Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: 2006 Alerts - Q2

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Coolwebsearch / Trafficadvance got a new home...

    FYI...

    - http://isc.sans.org/diary.php?storyid=1245
    Last Updated: 2006-04-05 20:09:42 UTC
    "Looks like our long-time* "friends" from the Coolwebsearch/Trafficadvance malware department have moved shop to a new hoster. If you've followed our earlier suggestions and zapped their old netblock (81.9.5.x), well, then you might want to consider banning their new sites as well. They all seem reside under 85.249.23.x now, again in St.Petersburg, Russia. If you prefer to block their domains, here's a list. All of the indicated domain names end in .biz.

    traffsale1 traffweb toolbarweb toolbarsale iframecash traffcool toolbarcool traffbucks toolbarbucks traffdollars toolbardollars traffbest toolbarbest traffnew toolbarnew traffmoney toolbarmoney vip01

    Be advised that unwary surfing to these sites might make your DVD drive spit out peperoni slices, cause your monitor to start flickering, and definitely will result in other side effects detrimental to the integrity of your beloved computing device. You have been warned."

    * http://isc.sans.org/diary.php?storyid=868

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Cross platform virus PoC (!)

    FYI...

    - http://isc.sans.org/diary.php?storyid=1248
    Last Updated: 2006-04-07 13:55:10 UTC
    "Viruslist is reporting on a cross platform Proof of Concept (PoC) virus that works on both Linux and Windows machines. It is claimed to be capable of infecting both the linux ELF binaries and .exe's from windows. The impact of the PoC at this point is very low in itself, but it is a sign the cross platform aspects are becoming important. As the developers of viruses continue to research this, we will see (more) cross platform malware come about in the future.
    Even today websites sending exploits to their visitors tend to detect what browser/platform the visitor is using and send a matching exploit to install some malware and earn their quarter for each confirmed installation. Planning ahead and also protecting the Linux, UNIX and Mac OS X, machines with anti-virus measures is a good thing to start on now if you haven't done so already.
    For those thinking their "pet" computer is invulnerable to the virus threat: it's not. The vulnerability exploited by a virus is the ability of software to add or change other programs. All general purpose operating systems have that vulnerability to some degree.
    Getting infrastructure that is fed signatures in an automated manner in place allows you to shorten the time needed to respond, even if the specific platform isn't targeted today. Since anti-virus measures are mostly reactive in nature, anything that makes your reactions faster is good."

    :(
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox v1.5.0.2 released

    FYI...

    - http://isc.sans.org/diary.php?storyid=1261
    Last Updated: 2006-04-14 01:56:17 UTC
    "...Firefox has released version 1.5.0.2 (and 1.0.8, for those who were not able to upgrade to 1.5) of it's browser. This update fixes some undisclosed security issues..."

    Download:
    - http://www.mozilla.com/firefox/
    Several security fixes:
    - http://www.mozilla.org/projects/secu...firefox1.5.0.2
    Notable bug fixes:
    - http://www.squarefree.com/burningedg...s/1.5.0.2.html

    ------------------------------------------
    - http://secunia.com/advisories/19631/
    Release Date: 2006-04-14
    Critical: Highly critical ...
    Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS, System access
    Where: From remote
    Solution Status: Vendor Patch
    Solution:
    Update to versions 1.0.8 or 1.5.0.2.
    >>> http://www.mozilla.com/firefox/

    Last edited by AplusWebMaster; 2006-04-14 at 19:37. Reason: Additional info - Secunia
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Mozilla Products Multiple Vulns - updates available

    FYI...

    - http://www.us-cert.gov/cas/techalerts/TA06-107A.html
    April 17, 2006
    "...II. Impact
    The most severe impact of these vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the user running the affected application. Other effects include a denial of service or local information disclosure.
    III. Solution...
    Upgrade to Mozilla Firefox 1.5.0.2, Mozilla Thunderbird 1.5.0.2, or SeaMonkey 1.0.1. According to Mozilla.org, Thunderbird 1.5.0.2 is to be released on April 18, 2006..."

    >>> http://www.mozilla.org/download.html
    ----------------------------------------------------

    Thunderbird v1.5.0.2 released
    - http://www.mozilla.com/thunderbird/
    21-Apr-2006
    Release notes/fixes:
    - http://www.mozilla.org/projects/secu...derbird1.5.0.2
    Changes in 1.5.0.2: (77)
    - http://weblogs.mozillazine.org/rumbl...2/1-5-0-2.html

    Last edited by AplusWebMaster; 2006-04-22 at 19:51. Reason: Thunderbird v1.5.0.2 released
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Apple issues Java security update

    FYI...

    - http://news.com.com/2102-1002_3-6062...=st.util.print
    April 19, 2006
    " Apple Computer has released a security update* for Mac OS to deal with a Java vulnerability that could allow malicious attackers to gain access to users' systems. Apple issued the J2SE 5.0 Release 4 update earlier this week, noting an attacker could use a vulnerability in Java Web Start to allow a malicious application to read and write local files on a user's system. Java Web Start is a technology to load Java applications over a network such as the Internet. The company advised people with computers running the Java Web Start application on Mac OS X v10.45, as well as Apple's server version, to download the J2SE version 1.5.0_06 update."

    * http://docs.info.apple.com/article.html?artnum=303658

    ** http://sunsolve.sun.com/search/docum...=1-26-102170-1
    Security Vulnerability With Java Web Start
    Date Released: 07-Feb-2006

    :
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Mac OS X Multiple Vulns with PoC (!)

    FYI...

    - http://isc.sans.org/diary.php?storyid=1282
    Last Updated: 2006-04-21 19:41:56 UTC
    "Multiple vulnerabilities have been reported in Apple Mac OS X and applications. Proof of Concept code has already been posted along with the information regarding the vulnerabilities. At this time no patches or workarounds appear to be available for the majority of the vulnerabilities. The impact and severity of the exploits are not yet known.

    Links to advisories:
    > Apple OS X 10.4.5 .tiff "LZWDecodeVector ()" Heap Overflow
    - http://www.security-protocols.com/sp-x24-advisory.php
    > Apple OS X BOM ArchiveHelper .zip Heap Overflow
    - http://www.security-protocols.com/sp-x25-advisory.php
    > Apple OS X Safari 2.0.3 Multiple Vulnerabilities
    - http://www.security-protocols.com/sp-x26-advisory.php
    > Apple OS X 10.4.6 "ReadBMP ()" .bmp Heap Overflow
    - http://www.security-protocols.com/sp-x27-advisory.php
    > Apple OS X 10.4.6 "CFAllocatorAllocate ()" .gif Heap Overflow
    - http://www.security-protocols.com/sp-x28-advisory.php
    > Apple OS X 10.4.6 .tiff "_cg_TIFFSetField ()" DoS
    - http://www.security-protocols.com/sp-x29-advisory.php
    > Apple OS X 10.4.6 .tiff "PredictorVSetField ()" Heap Overflow
    - http://www.security-protocols.com/sp-x30-advisory.php ..."

    EDIT/ADD:
    - http://secunia.com/advisories/19686/
    Release Date: 2006-04-21
    Critical: Highly critical
    Impact: DoS, System access ...
    Solution:
    Do not visit untrusted web sites, and do not open ZIP archives or images originating from untrusted sources..."

    Last edited by AplusWebMaster; 2006-04-21 at 23:13. Reason: Additional info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Web Attacker sites increase

    FYI...

    - http://www.websensesecuritylabs.com/...hp?AlertID=472
    April 21, 2006
    "Websense Security Labs is seeing large increases in drive-by installations of malicious code that is hosted on websites that are using the Web Attacker Toolkit. When a user visits one of the nearly 1000 sites that are being used to run code without user intervention, a Trojan Horse is downloaded and run. It can log keystrokes, download additional code, or open backdoors on the user's machine. The kit is being sold on the Internet for as little as $20 and can be purchased and downloaded from a website hosted in Russia (see http://www.theregister.co.uk/2006/03/27/spyware_diy/ ). The Web Attacker tool also includes a nice graphical interface and an instructional manual to assist in configuring your server for the exploit. Along with that are details about which anti-virus engines cannot detect it, and how it works. The kit has the ability to detect the visiting user's browser through the user agent and will serve one of seven different exploits based on the browser settings. It includes exploits for a number of different browsers and browser versions.
    What is also interesting is that the websites that are hosting the malicious code also include a statistics page that shows the number of infected clients, percentage of clients that have been infected, and a breakdown by country, Operating System, and browser... the percentage of successful infections is quite high. On average we are seeing between 3% and 13% overall success rate. It is also interesting to notice the large number of machines that are not patched for older exploits. The statistics also show a column called "zero-day". These exploits are not zero-days anymore, because Microsoft has patched them; however, this remains the largest percentage of infections. Although we are still collecting statistics, our original research leads us to believe that there are more than 10,000 successful infections of users who have visited one of the malicious sites..."

