10 total posts
Malware attack: 'New resume: Please review my CV, Thank you!
From Graham Cluley's Blog:
In the current economic climate many people may find themselves in the unfortunate position of having to look for a new job, and human resources departments around the world are probably becoming more used to finding ad-hoc applications arriving out of the blue in their email inboxes.
Well, if you receive an email claiming to be a resume (or CV as we usually call them here in the UK) you should exercise some caution, as there's a malware attack currently being spammed out around the world - designed to infect your computer. [...]
The emails, which are short and to the point, have the following characteristics:
Subject: New resume
Attached file: Resume_document_459.zip
Message body: Please review my CV, Thank you!
Continued here: http://www.sophos.com/blogs/gc/g/2010/05/11/malware-attack-new-resume-review-cv-you/
What does PHP stand for? Probable Hacked Page?
From SophosLabs Blog:
Late last week, the wires were buzzing over news that the official site of PHP-Nuke ?Professional Content Management System? was serving malware (see 1, 2). I am frankly amazed to see the site still infected 4 days later. [...]
Here at SophosLabs we see hacked sites everyday and the majority are running PHP-driven applications such as Content Management Systems (CMS). The PHP-Nuke site is currently running PHP v. 5.2.9.
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/220.127.116.1135 PHP/5.2.9
The current version is 5.3.2. I wonder though has the web admin updated their own version of PHP-Nuke? [...]
We often tell web admins after an infection to:
Delete or restore from backup infected files.
Patch/Update all software on the box.
Change all password especially FTP ones (and restrict FTP access to a minimum).
Review logs and policies to prevent another breach.
Continued here: http://www.sophos.com/blogs/sophoslabs/?p=9585
PlayStation site hacker avoids jail
A teenage hacker who took the official PlayStation site offline after he was banned from playing for cheating has avoided a jail sentence.
The unnamed 17-year-old from Latrobe, Pennsylvania received 250 hours of community service and a $5,000 fine at a sentencing hearing. The miscreant was also sentenced to 12 months' probation over the November 2008 attack, Gaming Today reports.
Spamfighter adds that the young miscreant took advantage of botnet tools to crash the Sony site after he was banned from cheating in the online war game SOCOM US Navy Seals.
Continued here: http://www.theregister.co.uk/2010/05/11/playstation_hacker_sentencing/
Emails from Facebook contained IP addresses
Facebook can be configured to send emails informing users of events such as when a friend comments on the user's status or sends a message. One of the headers in the email can be used to work out the friend's IP address. The header looks like this:
X-Facebook: from zuckmail ([ODAuMTcxLjM2LjY0])
by www.facebook.com with HTTP (ZuckMail);
The string in the square brackets is a Base64 encoded IP address, apparently from the Facebook user who sent the message. Services such as MyIPTest.com's e-mail tracer can be used to convert it back into an IP address and obtain further information.
Not that an IP address is such a big deal, but, in Germany, it can, in some cases, be traced back to a particular person. There is no obvious reason why an IP address should be included in this type of message.
Continued here: http://www.h-online.com/security/news/item/Emails-from-Facebook-contained-IP-addresses-997481.html
One week as a Scam Victim
From the McAfee Labs Blog:
We have written several times about Internet scams. Some of the most famous scams are certainly the ?Nigerian? ones, where you were supposedly the one that would receive about 1M USD to facilitate a transaction. It was even covered on Dateline! Other popular scams include work-from-home scams and romance scams.
So, I decided to get enter into one of these work-from-home scams so I could post it here and hopefully help others at the same time. The scam itself will be separated into Days for better clarification.
Day 1: The Job Proposal
I got in my personal mailbox a spam that is quite common, at least since mid-2009.
You could work on Part-Time basis for SINOCHEM Corporation as a FINANCE CO-ORDINATOR in the United States/Canada or its environs which requires a great deal of trust and honesty. Meanwhile, this job is 100% tax free and there is no start up cost required. I am Mr. CHEN Guogang (Chief Financial Officer, Sinochem Corporations).
1. Receive payment from Clients.
2. Cash Payments at your Bank.
3. Deduct 10% which will be your percentage/pay on Payment processed.
4. Forward balance after deduction of percentage and pay to any of the offices you will be instructed to do so later
(Payment is to be forwarded by WESTERN UNION Money Transfer).
HOW MUCH WILL YOU EARN?
Continued here: http://www.avertlabs.com/research/blog/index.php/2010/05/10/one-week-as-a-scam-victim/
Microsoft Patches 2 Critical Security Vulnerabilities
Microsoft issued fixes for two critical security bugs as part of this month's Patch Tuesday. Arguably the most serious of the flaws impacts Visual Basic for Applications.
