Old Alerts

AplusWebMaster

AplusWebMaster

New member
Advisor Team
Easily can happen when a visitor to ANY site enters the "names and e-mail addresses of...friends...". If you really want them to visit the site, just send them the URL yourself in an e-mail:

- http://www.techweb.com/article/printableArticle.jhtml?articleID=183702655&site_section=700028
March 24, 2006
"The Federal Trade Commission on Thursday nailed a spammer with a record-setting $900,000 fine for violating the CAN-SPAM Act. According to a complaint filed by the FTC, JumpStart Technologies of San Francisco, Calif. has spammed consumers since 2002, sending millions of messages disguised as personal e-mails in an attempt to hype its FreeFlixTix Web site. JumpStart, charged the FTC, collected e-mail addresses by offering free movie tickets to consumers in exchange for ratting out the names and e-mail addresses of five or more friends...
The spam scam also misled consumers who took the bait and went to FreeFlixTix, with some of the "free" ticket offers requiring credit card registration that in many cases resulted in charges made to the account. JumpStart's FreeFlixTix site is now offline..."

:(
 
FYI...

- http://antiphishing.org/crimeware.html
"The Phishing and Crimeware map displays the most recent data collected by Websense Security Labs (WS Labs) and provides a historical look into where Phishing and Crimeware related websites are hosted on the Internet. Upon discovery, each site is looked up via its IP Address to track the country of origin through the appropriate IP registrars and plotted on the map. The data is updated approximately 15 minutes after discovery."


:eek:
 
Alerts - Q2-2007

FYI...

- http://isc.sans.org/diary.html?storyid=2612
Last Updated: 2007-04-12 20:54:39 UTC ...(Version: 10) ~ "...The Subject of the email (that we have seen so far) say:
"Worm Alert!"
"Worm Detected"
"Virus Alert"
"ATTN!"
"Trojan Detected!"
"Worm Activity Detected!"
"Spyware Detected!"
"Dream of You"
"Virus Activity Detected!"
It has two attachments, one being an image with 'panic-worded text', and the other is a password protected zip file, whose password is revealed in the image. The zip file appears to be named:
"patch-<random 4 or 5 digit number>.zip"
"bugfix-<random 4 or 5 digit number>.zip"
"hotfix-<random 4 or 5 digit number>.zip"
"removal-<random 4 or 5 digit number>.zip" ..."

- http://www.pcworld.com/printable/article/id,130686/printable.html
April 12, 2007 03:00 PM PDT ~ "...Postini*, an e-mail security company, says that over the last 24 hours it has seen about 55 million virus e-mails, about 60 times the daily average. The first e-mails had romance-themed subjects: "A kiss so gentle," or "I dream of you," for instance. The latest batch attempts to fool readers--with subjects like "Worm Alert!" or "Virus Alert!"--into thinking they are already infected and need to apply a supplied patch--an attached virus... Cloudmark, another e-mail security company, says it sees similar outbreak numbers. Today's flood is ten times as large as one this past Sunday, which also involved the virulent Storm Worm..."
* http://www.postini.com/stats/index.php

> http://www.informationweek.com/shared/printableArticle.jhtml?articleID=199000691
--------------------------------------

> http://www.f-secure.com/weblog/archives/archive-042007.html#00001167
Friday, April 13, 2007 - Posted @ 02:19 GMT
--------------------------------------

- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=199000950
April 13, 2007 ~ "...The Internet Storm Center reported detecting at least 20,000 infections, while the Security Response Team at Symantec said they received several hundred thousand reports of the malicious e-mail making the rounds. That all changed on Friday morning when the attack went quiet... Encrypting the malicious code makes it much more difficult for anti-virus programs to catch it, and if they can't catch it, they can't stop it. If a user opens the file, his machine is infected with the malware and it then connects to a peer-to-peer network where it can upload data, including personal information from the infected computer. It also can download additional malware onto the infected system. The fact that infected computers connect through a peer-to-peer system and not to a standalone server or even a node makes it extremely hard to shut down... Paul Henry, VP of technology evangelism with Secure Computing, said in an interview that this latest Storm attack was aimed at building out the hackers' botnet. "The whole end game is building a bigger, better botnet," he said..."

(Arrgghh!)
 
Last edited:
Stration/Warezov worms prolific...

FYI...

