Microsoft’s Security Hole Framework

Since a few days, news about the Internet Explorer exploit has been sweeping the Internet (see previous post Internet Explorer 7 Attack in the Wild). It has not been confirmed that Internet Explorer 5, 6 and 7 are affected and the problem reside in the data binding of objects. Basically, the array containing objects in […]

Internet Explorer 7 Attack in the Wild

Bits of information about the new 0-day exploit are surfacing on the web. This exploit provokes a heap overflow in the XML parser of Internet Explorer 7. The exploit works with the fully patched version of Windows XP, Windows Server 2008 and Windows Vista SP1[1]. The Infection The exploit is initiated by a JavaScript file […]

DNSChanger Worm uses DNS poisoning

A variant of the DNSChanger worm is reported to use DNS poisoning to infect new machines on a network, according to a well-explained article from The Register[1]. The attack used is quite interesting, but far from being new mind you. The first strains of the DNSChanger worm infected Windows and Mac machines. It modified and […]

New Kid on the Block: Downadup

Many reports on the last few days mention a new worm growing on the back of the Windows’ MS08-067 vulnerability. The worm named Downadup, also being dubbed Conficker.A by Microsoft, as now spread to alarming levels: “We think 500,000 is a ball park figure” said Ivan Macalintal, a senior research engineer with Trend Micro Inc[1]. […]

Srizbi is back

Malware

Update: The new Estonian company that hosted the command & control server, Starline Web Services, was shut down. The domain name chase continues! The Srizbi botnet is back online after being shut down by the closure of the criminal hosting company McColo Corp two weeks ago. Srizbi’s command and controls servers, now moved to an […]

U.S Army Infected by Worm

Wired reports that the U.S Army network is under assault by a variant of the SillyFDC worm called Agent-BTZ [1]. In order to restrain the infection, the U.S. Strategic Command has ban the use of every portable media on its network, this include USB keys, CDs, flash cards, floppies etc… Both the SIPRNet and NIPRNet […]

Malware Authors Loves Obama Too

The Register reports that malware creators are already using Mr. Obama’s popularity to distribute the Papras Trojan using spam, social engineering and Google Ads[1]. Users usually receive an email from what seems a legitimate news sources such as CNN and BBC, inviting users to see the speech of Barack Obama on their website. The content […]

Fake Anti-Virus Brings in 158 000$ a Week

Laptop with Red Background and Pirate Flag

Russian criminals who are selling a fake anti-virus, “Antivirus XP 2008/2009” among others, have made more than 150 000$ in a week, according to the Sydney Morning Herald[1]. If you have ever seen those annoying popups warning you that you might be infected with one or more viruses, then you probably came across this scam. “For […]

Microsoft: Malware Up 38% in United States in 2008

According to the latest Security Intelligence Report from Microsoft, malicious software installations on computers increased 38% in the U.S for 2008.[1] Also, the number of “High Severity” vulnerabilities detected increased by 13% in the second half of 2007, putting the total of “High Severity” vulnerabilities to 48%. Downloaders and droppers, accounting for 30% of all […]

Bank Account Stealing Trojan Rampaging the Internet

BBC News reports that a trojan, labeled Sinowal, has been crawling across the Internet. The Trojan is notorious for stealing bank account details. Sean Brady of RSA‘s security division reports that “more than 270,000 banking accounts and 240,000 credit and debit cards have been compromised from financial institutions in countries including the US, UK, Australia […]