FYI...

- http://isc.sans.org/diary.html?storyid=3186
Last Updated: 2007-07-24 22:15:22 UTC - "We have received several reports today from people that are getting flooded with SPIM on their IM accounts. These messages are providing a link to various web sites. These sites all seem to point to one site www dot messenger-tips dot com. This site purports to check your IM friends/contacts and report back to you which of them have blocked you. All you have to do is give them your login and password information. You also have to agree to their terms and conditions. Ok so we read their Terms and Conditions page and what do we find, first
They will NOT be responsible for any misuse of the information you provide. They also have no liability for content, views, advice or guidance because they provide a service that is for entertainment purposes only. (Huh? what entertainment). You provide them with the id and password, of course they won't store the information with anyone without your consent. (And if you believe that I have a bridge I will sell you.) Now here is the real catch-22. By agreeing to the terms and conditions you agree to allow them to SPIM all of your friends and contacts. Wonderful.
I am not sure if this program installs any malware or sets up any hole in your computer for them to crawl through... Bottom line folks, DO NOT CLICK ON LINKS."

("Spam Over Internet Messaging" - Unsolicited commercial messages sent via an instant messaging system.)

.

FYI...

- http://www.networkworld.com/news/2007/072707-akonix-im-attacks-up.html
July 27, 2007 - "Malicious code attacks over instant messaging networks are up almost 80% over last year, according to a new study from vendor Akonix*. In July, the company, which develops IM hygiene and compliance appliances and services, said it uncovered 20 malicious code attacks over IM in July. The total number of threats for 2007 so far is 226, the company said. That number is a 78% increase over the last year. The company also said attacks on peer-to-peer networks, such as Kazaa and eDonkey, increased 357% in July 2007 over July 2006, with 32 attacks. That report comes on the heels of a report by peer-to-peer network monitoring vendor Tiversa**, which found contractors and U.S. government employees are sharing hundreds of secret documents on peer-to-peer networks. In many cases, those users were overriding the default security settings on their peer-to-peer software to do so, according to Tiversa...."

* http://www.akonix.com/press/releases-details.asp?id=138

** http://preview.tinyurl.com/2ut2of
(Computerworld)

:mad::fear::spider:

FYI...

- http://isc.sans.org/diary.html?storyid=3200
Last Updated: 2007-07-30 19:07:36 UTC - "A reader alerted us to a bunch of malware that he had found after starting to unravel a pile of interlinked exploit pages. The exploit pages are spammed with "adult movie" kinda themes into search engines, etc, and thus most likely find enough "volunteers" who click on the links. Domains involved are clipsforadults-dot-com and several of 9u???-free-movies-dot-cn, with the ??? standing for several letter combinations like eyd,gfo,fdo, etc. Someone's been busy registering throw-away domains. The one bit that was of interest to us is ... that at the very end of this pile, the links try to download a "codec" off the site installobject-dot-com. The link used contains a 4-digit number, and each number, over a wide range, seems to return a slightly different binary. Installobject-dot-Com resolves to 85.255.113.235, a known bad address range for years - see http://isc.sans.org/diary.html?storyid=1873
AV detection is still thin, we are trying to help it along some. The files are of the W32/Zlob family, Kaspersky calls it Trojan-Downloader.Win32.Zlob.bxt, Trend Micro has it as TROJ_ZLOB.DND, and McAfee has protection coming up as Puper.DR. Adult sites from China, nasty trojans from Ukraine..."

> http://preview.tinyurl.com/yqj5pq
July 30, 2007 - (Infoworld) - "...Last week, a new ransomware Trojan appeared on the radar of security researchers, and was quickly identified as a modified version of the GpCode nasty that first hit the Internet as long ago as Spring 2005, and was tracked to a Russian site. As with its predecessors, the new Trojan, also named "Glamour," sets out to encrypt data files on any PC it infects, demanding a ransom of $300 in return for a key to unlock files. Now an analysis from security research outfit Secure Science Corporation (SSC) has plotted the large number of similarities between the new GpCode and another version that appeared in 2006. Of the 168 functions identified in the code of the new variant, 63 were identical to the older 2006 version... "In the 8 months since November, we've recovered stolen data from 51 unique drop sites [...]. The 14.5 million records found within these files came from over 152,000 unique victims," says the report..."
- http://www.securescience.com/home/newsandevents/news/decoder.html
Jul 19, 2007

:fear:

FYI...

> http://www.us-cert.gov/current/#cisco_releases_security_advisories_for1
August 8, 2007 - " Cisco has issued four Security Advisories to address several vulnerabilities in their Internetwork Operating System (IOS) and Unified Communications Manager. These vulnerabilities may allow an attacker to overwrite or retrieve arbitrary files, cause a denial-of-service condition, or execute arbitrary code on an affected system..."

(Cisco links available at the URL above.)

- http://www.us-cert.gov/current/#cisco_releases_security_advisories_for1
updated August 9, 2007
"...US-CERT is aware of publicly available exploit code for one of these vulnerabilities..."

.

FYI...

- http://www.guardian.co.uk/technology/2007/sep/21/hacking.ebay
September 21 2007 - "Kits that claim to help people hack into computers have been discovered for sale on the auction website eBay. Security experts found a selection of CDs, DVDs and programs for sale on eBay that promise to help buyers learn how to break into computers over the net. One CD - claiming to be on sale "for educational use only" - promises details of how to access other people's computers and contains a selection of programs commonly used for hacking. It is available through the site for £5.99. Many of the programs form the basic building blocks for computer crime, allowing even inexperienced hackers to find ways to get inside their victims' computers, or of masking their identities..."


:fear::mad: