|
Information Security Newsletter Bulletins posted 8/27/2009 Google has fixed two high-severity vulnerabilities in the stable version of its Chrome browser that could have let an attacker remotely take over a person's computer. Google has fixed two high-severity vulnerabilities in the stable version of its Chrome browser that could have let an attacker remotely take over a person's computer With one attack on Google's V8 JavaScript engine, malicious JavaScript on a Web site could let an attacker gain access to sensitive data or run arbitrary code on the computer within a Chrome protected area called the sandbox, Google said in a blog post Tuesday. With the other, a page with XML-encoded information could cause a browser tab crash that could let an attacker run arbitrary code within the sandbox. Chrome 2.0.172.43 (click to download for Windows) fixes the issues and another medium-severity issue. Once Chrome is installed, it retrieves updates automatically and applies them when people restart the browser. Google won't release details of the vulnerabilities until "a majority of users are up to date with the fix," Engineering Program Manager Jonathan Conradt said in the blog post.
Users should close out of the browser. Reopoening retrieves updates automatically and applies them when people restart the browser. Particularly nasty' hole closed after four months Out to steal online gold and other assets worth real money, scammers are stepping up attacks on World of Warcraft players, according to security researchers. A researcher from anti-virus firm Webroot has written here how official forums offered by WoW creator Blizzard are being used to spread links that lead to malware that steals passwords and other game credentials. The scam employs the common technique of telling visitors that their Adobe Flash player needs to be updated and then offering a malicious trojan instead of the real installation file. Elsewhere, phishers are churning out emails that purport to be official communications from Blizzard, according to researchers from security provider Sophos. The emails claim the game maker is launching a new service and invites them to click on a link for a free sneak peak. The resulting website, in turn, phishes user credentials. The attack outbreaks come a few weeks after Blizzard issued an update for Warcraft III that fixed a gaping hole that could lead to the complete hijacking of machines running the real-time strategy game. According to Webroot researcher Andrew Brandt, it was exploited simply by getting vulnerable victims to join a custom game hosted with booby-trapped maps. Attackers targeted the vulnerability in a game called DotA, or Defense of the Ancients, by creating fake maps that used the same file configurations as legitimate custom maps. "What makes this exploit particularly nasty is the fact that your PC gets infected the moment you join a game where the infected DotA map is in use," Brandt wrote. "Once downloaded, the game automatically unpacks the infected map and executes the malicious code."
In April, Blizzard took the drastic step of advising players steer clear of all custom games until a patch could be released. With the hole plugged, attackers are falling back on other ways of preying on players. Officials warned about fake DHS intel e-mails The e-mails actually originated from Internet addresses in Latvia and Russia, according to a three-page alert from the Homeland Security Department's counterintelligence unit. The document was obtained by The Associated Press. These fake e-mails were sent to officials in the Defense Department and to state and local officials since June. The spyware appears to be criminal, according to the alert. But counterintelligence officials "cannot discount that targeting of DHS partners and DoD personnel may be for other purposes." The e-mails were made to look as if they had actual text from a department intelligence assessment. They included links embedded with spyware known for stealing banking data and protected passwords. Homeland Security spokeswoman Amy Kudwa said anyone who receives an e-mail like this should not open the link and should report the e-mail to their technology departments.
Per DHS anyone who receives an e-mail like this should not open the link and should report the e-mail to their technology departments. Apple is rumored to make its upcoming OS more secure. Not wanting to be made the target of new PC ads mocking its lack of antivirus support, Apple reportedly is packaging its new OS X 10.6 "Snow Leopard", set to air on August 28, with free antivirus software. Security research firm Intego, which maintains a Mac security blog that monitors various OS X-specific malware, first noticed and reported the development. The firm was running the new version of OS X, when they noticed it detected and removed malware. The process was carried out via a popup window, which they took a screenshot of, but they were either unable to determine or chose not announce who made the antivirus software. Intego's post indicated that they were not making the product. ClamAV -- currently the AV engine in Apple's server operating system -- also seems unlikely as the virus detected had the signature "OSX.RSPlug.A", a signature that ClamAV currently doesn't support (ClamAV does have a signature for "OSX.RSPlug" [1]). Similar, McAfee and Sophos use the names OSX/Puper.a [2] and OSX/RSPlug-A [3], respectively. That leaves Symantec [4] as one possibility. Another is that Apple has developed its own proprietary antivirus software -- which would not be surprising. Assuming that Intego's report is accurate (which seems likely as they're a serious name in the security software industry), it looks like Apple will finally be taking malware on its consumer products seriously. It should be interesting to see how the program stacks up to the free offering that Microsoft is releasing later this year for Windows 7, Windows XP, and Windows Vista. For many years Macs remained largely free of malware, while their PC brethren struggled. This was due to many factors – including a small marketshare and the OS's generally sound design. Additionally, the web-based attacks of today were somewhat less frequent back then because browsers featured less rich content to exploit. However, like any OS, OS X was not without its holes -- on both the OS and the application level. Recently, with more marketshare and Apple's increasing marketing bravado, interest has picked up in attacking the OS. Recently, a worm attacking Macs emerged, but it appeared to be amateurish, unable to reproduce due to the server it communicates with being dead. Nonetheless, it seems a matter of time before more serious attacks, implementing the proof-of-concept OS X attacks that security researchers have been demonstrating, come to light. One such recent proof-of-concept attack demonstrated an an OS X keylogger though Apple has since patched the route it used.
No action for end user. Bulletins posted 8/26/2009 Twitter Has Evil Pop-Up That Could Hack Your Account If you ever see a Twitter pop-up message that says apifail2 RUN! Close down your browser, turn off your computer, do not pass “Go”, do not collect $200! Why such panic? Because, if you ever see a pop-up similar to that above, it may not be as innocuous as the one created by the guys over at Dave Naylor’s blog. In fact, someone with half an ounce of tech savvy could …make a Twitter ‘application’ and start sending tweets with it. Using the simple instructions below, it can be arranged so that if another Twitter user so much as sees one of these tweets – and they are logged in to Twitter – their account could be taken over. Yikes! Twitter confirmed that the exploit had been fixed, but apparently no one over at Twitter thought to contact Naylor’s team to learn exactly how they exploited the web interface, because even after the fix, they replicated it. If you’re using a third-party application to send and read Tweets, you should be safe. Other advice includes: If you’re not logged in to Twitter, there’s no opportunity to steal your details or impersonate you, however malicious code could still send you to other websites or otherwise annoy you, so it doesn’t completely fix the problem. Unfollow anyone you don’t know or don’t trust that could be exploiting this. Who’s to say they’re not already stealing your details? If you don’t see their tweets they can’t harm you. Let’s hope that Twitter gets a real fix in place soon. The flaw is particularly serious because all it takes to take advantage of the vulnerability is a message from a regular MSN user, not necessarily on a targeted user's buddy list, the SANS Institute Internet Storm Centre warns. User should Unfollow anyone you don’t know or don’t trust that could be exploiting this From http://www.webpronews.com, by Andy BealBulletins posted 8/25/2009 IM client library bug plagues Pidgin Users of Pidgin and other alternative IM clients need to update their software following the discovery of potentially serious security flaws. Pidgin, Finch, Adium, Meebo, and Gaim are all vulnerable to a flaw that stems from a bug in Libpurple, library software for multi-protocol support that's used by many IM clients. The vulnerability stems from bugs in the software function that handles instant messages from the MSN network. The flaw was discovered by CORE Security The flaw is particularly serious because all it takes to take advantage of the vulnerability is a message from a regular MSN user, not necessarily on a targeted user's buddy list, the SANS Institute Internet Storm Centre warns. Per the Pidgin Security Advisory users are advised to update to an IM client that uses non-vulnerable versions of Libpurple (version 2.5.9 or above). From http://www.theregister.co.uk/, by John LeydenBulletins posted 8/21/2009 Microsoft Security Bulletin Minor Revisions - August 19, 2009 Microsoft has released several minnor security updates. Users should run automatic updated. From http://msmvps.com, by DonBulletins posted 8/19/2009 Opera has announced the release of its Beta 3 release of the Opera 10 browser. Opera has run over 10 million tests on the beta and has received plenty of feedback. They say performance and stability were prioritized in this version. "For us, it is a resounding success when more than one million people use your beta and are excited enough to give us so much actionable feedback," says Opera CEO Jon von Tetzchner. "This third beta comes after a lot of careful improvements. We have never released such a solid piece of technology that not only runs seamlessly, but is so nice to look at as well. I am proud of this release, and I hope that the Web-using world will benefit from a browser that is truly ready to do some heavy lifting." The release does not come with Opera Unite, the company's recently announced inter-browser communication technology. That is still in alpha mode and will be released to beta in due time. Users can download the Opera 10 from Opera's Web site. From http://www.webpronews.com By Chris CrumBulletins posted 8/18/2009 New virus appears as response to Craigslist ad. Email security experts at Red Condor are warning email users about a new virus currently undetected by most virus scanners. New virus appears as response to Craigslist ad. Email security experts at Red Condor are warning email users about a new virus currently undetected by most virus scanners. The virus is embedded in an email that appears to be a response to a craigslist advertisement. The email containing the virus, which was detected August 12, 2009 by Red Condor's Zero Minute Defense Network, includes the subject line, "Re: Car For Sale on craigslist." The email content suggests that the user requested pictures for a car being sold on craigslist and invites the recipient to view the images in a Picasa album. Clicking on the link to the album installs a virus. "Only 13 out of 41 virus scanners detected the file as a virus when Red Condor first identified it," stated the chief executive officer of Red Condor. "This means that if the message was delivered and a user clicked on the link, they'd likely be infected even if they had an anti-virus program running on their desktop computer. With increasingly more ways to get malicious content onto computers and corporate networks, it is important that companies' security solutions are capable of responding quickly and appropriately to eliminate potential threats. Traditional signature-based virus engines are simply not enough protection against today's spammers and cybercriminals. After all, it only takes one click.". Users should delete any email with the subject line "Re: Car For Sale on craigslist." From http://www.darkreading.comDNS changing Trojan hits Apple Macs when disguised as a MacCinema Installer Det Caraig, technical communications spokesperson at Trend Micro, claimed that this is the latest variant of OSX_JAHLAV.C, which was identified in June. It is supposedly a QuickTime Player update with the file name QuickTimeUpdate.dmg, and as with earlier variants, users are prompted to download the malware when trying to view certain online videos from .com domains with the IP address 91.214.45.73. Once infected, a victim's web traffic can then be diverted to the website of the attacker's choosing. Caraig said: “The Trojan contains component files detected as UNIX_JAHLAV.D and obfuscated scripts detected as PERL_JAHLAV.F. The Perl script then downloads a file from a malicious site and stores it as /tmp/{random 3 numbers}, detected as UNIX_DNSCHAN.AA, which allows a malicious user to monitor the affected user's activities. This may also cause the user to be redirected to phishing sites or sites where other malware may be downloaded from.” Trend Micro advanced threats researcher Feike Hacquebord claimed that the domain names have been set up such that when the main IP goes or is taken down, cybercriminals can easily move the backend to another IP address without the need to change code or scripts. The company warned Mac users to be wary of prompts to download software updates that do not come from Apple's legitimate website. Writing on the ZDNet blog, independent security consultant and cyber threats analyst Dancho Danchev, said: “Not only are cybercriminals beginning to acknowledge the ‘under-served' Mac OS X segment, but also, they're already borrowing tricks from the Microsoft Windows playbook such as OS-independent tactics like fake codecs and bogus video players. “The irony? Both the Mac OS X and Windows malware are hosted on the same domains, with copies of each served on the basis on browser detection. Mac users should only download updates that come directly from Apple's legitimate website. From http://www.scmagazineuk.com, by Dan Raywood <\div>---------------------------------------- |
