Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Greg Ahmad | 13 Jun 2007 07:00:00 GMT | 0 comments

On April 27, 2007, various Internet resources from the Republic of Estonia came under a series of DDOS or distributed denial of service attacks.According to claims by Estonian government officials and media, theattacks originated in Russia and followed a dispute between thegovernment and ethnic Russians over the relocation of a Soviet warmemorial from the Estonian capital of Tallinn. The attacks targetedwebsites belonging to government ministries, banks, media, politicalparties and businesses.

Though DDOS attacks against various networks have taken place onnumerous occasions in the past, the particularly interesting aspect ofthese attacks was that they appear to be...

Ben Greenbaum | 12 Jun 2007 07:00:00 GMT | 0 comments

Hello again... this month's update contains 6 advisories with atotal of 15 patched vulnerabilities. Major apps for this month wereonce again IE and Outlook/Windows Mail, coming in with 6 and 4 patchedvulnerabilities respectively. This month we also see updates forfile-based attack vectors against Visio, remotely exploitablevulnerabilities in both a dev library and a security package patched,and a fairly low profile information disclosure vulnerability in Vistadealt with.
As usual details are given below in order of descending urgency. Happypatching, and we'll be back for another round next month...

MS07-034; KB929123
Cumulative Security Update for Outlook Express and Windows Mail

This release addresses four issues in Windows Mail (vista) andOutlook...

Ron Bowes | 12 Jun 2007 07:00:00 GMT | 0 comments

In today's computerized world, loss of confidential information is far too common. If you look at a good list of personal information data breaches , you will quickly see that a breach occurs almost every day, and that's just in the United States!

Almost everybody knows that databases get hacked and laptops getstolen, both of which can expose all kinds of information aboutcustomers and employees. Information is frequently lost due tomalicious intentions. So security is audited, laptops are encrypted,and a lot of companies take steps to ensure that this type of exposuredoesn't happen. Data is still exposed, but many companies actively tryto prevent it.

I'll start with a story. I know a company that sells acustomer-management solution that once had a demo site, with demo data,which potential customers could play with. After a software upgrade,the demo database was...

Eric Chien | 11 Jun 2007 07:00:00 GMT | 0 comments

Apple announced a variety of new technologies today at Apple'sWorldwide Developers Conference. A couple of interesting technologiesincluded the confirmation of third party applications on the iPhone andthe availability of the Safari web browser on Microsoft Windows.

In a previous blog article,we discussed how limiting third party applications on the iPhone wouldcurtail any malicious applications for the iPhone. Opening up theiPhone to third party applications now raises the risk of maliciousapplications for the mobile device. However, the ability to writemalicious applications for the iPhone still remains to be seen as thedevil is in the details.

According to the demonstration, applications will be written inJavaScript and executed within Safari. The applications will haveaccess to internal phone applications including the ability to...

Marc Fossi | 11 Jun 2007 07:00:00 GMT | 0 comments

There have been numerous proposals for ways to prevent phishing scams. Suggestions ranging from EV certificatesto new specialized top-level domains seem to imply that the end ofphishing would be brought about through their implementation.Unfortunately, this isn’t likely to be the case.

Let’s look at a phishing scam for what it really is – an onlineversion of the classic confidence scam. The reason it’s called aconfidence scam is that the perpetrator has to gain the confidence oftheir intended victim in order to reap the rewards. Some of these scamsare so thinly veiled that only the extremely gullible will fall victimwhile others are so elaborately played that even some of the mostcautious individuals are fooled. The same goes for the online version.

Some phishing attacks are so poorly crafted (I’m sure most companiesdon’t misspell their own names) that many...

Yazan Gable | 08 Jun 2007 07:00:00 GMT | 0 comments

A couple of extremely critical vulnerabilities were discovered anddisclosed in Yahoo! Messenger two days ago, on June 6th. Late lastnight and early this morning, exploits were released to take advantageof these issues. At the time of the release, Yahoo had not yet patchedthe issues, so Yahoo! Messenger users were at significant risk of beingattacked.

The two vulnerabilities are both buffer overflows in the ActiveXcontrol that handles Yahoo’s Webcam functionality [1][2]. Due to theexploits being released publicly, anyone can carry out an attack bypersuading a user into following a link to a malicious file.

Fortunately, Yahoo has released an update to their Yahoo! Messengerproduct to resolve this issue. The latest version of the software,version 8.1, is reportedly not vulnerable. Users should update as soonas possible to reduce their exposure to potential attacks.

[1] http://www....

Ollie Whitehouse | 08 Jun 2007 07:00:00 GMT | 0 comments

Time for the next installment in my enthralling series on ‘Watching Microsoft Patch Windows CE’ and remember kids:

There are currently no reported security vulnerabilities for Windows CE

In my previous entry on this subject [2] I covered up untilFebruary’s updates for Windows CE 5 (the base to Windows Mobile 5 and6) so I’ll start logically with March’s [3 Below is my commentary foreach of the fixes I feel has a security impact.

• 070310_KB934175 – Numerous bugs in the .NET 2.0 compactframework; some of the exceptions / access violation occur in nativecode.

• 070320_KB933434 – Remote denial of service condition in RNDIS

• 070320_KB933680 – This issue discusses how Internet Explorer willcrash when it receives a certain response for a web server. The updatepatches WININET.DLL – as we all know a crash is a pretty goodindication of something worth investigating which may yield arbitrarycode execution.

Moving on...

Kelly Conley | 07 Jun 2007 07:00:00 GMT | 0 comments

The June State of Spam Report highlights the ongoing trend in the decline of image spam first reported last month in the May State of Spam Report. Image spam, which reached a high of 52 percent of overall spam in January, has shown a noticeable decline in most recent months, dropping around 10 percent each month in March and April to just 16 percent in May. One reason for the drop image spam is that spammers are always going to follow the money. The drop in image spam over the last two months tells us they think they can find a more effective way to get their messages into inboxes. While we have seen this decrease in image spam, the percentage of overall spam continues to remain the same at an average around 65 percent of email traffic for May....

Masaki Suenaga | 06 Jun 2007 07:00:00 GMT | 0 comments

If a virus uses a language other than English, it is most oftenChinese, German, Spanish, Portuguese or Russian, and sometimesIndonesian/Malay, Japanese or Thai. It is rare to find an Arabic-awarevirus. At least we've thought so until now.

In the current trend where a worm that spreads through removablemedia is easily created and many types of Trojan horses such asInfostealer and Downloader are armored with worm capability, thisbeginner's worm has started to be developed in every corner of theworld. Such a worm just spreads and does not get much attention fromvirus analysts, so we often give it a trivial name such as W32.SillyFDC.

W32.Alnuh,discovered on June 1, is a kind of W32.SillyFDC, as all it does isspread and then terminate some programs to protect itself. What is newis that it checks for some Arabic window titles to close as well asEnglish ones. W32....

Stuart Smith | 06 Jun 2007 07:00:00 GMT | 0 comments

…was the case that they gave me. Specifically, SB.Badbunny, a fairlynovel OpenOffice macro virus that attempts to spread via IRC. Thenovelty comes partly from the attention-grabbing trendiness of workingon OpenOffice and many Unix-based operating systems (Linux andMacintosh included), but also with its use of a variety of scriptinglanguages to improve portability. Badbunny doesn't just use theOpenOffice macro language, but has components written in Ruby,JavaScript, Python and Perl.

What makes this virus worth mentioning is that it illustrates howeasily scripting platforms, extensibility, plug-ins, ActiveX, etc, canbe abused. All too often, this is forgotten in the pursuit to matchfeatures with another vendor. Fortunately, in this case the ease-of-useof these scripting languages attracted an amateur developer who wrotemultiple critical bugs in the code, causing Badbunny to barelyreplicate.

Given that Web servers are an area where operating systems are stillvery much...