SECURITY WARNINGS & Notices - Please post them here

[Asyn]

Attackers exploit DLL vulnerability in Office and other applications
http://isc.sans.edu/diary.html?storyid=9445
asyn

[polonus]

Hi malware fighters,

How tracking cookies are being preserved inside IE, while the user want to delete them at close down of the browser:
http://ha.ckers.org/blog/20100827/ie-cookies/
IE does not handle cookies always with the browser user in mind,

polonus

[Asyn]

IE does not handle cookies always with the browser user in mind,
polonus

Yes D., true..!
That's just one of the reasons why I never would use it...
Btw., Ccleaner does a good job here.
asyn

[YoKenny]

IE does not handle cookies always with the browser user in mind,
polonus

Yes D., true..!
That's just one of the reasons why I never would use it...
Btw., Ccleaner does a good job here.
asyn

Also for Firefox. 

[mkis]

Once-prolific Pushdo botnet crippled
http://www.theregister.co.uk/2010/08/27/pushdo_botnet_crippled/

M86 security labs
http://labs.m86security.com/2010/08/pushdo-spambot-crippled/

Brian Krebs - Takedowns: The Shuns and Stuns That Take the Fight to the Enemy
http://www.mcafee.com/us/local_content/misc/threat_center/articles/summer2010/msj_article02_take_the_fight_to_the_enemy.pdf

 

[polonus]

Hi mkis,

Yes Pushbot was infiltrated, but it seems that the C&C servers are being specifically protected by Chinese and American hosting firms, so the perpetrators will keep a low profile for a while and then to continue their activities: http://blog.fireeye.com/research/2010/08/infiltrating-pushdo-part-2.html
So this time they were saved by their own back-up C&C-servers. Hard to understand why the various governments (USA, Europe, Russia, China) did not close down the hosting firms of aforementioned back-up C&C servers or they must have a serious interest not to take action?

polonus

[Gargamel360]

Hard to understand why the various governments (USA, Europe, Russia, China) did not close down the hosting firms of aforementioned back-up C&C servers or they must have a serious interest not to take action?

polonus

Big Gov's intelligence sectors love dipping fingers into black market.  They maybe (I say MAYBE )have vested interest/money in keeping them going. 

But it might just be good old bureaucratic "red tape" also.   Don't know about abroad, but in the states you could tell the Fed. Govt. their pants are on fire, they would have to fill out 20 different requisition forms to request first a fire extinguisher, then more forms for what type, weight, etc.   All the while with pants still burning.

[polonus]

Hi malware fighters,

Just in a new DLL-Hijacking exploit, this time for Fx: http://www.exploit-db.com/exploits/14730/
They keep them coming,
Detect vulnerable Windows apps within 25 to 30 minutes with this free tool: https://www.metasploit.com/redmine/projects/framework/repository/raw/external/source/DLLHijackAuditKit.zip

polonus

[YoKenny]

Detect vulnerable Windows apps within 25 to 30 minutes with this free tool: https://www.metasploit.com/redmine/projects/framework/repository/raw/external/source/DLLHijackAuditKit.zip

polonus

What I see

Internet Explorer cannot display the webpage

I guess Fx is being exploited now.

[DavidR]

It isn't a web page, but a zip file to be downloaded, so I rather doubt you could display it in any browser.

Most browsers would recognise it isn't a web page and download the file (depending on your settings) or pop-up a download window.

Mine recognised it as a zip file and downloaded it as per my settings.

So firefox isn't being exploited, rather IE can't seem to deal with a download link.

[bob3160]

Detect vulnerable Windows apps within 25 to 30 minutes with this free tool: https://www.metasploit.com/redmine/projects/framework/repository/raw/external/source/DLLHijackAuditKit.zip

polonus

What I see

Internet Explorer cannot display the webpage

I guess Fx is being exploited now.

The link actually crashed IE 8 so I guess it's IE8 that has a problem.
Copying the link opened Gigaget (download manager) which had no problems downloading the .zip file
Chrome also had no problems handling the link posted.

[timcan]

Detect vulnerable Windows apps within 25 to 30 minutes with this free tool: https://www.metasploit.com/redmine/projects/framework/repository/raw/external/source/DLLHijackAuditKit.zip

polonus

What I see

Internet Explorer cannot display the webpage

I guess Fx is being exploited now.

The link actually crashed IE 8 so I guess it's IE8 that has a problem.
Copying the link opened Gigaget (download manager) which had no problems downloading the .zip file
Chrome also had no problems handling the link posted.

 

[Asyn]

Microsoft tool for DLL vulnerability interferes with some applications
http://www.h-online.com/open/news/item/Microsoft-tool-for-DLL-vulnerability-interferes-with-some-applications-1069540.html
asyn

[Pondus]

Apple QuickTime backdoor creates code-execution peril / Getting punked by 9-year-old parameter
http://www.theregister.co.uk/2010/08/30/apple_quicktime_critical_vuln/

[Asyn]

Apple QuickTime backdoor creates code-execution peril / Getting punked by 9-year-old parameter
http://www.theregister.co.uk/2010/08/30/apple_quicktime_critical_vuln/

Detailed Info here:
http://reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1
asyn