Page 7 of 9 FirstFirst ... 56789 LastLast
Results 61 to 70 of 86

Thread: Last Security News

  1. #61

    Default VIRUS ADVISORY: W32/Sober.r@MM - Medium Risk

    VIRUS ADVISORY: W32/Sober.r@MM - Medium Risk
    =============================================
    What is it?

    The 18th variant of the first Sober virus, W32/Sober.r@MM
    is a mass-mailing worm hiding inside a .ZIP attachment.
    When run, the worm displays fake error messages, infects
    the host computer and sends itself to stolen email
    addresses. Messages may come in German or English.

    What should I look for?

    FROM: Varies
    SUBJECT: English: Your new Password. German: Fwd:
    Klassentreffen
    BODY: English: Your password was successfully changed!
    Please see the attached file for detailed information.
    German: ich hoffe jetzt mal das ich endlich die richtige
    person erwischt habe! ich habe jedenfalls mal unser
    klassenfoto von damals mit angehngt.
    ATTACHMENT. KlassenFoto.zip, pword_change.zip

    How do I know if I've been infected?

    Fake error messages displayed. Outgoing messages as noted
    above. Note: Receiving an email alert stating that the
    virus came from your email address is not necessarily an
    indication you are infected. Mass-mailing viruses often
    forge (or "spoof") the from address.

    Sourece:Mcafee

  2. #62

    Default

    October 7 2005 - Panda Platinum Internet Security 2005 has been
    named "Best Buy" in a recent comparative review of anti-spyware
    products in the November 2005 issue of PC World magazine. This product
    analysis evaluated both free and retail integrated security suites and
    dedicated anti-spyware solutions.

    The Panda Platinum Internet Security 2005 suite was acclaimed as the
    best integrated security suite, thanks to its effectiveness in combating
    different types of spyware. The comparative review evaluated the Panda
    Software security suite along with others such as Symantec Norton
    Internet Security 2005 Antispyware Edition and Zone Labs ZoneAlarm Internet
    Security Suite 6.0.

    According to PC World, "Of the three all-in-one suites (analyzed), we
    recommend Panda Software's Platinum Internet Security 2005. Our pick as
    Best Buy among the suites, Panda scored the highest of the three in
    total spyware removal..."

    "We are extremely proud of this recognition, which confirms Panda
    Software's commitment to protecting its clients from spyware and all other
    types of threats," declared IƱaki Urzay, Chief Technical Officer at
    Panda Software.

    The Panda Software solution was the only one able to eliminate 100% of
    running processes, ahead of specific anti-spyware solutions such as
    McAfee AntiSpyware 2006 or Trend Micro Anti-Spyware 3.0. Similarly, Panda
    Platinum Internet Security was able to eliminate 100 percent of BHOs
    (browser helper objects) and unwanted toolbars, components frequently
    used to hijack browsers.

    The PC World review also highlights the ease-of-use of this security
    suite, as it offers great effectiveness in eliminating spyware without
    constantly requiring users to make decisions.

    "...When it came to ease of use, Panda's suite was top-notch, removing
    detected adware and spyware without relying on user input. You can also
    change the default settings to allow case-by-case decision-making,"
    according to PC World.

    "The combination of reactive technologies and TruPrevent(TM) proactive
    technologies to combat spyware is not only available in Platinum
    Internet Security, but also all of our products both for consumers and
    corporate users." explains Ignacio Ayerbe, director of Panda Software's
    Consumer Business Unit.

    Source: PandaSoftWare

  3. #63

    Default

    October 7, 2005 - This week's report looks at three threats:
    the Banker.AXW and Format.A Trojans, and the Sober.Y email worm.

    Format.A is a Trojan that passes itself off a tool developed to run
    unsigned code in the console PSP (PlayStation Portable). However, when it
    is run, it deletes key files for the correct functioning of the
    console, which as a result, will not be able to start up. In order to spread,
    Format.A describes itself as an application for changing -by using an
    exploit- the BIOS version of the PSP consoles to an older version in
    order to run pirate games.

    Banker.AXW is a Trojan that monitors windows with title bars containing
    certain text strings, mostly related to banks. It then logs the
    keystrokes entered in those windows to capture passwords and other sensitive
    data. This Trojan uses several PHP scripts in order to send the
    information it has gathered. As with most Trojans, Banker.AXW cannot spread
    automatically using its own means. It needs an attacking user's
    intervention in order to reach the affected computer. The means of transmission
    used include, among others, floppy disks, CD-ROMs, email messages with
    attached files, Internet downloads, etc.

    Finally, Sober.Y is a new variant of this family of worms, which, like
    its predecessors, can spread rapidly via email. Just a few hours after
    it had first appeared, PandaLabs began to detect cases in users'
    computers around the world. To prevent Sober.Y from continuing to spread, in
    paticular to tose computers without adequate anti-malware protection,
    Panda Software has made the free PQRemove application available to users
    to detect and remove this worm from any computer it may have affected.
    This tool can be downloaded from
    http://www.pandasoftware.com/download/utilities/

    Sober.Y uses two types of mail to propagate: firstly, an email in
    English with the subject "Your new password", which tries to make users
    think it is notification of a change of password, asking them to check the
    data in an attached file, pword_change.zip. Secondly, an email written
    in German claiming to contain a photograph of old school friends in the
    file KlassenFoto.zip. Both compressed files contain the executable
    PW_Klass.Pic.packed-bitmap.exe, which is a copy of the worm itself.

    If the file is run, a false CRC error is displayed, even though the
    action has already started. The worm collects email addresses from files
    with certain extensions on the compromised computer, and sends itself
    out to them in the emails described above using its own SMTP engine. It
    will only use the German version of the email if the addresses end in
    .de (Germany), .ch (Switzerland), .at (Austria), or .li (Lichtenstein).

    source:Panda Software

  4. #64

    Default

    Madrid, October 26, 2005 - A vulnerability has been detected in
    Microsoft Internet Explorer, which could allow remote attackers to
    cause
    denial of service conditions.

    According to the bulletin released by SecurityTracker, this security
    flaw lies in J2SE Runtime Environment. An attacker could create
    malicious HTML code that, when loaded by the user with the Microsoft
    browser, will exploit the vulnerability in mshtmled.dll and cause
    Internet Explorer to stop responding.

    An update that resolves this problem is not yet available and
    therefore,
    users are advised not to visit unknown or unreliable websites. An
    exploit (*) for this vulnerability has been published, which increases
    the probability of being affected.

    (*) Exploit: technique or program that exploits a security flaw- a
    vulnerability- in a certain communication protocol, operating system or
    IT tool.

  5. #65

    Default Weak Oracle password

    October 28 2005 - A study has been published highlighting the
    weakness of the algorithm used for encrypting and storing passwords in
    Oracle.

    Joshua Wright, SANS Institute researcher, and Carlos Cid from the Royal
    Holloway College at the University of London, have revealed the method
    used to encrypt Oracle database passwords before they are stored. The
    weaknesses discovered include the fact that all passwords are converted
    into upper case before calculating the hash, drastically reducing the
    number off combinations to try in a dictionary or brute force attack.

    In addition, Wright has presented a tool that exploits the detected
    weaknesses, allowing an attacker with limited resources to obtain the
    password starting with the hash of a known user.

    Until Oracle increases security of the algorithm for storing passwords,
    experts recommend using strong passwords (sufficiently long with a
    combination of different types of characters), as well as assigning the
    minimum privileges necessary to users to mitigate the effects of a
    possible attack on their accounts.

    More information at:
    http://www.sans.org/rr/special/index.php?id=oracle_pass.

  6. #66

    Default

    October , 2005 - This week's report describes a worm
    -SdBot.FME-, a macro Trojan -Naiva.A-, a backdoor Trojan -RCBot.NT-,
    and
    a hacking tool called Mirkov.

    SdBot.FME is a worm that spreads by exploiting the following four
    security flaws that appear here with the number of the Microsoft
    bulletin that describes them: execution of remote code in Plug and Play
    -PnP-(MS05-039); RPC-DCOM (MS04-012); LSASS (MS04-011); and a
    vulnerability in WorKStation Service (MS03-049).

    SdBot.FME contains a backdoor Trojan that connects to several IRC
    servers, through which it can receive different commands including:
    download and run files via HTTP, register and delete services, set the
    level of the security policies or carry out denial of service attacks.

    The second threat in this week's report is Naiva.A which, like all
    Trojans, cannot spread using its own means but needs to be distributed
    manually by third-parties (via email, Internet downloads, file
    transfers
    via FTP or other means). This Trojan reaches computers as a Word
    document informing about the bird flu epidemic.

    Naiva.A uses two Word macros. The first calls five kernel functions,
    which allow it to modify create and delete files. It uses the second
    macro to install Ranky.FY on the computer, a Trojan that will allow a
    potential attacker to gain remote control of the affected computer.

    To avoid falling victim to Naiva.A, users should ensure that the macro
    security level is set at medium to receive a warning when they are run
    or high to stop them from running.

    IRCBot.NT is a backdoor Trojan that cannot spread using its own means,
    although it can receive remote control commands to get into other
    computer by exploiting the Plug and Play vulnerability.

    Once installed on computers, IRCBot.NT carries out several actions
    including:

    - Connecting to two IRC servers to receive remote control commands (IP
    scanning, Denial of Service attacks and download and run files).

    - Creating several files. One of these aims to bypass process oriented
    firewalls.

    - Registering itself as a Windows service.

    We are going to finish this week's report with Mirkov, a hacking tool
    that allows an attacker to gain remote control over the affected
    computer through a web browser. It can receive various control
    commands,
    such as download files or end process. It can also capture the
    keystrokes entered by the user, which can be used to collect passwords
    or other confidential information, compromising user privacy.
    source:panda

  7. #67

    Default Denial of service in Apache Web servers

    October 2005 - According to SecurityTracker, a vulnerability
    has been detected in Apache Web servers that could be used by remote
    attackers to provoke denial of services. To prevent this problem an
    update has been published for Apache web servers, and IBM has issued a
    fix for IBM HTTP Server (which is based on the Apache server).

    Because of this problem, in certain situations after an aborted
    connection, a remote user could trigger a memory leak in some
    Multi-Processing Module code. The flaw lies in
    'server/mpm/worker/worker.c'.

    The update for Apache Web server is available, via SVN, at:
    http://svn.apache.org/viewcvs.cgi/ht...orker/worker.c

  8. #68

    Default phishing and pharming

    October 31 2005 -
    Phishing involves stealing bank details using the Internet. This is usually done by sending an email to users trying to convince them to visit spoofed web pages and enter confidential data (account number, pin number, etc.) which is then logged by the page. Normally, after this data is entered an error page appears so that victims think they have not been able to connect and therefore don't suspect anything.

    Another technique for stealing bank details involves dropping a malicious Trojan, usually a keylogger (program which captures keystrokes) on the victim's computer. The keylogger is usually activated when the Trojan detects that the user is on a bank website and from then on, it captures all the keystrokes enter by the user, which usually include usernames, passwords, account numbers and other bank details.

    In addition to these methods, a new and more sophisticated method called pharming has been recently reported. In this case the attack is carried out on the user's computer or the Internet service provider so that when the user requests their bank page, they are redirected to an imitation website.

    Currently, detection of these electronic fraud threats depends on whether they are using conditional malware techniques. In the case of phishing, the attack can be detected if it is spread using spamming techniques, if it uses known keyloggers or if it exploits a browser vulnerability allowing false addresses to be displayed in the address bar. With pharming, neutralizing the attack is more complex, especially if the attack is carried out by external malicious users and no type of malware has been previously dropped on the computer.
    source:panda

  9. #69

    Default

    November 1, 2005 - PandaLabs reports on the new Mitglieder Trojan variant, named Mitglieder.FK, distributed in computers all overthe World. The initial spread of this new variant has been distributedmanually using spamming techniques in the last hours and infecting a large number of computers.

    This Trojan has been sent in e-mail messages with variable features: it includes no subject and the message body contains the texts "info" or "texte", and in every case includes a compressed attachment with different names from the following list:

    * Health_and_knowledge.zip
    * Sms_text.zip
    * Max.zip
    * Business.zip
    * The_new_price.zip
    * Info_prices.zip
    * Business_dealing.zip

    These attachments include an EXE archive which is a copy of the Trojan that if opened, will infect the system. If this happens, the Trojan will try to contact a series of URLs, from which it tries to download a file that is supposed to be copied in the Windows system directory with the name exefld\ and a random number appended. These URLs are hosted in domains from countries like Russia, Poland and Germany. Also, the Trojan would modify two registry keys in order to ensure its execution in every startup.

    "Even though the Trojan doesn't seem to be technically sophisticated, it has infected a significant number of computers, probably because it has been massively distributed to a great number of email addresses",
    PandaLabs.

  10. #70

    Default Over 30 countries already affected by the wave of Mitglieder

    Over 30 countries already affected by the wave of Mitglieder Trojans
    November 3 2005 - The avalanche of Mitglieder Trojans continues:over thirty countries are now affected by the different variants of this threat. Four of the five variants (FK, FL, FM and FN)are among the 6 threats most frequently detected by Panda Software's online antivirus solution, Panda ActiveScan. What's more, PandaLabs has confirmed that the Bagle.FN worm has teamed up with the Mitglieder.FK Trojan, which it sends from the computers it infects in order to increase its rate of propagation.

    This worm spreads by sending itself as a file attached to an email to all the address it finds on the affected computer. Its main actions consist of leaving the computer unprotected and trying to download a file that has the characteristics to generate emails to which to send copies of Mitglieder.FK.

    Even though new variants of Mitglieder have been released, their function is very similar: Trojans that install themselves on computers and, in the case of the FK, FL and FN variants, try to download files from a remote website, which could open the door to other threats. The main actions of the FM variant are to disable the antivirus protection
    installed on the computer, block access to web pages, mainly those belonging to IT security companies, and prevent users from modifying the
    Registry, so that these actions cannot be undone.

    "Without a doubt, the main trick of these variants is their extremely high rate of propagation, via both manual spamming and through the collaboration of the Bagle worms, which is not a new characteristic of this family," explains Luis Corrons, director of PandaLabs. "One of the hardest hit by these waves of threats could be companies, whose mail could be saturated with emails carrying these Trojans. For this reason, we recommend activating all types of filters to block this threat,especially in corporate environments."
    source:pandasoftware

Page 7 of 9 FirstFirst ... 56789 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •