Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1791687 times)

0 Members and 3 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31762
  • malware fighter
Re: Security Warning Notices - Please post them here
« Reply #15 on: December 18, 2009, 03:42:49 PM »
Hi you malware fighters and posters of this thread,

Well, add this link and read the bottom posting there please?
http://forum.avast.com/index.php?topic=52349.msg443049#msg443049

and then add this one as well as a Security Warning:
http://forum.avast.com/index.php?topic=52310.msg442762#msg442762

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31762
  • malware fighter
Re: Security Warning Notices - Please post them here
« Reply #16 on: December 18, 2009, 04:13:58 PM »
SSL-servers targeted by botherders
To-day by polonus
Comments and reactions:

Not only Windows desktops are targeted by botnet herders that want to enlarge their botnets, also more and more they will target FTP, SSL and webservers to be taken over. The hijacked or hacked servers will then often function as malcode database or are being used to forward spam. According to Finnish av vendor F-Secure  FTP servers are the favorite hack target for cybercriminals. "We also saw that where SSL-servers were being abused. Sites with a valid SSL-certificate become hacked and then abused for drive-by downloads", according to reasearcher Mikko Hypponen.

Through running a drive-by download via a HTTPS-connection some proxy and gateway scanners cannot scan for malware. "Then it is easier to break into servers", says Hypponen. Then server botnets are being formed out of these hacked servers, functioning as a form of sub-botnets. "We now see server botnets. An interesting feature is that these interconnected server botnet is herded by one individual", says Shadowserver Foundation's  DiMino. Servers are to facilitate botnet extension and expansion.

Server-bots
In the mean time we spotted specific server-bots to use PHP and Perl to change servers into realtime spam machines. "The benefit there is the enormous amount of bandwidth and power to maximize the amount of spam sent." According to security expert Marc Maiffret botherserd are recruiting attackers that are experienced server hackers. Maiffret expects legit websites to be the main target for webattacks in 2010 and beyond:
http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml;jsessionid=4RTX0GD0KT3ILQE1GHPSKHWATMY32JVN?articleID=222002433

pol

P.S. If these malserver bots perform a man in the middle attack you can forget SSL security alltogether,

D
« Last Edit: December 18, 2009, 04:15:47 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41718
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Security Warning Notices - Please post them here
« Reply #17 on: December 18, 2009, 05:39:05 PM »
Unless something is seriously done about all these drive by attacks,
the internet as we know it will soon cease to exist.  :'(
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7087
  • Be alert for error code - ID 10T
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #18 on: December 19, 2009, 07:28:42 AM »
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7087
  • Be alert for error code - ID 10T
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #19 on: December 19, 2009, 07:30:38 AM »
***

Another misplaced security warning :

http://forum.avast.com/index.php?topic=52349.msg443049#msg443049


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36147
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #20 on: December 19, 2009, 03:08:52 PM »
China cages game Trojan hackers
(Go directly to jail, do not collect any gold)
http://www.theregister.co.uk/2009/12/17/china_jails_game_trojan_vxers/
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36147
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #21 on: December 19, 2009, 03:10:45 PM »
Film review site hacked to spew malicious PDFs

Quote
Hackers on Thursday exploited a vulnerability on Ain't It Cool News that redirected anyone visiting the movie review site to a server containing a malicious Adobe Reader file.

http://www.theregister.co.uk/2009/12/18/aintitcool_malware_attack/
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31762
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #22 on: December 19, 2009, 07:33:52 PM »
Hi malware fighters,

Last week av vendor CA revealed the detection of a botnet inside Amazon's EC2 cloud:
http://community.ca.com/blogs/securityadvisor/archive/2009/12/09/zeus-in-the-cloud.aspx  & http://blogs.zdnet.com/security/?p=5110

But according to Scan Safe's Mary Landesman it already existed for a couple of years.

 "In spite of recent messages distributing malware through  Amazon's cloudservices is not a new phenomenon. It has been happening since June last where Amazon's S3 service is concerned and since February 2008 takes place at Amazon's EC2 service", reports Landesman. This totaled up during the  last three years to 80 unique malware incidents where Amazon was concerned. 22 incidents took place during 2007, 13 during 2008 and 45 were seen this year. Re: http://blog.scansafe.com/journal/2009/12/17/amazon-cloud-has-rained-malware-before.html

"It is no guarantee for a safe malcode location." Therefore links to the Amazon cloud should be treated extra carefully, just like links to other sources. On the other hand "cloud malware" can be easily halted as Amazon will not treat this lightly, allthough they were rather lax in removing it,


polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31762
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #23 on: December 19, 2009, 08:26:31 PM »
Hi CharleyO and all the other malware fighters,

The zero-day hole in Adobe Reader and Acrobat will not earlier be patched as the next patch round within three weeks' time (that is in the new year) and hackers now abuse it actively to infect systems.
An out-of-band patch for this critical hole would have a negative impact, according to Adobe's Brad Arkin....

You can be protected here, for Adobe recommends customers follow the mitigation guidance below, utilizing the Adobe Reader and Acrobat JavaScript Blacklist Framework, until a patch is available.

