Category Archives: General Security News

Seagate settles class action: cash back over misleading hard drive capacities

The world’s largest hard disk manufacturer will offer customers 5% cash back on disk drives bought over the last six years in order to settle a legal action over the measurement of hard drive capacity.

But the real story starts way back, when marketers decided 24 bytes didn’t mean much. In modern terms, it’s equivalent to a fraction of a cent, or the weight of a feather atop a two tonne truck.

Story at http://apcmag.com/7449/seagate_offers_cash_to_customers_for_missing_megabytes via CoU.

You can file your claim at http://www.harddrive-settlement.com/

Storm Worm variant now using Kittycard.exe as filename

Kittycard.exe is now of one the filename use by this Storm Worm.


Email received today:


kitty1028


The new filename is Kittycard.exe:


kitty1028a


Half of malware scanners via VirusTotal.com will detect it while half did not:


kitty1028b kitty1028c


For you… to read:


The Storm Worm: http://www.schneier.com/blog/archives/2007/10/the_storm_worm.html


Just How Bad Is the Storm Worm:


http://blog.washingtonpost.com/securityfix/2007/10/the_storm_worm_maelstrom_or_te.html


My previous blog entries on Kitty (Storm Worm) :


2 more Kitty, Kitty Detection Improving, Norton blocked Kitty, Kitty Kitty

What’s with the malicious PDF file?

Symantec wrote: 

the PDF file will download ldr.exe file

F-Secure reports:

The PDF is spiced with CVE-2007-5020 exploit that downloads ms32.exe that downloads more components.

So I grab both .exe files (ms2.exe and ldr.exe) and uploaded it to Virustotal.com.  The AVs should protect and detect users from it if it failed to detect and block the malicious PDF file.

Scan results:

Only 50% of malware scanners will detect the ms2.exe as malicious.

71.88% of malware scanners will detect the ldr.exe as malicious.

Screenshots of the result at http://www.dozleng.com/updates/index.php?showtopic=16119

Security experts blast New Jersey AG

Security experts are saying that a well-intentioned effort by the New Jersey Office of the Attorney General to combat phishing may backfire.

Earlier this week, State Attorney General Anne Milgram called on four banks — Bank of America, Citibank, Washington Mutual, and New Jersey-based Sun National Bank — to provide her with details on how they respond to phishing incidents.

http://www.networkworld.com/news/2007/102607-security-experts-blast-new-jersey.html

In the wild: Malicious PDF files; Which AV will detect it?

If you haven’t update your Adobe Reader to v8.1.1, you better to do it NOW.

The vulnerability is being exploited now and yup, it’s in the wild because I received copies already.  Screenshots at http://www.dozleng.com/updates/index.php?showtopic=16119 

Adobe fixed the security issue by releasing v8.1.1.  See their advisory here and please update NOW.

Microsoft updated their security advisory on the above due to increased of threat level.

Read the write-up of Symantec on what they detected and blocked in the email I received : Bloodhound.Exploit.163 – Bloodhound.Exploit.163 is a heuristic detection for PDF files attempting to exploit the Adobe Acrobat Mailto Unspecified PDF File Security Vulnerability

See also: http://blogs.technet.com/robert_hensing/archive/2007/10/26/it-begins-pdf-spam-run.aspx (Thanks to MVP Susan Bradley for the link)

Update:  Go to http://www.dozleng.com/updates/index.php?showtopic=16119 to see the VirusTotal.com scan result to find out which malware scanners is FAST in detecting malicious files that is IN THE WILD.

Free Software Tests for Bot Infections

PineApp has released a free zombie test that can instantly discover whether an organization’s computer network might be an unwitting spamming machine — a “zombie” or “bot” — that can send thousands of infected spam messages to other networks—without its knowledge.

As a global provider of appliance-based solutions for email and network security, PineApp Corporation (http://www.pineapp.com) has created the free diagnostic tool—Zombie Detection System™ (ZDS™)—to determine if a network is infected. Organizations can simply go to http://www.rbltest.com/, enter the IP address and get an instant analysis.

http://www.darkreading.com/document.asp?doc_id=137353