- http://www.f-secure.com/weblog/archives/archive-042007.html#00001172
April 19, 2007 ~ "It's been awhile since the last attack of the Warezov gang. But it seems now they're back in action... e-mail of the new Warezov... being spammed... The zip file attachment contains an executable file that uses a text file icon as a decoy (Update-KB4765-x86.exe)... This executable file is a downloader for its other components. The link is encrypted with a simple XOR. For system administrators, you may want block network traffic from the following malicious link: linktunhdesa .com /h[REMOVED]2.exe ..."

(Screenshots available at the F-secure URL above.)


:fear:
 
Virus Writers Taint Google Ad Links

FYI...

- http://blog.washingtonpost.com/securityfix/2007/04/virus_writers_taint_google_ad.html
April 25, 2007 ~ "Virus writers have been gaming Google's "sponsored links" -- the paid ads shown alongside search engine results*. They are aiming to get their malicious software installed on computers whose users click onto ad links after searching for legitimate sites such as BBBonline.org, the official Web site of the Better Business Bureau. Sponsored links allow customers to buy advertisements attached to a particular search term. When a Google user enters a term into the firm's search engine, the ad belonging to the advertiser that bid the highest price for that search term appears at the top of the list of search results. According to a report at Exploit Prevention Labs**, while the top sponsored links that showed up earlier this week when users searched for "BBB," "BBBonline" or "Cars.com" appeared to direct visitors to those sites, they initially would route people who clicked on the ads through an intermediate site. The intermediate site attempted to exploit a vulnerability in Microsoft Windows to silently install software designed to steal passwords and other sensitive information from infected PCs. The attackers exploited a flaw in Microsoft's Internet Explorer Web browser, a problem that the company issued a patch to fix..."
>>> * http://blog.washingtonpost.com/securityfix/gnh.html

** http://explabs.blogspot.com/2007/04/google-sponsored-links-not-safe.html

- http://weblog.infoworld.com/zeroday/archives/2007/04/google_adwords.html
April 25, 2007 ~ "...A closer inspection by Exploit Prevention Labs researchers revealed that the attacks were actually coming from a site called smarttrack.org, a Russian Web site that serves up a variety of Web exploits..."

:fear: :mad:
 
Mobile spyware gets Certified...

FYI...

- http://www.f-secure.com/weblog/archives/archive-052007.html#00001190
May 11, 2007 ~ "...Mobile spyware and spying tools have been active lately. This week, we have received samples of two new mobile spying tools – running on new platforms. There is now spyware for both Windows Mobile and Symbian S60 3rd Edition devices... Spyware is being developed by commercial companies that have a lot more resources, skills, and motivation to get their creations to work. Both new spying tools are rather similar in their capabilities. After being installed on the device, they hide from the user and report information from the phone to a central server. From there, it can be accessed through a web page interface. An interesting fact is that the spyware for the Symbian 3rd Edition platform is Symbian signed. Therefore it can be installed without any warnings and is capable of operating without Symbian security alerting the user that something is going on... The fact that the spy tool authors could get their software certified indicates a potential issue when using digital signatures and certificates as the only security measure. On one hand the software is technically exactly what it claims to be, an application that backs up user data to a server. One the other hand, when the software is installed onto the device without the primary user's knowledge and permission, it can be used as a spying tool that compromises the said user's personal privacy. Thus if suspect applications cannot break security components, they can then play with the process of certification..."

(Screenshots and more detail at the URL above.)


:fear:
 
Malicious Code: Large scale European Web Attack

FYI...

- http://www.websense.com/securitylabs/alerts/alert.php?AlertID=782
June 18, 2007 ~ "Websense® Security Labs™ has received reports of a large scale attack in Europe that is using the MPACK* web exploit toolkit... At the time of this alert our ThreatSeeker technology has discovered more than *10,000* sites that have been compromised and have IFRAMES pointing to the hub infection site. Assuming users connect to one of the compromised sites and are vulnerable to one of several loaded exploits a Trojan Horse is downloaded onto their machine which is designed to steal banking, and potentially other confidential information through a (series) of web infection downloads. The main site has a statistics page and it has shown very large numbers of users connecting to the infected sites and high levels of users who have been compromised... The top regions are Italy, Spain, and the United States..."

(Graphics and sample statistics available at the URL above.)

