ZDNet Must Read:
Mozilla Firefox hit by malware add-ons
Mozilla says a pair of malicious Firefox add-ons slipped by its security checks and infected approximately 4,600 Windows computers over the last five months.... Continued »
Category: Viruses and Worms
February 9th, 2010
Patch Tuesday: Microsoft plugs critical Windows worm holes
Microsoft today released 13 security bulletins with fixes for 26 vulnerabilities affecting Windows and Office users and warned customers to pay special attention to a slew of flaws that can be trivially exploited by malware miscreants.
The company urged customers to prioritize and deploy four updates because of the “critical” severity rating and the fact that “consistent exploit code” is likely within the next 30 days.
February 9th, 2010
Adobe screw-up leaves Flash flaw unpatched for 16 months
Adobe has acknowledged that an internal screw-up caused potentially dangerous serious Flash Player flaw to remain unpatched for more than 16 months after it was first reported by an external security researcher.
“It slipped through the cracks,” said Emmy Huang, a product manager for Flash Player. Adobe’s mea-culpa follows the public release of proof-of-concept code demonstrating a Flash Player browser plug-in crash.
February 5th, 2010
Mozilla Firefox hit by malware add-ons
Mozilla says a pair of malicious Firefox add-ons slipped by its security checks and infected approximately 4,600 Windows computers over the last five months.
The browser add-ons, described my Mozilla as “experimental,” contained a Trojan horse that executed when Firefox started and infected the host computer.
January 27th, 2010
Report: 48% of 22 million scanned computers infected with malware
The recently released APWG Phishing Activity Trends Report for Q3 of 2009, details record highs in multiple phishing vectors, but also offers an interesting observation on desktop crimeware infections.
According to the report, the overall number of infected computers (page 10) used in the sample decreased compared to previous quarters, however, 48.35% of the 22,754,847 scanned computers remain infected with malware.
And despite that the crimeware/banking trojans infections slightly decreased from Q2, over a million and a half computers were infected.
More details:
January 22nd, 2010
RealPlayer haunted by 11 critical vulnerabilities
A quick heads-up to any computer users out with RealPlayer installed:Â There are at least 11 critical vulnerabilities that expose Windows, Mac and Linux users to malicious hacker attacks.
RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.
January 20th, 2010
Researcher demos clickjacking attack on Facebook
An Israeli security researcher has found a way to perpetrate so-called clickjacking attacks on Facebook, proving that it’s trivial to manipulate the social network’s security and privacy mechanisms.
A demo exploit released by Shlomi Narkolayev shows how easy it is to trick Facebook users into adding apps or other malicious content by hijacking clicks to what appears to be harmless links.
January 20th, 2010
Critical flaws haunt Adobe Shockwave Player
Adobe’s run on the patching treadmill continued this week with a “critical” update to fix a pair of code execution holes in its Shockwave Player.
The vulnerabilities affect Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Mac operating systems. Read the rest of this entry »
January 19th, 2010
Google-China cyber espionage saga - FAQ
With more details emerging on the inner workings of the targeted malware attack that hit Google and over 30 other companies (ZDNet News Special Coverage - Special Report: Google, China showdown), it’s time to summarize all the events that took place during the past week, and answer some of the most frequently asked questions such as - How did the attack take place? Did Google strike back at the attackers? Was the Chinese government behind the attacks, and if not who orchestrated them and for what reason?
Go through the FAQ and their answers.
January 13th, 2010
Adobe plugs PDF zero-day flaw in latest security makeover
Adobe has released a mega-update for its Reader and Acrobat software products to fix a total of eight documented security vulnerabilities.
The update comes with significant security improvements, including the on-by-default addition “Enhanced Security,” a feature that provides a set of default restrictions and a method to define trusted locations that should not be subject to those restrictions.
Read the rest of this entry »
January 4th, 2010
Apple (Snow Leopard) malware blocker collecting cobwebs
Nearly six months after Apple added a malware blocker to Mac OS X (Snow Leopard), the feature appears to be collecting cobwebs.
Apple has not added any anti-malware signature updates to the XProtect.plist file that launched with antidotes for OSX.RSPlug.A and OSX.Iservice, two known Trojan horse programs targeting Mac OS X users.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
SponsoredWhite Papers, Webcasts, and Downloads
- Qwest Network Services for Healthcare Providers Qwest Communications Demands for improved quality care and increased satisfaction require a ... Download Now
- Twelve Ways to Reduce Costs with Microsoft(r) SQL Server(r) 2008 Microsoft Looking to squeeze the best possible value from new and existing systems? Learn 12 proven ways to save time and money using Microsoft SQL Server 2008. Download Now
- Creating a Dynamic Information Infrastructure IBM Corp. IBM Information Infrastructure solutions can help reduce costs & transform ... Download Now
Recent Entries
- Reports: SQL injection attacks and malware led to most data breaches
- Patch Tuesday: Microsoft plugs critical Windows worm holes
- Adobe screw-up leaves Flash flaw unpatched for 16 months
- Oracle rushes out patch for gaping server hole
- Mozilla Firefox hit by malware add-ons
Blogs From Our Sponsors
Most Popular Posts
- Report: 48% of 22 million scanned computers infected with malware
- And the most popular password is...
- Code execution holes in iPhone OS, iPod Touch
- Bogus IQ test with destructive payload in the wild
- MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities
- RealPlayer haunted by 11 critical vulnerabilities
Top Rated
- And the most popular password is...+34 votes
- Microsoft readies emergency IE patch to counter public exploits+33 votes
- Report: 48% of 22 million scanned computers infected with malware+32 votes
- Microsoft says Google was hacked with IE zero-day+31 votes
- Microsoft confirms 17-year-old Windows vulnerability+31 votes
- MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities+26 votes
- Bogus IQ test with destructive payload in the wild+22 votes
- Haiti earthquake themed blackhat SEO campaigns serving scareware+21 votes
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Topline - A Dashboard for IT Leaders
-
Visit the one-stop destination for IT decision-makers to learn more about the top issues that you face every day. Find cost-effective solutions to real-life IT problems. Search the valuable repository of the resources and tools you need every day to keep your IT infrastructure running smoothly.
- Learn more >>
Archives
Favorite Links
ZDNet Blogs
- A Developer's View
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- Customer-Hosted Volume Activation Guide (Using KMS) Microsoft Microsoft? Volume Activation helps Volume Licensing customers automate and ... Download Now
- Easily Monitor Virtual/Physical/Cloud and Save Budget. up.time - Free Trial Uptime Software Easily manage, measure, and monitor all your physical, virtual, and cloud assets across platforms, applications, domains, and multiple datacenters. Download Now
- The Three Ps of Evaluating Managed Network Services Qwest Communications To reduce costs and keep IT resources focused on the core business, more ... Download Now
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
- Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
- Linking Decisions and Information for Organizational Performance Read the Tom Davenport study
