Zero Day

July 3rd, 2009

EyeWonder malware incident affects popular web sites

Posted by Dancho Danchev @ 5:09 pm

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Exploit code, Hackers, Malware, Passwords, Pen testing

Tags: Web, EyeWonder, Malware, Web Site, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

During the last couple of hours, visitors of popular and high trafficked web sites such as CNN, BBC, Washington Post, Gamespot, WorldOfWarcraft, Mashable, Chow.com, ITpro.co.uk, AndroidCommunity; Engadget and Chip.de, started reporting that parts of the web sites are unreachable due to malware warnings appearing through the EyeWonder interactive digital advertising provider.

Let’s assess the butterfly effect of a single malware incident affecting an ad network whose ads get syndicated across the entire Web.

Read the rest of this entry »

July 2nd, 2009

Manchester City Council pays $2.4m in Conficker clean up costs

Posted by Dancho Danchev @ 7:22 am

Categories: Anti Virus, Botnets, Governments, Hackers, Malware, Microsoft, Patch Watch, Pen testing, United Kingdom, Viruses and Worms

Tags: Infection, Patch Management, Worm, Conficker, Cyberthreats, Security, Patches, Viruses And Worms, Dancho Danchev

How severe can the impact of the Conficker worm be on a single city council that has apparently not implemented basic security solutions in place?

Pretty severe according to a recently released a report entitled “Service interruption resulting from ICT disruption in February 2009” which details the financial costs of a Conficker incident affecting Manchester City Council’s network - 1.5 million pounds in clean up costs and lost revenue from the downtime.

Where did all the money go, and can this incident cost be used as an average to draw conclusions from in the long term in respect to assessing Conficker’s financial impact on affected networks? Let’s find out.

Read the rest of this entry »

June 26th, 2009

Michael Jackson's death themed malware campaigns spreading

Posted by Dancho Danchev @ 11:56 am

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Phishing, Spam and Phishing, Web 2.0

Tags: Malware, Social Engineering, Spam, Michael Jackson, Malware Campaign, Dancho Danchev, Spyware, Adware & Malware, E-mail, Viruses And Worms, Security

The sudden death of Michael Jackson quickly opened a window of opportunity for cybercriminals to capitalize on.

With a malicious spam campaign, blackhat SEO search results poisoning which is serving scareware within the first 100 search results for Michael Jackson’s death, and an opportunistic participant in Zango adware’s network using typosquatting, malicious activity is prone to increase during the next couple of days.

Here are more details on the campaigns currently in circulation:

Read the rest of this entry »

June 25th, 2009

Secunia: Average insecure program per PC rate remains high

Posted by Dancho Danchev @ 11:21 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Exploit code, Firefox, Hackers, Malware, Microsoft, Mozilla, Passwords, Patch Watch, Pen testing, Vulnerability research, Windows Vista, Zero-day attacks

Tags: PC, Secunia, Desktops, Viruses And Worms, Security, Hardware, Dancho Danchev

With the time frame for an exploit to become an inseparable part of a web malware exploitation kit shrinking, and with the average Internet user’s over-confidence in an antivirus scanner’s ability to detect and block exploits (Secunia: popular security suites failing to block exploits) it shouldn’t come as a surprise that Secunia’s recently released WorldMap shows a relatively high rate for insecure programs found on a single PC.

The WorldMap of patched and unpatched PCs is released prior to an updated version of Secunia’s Personal Software Inspector, with the latest version finally filling a niche left open potentially undermining the usefulness of the handy tool in general - measuring the exploitability of cross-browser plugins such as Adobe Flash Player, QuickTime, or Sun’s Java.

Let’s take a look at some of their stats.

Read the rest of this entry »

June 24th, 2009

Guy Kawasaki's Twitter account hijacked, pushes Windows and Mac malware

Posted by Ryan Naraine @ 11:54 am

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Flash, Locally Running Web Servers, Malware, Microsoft, Passwords, Phishing, Responsible disclosure, Social Networking Applications, Spam and Phishing, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Web, Apple Macintosh, Malware, Guy Kawasaki, Twitter, Spyware, Adware & Malware, Phishing, Cyberthreats, Spyware, Channel Management

The Twitter account belonging to venture capitalist and Mac evangelist Guy Kawasaki was hijacked yesterday and used to push malware to some 140,000 Twitter users. The attack (screenshot above) included a link to what purported to be a “sex tape video free download” linked to Gossip Girls star Leighton Meester but, after a series of clicks, the end result was a malicious Trojan.

