HD Moore pwned with his own DNS exploit, vulnerable AT&T DNS servers to blame

A week after |)ruid and HD Moore release part 2 of DNS exploit, HD Moore’s company BreakingPoint has suffered a traffic redirection to a rogue Google site, thanks to the already poisoned cache at AT&T servers to which his company was forwarding DNS traffic. http://blogs.zdnet.com/security/?p=1608 That’s sad.  I switched to OpenDNS servers when I found out that the ISP’s DNS servers here is vulnerable to cache poisoning.  I send the ISP an email but did not get a response.  I don’t mind as long they are working on it.  Today, I thought of checking the ISP’s DNS servers status by … Continue reading HD Moore pwned with his own DNS exploit, vulnerable AT&T DNS servers to blame

Trend Micro OfficeScan Web-Deployment ObjRemoveCtrl Class Buffer Overflows

Elazar Broad has discovered some vulnerabilities in Trend Micro OfficeScan, which can be exploited by malicious people to compromise a user’s system. The vulnerabilities are caused due to boundary errors in the OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class ActiveX control (OfficeScanRemoveCtrl.dll) on an OfficeScan client when attempting to display a list of configuration settings. These can be exploited to cause stack-based buffer overflows by passing overly long properties when a user e.g. visits a malicious web site. Successful exploitation allows execution of arbitrary code, but requires that OfficeScan client was installed using web deployment. The vulnerabilities are confirmed in version … Continue reading Trend Micro OfficeScan Web-Deployment ObjRemoveCtrl Class Buffer Overflows

Symantec debuts Norton Safe Web public beta plug-in for NIS

Symantec has launched the public beta program of a new product that aims to protect consumers while they browse the web. The company claims it is entering the market because current tools that show users which sites may be unsafe simply aren’t up to par. Norton Safe Web is currently a plug-in for the beta of Norton Internet Security (NIS) 2009, which debuted last week. Once both products go final, it will be included in NIS. http://arstechnica.com/journals/microsoft.ars/2008/07/28/symantec-debuts-norton-safe-web-public-beta-plug-in-for-nis is this site safe? Find out at http://safeweb.norton.com/ 😀

FBI Looks into Facebook – Malware SPAM

That’s the new malware spam today.  The email link will download fbi_facebook.exe.  Only 18 out of 35 scanners over at Virustotal.com will detect infection. Details at http://www.dozleng.com/updates/index.php?showtopic=16208

Malware Spam: Fake Trend Micro iClean

Trend Micro’s Blog reports that a fake Trend Micro Virus Clean Tool is spreading in email as attachment. The email message was fashioned to look like an email message sent by Trend Micro, with the file attachment iClean20.EXE. But be warned: iClean20.EXE is detected by Trend Micro as TROJ_FAKECLEAN.A. TROJ_FAKECLEAN.A drops two files, one detected as BKDR_POISON.GO and the other, the real iClean tool. Dropping the legitimate tool along with the malware must have been done to fool users that the message was indeed from Trend Micro, and that the tool was the only file downloaded into their systems. More … Continue reading Malware Spam: Fake Trend Micro iClean

New DNS exploit now in the wild and having a blast

Article at http://arstechnica.com/news.ars/post/20080726-new-dns-exploit-now-in-the-wild-and-having-a-blast.html I added OpenDNS logo here in my blog (at left pane).  You should see “sweet” if you are already using OpenDNS servers: OpenDNS DNS servers: Go to http://www.opendns.com to get started or just enter the above DNS servers in your connection settings.  When you’re done, go to http://www.opendns.com/welcome/, you should see: I have the same in Calendar of Updates portal. Test if your DNS servers is vulnerable: http://www.doxpara.com/ https://www.dns-oarc.net/

Microsoft Security Advisory (956187)

Increased Threat for DNS Spoofing VulnerabilityPublished: July 25, 2008 Microsoft released Microsoft Security Bulletin MS08-037 on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the Internet. Microsoft is not currently aware of active attacks utilizing this exploit code or of customer impact at this … Continue reading Microsoft Security Advisory (956187)

Web of Trust (WOT) adds new database

Web of Trust (WOT) is an Internet Explorer and Firefox browser add-on which will show rating icon (safe or not) when users search the web using Google, Live or while viewing web-based email like Gmail. It will also blocked the bad sites and let the WOT users rate a site. Previously, their database is based on Phishtank and WOT user’s rating only. Earlier this month, WOT added hpHOSTS database. Yesterday, a new trusted source has been added in WOT’s database: It’s Malware Domains By the way, WOT is now an ASAP site member.