Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2860849 times)

0 Members and 2 Guests are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #2595 on: June 04, 2013, 06:37:56 PM »
Google researcher discloses zero-day exploit for Windows
http://www.h-online.com/security/news/item/Google-researcher-discloses-zero-day-exploit-for-Windows-1876170.html
It may not be the "correct" thing to do by Ormandy but, it should result in a quick fix by MS.
If you don't get infected by this exploit, you'll soon wind up with a more secure system.  ;)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #2596 on: June 04, 2013, 07:30:56 PM »
Fake Chr5ome Browser Window to be used by miscreants built by Jack Shepherd: htxp://www.jack-shepherd.co.uk/labs/fake_chrome_browser
This could be used by attackers. See for the iFrame attack -> htxp://jsunpack.jeek.org/?report=34695c83a32b4d908a720337bae11130a45c136e
(for security researchers only, only visit in VM with script blocking enabled)

pol
« Last Edit: June 05, 2013, 10:13:18 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #2597 on: June 04, 2013, 07:36:06 PM »
Fake Chr5ome Browser Window to be used by miscreants built by Jack Shepherd: hxxp://www.jack-shepherd.co.uk/labs/fake_chrome_browser
This could be used by attackers. See for the iFrame attack -> hxxp://jsunpack.jeek.org/?report=34695c83a32b4d908a720337bae11130a45c136e
(for security researchers only, only visit in VM with script blocking enabled)

pol
Should the links be live ???
« Last Edit: June 05, 2013, 03:36:56 AM by bob3160 »
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #2598 on: June 04, 2013, 09:43:15 PM »
Yes I believe the jsunpack one needs to be broken as it has the example/sample code in the results page, see image for some of my web shield exclusions for some analysis sites.

Though the hxxp://jsunpack.jeek.org/?report=34695....... URL differs from my exclusion and no avast alert.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #2599 on: June 04, 2013, 09:56:12 PM »
Hi DavidR,

Link has been broken, but the serious issue here is that we have no avast! protection for that iFrame malcode (demo)  yet and that is why I reported it here.
Have to report to virus AT avast dot com.
Well, bob3160 reaction could be seen as a bit exaggerated because there still was no malcious payload attached. It was just reported as "see what malcrants could do with this knowledge"...the publication by Jack Shepard could be seen as questionable, but now as the proverbial cat seems out of the bag, better seek protection against the abuse of it in the future....

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #2600 on: June 04, 2013, 10:00:35 PM »
Quote
Well, bob3160 reaction could be seen as a bit exaggerated
Quote
we have no avast! protection for that iFrame malcode
If there's no protection (real or sample) the link needs to be broken. :o
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #2601 on: June 04, 2013, 10:09:32 PM »
Hi bob3160,

Understand that there cannot be protection for a demo as long as there is no malcode or payload in it. The only questionable thing is Jack Shepard's publication of the possinilities of this scheme for abuse. It is like a bow without an arrow, so you cannot have detection or the method or the fake page should be detected as risky. Good we alerted it in this preliminairy stage so we do not have to wait for protection as malcreants got air of it, and they soon will....

Whether Jack Shepard should have put this online is discutable, it just depends whether you are in the camp of "security through obscurity" or rather like to prepair for existing threats....

polonus

P.S. What I did and DavidR always finds this the most important part of the threat procedure is report this possible abuse with fake Google Chrome page outlay to virus AT avast dot com

Damian
« Last Edit: June 04, 2013, 10:21:32 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #2602 on: June 04, 2013, 11:44:39 PM »
Well the web shield has been pretty hot in iframe malware, especially hidden iframes, even without knowing what the payload is. Not to mention that payload has to be hosted somewhere and that may well be a malicious or hacked site and the network shield should also come into its own here and also the web shield on hacked sites is pretty hot. So I wouldn't say that avast has no defence against this.

EDIT: Not to mention NoScript and RequestPolicy addons in firefox. I don't know if this attempts to look like a chrome browser window, in which case those not using chrome (me) would be somewhat suspicious about this anyway.
« Last Edit: June 04, 2013, 11:46:47 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5564
  • Spartan Warrior
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #2605 on: June 07, 2013, 11:26:18 AM »
Microsoft Security Bulletin Advance Notification for June 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-jun
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline midnight

  • Massive Poster
  • ****
  • Posts: 2462
  • Never Be Rude
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #2606 on: June 07, 2013, 01:55:09 PM »
Facebook Alert: The ZeuS Trojan is spreading among Facebook users. Avoid clicking suspicious videos, even from friends. Zeus steals bank passwords and empties accounts! Read more on our blog, http://goo.gl/urRxA - private
 
.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #2608 on: June 07, 2013, 06:58:32 PM »
So you think you can ?
Better think again:
http://arstechnica.com/tech-policy/2013/06/new-leak-feds-can-access-anything-in-your-google-facebook-and-more/
If you don't want to share something, don't reveal it anywhere in the first place.
Your private thought are next for the chopping block.  :'(
« Last Edit: June 07, 2013, 07:05:51 PM by bob3160 »
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #2609 on: June 07, 2013, 07:01:18 PM »
If you don't want to share something, don't reveal it anywhere in the first place.
Your private thought are nexgt for the chopping block.  :'(

Heard about that, it's sad. :(
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0