Read the rest of this entry »

June 24th, 2009

Critical Adobe Shockwave flaw affects millions

Posted by Ryan Naraine @ 9:41 am

Categories: Adobe, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Flash, Malware, Patch Watch, Pen testing, Phishing, Rootkits, Viruses and Worms, Vulnerability research

Tags: Adobe Systems Inc., Shockwave, Shockwave Player, Security, Ryan Naraine

Adobe’s Shockwave Player contains a critical vulnerability that could be exploited by remote hackers to take complete control of Windows computers, according to a warning from the software maker.

The flaw affects Adobe Shockwave Player 11.5.0.596 and earlier versions. Details from Adobe’s advisory:

Read the rest of this entry »

June 24th, 2009

Remote code execution exploit for Green Dam in the wild

Posted by Dancho Danchev @ 7:52 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Exploit code, Governments, Hackers, Malware, Metasploit, Patch Watch, People's Republic of China, Vulnerability research, Zero-day attacks

Tags: Web, Flaw, Buffer, Web Site, Security, Viruses And Worms, Marketing, Internet, Dancho Danchev

The recently exposed as vulnerable to trivial remotely exploitable flaws Chinese censorware Green Dam, has silently patched the security flaws (China confirms security flaws in Green Dam, rushes to release a patch) outlined in the original analysis detailing the vulnerabilities.

However, not only is the latest Green Dam v3.17 version still vulnerable to remotely exploitable flaws, but also, for over a week now a working zero day exploit (Exploit.GreenDam!IK; W32/GreenDam.A) has been circulating in the wild.

Here are more details on the remote code execution flaw in the latest version:

Read the rest of this entry »

June 22nd, 2009

Mozilla tackles XSS vulnerabilities with new technology

Posted by Ryan Naraine @ 1:39 pm

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Firefox, Flash, Hackers, Locally Running Web Servers, Mozilla, Open source, Pen testing, Phishing, Responsible disclosure, Vulnerability research, Web 2.0

Tags: Vulnerability, XSS, Web Browser, Mozilla Corp., Web Browsers, Internet, Ryan Naraine

Mozilla’s security engineers are working on new technology that promises to mitigate a large class of Web application vulnerabilities, especially the cross-site scripting (XSS) plague against modern Web browsers.

The project, called Content Security Policy, is designed to shut down XSS attacks by providing a mechanism for sites to explicitly tell the browser which content is legitimate. It can also help mitigate clickjacking and packet sniffing attacks.

Read the rest of this entry »

June 18th, 2009

Fake Microsoft patches themed malware campaigns spreading

Posted by Dancho Danchev @ 7:57 am

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Microsoft, Patch Watch, Spam and Phishing

Tags: Malware, Social Engineering, Microsoft Corp., Malware Campaign, Spyware, Adware & Malware, Cyberthreats, Microsoft Outlook, Viruses And Worms, Security, Dancho Danchev

Researchers from Computer Associates (NASDAQ:CA) and Sophos are reporting on three currently active malware campaigns using fake Microsoft patch themes as a social engineering tactic to spread over email.

The first one is spreading as an “Important Windows XP/Vista Security Update” and is offering a bogus Conficker removal tool, the second is using an “Outlook re-configuration” — also spammed earlier this month — and the third one is using an out-of-the-band “Update for Microsoft Outlook / Outlook Express (KB910721)” theme, which in reality is nothing else but a trojan.

Read the rest of this entry »

June 17th, 2009

Apple iPhone OS 3.0 update plugs 46 security holes

Posted by Ryan Naraine @ 11:25 am

Categories: Apple, Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Hackers, Java, Locally Running Web Servers, Malware, Mobile (In)Security, Passwords, Patch Watch, Pen testing, Responsible disclosure, iPhone

Tags: Apple iPhone, Malicious Code, Vulnerability, Apple Inc., Security, IPSec, Viruses And Worms, Networking, Ryan Naraine

Apple’s latest iPhone OS 3.0 software updates includes patches for multiple vulnerabilities, some with serious security implications.

The update, which is only available for download via iTunes, covers a total of 46 documented vulnerabilities, including several that allows malicious code execution if a user simply visits a rigged Web site or views a manipulated image.

Read the rest of this entry »