Spyware, Viruses, & Security forum

General discussion

NEWS - January 31, 2007

by Marianna Schmudlach / January 30, 2007 2:30 PM PST

Script wreaks havoc on MySpace

Rains down spam, opens door to users accounts
By Dan Goodin in San Francisco
Published Wednesday 31st January 2007 01:43 GMT

A handful of enterprising people - at least one of them a teen - has devised a Javascript that allows its owner to temporarily access the browser's MySpace account, according to a security professional who was among the first to publicly write about the service.

These people also may have managed to spam about 1.5 million MySpace accounts, according to a Google Search. They pulled off the latter feat in less than three weeks by collecting thousands of passwords, according to one of the operators, in a venture that would appear to violate numerous terms governing the use of the social network.

More: http://www.theregister.co.uk/2007/01/31/myspace_spam/

Discussion is locked
You are posting a reply to: NEWS - January 31, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 31, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Multiple Organizations Targeted by Zero-Day Exploit
by Marianna Schmudlach / January 30, 2007 2:41 PM PST

Posted by Eric Chien


We have received some additional Word documents that exploit an unpatched Microsoft Word vulnerability. These documents are detected as Trojan.Mdropper.X. We believe this is a new vulnerability, making it the fifth currently unpatched Office file format vulnerability. While these documents are being used in a targeted attack consistent with previous cases, we have received different documents that use this same exploit from multiple organizations. The documents have been each designed specifically for the targeted organization in both language and content.

The vulnerability could be a slight variation or may be covered by the existing CVEs and we are awaiting confirmation from Microsoft Security Response Center. Nevertheless, no patches appear to be available, so, as always, be careful opening unsolicited Word documents.

http://www.symantec.com/enterprise/security_response/weblog/2007/01/multiple_organizations_targett.html

Collapse -
Seen in the wild: Incredibly misleading advertising by Evide
by Marianna Schmudlach / January 30, 2007 2:42 PM PST
Collapse -
Virus emails soar by a factor of 20
by Marianna Schmudlach / January 31, 2007 12:15 AM PST

Experts warn of 'explosive growth' in cyber-fraud, theft, spam and viruses

Robert Jaques, vnunet.com 31 Jan 2007

Hackers and spammers have "raised their onslaught" with two global email-borne virus attacks launched in December and January.

The attacks were so large that they drove up the level of viruses up by a factor of 20 compared with usual activity, according to data from security firm Postini.

The January attack became known as the Storm worm because the original email subject line was '230 dead as storm batters Europe'. At the time of the email, there was a heavy storm occurring in Europe.

More: http://www.snpx.com/cgi-bin/news55.cgi?target=185190264?-1313

Collapse -
Phishing and spam continue to rise
by Marianna Schmudlach / January 31, 2007 12:19 AM PST

Messaging firms warn of continued rise in phishing and spam mails

Phil Muncaster, IT Week, 31 Jan 2007

MessageLabs has warned that the spam and phishing epidemics could spread, as its latest monthly intelligence report found levels of unsolicited mail continued to rise while viruses dropped in volume.

Chief security analyst at the firm Mark Sunner explained that spam levels have been driven by the activity of more robust botnets that are capable ? thanks to Trojans such as SpamThru ? of sending out a larger volume of spam.

"Few people realise that spam traffic levels are not linear, they're very spiky, so these botnets are not being used to capacity ? all the evidence we have would indicate that we're looking at the thin end of the wedge in terms of volumes," he said.

More: http://www.snpx.com/cgi-bin/news55.cgi?target=185212814?-14215

Collapse -
Vivio Lure Spreading Crimeware
by Marianna Schmudlach / January 31, 2007 12:36 AM PST

Published: 2007-01-31,
Last Updated: 2007-01-31 15:57:36 UTC
by Deborah Hale (Version: 1)
Websense Security Labs reports that they have discovered another information stealing, malicious code attack that appears to be a coordinated effort of the Russian and Brazilian bad boys. The program is spreading via email by email receivers clicking on a link included in an email. The page attempts to infect the PC by downloading and running a program called stylecss.exe. (If your computer is properly patched the program will not run.) Once infected the program is designed to steal banking information from banking websites.

For more information see the write at:

http://www.websense.com/securitylabs/alerts/alert.php?AlertID=731

Collapse -
New? Microsoft word vulnerability used as vector in targeted
by Marianna Schmudlach / January 31, 2007 12:37 AM PST

Published: 2007-01-31,
Last Updated: 2007-01-31 09:45:21 UTC
by Swa Frantzen (Version: 1)
Symantec is reporting on what might possibly be yet another unpatched vulnerability being exploited by the bad guys out there. It seems to be used in targeted attacks. We're seeking samples, confirmation, CVE name etc. at this point.

Even though it appears there might be little gain in once again trying to convince people not to email office documents, not to open them, etc. some renewed attention might be required.
If five unpatched vulnerabilities is the risk level you need before being allowed to act and start to filter, you might have your "go" at this point. The oldest of the 5 vulnerabilities is publicly known since December 5th, 2006.