* http://blogs.pandasoftware.com/blogs/pandalabs/archive/2007/05/11/MPack-uncovered_2100_.aspx
------------------------------------------------

- http://blog.trendmicro.com/another-malware-pulls-an-italian-job/
June 18, 2007 ~ "Remember LINKOPTIM, which exploited a number of legitimate Italian Web sites to spread malicious JavaScripts? Since early Saturday morning (June 16, 2007), Trend Micro has been receiving several reports of a new batch of hacked Italian Web sites that trigger a series of malware downloads once a user visits them. These infection series begin with a malicious IFRAME tag. Trend Micro detects Web pages hosting the said malicious tag as HTML_IFRAME.CU. All the compromised sites are hosted in Italy...Most of the legitimate Web sites that were compromised by the malware authors are related to tourism, automotive industry, movies and music, tax and employment services, some Italian city councils, and hotels sites. Apparently, most of these sites are hosted on one of the largest Web hoster/provider in Italy..."

(Sample screenshot of a compromised Web site at the URL above.)

:fear::fear:
 
Last edited:
10,000 sites infected...

More...

- http://www.theregister.com/2007/06/18/hijacked_sites_install_malware/
18 June 2007 ~ "More than 10,000 websites have been infected by a sophisticated and fast-acting Trojan downloader that attempts to install malware on visiting PCs. At least one security firm, Trend Micro, is working with the FBI to contain the damage and track down the perpetrators. The attack is noteworthy for the number of sites it has managed to infect in a relatively short period of time. Between Friday and Sunday night, the number jumped from 1,100 to about 2,500. By Monday afternoon, California time, there were more than 10,000 infected sites, according to Paul Ferguson, a network architect for Trend Micro... The hacked websites cover the gamut, from a site connected to the rock musician Bon Jovi to one that tries to raise money for charity work of the late Mother Teresa. Most of the compromised sites are mom-and-pop run affairs and are concerned with travel or entertainment.

An iframe buried underneath the hacked sites redirects users to a server that's hosted at a San Francisco-area co-location site that's been used previously by cyber criminals, Ferguson says. That site redirects to yet another server hosted in Chicago. The San Francisco server is registered to a front-company based in Hong Kong.

Ferguson said researchers and authorities are trying to contain the attacks by getting the San Francisco and Chicago sites shut down. MPack is a powerful kit that bundles together many different malware tools. Among other things, it logs detailed information about the machines it attacks, including the IP addresses of machines it has infected and what exploits a particular user is vulnerable to. It is similar to another malkit called WebAttacker. The attack resembles one from February which targeted certain Miami Dolphins Web sites on the same day the National Football League team hosted the Super Bowl. The legions of fans who visited the site were redirected to third party sites that attempted to install malware on their machines. Such attacks are increasing, largely thanks to the growing use of powerful javascript that vastly improves the functionality of websites. Unfortunately, programmers haven't paid close enough attention to how these scripts can be abused..."
-----------------------------------------

- http://www.computerworld.com.au/index.php/id;1851322309;fp;16;fpid;1;pf;1
19/06/2007 ~ "..."The usual advice we give, 'avoid the bad neighborhoods of the Web,' just doesn't hold water anymore" when legitimate sites have been hacked and are serving up exploits left and right, Ferguson said. "Everywhere could be a bad neighborhood now."

...
 
Last edited:
Alerts - Q2-2007b

FYI...

- http://isc.sans.org/diary.html?storyid=3015
Last Updated: 2007-06-20 21:42:28 UTC ~ "...Earlier today VeriSign/iDefense released some pretty good analysis of how it works, what the value of it is, and other goodies. This summary does not exist online but has been spread via email to the media and other outlets. Rather than trying to summarize it, iDefense gave the Internet Storm Center permission to reprint it in its entirety...
'...More than 10,000 referral domains exist in a recent MPack attack, largely successful MPack attack in Italy, compromising at least 80,000 unique IP addresses. It is likely that cPanel exploitation took place on host provider leading to injected iFrames on domains hosted on the server. When a legitimate page with a hostile iFrame is loaded the tool silently redirects the victim in an iFrame to an exploit page crafted by MPack. This exploit page, in a very controlled manner, executes exploits until exploitation is successful, and then installs malicious code of the attacker's choice...
...MPack leverages multiple exploits, in a very controlled manner, to compromise vulnerable computers. Exploits range from the recent animated cursor (ANI) to QuickTime exploitation. The latest version of mPack, .90, includes the following exploits:
MS06-014
MS06-006
MS06-044
MS06-071
MS06-057
WinZip ActiveX overflow
QuickTime overflow
MS07-017...' "

(Complete analysis at the URL above.)

.
 
