SECURITY WARNINGS & Notices - Please post them here

[Asyn]

Microsoft warns of DLL vulnerability in applications [More info]
http://www.microsoft.com/technet/security/advisory/2269637.mspx
http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html
http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx
http://packetstormsecurity.org/NT/audit/NSAGuidePlus.PDF
http://msdn.microsoft.com/en-us/library/ff919712(VS.85).aspx

Scope of DLL security problem widens
http://www.h-online.com/security/news/item/Scope-of-DLL-security-problem-widens-1066444.html
asyn

[Asyn]

Apple releases Security Update for Mac OS X
http://support.apple.com/kb/HT4312
asyn

[Hermite15]

Apple releases Security Update for Mac OS X
http://support.apple.com/kb/HT4312
asyn

well that's cool

[polonus]

Logos,

On the site that came after millw0rm there are already exploits presented for Windows Live Email, uTorrent, Foxit Reader, Microsoft Power Point & Wireshark via DLL-hijacking. Standard Vista and Windows 7 programs are vulnerable: https://twitter.com/avivra/statuses/21994799124 Social engineering became just a bit easier: http://twitter.com/avivra/status/22000389011 Metasploit does all this automatically: https://twitter.com/hdmoore/status/22003840688
MS yesterday presented a tool to prevent loading of libraries of shared network folders: : http://support.microsoft.com/kb/2264107 and a patch, here for Vista: http://www.microsoft.com/downloads/en/confirmation.aspx?familyId=86631d97-ebed-4346-be66-d6ba0f500cea&displayLang=en&pf=true
A good thing avast detects DLL-exploit,

polonus

[Hermite15]

@ Polonus: there was an article about that yesterday (dll hijacking), I got to find it again (I think that was an MS advisory), was mentioning that Firefox was vulnerable too. There's no possible fix with Windows, application developers are strongly advised (by MS) to change "something" in the way their app relates to Windows API, only way to get rid of the vulnerability.
 But MS will provide the tools to be used for each OS by third party devs.
http://www.infosecurity-us.com/view/12030/dll-hijacking-bug-hits-microsoft-windows-/
http://www.microsoft.com/technet/security/advisory/2269637.mspx

edit: Avast is or was vulnerable too (I think I read in the forums here that the issue was fixed)
http://vupen.com/english/searchengine.php?keyword=insecure+library+loading

Avast! Antivirus File Opening Insecure Library Loading Vulnerability
http://www.vupen.com/english/advisories/2010/2175

Mozilla Firefox File Opening Insecure Library Loading Vulnerability
http://www.vupen.com/english/advisories/2010/2169

   

25.08.2010 : Avast! Antivirus File Opening Insecure Library Loading Vulnerability

 25.08.2010 : TeamViewer File Opening Insecure Library Loading Vulnerability

 25.08.2010 : Microsoft Windows Live Mail Insecure Library Loading Vulnerability

 25.08.2010 : VLC Media Player File Opening Insecure Library Loading Vulnerability

 25.08.2010 : Adobe Dreamweaver File Opening Insecure Library Loading Vulnerability

 25.08.2010 : Adobe Photoshop File Opening Insecure Library Loading Vulnerability

 25.08.2010 : Mozilla Firefox File Opening Insecure Library Loading Vulnerability

 25.08.2010 : Microsoft Windows Address Book Insecure Library Loading Vulnerability

 25.08.2010 : Opera Browser File Opening Insecure Library Loading Vulnerability

 25.08.2010 : Microsoft Office PowerPoint Insecure Library Loading Vulnerability

 25.08.2010 : Wireshark File Opening Insecure Library Loading Vulnerability

 25.08.2010 : uTorrent File Opening Insecure Library Loading Vulnerability

[Hermite15]

the list is getting longer each hour it seems
http://vupen.com/english/searchengine.php?keyword=insecure+library+loading

[Hermite15]

okay it's important to mention that Avast pre-release version is patched, I knew that a patch was mentioned by Vlk in his post about the pre-release:
http://forum.avast.com/index.php?topic=63151.msg533449#msg533449
... but I wasn't sure it was about the same vulnerability. Just got confirmation from Avast that it was actually just that.

[Hermite15]

first rootkit targeting 64 bit Windows
http://forum.avast.com/index.php?topic=63220.msg534244#msg534244

[gonzo416]

 I was on a IE tab on firefox and a page just showed up that said: 

                  STOCKPHOTO
you just have been hacked By tun hacker
hacked by Number 7. Tn.Spamer
contact; an.7@live.fr greetz: tun hackers~~underground people

I really need help because I don't know what to do. I unplugged the ethernet cable to the desktop. I hope this laptop is not affected.

HELP!!!!HELP!!!!!PLEASE,PLEASE,PLEASE!!!!!!!!!!!

[Hermite15]

I was on a IE tab on firefox and a page just showed up that said: 

                  STOCKPHOTO
you just have been hacked By tun hacker
hacked by Number 7. Tn.Spamer
contact; an.7@live.fr greetz: tun hackers~~underground people

I really need help because I don't know what to do. I unplugged the ethernet cable to the desktop. I hope this laptop is not affected.

HELP!!!!HELP!!!!!PLEASE,PLEASE,PLEASE!!!!!!!!!!!

this is not a help thread. Why did you post here

[polonus]

Hi malware fighters,

Autorun DLL Hijacker usb stick: http://www.attackvector.org/autorun-dll-hijacker-usb-stick/
One day attackers will also use malicious pop-ups, just wait and see,

polonus

[Pondus]

Outbreak: Fake Fedex Tracking Number emails carry malware
http://origin-www.sophos.com/blogs/gc/g/2010/08/26/outbreak-fake-fedex-tracking-number-emails-carry-malware/

[spg SCOTT]

Outbreak: Fake Fedex Tracking Number emails carry malware
http://origin-www.sophos.com/blogs/gc/g/2010/08/26/outbreak-fake-fedex-tracking-number-emails-carry-malware/

Not new at all.

I have had these in various guises for ages now...
(one thing I still don't get is that the email says it is to someone with a completely different email address and yet it still comes to me... )
http://forum.avast.com/index.php?topic=59388.msg500590#msg500590

[YoKenny]

@ spg SCOTT

See Bcc:

Blind carbon copy

In the context of correspondence, blind carbon copy (abbreviated Bcc:) refers to the practice of sending a message to multiple recipients in such a way that conceals individual email addresses (mentioned in "to" field of the mail) from the complete list of recipients.

http://en.wikipedia.org/wiki/Blind_carbon_copy

[DavidR]

<snip>
Not new at all.

I have had these in various guises for ages now...
(one thing I still don't get is that the email says it is to someone with a completely different email address and yet it still comes to me... )
<snip>

That should be the biggest clue of all that it is a fake as a legit copy would be directly addressed to the customer to whom the invoice/tracking number, etc. consignment is for.

But the spammers aren't going to send out spam to individual addresses but to groups of addresses.