It's Independence Day weekend in the United States and many folks are out at picnics, barbeques, and catching firework shows. However, some of us here in the security industry missed out on these events due a new exploit for a zero-day vulnerability in Microsoft's Video Streaming ActiveX control that we discovered in the wild right before the weekend started.
The exploit uses a specially crafted JavaScript file, along with a data file, to take advantage of a vulnerability in the IMPEG2TuneRequest DirectX object interface located in the Msvidctl.dll file. When a user visits a malicious website hosting these files, the vulnerability allows remote code execution and malicious files are downloaded.
Windows XP users with Internet Explorer 6 and 7 are in danger, but those with Internet Explorer 8 installed are not vulnerable. Preliminary testing shows that computers running Windows Vista are not affected by the attack....
Web servers being hacked is nothing new and Web administrators continue to maintain their servers in the attempt to prevent this from happening. Well, it might a good time for everyone to audit their servers again because we have confirmed yet again another campaign of IFRAME injection attacks today. Earlier this month, we had a similar mass attack as well, making this a popular theme so far this year.
Earlier today, Dancho Danchev, a security consultant, published a blog about another batch of servers getting injected with malicious code and we have confirmed the attack here at Symantec. IFRAME code has been inserted into Web pages on these servers, leading to rogue security software and codec sites, further leading to downloads of Trojan.Zlob variants and dowloaders. These threats ultimately attempt to install misleading applications onto the compromised computers.
Please avoid the IP addresses below, which are hosting the unwanted files, for the time being...
The Trojan.Haradong author and hisaccomplices have been arrested, not for creating the so-called "Haradavirus," but for unauthorized use of copyrighted materials.Unfortunately in Japan, there is no law prohibiting people fromcreating malware. There is a bill that was submitted to the NationalDiet several years ago but is still in its deliberation process and hasyet to be passed. Hopefully, this arrest will raise the priority forlegislators to pass a law banning the development and/or use of malwarefor malicious purposes. The law authorities sure can use the lawbecause at the moment they are having to brainstorm ideas on whatcharges to arrest these type of criminals on.
Let me first give you some background on Winny, which has been usedas a vehicle to spread this malware. Due to the characteristic ofmalware such as W32.Antinny, Winny and the malware lurking in thefile-sharing network has been a widely discussed topic in Japan thelast few years. The main...
Many Internet surfers learned a lesson whentheir computers were infected by visiting questionable Web sites. Thesesurfers began using Macs as most malware target the Windows operatingsystem. Well, soon enough, it may not matter which OS you are using.
According to Intego's press release,a Trojan horse has been found on several pornography sites that claimsto install a video codec required to view the content on Macs.
Symantec Security Response has also confirmed this, and added detection for the threat as OSX.RSPlug.A.It appears that the Mac is becoming popular enough that the "bad guys"think it is worth spending time and effort in developing malware forthe Mac OS. If we see a rise in Mac malware, then we will have toassume that there are profits to be made in...
Today, a new Prime Minister took over office in Japan. As usual,malware authors are taking full advantage of this big occasion,launching targeted attacks that play upon the event. Symantec SecurityResponse has received an archive file today with the file namemofa.zip, which contains an executable called mofa.exe. This file isdetected as Backdoor.Darkmoon.E.
According to a local news source(in Japanese), an email pretending to be from the newly elected PrimeMinister, Yasuo Fukuda, is hitting some individuals' email boxes. Theemail contains content in regards to Japanese diplomacy in Asia, alongwith the address and phone number of the Prime minister's office – anattempt to make the email look more authentic. The name “MOFA” inmofa.zip is an...
In Japan, April is the first month of the fiscal year and is alsothe time of year when large numbers of high school and collegegraduates join the workforce. These new hires usually go though intensetraining in the first few months at their respective companies beforebeing assigned to their new posts. Well, these companies had betterplan to quickly take them through a crash course on security inaddition to the normal training, because there is new targeted attackthat takes advantage of a zero-day vulnerability in Justsytem'sIchitaro, the word processing program most widely used in Japan.
The attack – a specially crafted Justsystem Ichitaro document employing the zero-day exploit, which Symantec detects as Trojan.Tarodrop.C,allows a Trojan horse to be dropped onto the target computer. Thedropped Trojan horse then takes over and drops a downloader Trojan...
