Here’s the Press Release:http://www.prweb.com/releases/2008/10/prweb1504344.htm An Esthost representative also posted a message to NANOG a while back – as far as I know, there was only one public response:http://www.gossamer-threads.com/lists/nanog/users/109300 Do I believe that Estdomains/Esthost are innocent victims? Nah… too much has happened for too long. Let’s not forge these Washington Post articles: Part 1:http://voices.washingtonpost.com/securityfix/2008/09/estdomains.html Part […]
Edit: A detailed description of the vulnerability has been published here:http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx Of particular importance is this quote: “This is a serious vulnerability and we have seen targeted attacks using this vulnerability to compromise fully-patched Windows XP and Windows Server 2003 computers so we have released the fix “out of band” (not on the regular […]
Quote: Microsoft is scheduled to release a security bulletin (out-of-band) to address a vulnerability in all currently supported versions of Windows. The bulletin is scheduled for release at approximately 10 A.M. Pacific Time on Thursday, October 23, 2008. This security update will be released outside of the usual monthly security bulletin release cycle in an […]
What do you get when you combine a busy evening, an ongoing IM chat and a moment of inattention? You get what you see to left of screen. Note that I declined the download… don’t play with with fire by downloading the virus, even if you know what it is and just want to experiment. […]
Its all marketing spiel, but somebody may find it useful ;o)http://www.microsoft.com/downloads/details.aspx?familyid=75973693-9a7f-4a42-9ddd-8b029361e766&displaylang=en&tm
Note: the incident has been reported to a contact at allmusic. Originally discovered by Kimberley. Malicious SWF: web.checkm8.com/Ads/435513/bill_300x250-border.swf Encrypted dynamic text within malvertisement: From web.checkm8.com we hit clickmatter.net, which loads a “static.gif” which is actually an SWF. From there I was bounced to windows-scannercenter.com to onlinetds.info and forcedscan.com. web.checkm8.com were involved […]
Adobe Flash keeps its title as the “Typhoid Mary of the Internet“. Kimberley has put in some hard yards, and posted a comprehensive article that proves that Flash 10 is NOT stopping SWF malvertizement hijacks. You can read all about it here:http://www.bluetack.co.uk/forums/index.php?s=f3bfcacbac0c1eba459283546fb127e9&showtopic=18064&st=150&p=89649&# “A perfect Flash file is the one that is never loaded by your […]
Hit this one today: go-scan-pro.com -78.157.143.184 -Latvia, Vdhost LtdICANN Registar: REGTIME LTD.Created on: 7 October 2008NS: NS1.SITELUTIONS.COMNS: NS2.SITELUTIONS.COMRegistrant: Petr Bernatzik Email: feetecho@gmail.com Organization: Bernatzik Co Address: Dobevska 877/4 City: Praha State: Kamyk ZIP: 14300 Country: CZ Phone: +420.60176712 Fax: Shared IP:1. Cokiran.com 2. Go-iascan.com 3. Go-scan-pro.com 4. Goscanpc.com 5. Ia-free-scanner.com 6. Ia-install-pro.com 7. Ia-installs.com […]
Nope, no surprise there. Cite: http://blogs.technet.com/mmpc/archive/2008/10/17/sql-injection-new-approach-for-win32-fakexpa.aspx Check out the exploits being used: * MDAC remote code execution (MS06-014)* ShockwaveFlash.ShockwaveFlash.9 exploit* WebViewFolderIcon setSlice() exploit (MS06-057)* Msdds.dll exploit (MS05-052)* Microsoft Works exploit (MS08-052)* Creative Software AutoUpdate Engine exploit* Online Media Technologies NCTsoft NCTAudioFile2 ActiveX buffer overflow* Ourgame GLWorld GLIEDown2.dll exploit* DirectAnimation.PathControl buffer overflow (MS06-067) As for […]
It seems to me that Directi is not even close to cleaning up its act, and they certainly don’t seem to be keeping away from domains that are used to facilitate the distribution of fraudware. Just over the past few days I have encountered quicktds.com (which had been registered since 16 Sept), pcvirusbuster.com (registered 7 […]