F-Secure released security suite with spyware & rootkit protections

F-Secure is now offering its Internet Security 2006. It will tackle spyware, rootkits and uncontrolled Internet usage. The suite integrate the unique F-Secure Blacklight View the press release here Note: F-Secure Blacklight is also available as standalone but it is in BETA phase. BlackLight beta’s expiration has been extended until 1st of January 2006. More info in http://www.europe.f-secure.com/blacklight/

Keeping your system and application uptodate is your first defense; Are you conservative?

I blogged before that we must NOT be conservative because malware don’t.  Malware nowadays is using new tricks to infect users.  There are times malware will use old and new tricks.  If you are conservative** you are at risk.  Alex Eckelberry blogged before a spyware keylogger that were uncovered by his team (Sunbelt’s Research Team). They have been finding Winldra variants and he said you are nuts if you do not want to upgrade your system to Windows Service Pack 2.  Why? Simple.  You’re at risk without SP2.  **whenever I’ll write conservative here —  I mean you are the type of user who want to stick with old system, old … Continue reading Keeping your system and application uptodate is your first defense; Are you conservative?

BitDefender AV Logging Function Format String Vulnerability

BitDefender Antivirus is a proprietary antivirus product for multiple platforms.  A format string vulnerability affects the logging functionality of BitDefender Antivirus. This issue is due to a failure of the application to properly sanitize user-supplied input prior to passing it as the format specifier to a formatted printing function.  A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution, and privilege escalation. This issue was reported in BitDefender versions 7.2, 8, and 9 for Windows. Other versions and platforms may also be affected. http://www.securityfocus.com/bid/14968/discuss

ZoneAlarm Pro DDE-IPC Advanced Program Control ByPass Weakness

ZoneAlarm Pro is prone to a weakness that permits the bypassing of the Advanced Program Control feature settings.  An attacker can exploit this weakness to bypass restrictive settings and transmit data to external sources through the use of permitted applications. Solution:  Reports indicate that this issue has been addressed in the latest release of Zone Labs Security Suite; this has not been confirmed by Symantec. http://www.securityfocus.com/bid/14966/discussPoC in http://hackingspirits.com/vuln-rnd/vuln-rnd.html

Vulnerability found in several antivirus & antispyware program

SecuBox Labs reported that several antivirus programs do not scan files that contain extended ASCII characters and characters that are lower than 0x20. An attacker can rename a malicious filename to such a filename which in turn will cause the AntiVirus programs to ignore the filename. Vulnerable Systems:* BitDefender Antivirus* Trustix Antivirus* Avast! Antivirus* Cat Quick Heal Antivirus* Abacre Antivirus* VisNetic Antivirus (bypass only with manual scan)* AntiVir Personnal Edition Antivirus* Clamav for Windows Antivirus* Lavasoft Adware SE Personal Edition* Antiy Ghostbusters Professional Edition Immune Systems:* Kaspersky Antivirus* AVG Free PoC is available. Read more in Securiteam

winMX shut down

“The website for the WinMX file sharing service has been shut down, suggesting that the service, best known for enabling copyright infringements, has crumbled under legal pressure from the Recording Industry Association of America (RIAA).  Cease and desist letters were sent out last week by the RIAA to seven file sharing services, but the organisation declined to specify which services were targeted“  

Trojan army invades Europe and the U.S.

Trojan-based attacks will take over from email phishing in the U.S. and Europe as trojans become more sophisticated and harder to stop, according to a new report. The research by the Information Security Forum (ISF) also warned over the increasing use of ‘moles’ placed in organizations to gain access to prize customers. The survey of 260 ISF members that shows that over a third of members have been affected by phishing attacks. Over 30 percent of these have experienced more than 20 attacks. Read more in SC Magazine

Reading EULAs Can Help Prevent Spyware Infiltration

Reading EULAs Can Help Prevent Spyware Infiltration says Mark Joseph Edwards for Windows IT Pro.  He also discovered the EULAlyzer tool by Javacool Software and he mentioned Facetime’s upcoming tool to analyze a EULA.  The tool is called The Project Truth Serum which is currently in closed beta-testing.

RealNetworks patches players for partners

RealNetworks issued a security update Wednesday to its partners to address vulnerabilities in its RealPlayer and Helix Player. Both media players are at risk, as exploit code has been published that could take advantage of the vulnerabilities in its RealPlayer version Gold and Helix Player Gold running on Linux or Unix. The company said it plans to issue a public release of its security update later this week. In the interim, Real Networks advises users to visit its resource Web site. CNET