Computer News & Safety – Harry Waldron Rotating Header Image

February 23rd, 2012:

Malware – New Trojan hijacks Windows DLL

Bitdefender documents a new trojan attack that embeds itself in a Windows DLL

Malware – New Trojan hijacks Windows DLL
http://securitywatch.pcmag.com/malware/294461-new-dropper-trojan-hijacks-critical-dll
http://www.malwarecity.com/blog/newly-found-dropper-skirts-startup-list-by-hijacking-critical-dll-file-1256.html

QUOTE: Bitdefender researchers have come across a new Trojan that uses a completely different technique. It patches COMRES.DLL so that whenever the DLL gets loaded it executes the malware code. The malware may not get launched the very minute Windows boots up, but it only has to wait until a browser, communications application, or network tool launches COMRES.DLL.

Of course this shouldn’t be possible; Windows shouldn’t permit modification of a critical DLL. However, Bitdefender’s team found that it does. The threat also makes use of a simpler technique that takes advantage of the way Windows programs load DLLs. In many cases, putting a same-named DLL in the same folder as the victim application will cause it to load the changeling DLL rather than the valid Windows file.

Bitdefender provides more details on this new threat:
http://www.malwarecity.com/blog/newly-found-dropper-skirts-startup-list-by-hijacking-critical-dll-file-1256.html

Apache 2.4 Security Features for new version

The ISC and Apache highlight security features in the latest release

Apache 2.4 Security Features for new version
http://isc.sans.edu/diary.html?storyid=12643
http://httpd.apache.org/docs/2.4/new_features_2_4.html

QUOTE: The Apache Foundation released version 2.4.1 of its popular web server, including a number of interesting changes. Among the features, I would like to highlight some of the security relevant changes:

– More granular logging
– Various changes to timeouts
– Changes to the proxy configuration
– Apache now includes a “mod_session” that will have Apache take care of sessions
– Mod_ssl has been improved to allow it to check for invalid client certificates via OCSP.