Fake MS patch email -> Fake Spyware Doctor!

FYI...

- http://isc.sans.org/diary.html?storyid=3054
Last Updated: 2007-06-26 22:46:51 UTC ...(Version: 3)
"Several of our readers reported an email that lead to a fake Microsoft patch being spammed on the net today. The email had their full names and in one case the company they worked for included in the body of the email. So far I have seen 4 different urls. We are working on getting the systems hosting the malware cleaned or shutdown. We have submitted the malware itself to most of the AV vendors so detection should improve but currently it is not detected... You can see in the body of the email... that the spelling is bad and the license key is not in the right format for XP nor Outlook. Microsoft pointed us to a couple of web pages they maintain that should help you recognize fraudulent email...

> http://www.microsoft.com/protect/yourself/phishing/msemail.mspx

> http://www.microsoft.com/canada/athome/security/email/ms_genuine_mail.mspx

=====================================
From Norman Sandbox:
MSOUTRC2007Update-KB863892.exe : INFECTED with W32/Malware (Signature: NO_VIRUS)
[ DetectionInfo ]
* Sandbox name: W32/Malware
* Signature name: NO_VIRUS
[ General information ]
* Drops files in %WINSYS% folder.
* File length: 20480 bytes.
* MD5 hash: c7a8bde380043b5d8d7229e82db1c2fc.
[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM32\sdoctor.exe.
* Creates file C:\france.html.
* Deletes file c:\france.html.
[ Changes to registry ]
* Creates value "SpywareDoctor"="C:\WINDOWS\SYSTEM32\sdoctor.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
[ Process/window information ]
* Will automatically restart after boot (I'll be back...).
* Attemps to NULL C:\COMMAND.COM /c del c:\sample.exe >> NUL.
* Modifies other process memory.
* Creates a remote thread.
[ Signature Scanning ]
* C:\WINDOWS\SYSTEM32\sdoctor.exe (20480 bytes) : no signature detection...

We notified one of the support teams at a hosting provider that a virus was found on one of there customers systems. Their auto responder responded within a minute. A support person removed the malware and responded within 30 minutes. When I tried to verify that I found the malware was still there or back. When I notified the hosting provider that the malware was back the support person analysised logs, determined it was being uploaded via ftp and immediately disabled the ftp account involved."


:fear::buried:
 
Another "Storm" Wave

FYI...

- http://isc.sans.org/diary.html?storyid=3063
Last Updated: 2007-06-28 23:33:56 UTC ~ "...There is a new round of emails with malicious links that is making its way to the inbox of many folks. If you haven't gotten one yet, just give it time. Here is quick summary of what we have found. The subject line that we have gotten examples of have all been identical. You may have gotten something else.

"Subject: You've received a postcard from a family member!" ...

The ecard numbers in the URL above are variable across SPAM samples.
There are 3 exploits available and they are tried in order.

The first one is for QuickTime.
If that fails a Winzip exploit is attempted
If that fails, the "hail mary" is the WebViewFolderIcon exploit...

Here are a few more of the malware hosting servers they've relied on in recent months in addition to the HopOne and Softlayer host above:
27645 | 205.209.179.15 | 205.209.128.0/18 | US | arin | ASN-NA-MSG-01 - Managed Solutions Group, Inc
27595 | 216.255.189.214 | 216.255.176.0/20 | US | arin | INTERCAGE - InterCage, Inc
14361 | 66.148.74.7 | 66.148.64.0/19 | US | arin | HOPONE-DCA - HopOne Internet Corporation
36351 | 75.126.21.162 | 75.126.0.0/17 | US | arin | SOFTLAYER - SoftLayer Technologies Inc
36351 | 75.126.226.224 | 75.126.0.0/16 | US | arin | SOFTLAYER - SoftLayer Technologies Inc..."

- http://preview.tinyurl.com/2g58ud
June 28, 2007 (Computerworld) - "..."This is widespread, and leads the user to multiple IP addresses," said Shimon Gruper, vice president at Aladdin Knowledge Systems Inc., a security company known for its eSafe antivirus software. "There's not a single server, there are multiple exploits, [and the e-mail] has no attachments. This will be very difficult to detect." Two days ago, a Symantec honeypot captured a similar Web site-hosted attack that had an arsenal of exploits at its disposal. That attack, however, featured an unusual, if rudimentary, browser detector that sniffed out whether the target computer is running Microsoft's Internet Explorer (IE) or Mozilla Corp.'s Firefox. If the attack detects IE, it feeds the machine a Windows animated cursor exploit. If it finds Firefox, however, the sites spit out a QuickTime exploit."

