Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: 2006 Alerts - Q4

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Websense 1st half 2006 - Security Trends Report

    FYI...

    - http://www.websense.com/global/en/Pr...ase=0610031282
    October 3, 2006
    "...The report shows that the volume of attacks increased and malicious code became more covert, less recognizable and more targeted toward financial gain. Not only has malicious code become more sophisticated, but the infrastructure supporting its creation and spread has also become more complex. Of the sites designed to steal credentials, almost 15 percent are derived from toolkits, an emerging tactic from the hacker community. These kits, made by professional malicious code writers, are often for sale on the internet and allow non-sophisticated users to launch sophisticated attacks against operating system exploits and vulnerabilities. The criminal motive of attacks has also become more apparent as traditional hacking for fun has been replaced with activities designed to steal confidential data to reap financial rewards. The report notes a 100 percent increase in sites designed to install keyloggers, screen scrapers and other forms of crimeware. Conversely, Websense has seen more than a 60 percent drop in websites designed merely to change user preferences, such as browser settings..."

    ("Additional Highlights" and "Major Findings" available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java Trojan/Bot (warning)

    FYI...

    - http://isc.sans.org/diary.php?storyid=1783
    Last Updated: 2006-10-13 18:49:37 UTC
    "Jan sent us a nice ( ? ) trojan he found on a friend's defaced website. After 20 seconds, the defaced site will redirect users to the java applet which appears to implement a full featured bot. You should see a java security popup notifying you that the applet is signed by an "Unknown User".

    As always, do not click 'OK' but deny.

    Given that it is written in Java, this bot could potentially work on different operating systems."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Multiple Vendor Bluetooth Vuln - updates available

    FYI...

    - http://blog.washingtonpost.com/secur...dely_depl.html
    October 17, 2006
    "Security flaws present in the software components that power wireless communications over Bluetooth on a number of popular laptop models could let attackers compromise vulnerable machines. Bluetooth is a communications technology that allows electronic devices to exchange information wirelessly over short distances (the theoretical range is between 10 to 100 meters, depending on the class of the devices used). The problem stems from Bluetooth device drivers made by Toshiba Corp., drivers that are present not only in many Toshiba notebooks but also in a number of machines made by Dell Computer... advisory from Atlanta-based SecureWorks: http://www.secureworks.com/press/20061011-dell.html ..."

    (Use -both- URL's above for more detail.)

    - http://secunia.com/advisories/22402/
    Release Date: 2006-10-17
    Critical: Moderately critical
    Impact: DoS, System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: Toshiba Bluetooth Stack 3.x, Toshiba Bluetooth Stack 4.x ...

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Spam, Phishing and Virus Attacks Up

    FYI...

    - http://www.darkreading.com/document....040&print=true
    October 23, 2006
    "Two resurgent email-borne exploits have been hitting users particularly hard over the last week, and researchers say the uptick could get worse. Stration.DS, a variant of a mass-mailing virus that was first spotted last month, is reproducing at alarming rates, according to researchers. Security vendor Fortinet says it has killed more than 350,000 instances today alone -- more than three times as many as it stopped on Friday; email security vendor Postini confirmed that estimate, saying it has slapped the virus down more than 363,000 times in the last 24 hours. Separately, Panda Software says it has spotted several variants of the Haxdoor Trojan -- a rootkit exploit that often uses email to steal confidential user information -- over the last seven days. Like Stration, Haxdoor is not new, but appears to be re-emerging in a particularly virulent strain.... "It will probably continue to proliferate at its current rate -until- more people update their antivirus software and it has a smaller base of machines to launch from," Lu says. "When most people have their antivirus products upgraded, we'll start to see the numbers go down"... Stration and Haxdoor join Netsky and Mytob as threats that have been attacking email users in wide variants for months at a time. In its monthly threat report issued Friday, Postini* said it blocked more than 4 million instances of Netsky alone in September..."

    Spam, Phishing and Virus Attacks Rise to 80 Percent of All Email in September
    * http://www.postini.com/news_events/pr/pr102006.php
    October 20, 2006
    "...At any given moment in September, Postini was tracking 50,000 computers that were exhibiting signs of malicious behavior..."
    - http://www.postini.com/stats/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Winamp vuln - update available

    Winamp v5.31 available:

    Download:
    - http://www.winamp.com/player/index.php

    Version History
    - http://www.winamp.com/player/version_history.php#5.31

    - http://secunia.com/advisories/22580/
    Release Date: 2006-10-25
    Critical: Highly critical ...
    ...The vulnerabilities are reported in versions 2.666 through 5.3.
    Solution: Update to version 5.31.
    http://www.winamp.com/player/ ..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Scams Target Latest Upgrades in E-Banking Security

    FYI...

