ZDNet Must Read:
Microsoft confirms 'detailed' Windows 7 exploit
Microsoft has issued a security advisory to acknowledge a crippling denial-of-service flaw affecting its newest operating systems -- Windows 7 and Windows Server 2008 R2.... Continued »
Category: Spam and Phishing
November 12th, 2009
Microsoft bracing for malware attacks from embedded fonts
Heads up to all Microsoft Windows users: If you’re running Windows 2000, Windows XP or Windows Server 2003, stop what you’re doing and immediately download and apply the MS09-065 update released earlier this week.
Security researchers say it’s only a matter of time — days not weeks — before malicious hackers start exploiting one of the vulnerabilities via booby-trapped Web pages or Office (Word or PowerPoint) documents.
November 10th, 2009
Major online ad site hacked, serving up exploit cocktail
A high-profile online advertising Web site has been hacked and rigged to serve multiple exploits to Microsoft Windows users surfing the net with unpatched third party desktop software.
According to a warning issued by Websense Security Labs, the malicious code was found on media-servers.net, which is described as a high-profile advertiser on the Internet realm. The site has been firing an assortment of exploits for several months, including exploits for vulnerabilities in Microsoft DirectShow and Adobe PDF Reader. Read the rest of this entry »
November 3rd, 2009
Adobe Shockwave haunted by critical security holes
Adobe today released a patch to fix several serious security flaws in its Shockwave Player software.
The update, which is rated “critical,” addresses a total of five documented vulnerabilities. The most serious flaw could allow remote code execution attacks against Windows and Mac users. Read the rest of this entry »
October 29th, 2009
Phishing experiment sneaks through all anti-spam filters
A recently conducted ethical phishing (New study details the dynamics of successful phishing) experiment impersonating LinkedIn by mailing invitations coming from Bill Gates, has achieved a 100% success rate in bypassing the anti-spam filters it was tested against.
The experiment emphasizes on how small-scale spear phishing campaigns are capable of bypassing anti-spam filters, and once again proves that users continue interacting with phishing emails.
More info on the methodology used:
October 29th, 2009
Spooky Halloween - scareware or crimeware?
With all the “spooky” cybercrime trends taking place on a monthly basis, such as the death of CAPTCHA, the suspicious idleness of the Conficker botnet, the clear presence of government-tolerated and upcoming government-sponsored botnets, the inevitable migration from using malicious infrastructure to entirely relying on legitimate one, followed by the cyber terrorism myopia that cyber terrorists still need years to build advanced cyber warfare capabilities, totally excluding outsourcing as a factor for gaining competitive advantage from the big picture, I’m literally having hard time deciding which one deserves most attention.
Whatever the cybercrime tactics, the main objective for the key ‘market players’ remains the same - monetization. Which prompts this year’s Halloween question - scareware (trick) or crimeware (treat)?
October 27th, 2009
Malware ads served from Gizmodo
[ UPDATE: Dancho has more details on this attack ]
Popular gadget blog Gizmodo has acknowledged falling victim to an “elaborate scam” that served malicious ads for scareware (fake anti-virus) to its readers.
In an apology posted online, Gizmodo said the its ad sales team was tricked into running malicious ads purporting to be from Suzuki. Read the rest of this entry »
October 27th, 2009
Facebook password-reset spam is Bredolab botnet attack
Virus hunters are raising the alarm for a large-scale spam attack that uses fake Facebook password-reset messages to trick PC users into downloading a dangerous piece of malware.
The malicious executable is linked to the Bredolab botnet, which has been linked to massive spam runs and identity-theft related attacks. Read the rest of this entry »
October 19th, 2009
Fake 'Conficker.B Infection Alert' spam campaign drops scareware
An ongoing spam campaign is once again attempting to impersonate Microsoft’s security team — the same campaign was first seen in April — by mass mailing Conficker.B Infection Alerts (install.zip), which upon execution drop a sample of the Antivirus Pro 2010 scareware.
Whereas the theme remains the same, the botnet masters have slightly modified the message:
October 9th, 2009
Google patches Android DoS vulnerabilities
Google has shipped a new version of the Android open-source mobile phone platform to fix a pair of security flaws that could lead to denial-of-service attacks.
According to an advisory from oCERT, a group that handles vulnerability disclosure for open-source projects, the flaws could allow hackers to render Android-powered devices useless. Read the rest of this entry »
October 9th, 2009
New Adobe PDF flaw under attack; Patch coming Tuesday
Adobe has confirmed a critical, unpatched vulnerability in its PDF Reader/Acrobat software is being exploited by malicious attackers.
The vulnerability affects Adobe Reader and Acrobat 9.1.3 and earlier versions on Windows, Macintosh and UNIX. Adobe described the in-the wild attacks as limited and targeted, suggesting PDF documents rigged with exploits are being attached to e-mails and sent to business targets.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
SponsoredWhite Papers, Webcasts, and Downloads
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
- Can your business work smarter? IBM Today, productivity is at a premium and IT budgets are at a minimum. Work ... Download Now
- Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Recent Entries
- Opera patches ‘extremely severe’ security hole
- Exploit published for critical IE 7 zero-day flaw
- Inside the Google Chrome OS security model
- Microsoft finds security hole in Google Chrome Frame
- Mozilla locks out rogue Firefox add-ons
Blogs From Our Sponsors
Most Popular Posts
- Microsoft confirms 'detailed' Windows 7 exploit
- Thousands of web sites compromised, redirect to scareware
- Windows 7's default UAC bypassed by 8 out of 10 malware samples
- Mac OS X mega patch covers 58 security vulnerabilities
- Which antivirus is best at removing malware?
- Microsoft patches Windows worm holes, drive-by download flaws
Top Rated
- Facebook password-reset spam is Bredolab botnet attack+46 votes
- Microsoft confirms 'detailed' Windows 7 exploit+43 votes
- Thousands of web sites compromised, redirect to scareware+43 votes
- Firefox hit by multiple drive-by download flaws+41 votes
- Which antivirus is best at removing malware?+40 votes
- iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
- New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
- Mac OS X mega patch covers 58 security vulnerabilities+26 votes
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- The more you simplify, the more you save
-
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
- Learn more >>
- Save time with automated shipping solutions
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Visit the UPS Business Essentials Guide
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
Archives
Favorite Links
ZDNet Blogs
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- Rational Rants
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
Popular Sanity Saver Videos