    (Screenshots available at the Websense URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation "Nugache" Worm/Bot spreading

    FYI...

    - http://www.websensesecuritylabs.com/...hp?AlertID=478
    5/1/2006
    "WebsenseŽ Security Labs (TM) has received several reports of a new worm, "Nugache", which is spreading on AOL/MSN Instant Messenger networks and as an e-mail attachment by exploiting several workstation vulnerabilities. The worm opens a back door on TCP port 8, and installs a bot to wait for commands from the attacker. The command & control channel that is used is unique, as the bot appears to connect to infected peers instead of a static list. A peer-to-peer command & control channel makes it more difficult to block commands issued to the bot. The traffic over this channel also uses obfuscation in an attempt to bypass intrusion detection systems."

    - http://isc.sans.org/diary.php?compare=1&storyid=1300
    Last Updated: 2006-05-01 21:00:50 UTC
    "...A bot was seen spreading via AOL Instant Messenger (AIM) earlier today that appears to be using "encrypted"... peer-to-peer P2P... as the Command and Control (C&C) mechanism. The bots communicate with each other via port 8/TCP... I expect that this binary will be detected by most AV companies quickly (today I hope) and slow its spread tremendously..."


    (Most... AV vendors have issued signature updates -today- that cover the worm. Have you updated yours?)


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox v1.5.0.3 released

    FYI...

    - http://www.mozilla.com/firefox/relea....html#download
    Release Date: May 2, 2006
    Security fix for denial of service vuln.

    Download:
    - http://www.getfirefox.com/

    Also, you can use "Help->Check For Updates" (XP Admin account).

    Last edited by AplusWebMaster; 2006-05-03 at 16:17.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Quicktime multiple Vulns - upgrade available

    FYI...

    Quicktime upgrade v7.1 available
    - http://isc.sans.org/diary.php?storyid=1329
    Last Updated: 2006-05-12 00:18:50 UTC
    "Apple released a Quicktime upgrade to version 7.1 that fixes a number of vulnerabilities in the Quicktime viewer. Normally I'd like suggest to read the release notes* for details, but they are typically thin in explaining what's been fixed and/or otherwise changed.
    Basically viewing crafted images:
    * JPEGs [CVE-2006-1458],
    * Flashpix [CVE-2006-1249],
    * PICT [CVE-2006-1453, CVE-2006-1454],
    * BMP [CVE-2006-2238]
    and movies:
    * Quicktime [CVE-2006-1459, CVE-2006-1460]
    * Flash [CVE-2006-1461]
    * H.264 [CVE-2006-1462, CVE-2006-1463],
    * MPEG-4 [CVE-2006-1464]
    * AVI [CVE-2006-1465]
    ...can lead to arbitrary code execution.
    The fixed version is available for both OS X and Windows. The best about it all is that at least we don't get the implicit insults we should only visit trusted websites. Without more information the only option is not to use quicktime or upgrade..."
    * http://docs.info.apple.com/article.html?artnum=303752

    >>> http://www.apple.com/quicktime/download/standalone.html
    ----------------------------------------------------------------------

    - http://secunia.com/advisories/20069/
    Release Date: 2006-05-12
    Critical: Highly critical
    Impact: DoS, System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: Apple Quicktime 4.x, Apple Quicktime 5.x, Apple Quicktime 6.x, Apple QuickTime 7.x
    Description:
    Multiple vulnerabilities have been reported in QuickTime, which can be exploited by malicious people to compromise a user's system...
    Solution: Update to version 7.1..."

    >>> http://www.apple.com/quicktime/download/standalone.html

    Last edited by AplusWebMaster; 2006-05-12 at 13:17. Reason: Added Secunia advisory info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •