Symantec Security Response has found a new threat that spreads through Renren.com, which is a very popular Social Networking Site in China ala Facebook. The threat comes in a form of a Flash video, which pretends to be a famous Pink Floyd promotional video clip "Wish you were here."
Viewing the Flash video results in concealed JavaScript being executed while the video is playing.
The video is hosted on a legitimate site. The threat exploits an authentication cookie of a currently logged-in user in order to send out the same link (for the Flash file) to users on the Friends list.
As previously promised, Security Researcher Aviv Raff officially launched the Month of Twitter Bugs (MoTB) website on July 1. Aviv will be posting a “Twitter bug a day” on MoTB in order to raise awareness of Twitter APIs and to warn end users of potential problems with the software and systems they use.
MoTB will be following a limited disclosure approach. On the bright side for Twitter, third-party service providers and Twitter themselves are notified of high-risk vulnerabilities at least 24 hours in advance, giving service providers time to create patches before the information goes public on MoTB. When a vulnerability notification is issued, it is hoped that having a deadline will push the affected provider to take action, and the resulting solution will protect end users. On the other hand, if the provider cannot—or will not—come up with a solution in time, the vulnerability information will be posted on MoTB and the bad guys are likely to...
I know people are getting sick of malware, attacks, and blogs associated with recent celebrities’ deaths, especially over the past week. But, here we go again. Even a week after Michael Jackson's death was announced, some people refuse to accept that he is gone. Well, after 32 years, even some fanatic followers believe Elvis Presley is still alive.
Security Response has found a suspiciously titled PDF file named “Elvis_Presley_is_alive!!!.pdf.” Maybe Elvis really is still alive, but this particular Elvis has hellhounds with him in the form of exploit code and malware.
When the malicious PDF file is opened, users won’t see any pictures or articles on the aging “King of Rock 'n' Roll,” but instead the file tries to exploit three separate PDF vulnerabilities:
We have in the past repeatedly warned thatfree things on the internet do not always come cost free. And today, wehave to make a kind reminder as we came across a new example.
Security Response received a file with a .tgz file extension, whichexploits a new unknown vulnerability in a free Japanese decompress tool"Lhaz v1.33". The file is detected as Trojan.Lazdropper.
After a successful exploit attempt, Trojan.Lazdropper drops two files, both detected as Backdoor.Trojan,onto the infected computer. As Backdoor.Trojan opens a back door tocommunicate with the author for further actions, it is obvious...
UPDATE We have seen an increase in activity over TCP port 1025 as a result ofW32.Rinbot.BC scanning the port in search of vulnerable computers.W32.Rinbot.BC is the first worm that exploits the Microsoft DNSvulnerability and the exploit code was only made public a few days ago.If you have not done so already, Symantec suggests that you block TCPport 1025 in order to avoid the attack.
Blaster, Sasser, W32.Rinbot.BC We have observed that the time taken from exploit code being...
It has recently been reported thatfunctional exploit code for Broadcom Wireless drivers has been madeavailable to the public. Concerns over the exploit are increasing,because the exploit allows remote code execution, and the susceptibledrivers are shipped with many new computers.
A machine is vulnerable to the exploit if the computer has asusceptible Broadcom Wireless-N network card, and is running thedrivers in question. Unfortunately, due to the nature of wirelessnetworking, all that is required of the attacker is to be within rangeof the vulnerable machine. Because this vulnerability occurs at anextremely low level within the networking protocol, there may be difficulties in detecting these attacks using standard IDS/IPS methods.
Symantec Security Response recommends that you update the...
On October 31st, Microsoft released a Security Advisory entitled Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution.At this time, a vendor supplied patch has not been released against thevulnerability. It allows a remote file to be downloaded and executedwhenever a vulnerable user visits a malicious Web site. We haveconfirmed that it is being actively exploited in the wild.
To proactively detect the exploitation of this vulnerability, Symantec Security Response released Bloodhound.Exploit.95on November 1. Since then, we have received steady number ofBloodhound.Exploit.95 submissions. The submitted files are generally.html files from malicious Web sites, which use the vulnerability todownload further malware, most of which have turned out to be...
