February 9th, 2010

Patch Tuesday: Microsoft plugs critical Windows worm holes

Posted by Ryan Naraine @ 11:29 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Exploit code, Microsoft, Passwords, Patch Watch, Viruses and Worms, Vulnerability research, Web 2.0

Tags: Denial Of Service, Attacker, Vulnerability, Victim, Exploit Code, Microsoft PowerPoint, Microsoft Corp., Small And Medium Business, Attack, CVE-2010-0242

Microsoft today released 13 security bulletins with fixes for 26 vulnerabilities affecting Windows and Office users and warned customers to pay special attention to a slew of flaws that can be trivially exploited by malware miscreants.

The company urged customers to prioritize and deploy four updates because of the “critical” severity rating and the fact that “consistent exploit code” is likely within the next 30 days.

Read the rest of this entry »

February 5th, 2010

Mozilla Firefox hit by malware add-ons

Posted by Ryan Naraine @ 8:20 am

Categories: Anti Virus, Browsers, Data theft, Exploit code, Firefox, Malware, Microsoft, Mozilla, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research

Tags: Mozilla Firefox, Trojan Horse, Malware, Mozilla Corp., Add-on, Spyware, Adware & Malware, Cyberthreats, Spyware, Viruses And Worms, Security

Mozilla says a pair of malicious Firefox add-ons slipped by its security checks and infected approximately 4,600 Windows computers over the last five months.

The browser add-ons, described my Mozilla as “experimental,”  contained a Trojan horse that executed when Firefox started and infected the host computer.

Read the rest of this entry »

February 4th, 2010

MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities

Posted by Ryan Naraine @ 10:48 am

Categories: Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Microsoft, Patch Watch, Responsible disclosure, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Vulnerability, Microsoft Corp., Microsoft Windows, Security, Microsoft Windows 7, Operating Systems, Software, Ryan Naraine

Microsoft’s February batch of security patches will be a biggie — 13 bulletins with fixes for a whopping 26 vulnerabilities.

According to an advance notice from the Redmond, Wash. software vendor, five of the 13 bulletins will be rated “critical” because of the risk of remote code execution attacks.

Read the rest of this entry »

February 3rd, 2010

Microsoft warns of new IE data-leakage vulnerability

Posted by Ryan Naraine @ 2:25 pm

Categories: Arbitrary Code Execution, Browsers, Data theft, Exploit code, Malware, Microsoft, Patch Watch, Responsible disclosure, Spam and Phishing, Vulnerability research

Tags: Vulnerability, Microsoft Windows, Microsoft Internet Explorer, Microsoft Corp., Attack, Web Browsers, Security, Internet, Ryan Naraine

Microsoft today issued a security advisory to acknowledge an information disclosure hole in its Internet Explorer browser and warned that an attacker could exploit the flaw to access files with an already known filename and location.

The vulnerability was first discussed at this week’s Black Hat DC conference by Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies.   Microsoft says the risk is highest for IE users running Windows XP or who have disabled the browser’s Protected Mode feature. Read the rest of this entry »

January 25th, 2010

Bogus IQ test with destructive payload in the wild

Posted by Dancho Danchev @ 1:53 pm

Categories: Anti Virus, Browsers, Hackers, Malware, Microsoft, Windows Vista

Tags: Malware, Cyberthreats, Spyware, Adware & Malware, Viruses And Worms, Security, Dancho Danchev

Researchers from ESET and BitDefender have intercepted two destructive malware variants (Win32/Zimuse.A, Win32/Zimuse.B/zipsetup.exe), posing as an IQ test, and currently spreading in the wild.

Upon execution, the malware will attempt to spread through removable media using a time-based logic bomb, and overwrite the MBR (Master Boot Record) of all available drives after 40 days for variant A, and 20 days for variant B, making the host’s data inaccessible.

More info on the malware:

Read the rest of this entry »

January 21st, 2010

Microsoft knew of IE zero-day flaw since last September

Posted by Ryan Naraine @ 12:34 pm

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Google, Malware, Microsoft, Patch Watch, People's Republic of China, Research, Responsible disclosure, Vulnerability research

Tags: Attacker, Vulnerability, Microsoft Internet Explorer, Microsoft Corp., Zero-day Bug, Web Browsers, Security, Internet, Ryan Naraine

Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe since September last year.

The flaw was in the Microsoft Security Response Center’s (MSRC) queue to be fixed in the the next batch of patches due in February but the targeted zero-day attacks against U.S. companies forced the company to release an emergency, out-of-band IE update.

Read the rest of this entry »

January 21st, 2010

Microsoft confirms 17-year-old Windows vulnerability

Posted by Ryan Naraine @ 8:05 am

Categories: Arbitrary Code Execution, Complex Attacks, Denial of Service (DoS), Google, Microsoft, Patch Watch, Pen testing, Responsible disclosure, Vulnerability research, Windows Vista

Tags: Advisory, Flaw, Microsoft Corp., Attack, Ormandy, Microsoft Windows, Security, Microsoft Windows NT, Operating Systems, Software

One day after a Google security researcher released code to expose a flaw that affects every release of the Windows NT kernel — from Windows NT 3.1 (1993) up to and including Windows 7 (2009) — Microsoft dropped a security advisory to acknowledge the issue and warn of the risk of privilege escalation attacks.

Read the rest of this entry »

January 20th, 2010

Following the Google attack malware trail

Posted by Ryan Naraine @ 2:39 pm

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Google, Governments, Malware, Microsoft, People's Republic of China

Tags: Algorithm, Google Inc., Malware, Attack, Spyware, Adware & Malware, Cyberthreats, Security, Engineering, Viruses And Worms, Ryan Naraine

Researchers picking apart the malware sample used in the hacking attacks against several U.S. companies say some parts of the malware codebase has been in existence in China for nearly four years, confirming fears that these types of coordinated, targeted attacks have been going on for a very long time.

According to Joe Stewart, a malware analyst at SecureWorks, discovered several components of the malware were written in mid-2006, more than three years before the attacks on Google, Adobe and others were first discovered.

Read the rest of this entry »

January 20th, 2010

Critical out-of-band IE patch coming tomorrow (Jan 21)

Posted by Ryan Naraine @ 10:23 am

Categories: Adobe, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Google, Governments, Microsoft, Patch Watch, People's Republic of China, Responsible disclosure, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Microsoft Internet Explorer, Microsoft Corp., Web Browsers, Internet, Ryan Naraine

This is just a quick heads-up that the emergency security patch for Microsoft’s Internet Explorer will be released tomorrow (January 21, 2009).

The update, rated critical for all versions of IE, will cover a remote code execution flaw that has already been used in targeted attacks against U.S. companies, including Google and Adobe. Read the rest of this entry »

January 19th, 2010

Google-China cyber espionage saga - FAQ

Posted by Dancho Danchev @ 8:30 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Exploit code, Google, Governments, Hackers, Malware, Microsoft, Passwords, People's Republic of China, Phishing, Viruses and Worms, Zero-day attacks

Tags: China, Google Inc., Malware, Cyberattack, Spyware, Adware & Malware, Cyberthreats, Security, Dancho Danchev

With more details emerging on the inner workings of the targeted malware attack that hit Google and over 30 other companies (ZDNet News Special Coverage - Special Report: Google, China showdown), it’s time to summarize all the events that took place during the past week, and answer some of the most frequently asked questions such as - How did the attack take place? Did Google strike back at the attackers? Was the Chinese government behind the attacks, and if not who orchestrated them and for what reason?

Go through the FAQ and their answers.

Read the rest of this entry »