Video Screencast Help
Security Response
Showing posts tagged with Vulnerabilities & Exploits
Showing posts in English
Candid Wueest | 03 Dec 2009 21:58:29 GMT
The Mozilla Firefox browser is constantly gaining in popularity. A recent market share survey by Net Applications awards Firefox with 24% of users worldwide. One of the key philosophies of Firefox is that its functionality can easily be extended using plug-ins or extensions. According to the Mozilla foundation there are more than 12,000 extensions available and they have recorded more than 1 billion extension downloads so far. Quite an irresistible target for a malware author, don’t you think?
 
This is by no means a new phenomenon, nor a Firefox-centric one. Browser helper objects (BHOs) in Microsoft’s Internet Explorer have been misused by attackers for years, and we saw malicious Firefox extensions appear more than three years ago. But, we have recently observed an increase in malware that drops malicious BHOs, Firefox extensions, and even Opera user scripts—all this in order to maximize their impact on a user’s machine....
Security Intel Analysis Team | 21 Nov 2009 13:05:59 GMT

A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future.  When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors.  For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer.

The exploit targets a vulnerability in the way Internet Explorer uses cascading style sheet (CSS) information. CSS is...

Marian Merritt | 20 Nov 2009 14:45:48 GMT

I had the honor recently of moderating a virtual roundtable discussion on the top Internet security trends from 2009 and what we expect to see in the security threat landscape in 2010. Funny thing about security predictions—you hope they won’t come true, but expect them to anyway. The roundtable featured expert panelists Paul Wood (Senior Analyst, MessageLabs Intelligence, Symantec) and Zulfikar Ramzan (Technical Director, Symantec Security Response). They each have unique insights into the world of cybercrime, spam, phishing attacks, and other cyberthreats that plague us all.
 
We want to give a big thanks to everyone who joined in to listen to our experts, and we hope you found it interesting. For those of you who couldn’t make it, please take a few minutes to listen to the podcast of the actual roundtable.

You can read more about...

khaley | 17 Nov 2009 20:13:47 GMT

Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need. I expect it to show up in a revision of Maslow’s Hierarchy of Human Needs any day now—behind love, but certainly ahead of safety.

I do have a point to all this. Two actually. As we compiled the Security Trends to Watch in 2010, what occurred to me is that the people who most needed to read this information never will. At least not without some social engineering on my part. And since social engineering plays such a prominent role in future trends, it seemed appropriate. So I’ve decided to use this little trick to get people to...

khaley | 17 Nov 2009 19:59:04 GMT

The Security Response team has compiled the top security trends of 2009. We pulled data from the Global Intelligence Network and the experiences of the thousands of analysts and security experts at Symantec to come up with the top trends for the year. While none of these trends will be a surprise to anyone even casually following the threat landscape, when compiled and summarized, it is clear that the breadth of security problems in the past year was pretty stunning.

For example:

•    Toolkits and threat recycling have made malware easier to create than ever
•    Polymorphic technology is being applied to make threats harder to catch
•    Botnets, large and small, are used as the foundation of attacks making most attacks complex
•    All major news events are used for social engineering
•    Major brands are being appropriated by cybercriminals...

Adrian Pisarczyk | 16 Nov 2009 21:03:47 GMT

On November 4, 2009, Marsh Ray published detailed information about a vulnerability that affects the TLS/SSL protocols and allows for limited man-in-the-middle (MITM) attacks. We say “limited” because the attack exploiting this issue would be different from traditionally viewed MITM attacks, which would involve an attacker placing themselves in the middle of the SSL session between a client and a server and being able to intercept, view, and modify any requests or responses exchanged by the two communicating parties. In an attack using this recent TLS vulnerability, due to the way SSL-enabled applications handle the session-renegotiation process, an attacker may inject arbitrary plaintext into the beginning of the application protocol stream. This can affect multiple protocols that can communicate over an SSL session, such as HTTPS, IMAP, POPS, SIP, etc. Note that in this attack, the attacker would have no ability (...

Robert Keith | 10 Nov 2009 19:57:46 GMT

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a moderate month—the vendor is releasing six bulletins covering a total of 15 vulnerabilities.

Three of the issues are rated “Critical” and affect Web Services on Devices API, License Logging Server, and the Windows kernel. An attacker could exploit these issues remotely to gain complete control of a vulnerable computer.

The remaining issues, rated “Important”, affect Excel, the Windows kernel, Office, and Active Directory. Although these are only rated “Important” by Microsoft, we consider the Office and Excel issues quite serious and advise customers to apply updates as soon as possible.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or...

Peter Coogan | 04 Nov 2009 19:26:49 GMT

The Fragus exploit pack showed up on our radar a few months ago and has been steadily growing to become one of the most prevalent exploit packs being seen in the wild today by Symantec. It is similar to other popular exploit packs available—such as Unique, YES, Eleonore, and Liberty—but it brings some new and interesting features with it. Exploit packages are generally designed as a means to allow attackers to group and serve exploits from their website against the browsers of unsuspecting visitors. It is done in a nice GUI form, hosted on a Web server, and allows the attacker to generally choose which exploits to run. Once exploited, a final payload is served to the system. All of this is dished up in a control panel with some nice statistics on how successful the campaign has been.  

...

Robert Keith | 13 Oct 2009 19:09:22 GMT

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a very heavy month—the vendor is releasing 13 bulletins covering a total of 34 vulnerabilities.

Twenty-one of the issues are rated “Critical” and affect GDI+, Active Template Library (ATL), Media Player, .NET, Silverlight, Internet Explorer, Server Message Block (SMB), and Media Runtime. Most of those are client-side vulnerabilities that require a victim to open a malicious file or visit a malicious page. The SMB issue is a fairly serious server-side vulnerability that was reported early last month.

The remaining issues, rated “Important” and “Moderate,” affect GDI+, Windows Indexing Service, Windows kernel, CryptoAPI, Internet Information Services (IIS), LSASS, and SMB.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while...

Greg Ahmad | 15 Sep 2009 21:46:13 GMT

Recently we became aware of a new security vulnerability that affects various versions of Microsoft Windows operating systems. This vulnerability allows remote attackers to carry out denial-of-service and local privilege escalation attacks against affected computers and though not confirmed, it may also facilitate remote code-execution with kernel-level privileges.

The issue was publicly released on September 7, 2009, by a researcher named Laurent Gaffié. The researcher published proof-of-concept code and some technical details on the Full Disclosure mailing list. He indicated that the code targets the Microsoft Server Message Block version 2 (SMB v2) protocol implementation in Microsoft Windows Vista and Windows 7 and it could be used to...