Month: September 2004

WHAT:      Marius van Oers, anti-virus research engineer with McAfee AVERT (Anti-virus and Vulnerability Emergency Response Team) at McAfee, Inc. will discuss malware in a presentation titled, “Malicious Media Files – ASF Scripting.” As part of the presentation, van Oers will teach IT administrators and virus researchers about the .ASF file structure and the possible security issues related to it. WHEN:      Thursday, Sept. 30, 2004 from 2:40 PM – 3:20 PM Eastern Time at the Fairmont Chicago, Chicago, Illinois WHERE:     For more information and to register, please visit: http://www.virusbtn.com/conference/ http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/09-29-2004/0002261420&EDATE=

Antivirus software could be ill-prepared to protect corporate networks from the latest Windows vulnerability–innocent-looking JPEG files that contain security attacks. According to Mikko Hypponen, director of antivirus research for F-Secure, antivirus software will strain to find JPEG malware because by default it only searches for .exe files. “Normal antivirus software by default will not detect JPEGs,” Hypponen said. “You can set your antivirus scanner to look for JPEG, but the trouble is that you can change the file extension on a JPEG to so many things.” http://news.com.com/JPEG+exploit+could+beat+antivirus+software/2100-7349_3-5388633.html

Anti-Phishing: KeyBank – ‘Technical services: Account Update Request’ Summary Email title: ‘Technical services: Account Update Request’ Scam target: KeyBank customers Email format: HTML e-mail Sender: KeyBank – Customer Care Department <keysupport.6381508.148055.0 @ ebusiness.keybank.com>Sender spoofed? Yes Scam call to action: ‘Technical services of the bank are carrying a planned software upgrade… We earnestly ask you to visit the following link to start the procedure of confirmation of your personal data…’ Scam goal: Getting victim’s keybank.com username/password, credit/debit card information Call to action format: URL link Visible link: image link Called link : h++p://www.parisharm.com/cgi-bin/Phish website IP: 66.206.7.127 E-mail KeyBank’s customers are the … Continue reading Anti-Phishing: KeyBank – ‘Technical services: Account Update Request’

by LURHQ Threat Intelligence Group URL http://www.lurhq.com/jpegvirus.html Release DateSeptember 28, 2004 ***JPEG “Virus” Facts*** A great deal of attention is being paid to a supposed “JPEG virus” discovered in a couple of Usenet postings. Because many people are still not familiar with the workings of the current MS04-028 exploits, much misinformation is being spread in public forums. This advisory is being sent to clear up the facts surrounding this posted JPEG exploit. If you have been following Threat #49 in the LURHQ Sherlock Enterprise Security Portal (MS04-028 Jpeg Comment Buffer Overflow Analysis), you may already be aware of most of … Continue reading JPEG “Virus” Facts

Who’s to blame for the hold that spam, spyware and viruses have on the Internet? According to security software vendors, lax PC retailers should be fingered, for allowing “unroadworthy vehicles” out of their doors onto the information highway, to be attacked by viruses and converted into spam-spreading bots. http://www.snpx.com/cgi-bin/news55.cgi?target=71318971?-2622  

Jpeg Of Death.c v0.5 You knew it was coming. And now it’s here – the latest evil spurred by the latest Microsoft security hole. It’s called the JpegOfDeath.c v0.5, but jpg isn’t all it threatens. “[…] for the people out there who think you can only be affected through viewing or downloading a jpeg attachment.. you’re dead wrong,” says K-OTIC’s John Bissell aka HighT1mes. “All the attacker has to do is simply change image extension from .jpg to .bmp or .tif or whatever and stupid Windows will still treat the file as a JPEG :-p…” http://p2pnet.net/story/2563

Traditional security methods aren’t robust enough to cope with today’s multiple threats, and vendors need to up their game to help carriers and enterprises deal with the new techniques being deployed by hackers. So says independent consultant Simon Hill, who has been examining the security market for a Light Reading Webinar, or online seminar, entitled “Multi-Layered Security: Security in an Insecure World,” due to be given tomorrow (Wednesday). Anyone interested in the Webinar can still sign up for free – http://www.lightreading.com/webinar.asp?doc_id=27157 Some security system suppliers, such as Fortinet Inc. and Radware Ltd., have already reacted to the challenge. http://www.lightreading.com/document.asp?site=lightreading&doc_id=59927  

Site Offers Computer Users the Ability to Double Check Their Antivirus Security GLENDALE, Calif., Sept. 28 /PRNewswire/ — Panda Software, one of the leading developers of virus and intrusion prevention solutions, today announced the launch of Panda Challenge (http://www.pandachallenge.com.) PandaChallenge.com is designed for computer users to double check the performance of their antivirus solutions.  As users take the panda challenge Panda Software analyzes and repairs damage done to computers for free.  A special offer is also available for those wishing to purchase solutions from Panda Software. http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/09-28-2004/0002260498&EDATE=

TrekEight, LLC announced today that over 6,000,000 users have used the SpywareNuker line of PC protection software, and 1,300,000 customers have utilized the latest version, SpywareNuker 2004, to check their personal computers for spyware and adware. Spyware and adware are applications and files that can allow hackers and advertising companies to track your PC’s activity. Though usually used for marketing purposes, (such as tracking the websites you visit and the items that you buy online and then directing advertisements to you), spyware can have the capability to record your credit card number, personal identification numbers, and all of your passwords. … Continue reading SpywareNuker Reaches 6,000,000 Users