ZDNet Must Read:
Mozilla Firefox hit by malware add-ons
Mozilla says a pair of malicious Firefox add-ons slipped by its security checks and infected approximately 4,600 Windows computers over the last five months.... Continued »
Category: Microsoft
February 9th, 2010
Patch Tuesday: Microsoft plugs critical Windows worm holes
Microsoft today released 13 security bulletins with fixes for 26 vulnerabilities affecting Windows and Office users and warned customers to pay special attention to a slew of flaws that can be trivially exploited by malware miscreants.
The company urged customers to prioritize and deploy four updates because of the “critical” severity rating and the fact that “consistent exploit code” is likely within the next 30 days.
February 5th, 2010
Mozilla Firefox hit by malware add-ons
Mozilla says a pair of malicious Firefox add-ons slipped by its security checks and infected approximately 4,600 Windows computers over the last five months.
The browser add-ons, described my Mozilla as “experimental,” contained a Trojan horse that executed when Firefox started and infected the host computer.
February 4th, 2010
MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities
Microsoft’s February batch of security patches will be a biggie — 13 bulletins with fixes for a whopping 26 vulnerabilities.
According to an advance notice from the Redmond, Wash. software vendor, five of the 13 bulletins will be rated “critical” because of the risk of remote code execution attacks.
February 3rd, 2010
Microsoft warns of new IE data-leakage vulnerability
Microsoft today issued a security advisory to acknowledge an information disclosure hole in its Internet Explorer browser and warned that an attacker could exploit the flaw to access files with an already known filename and location.
The vulnerability was first discussed at this week’s Black Hat DC conference by Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies. Microsoft says the risk is highest for IE users running Windows XP or who have disabled the browser’s Protected Mode feature. Read the rest of this entry »
January 25th, 2010
Bogus IQ test with destructive payload in the wild
Researchers from ESET and BitDefender have intercepted two destructive malware variants (Win32/Zimuse.A, Win32/Zimuse.B/zipsetup.exe), posing as an IQ test, and currently spreading in the wild.
Upon execution, the malware will attempt to spread through removable media using a time-based logic bomb, and overwrite the MBR (Master Boot Record) of all available drives after 40 days for variant A, and 20 days for variant B, making the host’s data inaccessible.
More info on the malware:
January 21st, 2010
Microsoft knew of IE zero-day flaw since last September
Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe since September last year.
The flaw was in the Microsoft Security Response Center’s (MSRC) queue to be fixed in the the next batch of patches due in February but the targeted zero-day attacks against U.S. companies forced the company to release an emergency, out-of-band IE update.
January 21st, 2010
Microsoft confirms 17-year-old Windows vulnerability
One day after a Google security researcher released code to expose a flaw that affects every release of the Windows NT kernel — from Windows NT 3.1 (1993) up to and including Windows 7 (2009) — Microsoft dropped a security advisory to acknowledge the issue and warn of the risk of privilege escalation attacks.
January 20th, 2010
Following the Google attack malware trail
Researchers picking apart the malware sample used in the hacking attacks against several U.S. companies say some parts of the malware codebase has been in existence in China for nearly four years, confirming fears that these types of coordinated, targeted attacks have been going on for a very long time.
According to Joe Stewart, a malware analyst at SecureWorks, discovered several components of the malware were written in mid-2006, more than three years before the attacks on Google, Adobe and others were first discovered.
January 20th, 2010
Critical out-of-band IE patch coming tomorrow (Jan 21)
This is just a quick heads-up that the emergency security patch for Microsoft’s Internet Explorer will be released tomorrow (January 21, 2009).
The update, rated critical for all versions of IE, will cover a remote code execution flaw that has already been used in targeted attacks against U.S. companies, including Google and Adobe. Read the rest of this entry »
January 19th, 2010
Google-China cyber espionage saga - FAQ
With more details emerging on the inner workings of the targeted malware attack that hit Google and over 30 other companies (ZDNet News Special Coverage - Special Report: Google, China showdown), it’s time to summarize all the events that took place during the past week, and answer some of the most frequently asked questions such as - How did the attack take place? Did Google strike back at the attackers? Was the Chinese government behind the attacks, and if not who orchestrated them and for what reason?
Go through the FAQ and their answers.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.
Subscribe to Zero Day via Email alerts or RSS.
SponsoredWhite Papers, Webcasts, and Downloads
- Live Webcast: The Power of Centralization in Distributed Development CollabNet Distributed teams are common in software development today. However ... Download Now
- Recession Proofing Your Organization with Electronic Forms IBM Corp. The current economy is forcing organizations of all sizes to look more ... Download Now
- Webinar: Best Practices for Application Virtualization with AdminStudio Flexera Software IT professionals, are you considering a move to Microsoft? App-V?? Watch ... Download Now
Recent Entries
- Reports: SQL injection attacks and malware led to most data breaches
- Patch Tuesday: Microsoft plugs critical Windows worm holes
- Adobe screw-up leaves Flash flaw unpatched for 16 months
- Oracle rushes out patch for gaping server hole
- Mozilla Firefox hit by malware add-ons
Blogs From Our Sponsors
Most Popular Posts
- Report: 48% of 22 million scanned computers infected with malware
- And the most popular password is...
- Code execution holes in iPhone OS, iPod Touch
- Bogus IQ test with destructive payload in the wild
- MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities
- RealPlayer haunted by 11 critical vulnerabilities
Top Rated
- And the most popular password is...+34 votes
- Microsoft readies emergency IE patch to counter public exploits+33 votes
- Report: 48% of 22 million scanned computers infected with malware+32 votes
- Microsoft confirms 17-year-old Windows vulnerability+31 votes
- Microsoft says Google was hacked with IE zero-day+31 votes
- MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities+26 votes
- Bogus IQ test with destructive payload in the wild+22 votes
- Haiti earthquake themed blackhat SEO campaigns serving scareware+21 votes
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
Archives
Favorite Links
ZDNet Blogs
- A Developer's View
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- Smarter Products: The Building Blocks for a Smarter Planet IBM Corp. Businesses are delivering a new generation of smarter products that are ... Download Now
- The Journey Along an Information-Led Transformation IBM Corp. The cost of embedding information technology into every device we ... Download Now
- Planning Activation in Isolated Environments Microsoft This guide is for IT pros maintaining the Windows? 7 and Windows Server? ... Download Now
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
- How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
- Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
- Linking Decisions and Information for Organizational Performance Read the Tom Davenport study