More: http://isc.sans.org/

Collapse -
Microsoft Tailors Vista to Meet EU Requirements
by Marianna Schmudlach / January 31, 2007 6:05 AM PST

Company says new OS was changed after discussion with the European Commission; more revisions to be released in the first service pack.
Paul Meller, IDG News Service


As Windows Vista appeared in computer stores worldwide, Microsoft said today that part of the design of the new operating system is the work of the European Commission.

"Following discussions with European Commission, Microsoft committed to make a number of changes to the Windows Vista operating system prior to release," the software maker said in a statement, pointing to three functions of the operating system: security, search, and fixed document formats.

More: http://www.pcworld.com/article/128702-1/article.html?tk=nl_dnxnws

Collapse -
Is there a fifth zero-day vulnerability in Microsoft Word?
by Marianna Schmudlach / January 31, 2007 7:40 AM PST

Eric Chien reported late Tuesday on the Symantec Security Response weblog that the anti-virus firm has received new Word documents containing a zero-day exploit being used in targeted attacks against several organizations.

However, the Cupertino, Calif. firm was trying to determine whether the vulnerability was simply a variation of one of four recently disclosed unpatched Office flaws, three of which were reported in December. Indeed it was, according to a Microsoft spokesman.

"Microsoft's intitial investigation shows that this is not a new vulnerability but a duplicate of an already known public issue," the spokesman said, referring to CVE-2006-6456, reported Dec. 10.

A fourth Word bug came to light last week and is being used in limited attacks, according to Microsoft.

More: http://www.scmagazine.com/us/news/article/629913/is-fifth-zero-day-vulnerability-microsoft-word/

Collapse -
Vista pranks possible via voice commands
by Marianna Schmudlach / January 31, 2007 7:44 AM PST

Published: 2007-01-31

"PC, root thyself."

It may not be that easy, but users of Windows Vista may have to watch out for malicious audio files.

Prompted by a posting on a security mailing list, security experts investigated and confirmed that a computer running Microsoft's latest operating system, Windows Vista, could have system commands activated by audio files running on a Web site. While Microsoft implementation of least privilege settings for users mean that most harmful commands would have to somehow bypass Vista's User Account Control, basic commands could still delete documents on a user's PC without requiring a password, according to ZDNet information-technology blogger George Ou.

More: http://www.securityfocus.com/brief/422

Collapse -
Solaris 10 ICMP induced panic
by Marianna Schmudlach / January 31, 2007 7:49 AM PST

Published: 2007-01-31,
Last Updated: 2007-01-31 22:52:57 UTC
by Swa Frantzen (Version: 1)
For those of you who remember the Ping of Death issues, there's a recent twist to the story.

Sun has released patches for Solaris 10. It fixes an issue where a single ICMP packet could panic a host. Sun did not make available details on the required ICMP packets.


http://isc.sans.org/

Collapse -
Blocking .exe attachments
by Marianna Schmudlach / January 31, 2007 7:50 AM PST

Published: 2007-01-31,
Last Updated: 2007-01-31 20:38:08 UTC
by Johannes Ullrich (Version: 1)
"Storm Worm" and a recent rash of simple .exe attachments showed how easy it is to still trick users into clicking on executables that arrive via e-mail. On the other hand: Why do users still receive attachments which they are not supposed to click on. In this diary, we are trying to summarize some simple recipes to block attachments with given extensions for different mail transport agents (MTA). Feel free to submit your own. We will keep adding amending. The start is from a quick google search and consulting with our handlers. Also, we should mention that for some of us, this sort of a default allow stance (allow anything not explictly denied) grates a little. We'd prefer to explicitly whitelist those attachments that must be allowed for business purposes and deny everything else, but for the rest of this story, we'll assume the default allow stance most of us have inherited.


Postfix:

More: http://isc.sans.org/

Collapse -
Watch the Exploit: A Targeted Attack Video
by Marianna Schmudlach / January 31, 2007 7:58 AM PST

We've been getting a lot of requests from people asking what it looks like when your computer is compromised by one of these very limited targeted attacks that involves any of the recent MS Word zero-day vulnerabilities. A targeted attack begins with an incoming email that has a .DOC file attached; a very common event that happens to almost everyone every day. The email sender looks legitimate (it's spoofed of course!) and the document name is selected to appeal to the recipient. For example, if the targeted user is an accountant, then the document would look like a tax certificate or an invoice. For members of governments, it could appear to be an important communication from a Minister. For finance brokers, a stocks analysis and so on...

More: http://www.symantec.com/enterprise/security_response/weblog/2007/01/watch_the_exploit_a_targeted_a.html

Collapse -
Phish Fighters
by Bugbatter / February 1, 2007 12:56 AM PST
In Praise of Phish Fighters
By Brian Krebs | January 31, 2007

"It isn't often that the public is afforded a peek into federal law enforcement efforts to combat "phishing" scams, fraudulent e-mail lures for Web sites created to assume the look of trusted online brands and steal personal information. But February marks the 5th anniversary of CastleCops.com -- an all-volunteer led forum that has morphed from a place where people can diagnose security problems with their PCs into one of the most active phish fighting forums -- and the group is releasing some interesting data to highlight its accomplishments..."

More here:
http://blog.washingtonpost.com/securityfix/2007/01/in_praise_of_the_phish_fighter.html
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.