Christmas Lures Being Distributed Via Spam

Websense Security Labs ThreatSeeker Network has discovered that malware authors are already using Christmas themes this year as a social engineering tactic, in an effort to gain control over compromised machines. This campaign uses email messages in the form of e-greetings, leading to supposed animated postcards. These actually lead to a Trojan backdoor that has been distributed in previous malicious spam campaigns.

The email messages, spoofed to appear as though they have been sent from postcards.org, display an animated Christmas scene. A URL link within the email leads to a malicious file called postcard.exe hosted on various servers, including those in the .com TLD space.

Once executed, a backdoor is created by the malware author enabling access and control over the resources of the compromised machine. Control is conducted over IRC, communicating with ircserver.*snip*.la. During the install process an image called xmas.jpg is displayed to the user as a distraction technique.

Source:
http://securitylabs.websense.com/content/Alerts/3248.aspx

Posted in Internet, Privacy, Security | No Comments

Malware spoofs AVG web site

A DANGEROUS new variant of malware is attacking PCs in the UK, the INQ has discovered. It hijacks the victim’s browser and directs them to a fake site masquerading as AVG’s own front page.

THE URL which the INQ has discovered is http://0fficial-page-com/AVG1. [Note that it uses a zero not a capital ‘o’.] Don’t be fooled.

According to Rick Ferguson, a senior security advisor with anti-virus specialist, Trend Micro, this type of attack isn’t original but the danger has so far received only minimal publicity.

Rick reckons the best known incidence of this attack is avg-online-scanner.com. This software tricks victims into downloading a malware app called Winspywareprotect.

Naturally, the malware ‘detects’ the existence of fake ‘threats’ and tricks the victim into paying money online to ‘remove’ the threats.

As Ferguson explained, “Cybercrime is moving away from inflicting the maximum damage in the shortest time towards remaining undetected for the longest period and extracting the maximum cash.”

Source:
http://www.theinquirer.net/gb/inquirer/news/2008/11/26/malware-spoofs-avg-web-site

Posted in Internet, Security, Software | No Comments

DoS vulnerabilities in Wireshark

The pre-release version 1.0.5 of Wireshark, the network protocol analyser (or “packet sniffer”), has eliminated a vulnerability that could make it crash. It is reported that the error occurs during the analysis of over-long SMTP requests to a server. When the final version 1.0.5 will appear is still unknown, but the developers’ Roadmap says that a large number of bugs still remain to be corrected.

Source:
http://www.heise-online.co.uk/news/DoS-vulnerabilities-in-Wireshark–/112055

Posted in Internet, Networking, Security, Software | No Comments

Gmail Security Flaw Proof of Concept

Is it possible for someone to create a malicious filter without having access to your Gmail username and password? No, however, they can force you to create the filter without your knowledge.

The blogosphere is buzzing about a Gmail Security Flaw that has caused some people to lose their domain names registered through GoDaddy.

To understand how this exploit works let me first explain how I would carry it out (if I were a blackhat). Then we can move on and explain the exploit in detail. Let’s use a current example and assume that I was trying to steal MakeUseOf.com and I already knew it was registered by GoDaddy. Let’s also assume that I knew the owner’s Gmail address. I would want to create a filter like the one in the image above, where all email sent from GoDaddy Support was automatically deleted and forwarded to my email address.

Source:
http://geekcondition.com/2008/11/23/gmail-security-flaw-proof-of-concept/

Posted in Coding, Internet, Privacy, Security | No Comments

Researchers find vulnerability in Windows Vista

An Austrian security vendor has found a vulnerability in Windows Vista that it says could possibly allow an attacker to run unauthorized code on a PC.

The problem is rooted in the Device IO Control, which handles internal device communication. Researchers at Phion have found two different ways to cause a buffer overflow that could corrupt the memory of the operating system’s kernel.

In one of the scenarios, a person would already have to have administrative rights to the PC. In general, vulnerabilities that require that level of access somewhat undermine the risk since the attacker already has permission to use to the PC.

But it may be possible to trigger the buffer overflow without administrative rights, said Thomas Unterleitner, Phion’s director of endpoint security software.

Source:
http://www.networkworld.com/news/2008/112008-researchers-find-vulnerability-in-windows.html?fsrc=rss-security

Posted in Security, Windows | No Comments