- http://www.us-cert.gov/current/#new_storm_worm_variant_spreads
June 29, 2007

--------------------------------------

- http://asert.arbornetworks.com/2007/06/you-got-postcard-malware/
June 29, 2007 ~ "...Pretend you actually clicked the link. What would happen? You’d possibly get your machine recruited into the Peacomm spam botnet. This handy diagram* shows you what happens once you hit the website. There’s some obfuscated JavaScript on the page which builds a link to /123.htm, a malicious ANI file (MS07-017), and other exploits - QuickTime, WinZIP, and WebViewFolderIcon - all to cajole your computer into downloading files and launching them. There’s also a link to “/ecard.exe”, a downloader... If you actually get hit, your box will ping the web server (/aff/cntr.php) start to download the Peacomm components, like /aff/dir/sony.exe , /aff/dir/logi.exe, and /aff/dir/pdp.exe..."

(*Diagram shown at the URL above.)

:fear:
 
Last edited:
Alerts Q3-2007

FYI...

- http://isc.sans.org/diary.html?storyid=3186
Last Updated: 2007-07-24 22:15:22 UTC - "We have received several reports today from people that are getting flooded with SPIM on their IM accounts. These messages are providing a link to various web sites. These sites all seem to point to one site www dot messenger-tips dot com. This site purports to check your IM friends/contacts and report back to you which of them have blocked you. All you have to do is give them your login and password information. You also have to agree to their terms and conditions. Ok so we read their Terms and Conditions page and what do we find, first
They will NOT be responsible for any misuse of the information you provide. They also have no liability for content, views, advice or guidance because they provide a service that is for entertainment purposes only. (Huh? what entertainment). You provide them with the id and password, of course they won't store the information with anyone without your consent. (And if you believe that I have a bridge I will sell you.) Now here is the real catch-22. By agreeing to the terms and conditions you agree to allow them to SPIM all of your friends and contacts. Wonderful.
I am not sure if this program installs any malware or sets up any hole in your computer for them to crawl through... Bottom line folks, DO NOT CLICK ON LINKS."

("Spam Over Internet Messaging" - Unsolicited commercial messages sent via an instant messaging system.)

.
 
IM attacks up nearly 80 percent ...P2P is worse

FYI...

- http://www.networkworld.com/news/2007/072707-akonix-im-attacks-up.html
July 27, 2007 - "Malicious code attacks over instant messaging networks are up almost 80% over last year, according to a new study from vendor Akonix*. In July, the company, which develops IM hygiene and compliance appliances and services, said it uncovered 20 malicious code attacks over IM in July. The total number of threats for 2007 so far is 226, the company said. That number is a 78% increase over the last year. The company also said attacks on peer-to-peer networks, such as Kazaa and eDonkey, increased 357% in July 2007 over July 2006, with 32 attacks. That report comes on the heels of a report by peer-to-peer network monitoring vendor Tiversa**, which found contractors and U.S. government employees are sharing hundreds of secret documents on peer-to-peer networks. In many cases, those users were overriding the default security settings on their peer-to-peer software to do so, according to Tiversa...."

* http://www.akonix.com/press/releases-details.asp?id=138

** http://preview.tinyurl.com/2ut2of
(Computerworld)

:mad::fear::spider:
 
Multiple new trojans in the wild

FYI...

- http://isc.sans.org/diary.html?storyid=3200
Last Updated: 2007-07-30 19:07:36 UTC - "A reader alerted us to a bunch of malware that he had found after starting to unravel a pile of interlinked exploit pages. The exploit pages are spammed with "adult movie" kinda themes into search engines, etc, and thus most likely find enough "volunteers" who click on the links. Domains involved are clipsforadults-dot-com and several of 9u???-free-movies-dot-cn, with the ??? standing for several letter combinations like eyd,gfo,fdo, etc. Someone's been busy registering throw-away domains. The one bit that was of interest to us is ... that at the very end of this pile, the links try to download a "codec" off the site installobject-dot-com. The link used contains a 4-digit number, and each number, over a wide range, seems to return a slightly different binary. Installobject-dot-Com resolves to 85.255.113.235, a known bad address range for years - see http://isc.sans.org/diary.html?storyid=1873
AV detection is still thin, we are trying to help it along some. The files are of the W32/Zlob family, Kaspersky calls it Trojan-Downloader.Win32.Zlob.bxt, Trend Micro has it as TROJ_ZLOB.DND, and McAfee has protection coming up as Puper.DR. Adult sites from China, nasty trojans from Ukraine..."

