Mespam: Infecting Web 2.0 with LSP

Symantec noticed that new Mespam takes advantage of new Web technologies and spreads by injecting malicious links when users interact with the Web.


When users are going to post something on any Web site running VBulletin or phpBB, the Trojan will sneakily add a malicious link into the outgoing Web packet. The same also happens when users are sending emails using clients such as Gmail, Yahoo, Lycos, Tiscali, AOL, and many popular Web-based mail applications.


http://www.symantec.com/enterprise/security_response/weblog/2007/02/mespam_infecting_web_20_with_l.html

Dell Vista Upgrade Kits Begin Shipping

From Dell’s blog:


The Vista express upgrade kits started shipping this week and will ship in a first-in-first-out order. You will receive two DVDs: one for the Vista operating system itself, and The Dell Vista Upgrade Assistant DVD. The Upgrade Assistant DVD includes Vista drivers and applications. Most customers should receive their kits in the coming weeks. To check the status of your order, please visit http://www.dellvistaupgrade.com and click on Order Status at the top of the page.

http://direct2dell.com/one2one/archive/2007/02/28/7088.aspx

McAfee Security Bulletin: Virex 7.7 patch 1 or higher fixes vulnerabilities

Software: McAfee VirusScan for Mac (Virex) 7.x


Kevin Finisterre has reported a vulnerability in McAfee Virex, which can be exploited by malicious, local users to gain escalated privileges.


The vulnerability is caused due to /Library/Application Support/Virex/VShieldExclude.txt having insecure permissions (world writable) and being created insecurely. This can be exploited to create arbitrary files with escalated privileges via symlink attacks.


The vulnerability is reported in version 7.7. Other versions may also be affected.


Solution: McAfee Virex version 7.7 (Build 163):


Apply Virex 77 Patch 1 (see vendor advisory for details).
https://mysupport.mcafee.com/eservice_enu/


Original Advisory:
McAfee: https://knowledge.mcafee.com/article/283/518722_f.SAL_Public.html


Netragard Research: http://www.netragard.com/pdfs/research/NETRAGARD-20070220.txt

PC hardware can pose rootkit threat

PC hardware components can provide a way for hackers to sneak malicious code onto a computer, a security researcher warned Wednesday.


Every component in a PC, such as graphics cards, DVD drives and batteries, has some memory space for the software that runs it, called firmware. Miscreants could use this space to hide malicious code that would load the next time the PC boots, John Heasman, research director at NGS Software, said in a presentation at this week’s Black Hat DC event


http://news.com.com/PC+hardware+can+pose+rootkit+threat/2100-7349_3-6162924.html

Symantec releases Vista research

Security giant Symantec has released the first three of six technical research papers evaluating Windows Vista security components.


The research papers cover a range of Vista security mechanisms in-depth, from its Address Space Layout Randomization (ASLR) technology designed to thwart heap overflows and certain malware attack methods, to buffer overflow protection in Vista’s Visual Studio C++ compiler and an evaluation of how well legacy malware works on Vista’s OS.


http://www.securityfocus.com/brief/446

A third of SA’s PCs have spyware

US anti-spyware company Webroot estimates almost one out of every three PCs in SA have some form of spyware on their systems – a claim Standard Bank agrees with.


Daniel Mothersdale, Webroot’s marketing director for Europe, Middle East and Africa, says according to his company’s research, 27% of PCs in SA have some kind of malicious spyware on them. This is just below the estimated 35% of PCs in the UK.


http://www.itweb.co.za/sections/software/2007/0702281401.asp