Computer News & Safety – Harry Waldron Rotating Header Image

October 27th, 2011:

Spam attack promotes false Charity Fund for Steve Jobs

Major news events are often crafted into spam or malicious attacks as noted below:

Spam attack promotes false Charity Fund for Steve Jobs
http://blog.trendmicro.com/spammers-promote-steve-jobs-bogus-charity-fund/

QUOTE: Even after a few weeks following Steve Jobs’ death, spammers are still taking advantage of his demise. We have previously reported about this in the following blog entries:

This time, we received sample spammed messages promoting a supposed charity fund for young and gifted programmers and Web coders in honor of the late Apple co-founder.

Malware Return-Oriented Programming – Detection Method discovered

This recent discovery by researchers could benefit future operating systems and security protection products in future

PC Magazine – New Technique Detects Hidden Exploits
http://securitywatch.pcmag.com/malware/289607-new-technique-detects-hidden-exploits

QUOTE: Modern operating systems don’t make life easy for malware coders. Features like Data Execution Prevention and non-executable memory pages ruin schemes that involve injecting malicious code disguised as data. Modern malefactors have turned to a technique called Return-Oriented Programming (ROP) to get around these restrictions. However, researchers Michalis Polychronakis and Angelos D. Keromytis from Columbia University have invented a way to detect this sneaky technique.

Instead of trying to inject malicious code into the system, the malware writers find the CPU instructions they want in existing processes, typically always-loaded Windows processes. They slip in a list that contains the in-memory addresses of these code chunks, called “gadgets“. By forcing execution of the gadgets in a specific order, they build an exploit without ever placing executable code on the system.