Windows: For end-users on Windows, download the compressed file from here: http://download.macromedia.com/pub/acrobat/updates/APSA09-07_C_Reg_Keys.zip
, and double-click on the appropriate registry setting, based on your version of Reader or Acrobat, to populate the JavaScript Blacklist Framework. Adobe will automatically reset the value during the next update.

http://kb2.adobe.com/cps/532/cpsid_53237.html

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Alan|Cvette

  • Full Member
  • ***
  • Posts: 114
  • Wisdom, is all the strength you need in life.
    • The-Vette-Garage
Re: Security Warning Notices - Please post them here
« Reply #24 on: December 19, 2009, 08:37:09 PM »
Unless something is seriously done about all these drive by attacks,
the internet as we know it will soon cease to exist.  :'(

*nods*   :-\

Don't you think it would be a neat idea, to have anti-virus "bots" with different scan engines running around the internet scanning every website it comes across, and then saving the information and location of the suspicious site. Until Bot 2 with a different engine comes around and confirms what Bot 1 found.

/End day dreaming.

SYSTEM = Windows Vista x64 / Intel DC 2.60Ghz / 11GB RAM / WD 640GB HD.
SECURITY = Avast! IS + Comodo Firewall + WinPatrol + HostsMan + NortonUAC + WOT & Browser Defender & Finjan.
ON-DEMAND = A-Squared + Hitman Pro + MBam + Dr.Web + SAS + ClamWin + Webroot + NSS.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31762
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #25 on: December 19, 2009, 08:58:21 PM »
Hi Alan|Cvette,

We already have that aboard - the avast webshield is protecting you, and FlashGotters and NoScripters of all lands have been protected against previous, present and future threats from the day FG and NS came around and with Request Policy extensions to top it off, I will browse my Fx or Flock browser with full confidence. And if NS extension would come to Chrome or SRWare's Iron I would use that browser for the additional built in tab "sandbox" security that now has landed also in Firefox 3.7 Minefield. So there is still hope for you and your dream has already been realized, you just have to install it, and then the people of Shadowserver Foundation are working your dream every day: http://www.shadowserver.org/wiki/

I wish you Merry Christmas and a Happy NewYear,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Alan|Cvette

  • Full Member
  • ***
  • Posts: 114
  • Wisdom, is all the strength you need in life.
    • The-Vette-Garage
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #26 on: December 19, 2009, 09:07:04 PM »
Hi Alan|Cvette,

We already have that aboard - the avast webshield is protecting you, and FlashGotters and NoScripters of all lands have been protected against previous, present and future threats from the day FG and NS came around and with Request Policy extensions to top it off, I will browse my Fx or Flock browser with full confidence. And if NS extension would come to Chrome or SRWare's Iron I would use that browser for the additional built in tab "sandbox" security that now has landed also in Firefox 3.7 Minefield. So there is still hope for you and your dream has already been realized, you just have to install it, and then the people of Shadowserver Foundation are working your dream every day: http://www.shadowserver.org/wiki/

I wish you Merry Christmas and a Happy NewYear, pol

I always have my "light bulb" moment a few years too late ;D hahaha. I sure do love Firefox though:

Adblock+
BetterPrivacy
Browser Defender
CS Lite
Finjan
Ghostery
Lastpass
NoScript
WOT

I feel naked browsing in IE without those, IEtab is nice too so I don't have to switch if a website requests I use IE.

I only wish Avast!'s sandboxing would work with my Firefox  :-[
---

Iron is pretty cool, I never really use it or Chrome that much though. I'm trying out Google Frame right now which is basically Chrome's best features in Internet Explorer.

Merry Christmas pol!
SYSTEM = Windows Vista x64 / Intel DC 2.60Ghz / 11GB RAM / WD 640GB HD.
SECURITY = Avast! IS + Comodo Firewall + WinPatrol + HostsMan + NortonUAC + WOT & Browser Defender & Finjan.
ON-DEMAND = A-Squared + Hitman Pro + MBam + Dr.Web + SAS + ClamWin + Webroot + NSS.

Offline Omega40

  • Full Member
  • ***
  • Posts: 137
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #27 on: December 19, 2009, 09:20:44 PM »

Offline Omid Farhang

  • Malware Hunter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1661
  • I wish I could write longer personal text!!
    • Omid's Site
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #28 on: December 19, 2009, 09:23:36 PM »
Data Doctor 2010 will make you sick

Data Doctor 2010, an encryption trojan via our old "friends" iframedollars. It encrypts the files on your hard drive very rapidly if you’re unfortunate enough to be victimized by it.

Offline Omid Farhang

  • Malware Hunter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1661
  • I wish I could write longer personal text!!
    • Omid's Site
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #29 on: December 22, 2009, 03:25:39 PM »
Facebook is getting worse everyday!! God Damn Koobface!!

Take care about what you are seeing in facebook, what you click on and what you do, The Koobface worm is growing too fast and I've seen most of my friends are hacked by this nasty worm and their account is sending malware links to their friends via comment on their wall, private message or chat.

1. More Info: http://boelectronic.blogspot.com/2009/12/facebook-money-mule-or-credit-card.html
2. More Info: http://boelectronic.blogspot.com/2009/12/check-your-friends-facebook-ims-may.html
3. Clicking on the links in my own test (I did in my test machine, I'm not infected!) redirected to... (Screenshot and info in the follow link): http://boelectronic.blogspot.com/2009/12/oh-oh-oh-santa-delivering-fakeav.html

(posts in my blog are collected from other companies blogs).
[I posted that Koobface Sample to avast!, hope avast! detect it soon]
« Last Edit: December 22, 2009, 03:31:54 PM by Omid Farhang »