School nixes malware with open source

A team of IT staffers at the University of Indianapolis last week showed off a bundle of open source tools and scripts it uses to trap and isolate PCs infected by viruses or spyware. To detect traffic anomalies, Austin says, the team wrote plug-ins for three open source programs – Snort, an intrusion-detection program; Amavisd, an interface between message transfer agents and various content checking programs; and NMAP , a network scanner. A tool called Bleeding Snort keeps Snort’s virus signatures updated daily. Read more in http://www.networkworld.com/news/2005/102405-shelob.html

Virus writers craft PnP botnet client (Zombie network fails to bite)

“Mocbot tries to connect to two IRC servers in Russia, but the servers seem to be down (or overloaded), according to Finnish anti-virus firm F-Secure. “we received reports that the bot channel may instruct all joining bots to start automatically scanning for vulnerable computers, thus acting as automatic worms. But both channels used to control this spread are not working,” said said Mikko Hyppönen, chief research at F-Secure.” But there’s an interesting update: “UpdateEarly and, as it turns out, incorrect analysis suggested that Mocbot used a more recently Microsoft Plug and Play vulnerability, MS05-047. This was incorrect. The confusion was … Continue reading Virus writers craft PnP botnet client (Zombie network fails to bite)

New threat simulator: DFK Threat Simulator (DFKTS)

“Although the security community has relied on the “Eicar Antivirus Test File” for years, the complex advances in malware requires a more modern and thorough threat simulation. To this end the “DFK Threat Simulator” was created. Bundling a declawed collection of dropper, rootkit, virus, trojan, spyware, keylogger, leaktest, and alternate data stream technology, the DFK Threat Simulator is a serious representation of the modern dangers facing computer users today.“ DFKTS Threat Simulator’s full description can be found in http://www.morgud.com/interests/security/dfk-threat-simulator.asp (with screenshots and file download) via Sunbelt Blog.  Alex Eckelberry’s Note –  this is only for highly experienced users.  Don’t play … Continue reading New threat simulator: DFK Threat Simulator (DFKTS)

phpBB Avatar Upload HTML Injection Vulnerability

phpBB is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible. This issue is only present when using the Microsoft Internet Explorer Web browser. Solution:  The vendor has acknowledged this vulnerability and will be releasing a patch in … Continue reading phpBB Avatar Upload HTML Injection Vulnerability

CA.com Germany offering free 1 year of PestPatrol antispyware

I found an update entry in Calendar of Updates where eTrust PestPatrol v5 is offered as free (with 1 year license).  It says the offer is valid until 1st of November 2005.  However the download link seems dead at the time of this blog entry.  Early catchers are happy for sure to receive free 1 year antispyware protection by eTrust.

One password to rule them all

A default password leaves private information on tens of thousands of California children open to the public. Private information on children and teachers in several California school districts is no longer private, thanks to a flawed procedure in allocating new passwords, the San Francisco Chronicle reports.Names, ID numbers, test scores and more were accessible by using the teacher’s username and a generic password set by the district. The system has since been shut down, following a call by a reporter to the administrators informing them of the flaw. http://www.securityfocus.com/brief/20

Yahoo fixes Web mail security flaw

Yahoo has fixed a security flaw in its free Web-based e-mail service that opened the door to phishing scams, account hijacks and other attacks.  The flaw, known as a cross-site scripting vulnerability, existed because Yahoo’s Web site did not detect certain script tags in combination with certain special characters, according to SEC Consult, which issued an advisory on the flaw Friday. Cross-site scripting flaws are found regularly, including recently in Google’s Web site and earlier this year in Microsoft’s Xbox 360 site. Flaws have also been found on Yahoo’s site. An attacker could exploit this type of flaw to hijack … Continue reading Yahoo fixes Web mail security flaw

Hackers, Scammers Hide Malicious JavaScript On Web Sites

Hackers and scammers have suddenly turned to a new technique to hide malicious JavaScript on compromised or criminal sites, a security researcher said Thursday. According to Dan Hubbard, the senior director of security and research at Websense, a family of obfuscation routines with the umbrella name of “JS/Wonka” has spread wildly in the last few weeks. “For whatever reason, the number has just skyrocketed since the last of September,” said Hubbard. “There are 10,000 unique sites using this exact same method. The strange thing is, they’re completely different types of sites.” It’s not uncommon to see hackers and scammers try … Continue reading Hackers, Scammers Hide Malicious JavaScript On Web Sites