> http://preview.tinyurl.com/yqj5pq
July 30, 2007 - (Infoworld) - "...Last week, a new ransomware Trojan appeared on the radar of security researchers, and was quickly identified as a modified version of the GpCode nasty that first hit the Internet as long ago as Spring 2005, and was tracked to a Russian site. As with its predecessors, the new Trojan, also named "Glamour," sets out to encrypt data files on any PC it infects, demanding a ransom of $300 in return for a key to unlock files. Now an analysis from security research outfit Secure Science Corporation (SSC) has plotted the large number of similarities between the new GpCode and another version that appeared in 2006. Of the 168 functions identified in the code of the new variant, 63 were identical to the older 2006 version... "In the 8 months since November, we've recovered stolen data from 51 unique drop sites [...]. The 14.5 million records found within these files came from over 152,000 unique victims," says the report..."
- http://www.securescience.com/home/newsandevents/news/decoder.html
Jul 19, 2007

:fear:
 
Cisco - multiple advisories, multiple vulns in IOS

FYI...

> http://www.us-cert.gov/current/#cisco_releases_security_advisories_for1
August 8, 2007 - " Cisco has issued four Security Advisories to address several vulnerabilities in their Internetwork Operating System (IOS) and Unified Communications Manager. These vulnerabilities may allow an attacker to overwrite or retrieve arbitrary files, cause a denial-of-service condition, or execute arbitrary code on an affected system..."

(Cisco links available at the URL above.)

- http://www.us-cert.gov/current/#cisco_releases_security_advisories_for1
updated August 9, 2007
"...US-CERT is aware of publicly available exploit code for one of these vulnerabilities..."

.
 
Last edited:
Hacking kits found for sale on eBay

FYI...

- http://www.guardian.co.uk/technology/2007/sep/21/hacking.ebay
September 21 2007 - "Kits that claim to help people hack into computers have been discovered for sale on the auction website eBay. Security experts found a selection of CDs, DVDs and programs for sale on eBay that promise to help buyers learn how to break into computers over the net. One CD - claiming to be on sale "for educational use only" - promises details of how to access other people's computers and contains a selection of programs commonly used for hacking. It is available through the site for £5.99. Many of the programs form the basic building blocks for computer crime, allowing even inexperienced hackers to find ways to get inside their victims' computers, or of masking their identities..."


:fear::mad:
 
Alerts - 2007-Q4

FYI...

* http://www.adobe.com/support/security/advisories/apsa07-04.html
October 5, 2007 - "...Vulnerability identifier: APSA07-04...
Platform: Windows XP (Vista users are not affected) with Internet Explorer 7 installed
Affected Software Versions:
Adobe Reader 8.1 and earlier versions
Adobe Acrobat Standard, Professional and Elements 8.1 and earlier versions
Adobe Acrobat 3D
Summary:
Adobe is aware of a recently published report of a critical security vulnerability in Adobe Reader and Acrobat.
Solution:
To protect Windows XP systems with Internet Explorer 7 installed from this vulnerability, administrators can disable the mailto: option in Acrobat, Acrobat 3D 8 and Adobe Reader by modifying the application options in the Windows registry*... the Secure Software Engineering team is working with the Adobe Reader Engineering team on an update to versions 8.1 of Adobe Reader and Acrobat that will resolve this issue. A security bulletin will be published on http://www.adobe.com/support/security as soon as that update is available. We expect the update to be available before the end of October. In the meantime, Adobe recommends that Acrobat and Reader customers use caution when receiving unsolicited e-mail communications requesting user action, such as opening attachments or clicking Web links..."

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5020

:fear:
 
Linux kernel v2.6.23 released

FYI...

- http://www.theinquirer.net/gb/inquirer/news/2007/10/10/linux-kernel
10 October 2007 - "...There will probably be a few more patches as this new kernel sees use in a wider variety of systems - including yours, should you choose to play with it but it should be fairly stable within a couple of months, at which time you'll begin to see the major Linux distributions start releasing systems based upon it."

Release notes:
- http://kernelnewbies.org/Linux_2_6_23
9 October 2007

:spider:
 
Last edited:
You must log in or register to reply here.
Back
Top