Posts tagged as:

Advisory

Sunbelt warning of faked sites

by certifiedbug on May 23, 2008

in Internet Security

Alex Eckelberry writes about a Rash of fake sites copying PC World, CastleCops, others at the Sunbelt blog.

As a follow-up to my post earlier today about a fake CastleCops page, there’s more to the story.

There are other domains sharing the same IP (207.226.177.250):

pepato org
slim-cash com
spyware-wiper com
Cpaypal com
Crazycounter net

All are copying legitimate sites.

These domains belong to the “Vladzone” malware gang.

Check out the screenshots if you don’t think you could be fooled. The fake sites look very similar to the real thing, so be careful.

Edit
Sunbelt: More Vladzone fake pages

{ 0 comments }

Foxit Reader Critical Vulnerability

by certifiedbug on May 20, 2008

in Internet Security

Secunia Research 20/05/2008

Foxit Reader “util.printf()” Buffer Overflow.

1) Affected Software
* Foxit Reader 2.3 build 2825
NOTE: Other versions may also be affected.

2) Severity
Rating: Highly critical
Impact: From remote
Where: System access

3) Vendor’s Description of Software
“Foxit Reader is a free PDF document viewer and printer, with
incredible small size (only 2.55 M download size), breezing-fast
launch speed and rich feature set. Foxit Reader supports Windows Me/
2000/XP/2003/Vista. Its core function is compatible with PDF Standard
1.7.”.
Product Link:
http://www.foxitsoftware.com/pdf/rd_intro.php

4) Description of Vulnerability
Secunia Research has discovered a vulnerability in Foxit Reader, which
can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a boundary error when parsing
format strings containing a floating point specifier in the
“util.printf()” JavaScript function. This can be exploited to cause a
stack-based buffer overflow via a specially crafted PDF file.
Successful exploitation allows execution of arbitrary code.

5) Solution
The vulnerability is fixed in upcoming version 2.3 build 2912.

6) Time Table
23/04/2008 – Vendor notified.
08/05/2008 – Vendor notified again.
08/05/2008 – Vendor response.
20/05/2008 – Public disclosure.

{ 0 comments }

Apple Safari 3.1 for Windows, new vulnerabilities

March 25, 2008

Apple
Engineers designed Safari to be secure from day one.
Secunia Advisory: SA29483
Release Date: 2008-03-24
Safari Address Bar Spoofing and Memory Corruption Vulnerabilities
Highly critical
Impact: Spoofing
System access
Where: From remote
Solution Status: Unpatched
Description:
Juan Pablo Lopez Yacubian has discovered two vulnerabilities in Safari, which can be exploited by malicious people to conduct spoofing attacks or potentially compromise a user’s system.
1) An error [...]

Read the full article →

Dangerous 3D Screensaver spam

March 10, 2008

Be mindful of malicious spam pushing screensavers with backdoor trojan payloads.
According to Sunbelt’s blog, the trail of this new wave of spam leads back to malware loading group “Loads.cc”; who are using a new domain for their botnets after being taken off-line in January 2008 by a DDoS attack from a rival malware gang.
October 2007 [...]

Read the full article →

Storm Worm botnet

December 31, 2007

Storm is evolving into a very complex beast.
From rbnexploit.blogspot
Obviously the Russian Business Network (RBN) is working overtime during the Christmas and New Year holiday, no doubt planning for many in the ISP security and anti-spam arena to be on skeleton staff.
There are some interesting elements concerning which make this attack innovative:
# Although much of [...]

Read the full article →

Warning about Symantec detections

November 18, 2007

If you have Norton installed on your computers you should pay attention to this.
Chris Quirke’s Blog: Norton Security Scan – False Positives
Unfortunately, it detects protective settings applied by Spyware Blaster and similar tools, as being the malware these tools are protecting against.
Hosts News: Symantec detects suspicious entries in the MVPS HOSTS file
… seems Symantec added [...]

Read the full article →

Holiday Shopping On-Line

November 16, 2007

It is that time of year again and several blogs are giving you great tips for shopping on-line wisely and safely.
The Security Garden: Holiday Online Shopping Safety Tips
Bits from Bill: Top Ten Online Shopping Mistakes
Nonetheless, no matter how security savvy one may be, there are still ways to be ripped off and this dear reader [...]

Read the full article →

Mac OS X Leopard Application-Based Firewall Alert

November 5, 2007

Possible Faults:
US-CERT is aware of reports of possible flaws in the Application-Based Firewall in Mac OS X Leopard. According to these reports, users may be misinformed of the status of their firewall rule set, thus placing users with listening network services at an increased risk.
Users are urged to exercise caution when relying on the firewall [...]

Read the full article →

Mac Trojan

October 31, 2007

Mac users who practice unsafe hex will find more than they bargained for.
From Intego:

Exploit: OSX.RSPlug.A Trojan Horse
Discovered: October 30, 2007
Risk: Critical
OSX.RSPlug.A Trojan Horse Changes Local DNS Settings to
Redirect to Malicious DNS Servers
Description: A malicious Trojan Horse has been found on several pornography web sites, claiming to install a video codec necessary to view free pornographic [...]

Read the full article →

Update To Security Advisory 943521

October 25, 2007

The Microsoft Security Response Center (MSRC)
This week we became aware of publicly disclosed exploit code being used in limited attacks on customers. This change in the threat landscape has prompted us to update last week’s Security Advisory 943521 and triggered our Software Security Incident Response Plan (SSIRP).
Third party applications are currently being used as [...]

Read the full article →

← Previous Entries