WordPress, a blog-publishing system written in PHP, has had a recent release of its software compromised that may allow remote code execution via a back door. While apparently limited to certain copies of 2.1.1, WordPress has since released an updated and verified version 2.1.2 and are advising people running any flavor of 2.1.1 to upgrade as soon as possible. They have also released a statement about it.
The modified code in the hacked version is contained in the following two .php files: wp-includes\feed.php wp-includes\themephp
These files contain instructions that can grab the parameter of the WordPress hosting service URL and pass it to either the PHP script engine or the command program of the operating system, allowing the attacker to execute a remote command on the server running the hacked version of WordPress. This includes downloading and...
A fake installer for the Korean version of ALZIP – a commercial archiver application and a component of the ALTOOLS series created by ESTsoft Corp – was recently discovered, which Symantec detects as Trojan.Dropper.
When the fake installer is executed, it displays the same window as the genuine application and then installs the genuine archiver. During installation, it drops another executable file, which in turn drops Backdoor.Trojan and Hacktool.Keylogger. These two files are hidden by a third dropped file detected as Hacktool.Rootkit.
The rootkit does not hide the files in Safe Mode however. The files are: %System%\yoorycom.d1l %...
Traditional key loggers are used to capture key strokes or parameters of WM_CHAR window messages. A key logger is usually good enough to decipher what is input by the user if the language is English, French, Russian, Arabic, Thai and so on. However, people in China, Japan, and Korea often have to input thousands of different kinds of characters, known as Chinese characters, Hiragana and Katakana, and Hangeul, while the PC has only 100 keys on the keyboard. That is why input method editors (IME) exist for these languages.
In order to input one special character through an IME, we need to type between one and six keys. Basically, we type the reading of the string (or parts of Hangeul in Korean) to obtain the converted strings. But, a reading can end up with multiple versions of the converted strings, which requires the user to ultimately determine the converted string. This final string is called the “result string” of an IME. Another IME-related technique...