    - http://blog.washingtonpost.com/secur...eb_bankin.html
    October 27, 2006
    "Financial institutions across the country are scrambling to meet a Dec. 31 deadline set by banking industry regulators to have security processes in place for online banking that go beyond simply requiring customers to enter a user name and password. While some of the protections being adopted should help people -feel- more confident about online banking, there are signs that criminals already are adapting their techniques to defeat those measures... Take, for example, a phishing e-mail from earlier this week targeting Bank of America customers with the usual message urging the recipient to "update their account information," in this case due to a supposed "server update" by the bank. Users who click on the included link are brought to a page that prompts the visitor to reset their account data by supplying their "old" password and user name, as well as their "previous" two SiteKey questions and answers... It would be interesting to compare the results of the anti-phishing technology built into the latest releases of both Microsoft's Internet Explorer 7 and Mozilla's Firefox 2.0 browsers. When I visited this particular site in Firefox, I received a pop-up alert from Netcraft's anti-phishing toolbar, but also from Firefox, which flagged the scam site as a "suspected web forgery" and included links I could click on to earn more about phishing scams. When I visited the Bank of America scam site in IE7, I received no such alert."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation "Month of Kernel Bugs" begins

    FYI...

    - http://blog.washingtonpost.com/secur...patched_1.html
    November 1, 2006
    "Security researcher HD Moore today released computer code showing how attackers can exploit an unpatched flaw present in the wireless drivers in some Apple Macintosh computers... The vulnerability is the first in a series of daily bug details to be released over the next 29 days as part of the "Month of Kernel Bugs" project. LMH said we can expect at least five more Apple kernel bugs to be detailed in the coming days, as well as kernel flaws in Linux, BSD, and Solaris 10 systems..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Scammers Use Wikipedia To Distribute Virus

    FYI...

    - http://www.internetnews.com/security...le.php/3642011
    November 3, 2006
    "If Web 2.0 is built on trust, that may also be its downfall. Hackers entered a Web page into the German edition of Wikipedia that claimed there was a new variant of the Blaster virus floating around and provided a link to a download to remove the virus. The problem was, the supposed virus remover was the virus. The hackers then spammed German computer users, pretending to be from Wikipedia, and directed them to the bogus page about "new worm." Fortunately, antivirus vendor Sophos* caught the email, and it alerted Wikipedia about the bogus page. The page was quickly taken down. Because of the inherent nature of Wikipedia an online encyclopedia that anyone can add to or edit it makes this kind of opportunistic criminal easy. "This was another strong social engineering opportunity," Gregg Mastoras, vice president of marketing at Sophos, told internetnews.com..."
    * http://www.sophos.com/pressoffice/ne...a-malware.html
    3 November 2006
    "...Wikipedia has now confirmed that it has permanently erased the archived version of the page..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Top 10 ISPs hosting phishing sites

    FYI...

    - http://www.darkreading.com/document....802&print=true
    NOVEMBER 6, 2006
    "PhishTank*, the neighborhood watch site for phishing exploits, has released its first round of monthly statistics on the phishing exploits it collected last month. Out of the 7,061 suspected phishes submitted to the PhishTank site, 3,678 were confirmed, but another 2,505 went offline before they could be validated by the site. PhishTank is a public clearinghouse for phishing emails and URLs run by OpenDNS**, where users and Web developers can post and track phishes... The top ten ISPs that hosted the most phishing attempts were (in order): Hanaro Telecom, National Internet Backbone, TELESC Telecomunicacoes de Santa Catarina SA, EMCATEL, Instituto Costarricense de Electricidad y Telecom, CQNET Chongqing Broadband Networks, Futures Cable Television, SAVVIS Savvi, CANTV Servicios, MobiFon S.A. Demographically, 24 percent of the phishing exploits came from the U.S., 14 percent from South Korea, and 8 percent from India. The rest were spread fairly evenly among China (6 percent), Great Britain (4 percent), Germany (4 percent), Brazil (4 percent), Russia (3 percent), Costa Rica (3 percent), and Columbia (3 percent). Other countries represented less than 2 percent of the phishing exploits, according to the PhishTank numbers."
    * http://www.phishtank.com/stats.php

    ** http://www.opendns.com/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malicious Trojan poses as McAfee alert

    FYI...

    - http://isc.sans.org/diary.php?storyid=1831
    Last Updated: 2006-11-07 20:29:51 UTC
    (References...)
    - http://www.kaspersky.com/news?id=204900036
    "Kaspersky Lab has intercepted a mass-mailing containing Trojan-Dropper.MSWord.Lafool.v. This mass mailing is unusual as messages appear to be sent from mcafee @ europe.com and allegedly originated from McAfee, an antivirus company. Kaspersky Lab believes that McAfee is in no way involved in the distribution of this Trojan and that the email address used in the messages (mcafee@europe.com) is faked and used in order to cause recipients to open infected messages. Lafool.v is a Word document called “McAfee Inc. Reports.doc”. The file is 80,635 bytes in size, and allegedly contains a report about the propagation of malicious programs on the Internet. The document contains a macro written in Visual Basic for Applications. Lafool.v extracts a new modification of LdPinch, a well known Trojan password stealing program, from itself, and launches it for execution. LdPinch steals passwords to a number of services and applications, including AOL Instant Messenger and ICQ, and other confidential user data. Kaspersky Anti-Virus detects the new variant of this program as Trojan-PSW.Win32.LdPinch.bbg* ...
    * http://www.viruslist.com/en/viruses/...virusid=140927
    "...Check the C: root directory for a file called “LS060E.eXE” and delete it: C:\LS060E5.eXE ..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •