MyDoom Attacks Microsoft.com Through Back Door:
"As many security researchers feared after analyzing the code for MyDoom.O, a second, related attack began in earnest Tuesday with a new piece of code using the back door installed by MyDoom.O to spread itself and launch a DDoS (distributed denial of service) attack against Microsoft.com.
MyDoom.O, also known as MyDoom.M or MyDoom.M@mm, installs a Trojan known as Zincite.A on every PC that it infects. The Trojan opens TCP port 1034 and listens for further commands. Zindos spreads itself by scanning for machines listening on port 1034. When it finds one, Zindos copies itself to the infected PC and then Zincite executes the copy. "
Analysts at Symantec Corp., based in Cupertino, Calif., said Tuesday that they had discovered a previously unknown function in MyDoom.O that keeps track of every system the worm infects.
After finding this, the analysts went back over the code from MyDoom.L and found that that variant contains the same feature. This led the team to conclude that the worms' author may have used the machines infected by the L variant as a seeding ground for the latest version.…
http://www.eweek.com/article2/0,1759,1628180,00.asp
Saturday, July 31, 2004
Unscheduled Security Update Fixes Critical IE Flaws
Unscheduled Security Update Fixes Critical IE Flaws:
"The security bulletin accompanying the updates, numbered MS04-025, addresses three vulnerabilities rated 'critical' that could result in an attacker executing code in the context of a logged-on user. If the user is logged on as Administrator, the attack would have free reign over the system."
The first vulnerability, titled "Navigation Method Cross-Domain Vulnerability," could allow an attacker to execute arbitrary code in the Local Machine security zone. Microsoft reports that many factors can make this vulnerability more difficult to execute, including installing certain previous updates. Nevertheless, Symantec reports this as the most critical of the three vulnerabilities and that they have already seen exploits of it in the wild.
The other two vulnerabilities are related to the browser's handling of image files. Both are buffer overflows in Internet Explorer's handling of these files, one for BMP files and one for GIF files. Internet Explorer 6 Service Pack 1 and Windows Server 2003, both 32-bit and 64-bit editions, are not affected by the BMP file vulnerability.
The GIF buffer overrun affects all versions of Windows and Internet Explorer and results when the attacker attempts to free memory that has already been freed. The bulletin indicates that this is most likely a denial-of-service attack, but the potential exists for it to be used to execute arbitrary code.
The update replaces a previous update, MS04-004. If users have applied that patch and subsequently applied non-public hotfixes they may have to reapply them after applying the new cumulative update. Users should consult the bulletin and Microsoft support.
http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx
http://www.eweek.com/article2/0,1759,1629584,00.asp
"The security bulletin accompanying the updates, numbered MS04-025, addresses three vulnerabilities rated 'critical' that could result in an attacker executing code in the context of a logged-on user. If the user is logged on as Administrator, the attack would have free reign over the system."
The first vulnerability, titled "Navigation Method Cross-Domain Vulnerability," could allow an attacker to execute arbitrary code in the Local Machine security zone. Microsoft reports that many factors can make this vulnerability more difficult to execute, including installing certain previous updates. Nevertheless, Symantec reports this as the most critical of the three vulnerabilities and that they have already seen exploits of it in the wild.
The other two vulnerabilities are related to the browser's handling of image files. Both are buffer overflows in Internet Explorer's handling of these files, one for BMP files and one for GIF files. Internet Explorer 6 Service Pack 1 and Windows Server 2003, both 32-bit and 64-bit editions, are not affected by the BMP file vulnerability.
The GIF buffer overrun affects all versions of Windows and Internet Explorer and results when the attacker attempts to free memory that has already been freed. The bulletin indicates that this is most likely a denial-of-service attack, but the potential exists for it to be used to execute arbitrary code.
The update replaces a previous update, MS04-004. If users have applied that patch and subsequently applied non-public hotfixes they may have to reapply them after applying the new cumulative update. Users should consult the bulletin and Microsoft support.
http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx
http://www.eweek.com/article2/0,1759,1629584,00.asp
Friday, July 30, 2004
Open-Source Exploit Tool: 'Point, Click, Root'
Open-Source Exploit Tool: 'Point, Click, Root':
"It's as easy as 'point, click, root.'
At a heavily attended panel Wednesday at the Black Hat security conference here, HD Moore and 'spoonm' unveiled the latest release of the Metasploit Framework, an exploit tool designed to quickly take over a variety of target platforms."
Although the framework was developed several months ago, the "preview release" of Version 2.2 offers users the opportunity to develop their own custom modules. The tool, written in Perl for Unix environments, also includes a Cygwin shell to enable it to run under Windows. The official Version 2.2 will be available in a week or so.
Both researchers demonstrated the tool "owning," or taking over, Mac OS X, Windows 2000 Server and Windows XP systems, although the duo used a VMWare virtual machine to speed the process. Metasploit even runs on a Sharp Zaurus PDA, which when equipped with a Wi-Fi card can be used to attack while mobile.
The authors described the tool as the open-source, cheap alternative to Immunity's Canvas and Core Security Technology's Impact tools, designed for commercial applications and requiring the latest exploits almost as quickly as possible. Metasploit currently contains 35 exploits and 40 payloads; the tool was designed to point the user to the exploit appropriate for the operating system.
Although available for several months, the tool is apparently still relatively unknown even in security circles, judging from the reaction of attendees. Patrick Chambet, a senior consultant at French IT security firm Edelweb SA, said he found the presentation the most interesting of the day. Another researcher said he worried that Metasploit would be used by "script kiddies" as a means to quickly own other boxes.…
http://www.eweek.com/article2/0,1759,1628707,00.asp?kc=ewnws072904dtx1k0000599
"It's as easy as 'point, click, root.'
At a heavily attended panel Wednesday at the Black Hat security conference here, HD Moore and 'spoonm' unveiled the latest release of the Metasploit Framework, an exploit tool designed to quickly take over a variety of target platforms."
Although the framework was developed several months ago, the "preview release" of Version 2.2 offers users the opportunity to develop their own custom modules. The tool, written in Perl for Unix environments, also includes a Cygwin shell to enable it to run under Windows. The official Version 2.2 will be available in a week or so.
Both researchers demonstrated the tool "owning," or taking over, Mac OS X, Windows 2000 Server and Windows XP systems, although the duo used a VMWare virtual machine to speed the process. Metasploit even runs on a Sharp Zaurus PDA, which when equipped with a Wi-Fi card can be used to attack while mobile.
The authors described the tool as the open-source, cheap alternative to Immunity's Canvas and Core Security Technology's Impact tools, designed for commercial applications and requiring the latest exploits almost as quickly as possible. Metasploit currently contains 35 exploits and 40 payloads; the tool was designed to point the user to the exploit appropriate for the operating system.
Although available for several months, the tool is apparently still relatively unknown even in security circles, judging from the reaction of attendees. Patrick Chambet, a senior consultant at French IT security firm Edelweb SA, said he found the presentation the most interesting of the day. Another researcher said he worried that Metasploit would be used by "script kiddies" as a means to quickly own other boxes.…
http://www.eweek.com/article2/0,1759,1628707,00.asp?kc=ewnws072904dtx1k0000599
Monday, July 26, 2004
Researchers Wonder Why Bagle Virus is a Success
Success of Bagle Virus Puzzles Researchers:
"Several new variants of the venerable Bagle virus visited themselves upon corporate networks last week, frustrating administrators and virus researchers who continue to wonder why these worms can still infect thousands of machines after months of warnings.
None of the most recent variants is particularly innovative or clever in its social engineering efforts or infection methods. Many versions of the Bagle virus actually make it difficult for users to infect machines by requiring them not only to open an attachment but also to enter a password to launch the malware. "
http://www.eweek.com/article2/0,1759,1626686,00.asp?kc=ewnws072604dtx1k0000599
"Several new variants of the venerable Bagle virus visited themselves upon corporate networks last week, frustrating administrators and virus researchers who continue to wonder why these worms can still infect thousands of machines after months of warnings.
None of the most recent variants is particularly innovative or clever in its social engineering efforts or infection methods. Many versions of the Bagle virus actually make it difficult for users to infect machines by requiring them not only to open an attachment but also to enter a password to launch the malware. "
http://www.eweek.com/article2/0,1759,1626686,00.asp?kc=ewnws072604dtx1k0000599
VeriSign: Be Wary Online. Be Very Wary.
VeriSign: Be Wary Online. Be Very Wary.:
"Internet commerce grew 13.2 percent in the past 12 months, according to a new report. Not bad.
But fraud grew faster.
The report, to be released Monday, said phishing attacks, in which fraudsters lure people to sites that mimic those of top retailers in order to steal personal information, have become more acute and global in nature. "
http://www.internetnews.com/ec-news/article.php/3385681
"Internet commerce grew 13.2 percent in the past 12 months, according to a new report. Not bad.
But fraud grew faster.
The report, to be released Monday, said phishing attacks, in which fraudsters lure people to sites that mimic those of top retailers in order to steal personal information, have become more acute and global in nature. "
http://www.internetnews.com/ec-news/article.php/3385681
iPaq handheld can easily switch between cellular and Wi-Fi
HP to Dick Tracy: Bet your phone can't do this - News - ZDNet:
"Hewlett-Packard is introducing its first iPaq handheld that can easily switch between traditional cellular and Wi-Fi networks.
The h6315, which was co-developed with T-Mobile, operates on a traditional cellular network but can automatically hop over onto a faster Wi-Fi connection when one is available. The device also has a built-in camera and a detachable keyboard and can also act as a cell phone using the GSM cellular network. "
http://zdnet.com.com/2100-1103_2-5282083.html
"Hewlett-Packard is introducing its first iPaq handheld that can easily switch between traditional cellular and Wi-Fi networks.
The h6315, which was co-developed with T-Mobile, operates on a traditional cellular network but can automatically hop over onto a faster Wi-Fi connection when one is available. The device also has a built-in camera and a detachable keyboard and can also act as a cell phone using the GSM cellular network. "
http://zdnet.com.com/2100-1103_2-5282083.html
Windows Security Updates for July 2004
Windows Security Updates for July 2004:
"The Microsoft Windows security updates for July 2004 address newly discovered issues in Windows, including Microsoft Internet Explorer and Microsoft Outlook Express, both components of Windows. If you have any of the software listed on this page installed on your computer, you should visit the Windows Update Web site to install related updates."
http://www.microsoft.com/security/bulletins/200407_windows.mspx
"The Microsoft Windows security updates for July 2004 address newly discovered issues in Windows, including Microsoft Internet Explorer and Microsoft Outlook Express, both components of Windows. If you have any of the software listed on this page installed on your computer, you should visit the Windows Update Web site to install related updates."
http://www.microsoft.com/security/bulletins/200407_windows.mspx
Windows XP Home and Professional Service Configurations by Black Viper
Windows XP Home and Professional Service Configurations by Black Viper:
"This section on Windows XP Service Configurations has complete explanations of each service and advice and which ones you can safely disable."
http://www.blackviper.com/WinXP/servicecfg.htm
"This section on Windows XP Service Configurations has complete explanations of each service and advice and which ones you can safely disable."
http://www.blackviper.com/WinXP/servicecfg.htm
Subscribe to:
Posts (Atom)
Posts
