Zero-Day PowerPoint Attacks Under Way

Microsoft’s PowerPoint application is being used in a new attack that exploits an unpatched vulnerability in the popular Office app. The software giant yesterday issued a security alert confirming “limited and targeted attacks” were under way using malicious PowerPoint files that exploit the flaw.

The exploits carry a Trojan, according to Microsoft, and in an interesting twist, the exploit files were recently submitted to the VirusTotal free malware-scanning site. “Either the miscreants who created these exploits were looking to see how antivirus products detect their new files, or the victims were looking to get some information about their maliciousness,” blogged Cristian Craioveanu and Ziv Mador of Microsoft’s Malware Protection Center.

When exploited, the vulnerability can give an attacker local rights to a user’s machine if he opens the malicious PowerPoint file, which is currently being delivered via targeted email messages, but can also be pushed via a Website or instant messaging link.

The vulnerability affects PowerPoint 2000 Service Pack 3, PowerPoint 2002 Service Pack 3, PowerPoint 2003 Service Pack 3, and Microsoft Office 2004 for Mac . The newer Microsoft Office PowerPoint 2007 and Microsoft Office for Mac 2008 are immune.

“Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs,” said Bill Sisk, security response communications manager for Microsoft, in a statement.

Source:
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=216402732&cid=RSSfeed

Posted in Internet, Security, Software, Windows | No Comments

Windows AUTOPWN (winAUTOPWN)

Autohack your targets with least possible interaction.

Features :

– Contains already custom-compiled executables of famous and effective exploits alongwith a few original exploits.
– No need to debug, script or compile the source codes.
– Scans all ports 1 – 65535 after taking the IP address and tries all possible exploits according to the list of discovered open ports (OpenPorts.TXT)
– PortScan is multi-threaded.
– Doesn’t require any Database at the back-end like msf
– Can be also be used to test effectiveness of IDS/IPS
– Launched exploits are independent and doesn’t rely on service fingerprinting (to avoid evasion, if any)

The aim of creating winAUTOPWN is not to compete with already existing commercial frameworks like Core Impact (Pro), Immunity Canvas, Metasploit Framework (freeware), etc. which offer autohacks, but to create a free, quick, standalone application which is easy to use and doesn’t require a lot of support of other dependencies. Also not forgetting that winAUTOPWN unlike other frameworks maintains the original exploit writer’s source code intact just as it was and uses it. This way the exploit writer’s credit and originality is maintained. The source is modified only when required to enable a missing feature or to remove hard-coded limitations. Under these circumstances also, the exploit writers credits remain intact.

Newer exploit modules are added as and when they release and older ones are also being daily added. Binaries of perl, php, python and cygwin DLLs (included) are required to exist either in a common folder or should be properly installed with their paths registered for those exploits which are cannot be compiled into a PE-exe.

Some anti-viruses might falsely detect the exploits as malicious.

Source:
http://winautopwn.co.nr/

Download:
http://winautopwn.exofire.net/winAUTOPWN.RAR

Posted in Coding, Internet, Linux, Networking, Perl, PHP, Privacy, Security, Software, Windows | No Comments

Flaw in Conficker Worm May Aid Cleanup Effort

Experts have discovered a security hole in the computer code that powers the Conficker worm, an aggressive contagion that has spread to more than 12 million Microsoft Windows systems worldwide. The security community is treading lightly with this news, because while the discovery could make it easier to isolate infected systems, it could also give criminals a way to quietly hijack millions of systems.

Conficker spreads mostly by exploiting a security vulnerability in Microsoft Windows systems, one that the software giant issued a patch to fix last October – just days before the first version of Conficker struck. Experts have known for some time now that Conficker applies its own version of that patch shortly after infecting a host system. This tactic not only prevents other malicious software from infiltrating the host via that vulnerability, but it also makes it difficult to for system administrators to find potentially infected systems simply by scanning their networks for PCs that are missing that critical software update.

But according to research to be published later this week by the Honeynet Project, a volunteer organization that tracks Internet attacks, the Conficker worm doesn’t completely close the hole that allows it to wiggle into infected systems in the first place.

Source:
http://voices.washingtonpost.com/securityfix/2009/03/flaw_in_conficker_worm_may_aid.html?wprss=securityfix

Posted in Coding, Internet, Security, Windows | 2 Comments

Mozilla Firefox XSL Parsing ‘root’ XML Tag Remote Memory Corruption Vulnerability

Mozilla Firefox is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected browser. Failed exploit attempt will result in a denial-of-service condition.

The following proof of concept is available:

http://www.securityfocus.com/data/vulnerabilities/exploits/2009-ffox-poc.tar.gz

Posted in Coding, Internet, Security, Software | 1 Comment

Panda Releases Free Security Tool for Autorun

Panda, an antivirus software company, has a new free Panda USB Vaccine available for download that can disable the Windows Autorun feature for an entire PC or a particular USB drive.

The Autorun feature in Windows can make it easier to install software – and it can also be exploited by malware like the Conficker worm, which co-opts the feature to spread itself. I’ve previously written about the risk, and turning off Autorun can be a good idea for better computer security.

To download this small tool you’ll have to first give Panda your e-mail address and opt-out of receiving marketing e-mails (unless you want them), but it’s a quick download after that and doesn’t require installation. When you run it, you can click a button to vaccinate your computer (disabling Autorun), and you can then click the button again to turn Autorun back on.

You can also connect a USB drive and choose to disable Autorun just for that drive. But note that it’s a permanent step when done for a particular drive, and can’t be reversed.

Source:
http://www.pcworld.com/article/161951/pandadownload.html?tk=rss_news

Posted in Hardware, Security | No Comments