Script Kiddies want to fight piracy, released malware

Here in SophosLabs, we are quite used to seeing popular musician’s images and names being used to spread malware. But this piece of malware I saw today attempts to stop global music piracy, which incidentally seems to be on the rise lately because of the economic downturn. It looks to have been written by some Indonesian script kiddies who seem to think that by infecting people’s computers they can stop piracy. http://www.sophos.com/blogs/sophoslabs/post/4557

New version of Secunia PSI features Secure Browsing and WorldMap

Secunia announced the new beta of Secunia PSI v1.0.0.5 offering new features: Secunia PSI WorldMap: Benchmark your score against other users from your own country, see how countries are performing, etc. Secure Browsing Secunia wrote: Secure Browsing is without a doubt one of the most important aspects of online security. If your browser (Internet Explorer, Firefox, etc.) or its plugins  (Adobe Flash Player, QuickTime, Sun Java, etc.) is vulnerable, then you’re exposed to security threats every single time you visit a website. This is a fact that can’t be disputed. Download Secunia v1.0.0.5 beta (use at your own risk because … Continue reading New version of Secunia PSI features Secure Browsing and WorldMap

Microsoft Security Advisory (971778), Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution

Microsoft Security Advisory (971778) Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution NOTE:  Vista and Windows 7 users are not affected Microsoft is investigating new public reports of a new vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted QuickTime media file. Microsoft is aware of limited, active attacks that use this exploit code. While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not vulnerable. … Continue reading Microsoft Security Advisory (971778), Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution

Phishing site spams contacts of Twitter users

Twitter users have been tricked into divulging their login and password details to a Web site that then spammed their contacts. The culprit is a Web site called TwitterCut. Some Twitter users began getting a message that appeared to be from one of their friends and included a link to the TwitterCut Web site. The message implied they could gain more Twitter contacts by following the link. If a person entered their login details, TwitterCut would then send the same message via Twitter to all of the victim’s contacts, a kind of phishing attack with worm-like characteristics. No malicious software … Continue reading Phishing site spams contacts of Twitter users

Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability

Microsoft DirectX is prone to a remote code-execution vulnerability because the DirectShow component fails to properly handle QuickTime media files. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition. Vulnerable:     Microsoft DirectX 9.0b Microsoft DirectX 9.0 c Microsoft DirectX 9.0 a Microsoft DirectX 9.0 Microsoft DirectX 8.1 Microsoft DirectX 7.0 http://www.securityfocus.com/bid/35139/discuss

Twitter API facilitates worm propagation

Security specialist Aviv Raff reports that the Twitter API can be exploited to spread worms. Among other things, the Twitter API allows users to configure, manage and query the status of their accounts using HTTP requests. Responses are delivered in the form of an XML or JSON document. The twitpic.com photo sharing service is among the application sites that use the API, for example, to retrieve or import a user’s Twitter profile. According to Raff, until recently Twitpic didn’t filter HTML tags from the original Twitter profiles, so profiles containing JavaScript could be saved in Twitpic. Although Twitter (twitter.com) was … Continue reading Twitter API facilitates worm propagation

ESET to Vista SP2 end-users: Downgrade to v3

ESET is suggesting to downgrade to v3 of their NOD32 and ESS products because v4 have compatibility issue with Vista SP2.  The work-around is to downgrade to v3 if the work-around (disable anti-stealth and self-defense in ESET NOD32 or ESS v4 programs) If you have not install Vista SP2, you are not affected. Everyone who has not installed Vista SP2 and if you are using NOD32 v4, please wait for new build. which they plan to release using the updater in the product. More info at http://kb.eset.com/esetkb/index?page=content&id=SOLN2254 For other security programs or other applications that have known issue with Vista … Continue reading ESET to Vista SP2 end-users: Downgrade to v3

A question by The Tech Herald about Comodo Security Certificates

Steve Ragan of The Tech Herald saw the blog and community discussions e.g Calendar of Updates, DSLReports, Wilders about Comodo continues to issue certificates to known malware which MVP Mike Burgess reported to Comodo.  Steve at The Tech Herald wrote: The ten thousand dollar question, which no one asked of Mr. Abdulhayoglu, was why Comodo offers DV certificates free for 90-days. “A free SSL certificate will secure your site and begin building trust,” Comodo’s site states, adding that a free SSL certificate is, “the same as our paid Essential SSL” They even promise no, “faxes, no paperwork and no delays … Continue reading A question by The Tech Herald about Comodo Security Certificates

Tall Emu give away Online Armor!

I found a topic in Calendar of Updates forum and learn that the Giveawayoftheday website is providing a free (paid edition) of Online Armor firewall by Tall Emu. http://www.giveawayoftheday.com/online-armor/ What I can say? Grab it. It’s a nice firewall software.  The offer is for 1 day only! Unlike some other security software, you will see the installer with:   which means the installer have or: But not with Online Armor because Online Armor do not have unwanted add-on or:   and Mike Nash, the CEO of Tall Emu said No to Ask Toolbar.

Vista SP2 Installation Experience: Got Vista SP2 badge already?

People at Calendar of Updates forum have tried today to install Vista Service Pack 2.  One of them have seen a bluescreen while the other is successful.  Ray (aka Ourstanley) posted his “Vista SP2” badge! Vista SP2 Badge? I mean, the “About Vista SP2” 😀 What Ray did prior installing SP2 is disable security tools: Antivirus, Firewall, Anti-Malware. http://www.calendarofupdates.com/updates/index.php?showtopic=19654 BTW, some known issues in installing Vista SP2 below: The Advanced Key Settings Hot keys for input languages list is limited to 32 languages On Windows Vista SP2-based computers. Work-around is in KB971645 Docking or Undocking a Windows Vista Service Pack … Continue reading Vista SP2 Installation Experience: Got Vista SP2 badge already?