New Worm Transcodes MP3s to Try to Infect PCs

July 18, 2008 – 6:09 AM

A new kind of malicious software could pose a danger to Windows users who download music files on peer-to-peer networks.

The new malware inserts links to dangerous Web pages within ASF (Advanced Systems Format) media files.

“The possibility of this has been known for a little while but this is the first time we’ve seen it done,” said David Emm, senior technology consultant for security vendor Kaspersky Lab.

Advanced Systems Format is a Microsoft-defined container format for audio and video streams that can also hold arbitrary content such as images or links to Web resources.

If a user plays an infected music file, it will launch Internet Explorer and load a malicious Web page which asks the user to download a codec, a well-known trick to get someone to download malware.

The actual download is not a codec but a Trojan horse, which installs a proxy program on the PC, Emm said. The proxy program allows hackers to route other traffic through the compromised PC, helping the hacker essentially cover their tracks for other malicious activity, Emm said.

Source:
http://www.pcworld.com/businesscenter/article/148603/new_worm_transcodes_mp3s_to_try_to_infect_pcs.html

Zodiac – DNS Protocol Monitoring and Spoofing Tool

July 18, 2008 – 5:48 AM

Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol. Internally it contains advanced DNS routines for DNS packet construction and disassembling and is the optimal tool if you just want to try something out without undergoing the hassle to rewrite DNS packet routines or packet filtering.

Source:
http://www.darknet.org.uk/2008/07/zodiac-dns-protocol-monitoring-and-spoofing-tool/

Darik’s Boot and Nuke Securely Wipes Your System in an Emergency

July 17, 2008 – 6:56 PM

Free, open-source boot disk utility Darik’s Boot and Nuke (DBAN) automatically and completely deletes the content of every hard disk it can find on your computer when you run it. Sure you can fire up DBAN for emergency system wipes next time the feds come knocking on your door, but it’s also a useful tool for protecting yourself from identity theft when you’re prepping your computer for recycling or sale. The bootable DBAN can run from CDs, DVDs, thumb drives, and floppy disks.

Source:
http://lifehacker.com/398756/dariks-boot-and-nuke-securely-wipes-your-system-in-an-emergency

Microsoft Office Security Team Enlists Bots, Pen Tests

July 17, 2008 – 3:01 PM

Storm, Srizbi, and… Microsoft? Microsoft’s Office application security team actually runs its own internal botnet, which, among other things, “fuzzes” for vulnerabilities in Office applications.

Microsoft’s botnet isn’t anywhere near the size of Srizbi (over 300,000 bots at last count) nor any of the other mega-botnets — it’s just a couple of thousand machines located in Microsoft’s automation lab. But Tom Gallagher, senior security test lead for Microsoft Office, says the internal botnet is a key tool in rooting out new vulnerabilities in Office by simulating the wildly popular fuzzing technique used by attackers.

“We instruct the machines to perform various types of manipulations to a well formed ‘good’ Office document,” Gallagher says. The Office security team typically targets memory-corruption bugs in the software like buffer overruns, integer overruns, and format strings, says Gallagher, who notes that the botnet is also used to test out features in the software.

This hack-it-yourself strategy has become the norm for the Office security team, which aside from its fuzzing botnet also regularly conducts penetration testing on its Office code and apps. Gallagher, 31, and senior software development engineer David LeBlanc, 47, lead a team that hacks at the applications regularly — and then feeds its findings to the Office application developers.

Source:
http://www.darkreading.com/document.asp?doc_id=159305

Microsoft Outlook Web Access XSS (MS08-039)

July 17, 2008 – 12:11 PM

Several Cross Site Scripting vulnerabilities were found in within Outlook Web Access (OWA) 2003/2007. An attacker can craft a malicious email which will trigger within a user’s browser. Different version of OWA and different clients (Light and Premium) have different attack vectors which can result in an attacker gaining *persistent* control over a victim’s use of Outlook Web Access. An attacker would have full control and access to the victims e-mail account. This control could be further abused by utilising techniques such as JavaScript root-kits or web worms.

Source:
http://www.securiteam.com/windowsntfocus/5UP0G20OUE.html