November 10th, 2009

Major online ad site hacked, serving up exploit cocktail

Posted by Ryan Naraine @ 9:55 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Flash, Patch Watch, Responsible disclosure, Spam and Phishing, Spyware and Adware

Tags: Websense Inc., Microsoft Corp., Exploit, Online Advertising, Security, Viruses And Worms, Databases, Enterprise Software, Software, Data Management

A high-profile online advertising Web site has been hacked and rigged to serve multiple exploits to Microsoft Windows users surfing the net with unpatched third party desktop software.

According to a warning issued by Websense Security Labs, the malicious code was found on media-servers.net, which is described as a high-profile advertiser on the Internet realm.  The site has been firing an assortment of exploits for several months, including exploits for vulnerabilities in Microsoft DirectShow and Adobe PDF Reader. Read the rest of this entry »

November 3rd, 2009

Adobe Shockwave haunted by critical security holes

Posted by Ryan Naraine @ 12:12 pm

Categories: Adobe, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Flash, Malware, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Viruses and Worms, Vulnerability research

Tags: Adobe Systems Inc., Shockwave, Vulnerability, Shockwave Player, Security, Ryan Naraine

Adobe today released a patch to fix several serious security flaws in its Shockwave Player software.

The update, which is rated “critical,” addresses a total of five documented vulnerabilities.  The most serious flaw could allow remote code execution attacks against Windows and Mac users. Read the rest of this entry »

October 27th, 2009

Gawker Media tricked into featuring malicious Suzuki ads

Posted by Dancho Danchev @ 10:17 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Flash, Hackers, Malware

Tags: Advertisement, Gawker Media, Suzuki, Dancho Danchev

A group of cybercriminals have successfully managed to trick Gawker’s ad sales team into featuring malicious ads serving Adobe exploits (CVE-2008-2992; CVE-2009-0927) and scareware, by impersonating a legitimate ad agency inquiring about an upcoming Suzuki ad campaign.

According to Gawker Media, the malware distributors were one of the most convincing ones they’ve seen, with clear experience in ad sales lingo. Here’s a brief chronology of the correspondence between Gawker and the scammers, and what could Gawker media have done in order to prevent the malvertising attack:

Read the rest of this entry »

October 27th, 2009

Malware ads served from Gizmodo

Posted by Ryan Naraine @ 10:04 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Facebook, Flash, Locally Running Web Servers, Malware, Passwords, Social Networking Applications, Spam and Phishing, Spyware and Adware

Tags: Advertisement, Blog, Malware, Gizmodo, Ryan Naraine

[ UPDATE: Dancho has more details on this attack ]

Popular gadget blog Gizmodo has acknowledged falling victim to an “elaborate scam” that served malicious ads for scareware (fake anti-virus) to its readers.

In an apology posted online, Gizmodo said the its ad sales team was tricked into running malicious ads purporting to be from Suzuki.  Read the rest of this entry »

October 19th, 2009

Microsoft: Human error caused critical SMB2 vulnerability

Posted by Ryan Naraine @ 9:35 am

Categories: Adobe, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Flash, Hackers, Malware, Microsoft, Mozilla, Open source, Pen testing, Punditocracy, Responsible disclosure

Tags: Analysis Tool, Vulnerability, Bug, Microsoft Corp., Humans, Microsoft Windows, Microsoft Windows 7, Productivity, Operating Systems, Security

Microsoft is blaming human error for one of the critical SMB v2 vulnerabilities that exposed Windows users to remote code execution attacks and argues that it’s near impossible to catch these types of bugs with existing code review tools and techniques.

According to a post-mortem of the issue by Redmond security guru Michael Howard (right), the company detected the vulnerable code “very late” in the Windows 7 development process but argued that there are no static analysis tools or SDL requirements that would spot this type of human error.

Read the rest of this entry »

October 16th, 2009

Podcast: Inside the OWA attacks, Patch Tuesday wrap-up

Posted by Ryan Naraine @ 1:35 pm

Categories: Adobe, Anti Virus, Botnets, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Firefox, Flash, Malware, Microsoft, Mozilla, Oracle

Tags: Attack, Microsoft Outlook Web Access, Microsoft Outlook, Podcasts, Phishing, Microsoft Office, Office Suites, Software, Internet, Security

In this podcast with Threatpost co-editor Dennis Fisher, I discuss the recent Outlook Web Access phishing attacks, the Microsoft/Adobe patchapalooza and the true extent of the botnet/malware epidemic.  Listen here.

October 16th, 2009

Microsoft exposes Firefox users to drive-by malware downloads

Posted by Ryan Naraine @ 9:24 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Firefox, Flash, Google, Google Chrome, Hackers, Malware, Metasploit, Microsoft, Mozilla, Open source, Passwords, Patch Watch, Pen testing

Tags: Google Inc., Mozilla Firefox, Vulnerability, Malware, Microsoft Internet Explorer, Microsoft Corp., Attack Vector, Web Browser, Google Chrome, Plug-in

Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?

Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads. Read the rest of this entry »

October 14th, 2009

Does software piracy lead to higher malware infection rates?

Posted by Dancho Danchev @ 4:20 pm

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Botnets, Exploit code, Flash, Hackers, Java, Malware, Microsoft, Patch Watch, Pen testing, Viruses and Worms

Tags: Software Piracy, Malware, Spyware, Adware & Malware, Microsoft Windows, Viruses And Worms, Security, Operating Systems, Dancho Danchev

Yes it does, at least according to a recently released report by the Business Software Alliance (BSA) which basically correlates data on the known piracy rates for particular countries and their malware infection rates, using public sources.

The rationale behind their claims is fairly simple - users relying on pirated copies of software also do not have access to the latest, often critical from a security perspective, updates issued by the vendors, and are therefore susceptible to client-side vulnerabilities.

How biased are BSA’s claims, or are the report’s claims in fact real, emphasizing on how millions of users relying on pirated Windows copies are usually the first to become part of a botnet?

Read the rest of this entry »

October 14th, 2009

Adobe joins Patch Tuesday barrage: 29 PDF security flaws

Posted by Ryan Naraine @ 2:02 pm

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Flash, Hackers, Passwords, Patch Watch, Pen testing

Tags: Ryan Naraine

Adobe joined Microsoft’s Patch Tuesday barrage this week with the release of a monster update to fix 29 documented security vulnerabilites in the Adobe Reader and Acrobat software products.

The vulnerabilities, rated “critical,” patches code execution holes that can be exploited my malicious hackers to take complete control of an affected system.  At least one of the vulnerabilities has already been exploited in the wild. Read the rest of this entry »

October 14th, 2009

New Koobface campaign spoofs Adobe's Flash updater

Posted by Dancho Danchev @ 7:11 am

Categories: Adobe, Anti Virus, Botnets, Browsers, Facebook, Flash, Hackers, Malware, Passwords, Social Networking Applications, Web 2.0

Tags: Adobe Systems Inc., CAPTCHA, Facebook, Malware, Social Engineering, Koobface, Spyware, Adware & Malware, Cyberthreats, Security, Dancho Danchev

Earlier this week, the botnet masters behind the most efficient social engineering driven botnet, Koobface, launched a new campaign currently spreading across Facebook with a new template spoofing Adobe’s Flash updater embedded within a fake Youtube page.

The malware campaign is relying on compromised legitimate web sites, now representing 77% of malicious sites in general, and on hundreds of automatically registered Blogspot accounts with the CAPTCHA recognition process done on behalf of the users already infected by Koobface, compared to the gang’s previous reliance on commercial CAPTCHA recognition services.

Here some of the most popular messages posted on Facebook for the time being:

Read the rest of this entry »