Microsoft issued two critical security bulletins today as part of this month?s Patch Tuesday.
The release comes a month after the biggest Patch Tuesday of the year, which took aim at 25 bugs. Today?s update addresses two bugs; one a vulnerability in Microsoft Visual Basic for Applications, and the other a vulnerability impacting Outlook Express, Windows Mail, and Windows Live Mail.
Both vulnerabilities are rated critical and can leave users open to remote code execution by attackers.
?I?ve put the Visual Basic for Applications (VBA) vulnerability first on my list,? said Joshua Talbot, security intelligence manager at Symantec Security Response. ?Both vulnerabilities require social engineering to exploit, but the VBA vulnerability requires less action from a user. For instance, an attacker would simply have to convince a user to open a maliciously crafted file?likely an Office document?which supports VBA and the user?s machine would be compromised. I can see this being used in targeted attacks, which are on the rise.?
Microsoft VBA is used to develop client desktop packaged applications and integrate them with existing data and systems. According to Microsoft, the vulnerability is due to the way VBA searches for ActiveX controls in a VBA-supported document. As a result, it is possible for a host application to pass a specially-crafted document with embedded ActiveX controls to the VBA runtime and create a condition where arbitrary could run.
Continued here: http://www.eweek.com/c/a/Security/Microsoft-Patches-2-Critical-Security-Vulnerabilities-445662/
Adobe upgrades, renames DRM software for Flash
"Flash Access 2.0, previously known as Flash Media Rights Management Server, has been rewritten as an SDK"
Adobe will ship today its renamed digital rights management software for the Flash platform. Previously known Flash Media Rights Management Server, the new incarnation is called Flash Access 2.0. The company already had announced intentions to shorten the name and will roll out the upgrade at New York's Streaming Media East conference.
In a beta release for about nine months, Flash Access 2.0 has been made more scalable, said Ashley Still, Adobe group product for Flash. "Version 2.0 has been completely rewritten as an SDK, so the way that it's being delivered is different," she said. By reconfiguring the technology as an SDK, users gain greater flexibility, and it is easier to link to user management databases, Still said.
Developers can write an implementation of the SDK, and Adobe offers reference implementations, such as streaming and download-to-own or download-to-rent for content. The SDK primarily works with the Java language.
Continued here: http://www.networkworld.com/news/2010/051110-adobe-upgrades-renames-drm-software.html
Google pushes Docs as MS prepares for launch of Office 2010
Many times, when a company is getting ready for a big announcement of a product, competitors will come out with news of their own in the days just before the big announcement in an attempt to steal some thunder. In most cases, those competitors are subtle about it, trying to make it look like a coincidence that their news comes at the same time.
Not Google, though. In a blog post this morning, the company is frank and straightforward about the message being put out there:
This week Microsoft will take its Office 2010 suite out of beta. If you?re considering upgrading Office with Office, we?d encourage you to consider an alternative: upgrading Office with Google Docs. If you choose this path, upgrade means what it?s supposed to mean: effortless, affordable, and delivering a remarkable increase in employee productivity. This is a refreshing alternative to the expensive and laborious upgrades to which IT professionals have become accustomed.
From there, the post goes on to talk about the rich collaboration tools that come with Google Docs, as well as plans for real-time collaboration tools from Google that are heading for Office 2003 and Office 2007 in the coming months. Finally, the post ends with a reminder that there?s a free trial period for Google Docs and the rest of the Apps suite for business customers. The company also included a comparison chart (below)
Continued here: http://www.zdnet.com/blog/btl/google-pushes-docs-as-ms-prepares-for-launch-of-office-2010/34321
Also: Microsoft readies Google Apps challenger
Mozilla Preps Firefox 4 For Browser War
Mozilla today outlined the vision for the next version of its Firefox browser: Version 4 will take cues from Google?s Chrome and focus on more performance as well as features that will allow users to easily control their relationships with websites. Also, there will be options to personalize and customize the browser. The company said that it takes the browser war with Google and Microsoft seriously and has no intentions of surrendering. [...]
Recent browser usage data coming from web analysis firm should be a concern for Firefox. It isn?t particularly difficult to predict that Microsoft and Google will fight tooth and nail and will not leave lots of room for Mozilla, even if Google?s Chrome browser has not even reached a market share of 10% yet. But Microsoft is preparing a much improved Internet Explorer and Google is apparently throwing enormous resources at its browser to quickly create software iterations that demonstarte a rapid product enhancement cycle.
Continued here: http://www.conceivablytech.com/934/products/mozilla-preps-firefox-4-for-browser-war/