November 23rd, 2009

Exploit published for critical IE 7 zero-day flaw

Posted by Ryan Naraine @ 8:32 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Microsoft, Passwords, Patch Watch, Responsible disclosure

Tags: Microsoft Internet Explorer 7, Microsoft Internet Explorer, Microsoft Corp., Zero-day Bug, VUPEN, VUPEN Security, Web Browsers, Internet, Ryan Naraine

Exploit code for a critical (remotely exploitable) vulnerability in Microsoft’s Internet Explorer 7 browser has been released on the Internet, prompting a new round “upgrade now!” warnings from computer security experts.

The vulnerability could be used in malware attacks to take complete control of a Windows machine running IE 6 or IE 7, according to an advisory issued over the  weekend. Read the rest of this entry »

November 19th, 2009

Microsoft finds security hole in Google Chrome Frame

Posted by Ryan Naraine @ 9:49 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Google, Google Chrome, Malware, Microsoft, Open source, Patch Watch

Tags: Google Inc., Microsoft Corp., Google Chrome, Web Browsers, Security, Viruses And Worms, Internet, Ryan Naraine

Back in September, when Google launched the Google Chrome Frame plug-in for Internet Explorer users, Microsoft immediately warned that the move would increase the attack surface and make IE users less secure.

Now comes word that a security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a “high risk” security vulnerability that could allow an attacker to bypass cross-origin protections. Read the rest of this entry »

November 18th, 2009

Mozilla locks out rogue Firefox add-ons

Posted by Ryan Naraine @ 10:33 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Denial of Service (DoS), Exploit code, Firefox, Malware, Microsoft, Mozilla, Open source, Patch Watch, Vulnerability research

Tags: Mozilla Firefox, Mozilla Corp., Migration Document, Web Browsers, Internet, Ryan Naraine

Mozilla has made a significant tweak to this Firefox 3.6 code base to block rogue add-ons from loading in the browser’s application components directory.

This will most certainly block developers and software vendors from silently installing Firefox add-ons without explicit user permission.  It will also significantly reduce browser crashes linked to third-party add-ons, Mozilla said. Read the rest of this entry »

November 17th, 2009

Thousands of web sites compromised, redirect to scareware

Posted by Dancho Danchev @ 12:12 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Web 2.0

Tags: Search Engine Optimization, Web Application, Web Site, Attack Vector, Google Search, Search, Security, Dancho Danchev

Updated: Thursday, November 19 - According to eSoft who contacted me, they’ve been monitoring the campaign since September, with another 720,000 affected sites back then.

There are now over a million affected sites serving scareware, with only a small percentage of them currently marked as harmful. Google has been notified. As always, NoScript and your decent situational awareness are your best friends.

Security researchers have detected a massive blackhat SEO (search engine optimization) campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software (Inst_58s6.exe), commonly referred to as scareware.

More details on the campaign:

Read the rest of this entry »

November 10th, 2009

Commercial spying app for Android devices released

Posted by Dancho Danchev @ 2:07 pm

Categories: Anti Virus, Browsers, Hackers, Malware, Mobile (In)Security, Passwords, Privacy, Spyware and Adware

Tags: Mobile, Malware, Mobile Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

A well known commercial provider of spyware applications for numerous mobile platforms, has recently ported its Mobile Spy app to the Android mobile OS.

Just like previous releases of the application, the Android version keeps a detailed log of GPS locations, calls, visited URLs, and incoming/outgoing SMS messages, available at the disposal of the attacker who installed it manually by obtaining physical access to the targeted device.

More details:

Read the rest of this entry »

November 10th, 2009

Major online ad site hacked, serving up exploit cocktail

Posted by Ryan Naraine @ 9:55 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Flash, Patch Watch, Responsible disclosure, Spam and Phishing, Spyware and Adware

Tags: Websense Inc., Microsoft Corp., Exploit, Online Advertising, Security, Viruses And Worms, Databases, Enterprise Software, Software, Data Management

A high-profile online advertising Web site has been hacked and rigged to serve multiple exploits to Microsoft Windows users surfing the net with unpatched third party desktop software.

According to a warning issued by Websense Security Labs, the malicious code was found on media-servers.net, which is described as a high-profile advertiser on the Internet realm.  The site has been firing an assortment of exploits for several months, including exploits for vulnerabilities in Microsoft DirectShow and Adobe PDF Reader. Read the rest of this entry »

November 6th, 2009

Code execution hole in BlackBerry Desktop Manager

Posted by Ryan Naraine @ 7:33 am

Categories: Anti Virus, Apple, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Malware, Mobile (In)Security, Passwords, Patch Watch, iPhone

Tags: Desktop, RIM BlackBerry, Handhelds, Hardware, Ryan Naraine

Research in Motion (RIM) has shipped a patch to cover a gaping hole in its BlackBerry Desktop Manager software.

The vulnerability, which exists in a  Lotus Notes Intellisync DLL that the BlackBerry Desktop Manager uses, allows a malicious user to perform an attack that leverages social engineering to achieve remote code execution on the computer running the BlackBerry Desktop Manager. Read the rest of this entry »

November 5th, 2009

Windows 7's default UAC bypassed by 8 out of 10 malware samples

Posted by Dancho Danchev @ 1:33 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Microsoft, Rootkits, Spyware and Adware, Viruses and Worms

Tags: User Account Control, Security, Malware, Microsoft Windows 7, Microsoft Windows, Operating Systems, Software, Dancho Danchev

A recently conducted test by malware researchers reveals that eight out of ten malware samples used in the test, successfully bypassed Windows 7’s default UAC (user access control) settings. The findings were also confirmed by a separate test done by another company, with an emphasis on how one of the most popular scareware variants bypassed Windows 7’s default UAC’s settings as well.

Read the rest of this entry »

November 5th, 2009

Which antivirus is best at removing malware?

Posted by Dancho Danchev @ 12:14 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Rootkits, Spyware and Adware, Viruses and Worms

Tags: Antivirus, Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Detecting the presence of malicious code is one thing, successfully eradicating it is entirely another.

According to AV-Comparatives.org’s recently released malware removal test evaluating the effectiveness of sixteen antivirus solutions, only a few were able to meet their criteria of not only removing the FakeAV, Vundo, Rustock and ZBot(Zeus) samples they were tested against, but also getting rid of the potentially dangerous “leftovers” from the infection.

More info on the tested antivirus solutions , and how they scored:

Read the rest of this entry »

October 29th, 2009

Spooky Halloween - scareware or crimeware?

Posted by Dancho Danchev @ 11:47 am

Categories: Anti Virus, Botnets, Hackers, Malware, Passwords, Spam and Phishing, Spyware and Adware, Uncategorized, Viruses and Worms

Tags: Campaign, Cybercriminal, Search, Marketing Research, Strategy, Security, Marketing, Management, Dancho Danchev

With all the “spooky” cybercrime trends taking place on a monthly basis, such as the death of CAPTCHA, the suspicious idleness of the Conficker botnet, the clear presence of government-tolerated and upcoming government-sponsored botnets, the inevitable migration from using malicious infrastructure to entirely relying on legitimate one, followed by the cyber terrorism myopia that cyber terrorists still need years to build advanced cyber warfare capabilities, totally excluding outsourcing as a factor for gaining competitive advantage from the big picture, I’m literally having hard time deciding which one deserves most attention.

Whatever the cybercrime tactics, the main objective for the key ‘market players’ remains the same - monetization. Which prompts this year’s Halloween question - scareware (trick) or crimeware (treat)?

Read the rest of this entry »