0 Members and 5 Guests are viewing this topic.
Researchers have taken a peek inside the recently refurbished Waledac botnet, and what they've found isn't pretty.Waledac, a successor to the once-formidable Storm botnet, has passwords for almost 500,000 Pop3 email accounts, allowing spam to be sent through SMTP servers, according to findings published on Tuesday by security firm Last Line. By hijacking legitimate email servers, the Waledac gang is able to evade IP-based blacklisting techniques that many spam filters use to weed out junk messages.What's more, Waledac controllers are in possession of almost 124,000 FTP credentials. The passwords let them run programs that automatically infect the websites with scripts that redirect users to sites that install malware and promote fake pharmaceuticals. Last month, the researchers identified almost 9,500 webpages from 222 sites that carried poisoned links injected by Waledac.
QuoteI'm ignoring your own "facbook" in your first line.dam this 10" keyboard .....let me see your Norwegian spelling Mike
I'm ignoring your own "facbook" in your first line.
New critical vulnerability in VLC Media Playerhttp://www.h-online.com/open/news/item/New-critical-vulnerability-in-VLC-Media-Player-1180905.html
The rumored combination of two pieces of advanced online banking malware appears to be fully underway after several months of speculation.What appears to be a beta version of a piece of malware that has bits of both Zeus and SpyEye is now in circulation, albeit among just a few people, said Aviv Raff, CTO and cofounder of Seculert.The source code for Zeus was rumored to have been transferred to the creator of SpyEye, and it was anticipated that the two pieces of malware would be combined. That evidence has just emerged now, Raff said.The new malware also has at least a couple of new features. One of those is designed to defeat Rapport, a browser add-on from the security vendor Trusteer that intends to protect connections between a client and a bank server and resist man-in-the-middle attacks. Previously, the anti-Rapport feature was a separate module for Zeus, but now it has been baked in, Raff said.The malware writers have also added a way to remotely connect to a victim's computer using the Remote Desktop Protocol, a Microsoft protocol that allows a remote user to access a computer using the normal Windows graphical interface rather than a command line.So far, Raff said it appears that only a few cybercriminals are using the new version. He declined to say how Seculert obtained the malware or how much it might be selling for on the malware market."It seems to be still under development, with bug fixes released almost daily," Raff said.
http://www.microsoft.com/technet/security/Bulletin/MS11-003.mspx
Is Internet Explorer 9 Beta affected by these vulnerabilities? Internet Explorer 9 Beta is affected by the vulnerabilities described in this bulletin. Customers running this beta release are encouraged to download and apply the update to their systems. Security updates are available from Microsoft Update and Windows Update. The security updates for this beta are also available for download from the Microsoft Download Center.
