HD Moore pwned with his own DNS exploit, vulnerable AT&T DNS servers to blame

A week after |)ruid and HD Moore release part 2 of DNS exploit, HD Moore’s company BreakingPoint has suffered a traffic redirection to a rogue Google site, thanks to the already poisoned cache at AT&T servers to which his company was forwarding DNS traffic.

http://blogs.zdnet.com/security/?p=1608

That’s sad.  I switched to OpenDNS servers when I found out that the ISP’s DNS servers here is vulnerable to cache poisoning.  I send the ISP an email but did not get a response.  I don’t mind as long they are working on it.  Today, I thought of checking the ISP’s DNS servers status by switching back and nice! they finally patched it!

dns2

I plan to continue using OpenDNS since I don’t see any slowdown in browsing even though I’m very far away from them. 

If your ISP’s DNS servers are vulnerable, please alert them and ask to patch then use OpenDNS while your ISP’s DNS servers is not patched yet.

Trend Micro OfficeScan Web-Deployment ObjRemoveCtrl Class Buffer Overflows

Elazar Broad has discovered some vulnerabilities in Trend Micro OfficeScan, which can be exploited by malicious people to compromise a user’s system.

The vulnerabilities are caused due to boundary errors in the OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class ActiveX control (OfficeScanRemoveCtrl.dll) on an OfficeScan client when attempting to display a list of configuration settings. These can be exploited to cause stack-based buffer overflows by passing overly long properties when a user e.g. visits a malicious web site.

Successful exploitation allows execution of arbitrary code, but requires that OfficeScan client was installed using web deployment.

The vulnerabilities are confirmed in version 7.3 build 1343(Patch 4). Other versions may also be affected.

Solution: Set the kill-bit for the affected ActiveX control.

http://secunia.com/advisories/31277/

Symantec debuts Norton Safe Web public beta plug-in for NIS

Symantec has launched the public beta program of a new product that aims to protect consumers while they browse the web. The company claims it is entering the market because current tools that show users which sites may be unsafe simply aren’t up to par. Norton Safe Web is currently a plug-in for the beta of Norton Internet Security (NIS) 2009, which debuted last week. Once both products go final, it will be included in NIS.

http://arstechnica.com/journals/microsoft.ars/2008/07/28/symantec-debuts-norton-safe-web-public-beta-plug-in-for-nis

is this site safe? Find out at http://safeweb.norton.com/ :D

Malware Spam: Fake Trend Micro iClean

Trend Micro’s Blog reports that a fake Trend Micro Virus Clean Tool is spreading in email as attachment.

The email message was fashioned to look like an email message sent by Trend Micro, with the file attachment iClean20.EXE.

But be warned: iClean20.EXE is detected by Trend Micro as TROJ_FAKECLEAN.A. TROJ_FAKECLEAN.A drops two files, one detected as BKDR_POISON.GO and the other, the real iClean tool. Dropping the legitimate tool along with the malware must have been done to fool users that the message was indeed from Trend Micro, and that the tool was the only file downloaded into their systems.

More info and screenshot at http://blog.trendmicro.com/fake-trend-micro-virus-clean-tool-spreads-malware-dirt/

New DNS exploit now in the wild and having a blast

Article at http://arstechnica.com/news.ars/post/20080726-new-dns-exploit-now-in-the-wild-and-having-a-blast.html


I added OpenDNS logo here in my blog (at left pane).  You should see “sweet” if you are already using OpenDNS servers:


OpenDNS DNS servers:
208.67.222.222
208.67.220.220


opendnsdonnablog


Go to http://www.opendns.com to get started or just enter the above DNS servers in your connection settings. 


When you’re done, go to http://www.opendns.com/welcome/, you should see:


welcomeopendns


I have the same in Calendar of Updates portal.


Test if your DNS servers is vulnerable:


http://www.doxpara.com/


https://www.dns-oarc.net/

Microsoft Security Advisory (956187)

Increased Threat for DNS Spoofing Vulnerability
Published: July 25, 2008

Microsoft released Microsoft Security Bulletin MS08-037 on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the Internet.

Microsoft is not currently aware of active attacks utilizing this exploit code or of customer impact at this time. However, attacks are likely imminent due to the publicly posted proof of concept and Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

Microsoft’s investigation of this exploit code has verified that it does not affect Microsoft customers who have installed the updates detailed in Microsoft Security Bulletin MS08-037. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows.

http://www.microsoft.com/technet/security/advisory/956187.mspx

Web of Trust (WOT) adds new database

Web of Trust (WOT) is an Internet Explorer and Firefox browser add-on which will show rating icon (safe or not) when users search the web using Google, Live or while viewing web-based email like Gmail. It will also blocked the bad sites and let the WOT users rate a site.

Previously, their database is based on Phishtank and WOT user’s rating only. Earlier this month, WOT added hpHOSTS database.

Yesterday, a new trusted source has been added in WOT’s database: It’s Malware Domains

By the way, WOT is now an ASAP site member.