new version to fix the vulnerability. Yesterday Adobe published in their blog instructions for Adobe Reader and Acrobat users to mitigate risks. They also said that Adobe is currently researching the best approach for the functionality in Adobe Reader and Acrobat which may be made available in one of their quarterly released updates.
Instructions to mitigate the issue in Adobe Reader and Acrobat:
1. Open up the Preferences panel
2. Click on "Trust Manager" in the left pane.
3. Clear the check box "Allow opening of non-PDF file attachments with external applications".
There is also registry related solution available for administrators in the correspondent entry in Adobe's blog.
Saturday, April 3, 2010
Vulnerability In Foxit Reader
There has been found a vulnerability in Foxit Reader, software for pdf file handling. The vulnerability may allow running an executable embedded program inside a PDF automatically without asking for user’s permission.
Affected is Foxit Reader 3.2.0.0303 version. Foxit Reader users should update their version to the latest one available either by using "Check for Updates Now" in Reader help menu or by downloading fresh version here (Note: remember to unselect toolbar related options during the installation process unless you really want that installed too).
More information here.
Affected is Foxit Reader 3.2.0.0303 version. Foxit Reader users should update their version to the latest one available either by using "Check for Updates Now" in Reader help menu or by downloading fresh version here (Note: remember to unselect toolbar related options during the installation process unless you really want that installed too).
More information here.
Friday, April 2, 2010
Mozilla Patches Security Hole In Firefox 3.6.x Versions
Mozilla has released a patch to critical categorized vulnerability that was found during the 2010 Pwn2Own contest by security researcher Nils of MWR InfoSecurity.
Firefox 3.6.x users with version prior 3.6.3 should upgrade to the latest version available by using the inbuilt updater (from Firefox menu: Help->Check for updates) or by downloading here.
Firefox 3.6.3 Release Notes
Firefox 3.6.x users with version prior 3.6.3 should upgrade to the latest version available by using the inbuilt updater (from Firefox menu: Help->Check for updates) or by downloading here.
Firefox 3.6.3 Release Notes
Subscribe to:
Posts (Atom)
