Zero day hole in Adobe Reader and Acrobat

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow. In the meantime, Adobe is in contact with anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the security of our mutual customers. A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available.

Adobe categorizes this as a critical issue and recommends that users update their virus definitions and exercise caution when opening files from untrusted sources.

Source:
http://www.adobe.com/support/security/advisories/apsa09-01.html

Posted in Internet, Security, Software | 1 Comment

Conficker worm gets an evil twin

The criminals behind the widespread Conficker worm have released a new version of the malware that could signal a major shift in the way the worm operates.

The new variant, dubbed Conficker B++, was spotted three days ago by SRI International researchers, who published details of the new code on Thursday. To the untrained eye, the new variant looks almost identical to the previous version of the worm, Conficker B. But the B++ variant uses new techniques to download software, giving its creators more flexibility in what they can do with infected machines.

Conficker-infected machines could be used for nasty stuff — sending spam, logging keystrokes, or launching denial of service (DoS) attacks, but an ad hoc group calling itself the Conficker Cabal has largely prevented this from happening. They’ve kept Conficker under control by cracking the algorithm the software uses to find one of thousands of rendezvous points on the Internet where it can look for new code. These rendezvous points use unique domain names, such as pwulrrog.org, that the Conficker Cabal has worked hard to register and keep out of the hands of the criminals.

The new B++ variant uses the same algorithm to look for rendezvous points, but it also gives the creators two new techniques that skip them altogether. That means that the Cabal’s most successful technique could be bypassed.

Source:
http://www.networkworld.com/news/2009/022009-conficker-worm-gets-an-evil.html

Posted in Internet, Security | No Comments

Fast-Track 4.0 – Automated Penetration Testing Suite

For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived when David Kennedy was on a penetration test and found that there was generally a lack of tools or automation in certain attacks that were normally extremely advanced and time consuming.

In an effort to reproduce some of David’s advanced attacks and propagate it down to the team at SecureState, David ended up writing Fast-Track for the public. Many of the issues Fast-Track exploits are due to improper sanitizing of client-side data within web applications, patch management, or lack of hardening techniques. All of these are relatively simple to fix if you know what to look for, but as penetration testers are extremely common findings for us.

Fast-Track arms the penetration tester with advanced attacks that in most cases have never been performed before. Sit back relax, crank open a can of jolt cola and enjoy the ride.

Dependencies: Metasploit 3, SQLite, PYMSSQL, FreeTDS, Pexpect, ClientForms, Beautiful Soup, and Psycho.

Installation Instructions: When extracting the tarball, run the setup.py file by executing python setup.py install, this will install the needed dependencies MINUS SQLite and Metasploit 3, you should specify the metasploit path or it will default to the BackTrack 3 installation menu. Once the installation is completed, Fast-Track should be fully functional.

Download:
http://www.securestate.com/files/fasttrack/fasttrack.tgz

Source:
http://www.securestate.com/Pages/Fast-Track.aspx

Posted in Coding, Internet, Linux, Privacy, Security | No Comments

Verizon to Implement Spam Blocking Measures

Verizon.net is home to more than twice as many spam-spewing zombies as any other major Internet service provider in the United States, according to an analysis of the most recent data from anti-spam outfit Spamhaus.org. Verizon, however, says it plans to put measures in place to prevent it from being used as a home to so many spammers.

Security Fix examined the latest stats from Spamhaus’s “composite block list,” (CBL) which relies on intelligence relayed by large spamtraps and e-mail infrastructures around the world. The list only is comprised of Internet addresses that have been observed to be sending spam, worms and viruses, or participating in other malicious activity.

Spamhaus currently includes 225,454 U.S. based Internet addresses on its CBL. Of those, nearly one-quarter — almost 56,000 — are assigned to Verizon.net. Comcast, which according to Spamhaus is home to the next-largest concentration of malicious hosts among U.S. ISPs, has fewer than half as many listings.

Source:
http://voices.washingtonpost.com/securityfix/2009/02/verizon_to_implement_spam_bloc.html?hpid=sec-tech

Posted in Internet | No Comments

New Attack Singles out IE Flaw

Microsoft warned last week that it would be easy for cybercriminals to build new attacks using bugs it patched in the Internet Explorer browser; now that prediction has come true.

On Tuesday, security vendor Trend Micro said that it had spotted the first attack taking advantage of one of two flaws patched a week ago. Microsoft has said that either of these vulnerabilities would be easy to exploit in online attacks.

Over the weekend, Trend Micro researchers spotted what appears to be a small-scale, targeted attack that exploits the flaw to install spy software, said Paul Ferguson, a researcher with the antivirus vendor. “It installs a back door that uploads stolen information on port 443 to another site in China,” he said.

Source:
http://www.pcworld.com/article/159688/new_attack_singles_out_ie_flaw.html?tk=rss_news

Posted in Security, Windows | No Comments