Next Page >>
malware
Abstract:
Some Windows antivirus software fails to detect, block and/or
disinfect/move/delete malware if the malware EXE file has only
execution permission and no read, write or other permissions.
The worst cases are NOD32 and Avast antivirus, which allow the
malware to run unimpeded. Avast has fixed the flaw while NOD32
is still vulnerable as of this writing.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-04-13-1 Flashback malware removal tool
Flashback malware removal tool is now available and addresses the
following:
Malware removal
Available for: OS X Lion v10.7 or later without Java installed
The scan-function and the online-scanner OnGuard doesn't
scan .sit- and .dmg-archives.
Impact:
It's possible to download malware from the internet or
to copy it from an usb-stick without interruption from
iAntiVirus.
Malware in .sit-archives is recognized by OnGuard during
manuel decompression, but malware in .dmg-diskimages is
only recognized during a manual scan of the mounted image.
systems to prevent
> pretty much anything from being installed or modified. So everytime you
opened up a brand
> new session of ie and tried to access an external site you were prompted
for your
> username/password. Somehow I doubt there's any malware around that is
designed to survive
> in that type of an environment.
(This is far enough afield that I'm not cc'ing pdp or Thor or anyone else,
just the lists).
pull off, we can safely say the "future" you state below is here now.
Now, what is interesting is that any exploit requiring social
engineering to work has so far been less of a problem than the vast
majority of "remote buffer overflow" exploits like the Blaster and SQL
worms. Social engineering-required malware still works, and works well,
but not with the same success of remote buffer overflow malware. There
is very little we in the security space can point to as a success...but
the overall decrease in remote buffer overflows is one. Unfortunately,
the social engineering malware is getting better day-by-day. We can no
longer count on mispellings (sic) and bad grammar to be malware
Affected products :
Client-side products
---------------------
These will not be patched, trends reason is that
malware will be detected up on extraction. While this is true for end-user
setups this is not the case if you use such products to scan Fileservers,
Database servers or any server where an enduser does not actively extract
content. The detection is still completely bypassed. In other words you
can no longer assume that RAR,ZIP,CAB (or any other archive) is safe/clean after
a Trendmicro scan with these products .
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03249176
Version: 2
HPSBPV02754 SSRT100803 rev.2 - HP ProCurve 5400 zl Switch, Compact flash card contains trojan malware
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-04-26
Last Updated: 2012-04-26
>
> Now, what is interesting is that any exploit requiring social
> engineering to work has so far been less of a problem than the vast
> majority of "remote buffer overflow" exploits like the Blaster and SQL
> worms. Social engineering-required malware still works, and works
> well, but not with the same success of remote buffer overflow malware.
> There is very little we in the security space can point to as a
success...but
> the overall decrease in remote buffer overflows is one.
[My apologies if this has already been covered - I started this email a
few hours ago, and haven't had a chance to finish it until now.]
I think the point Gadi (and Alex of Sunbelt Software, in his original
blog entry) is trying to make is that professional malware authors have
begun to take notice of Apple. As a piece of malware goes, this trojan
is nothing remarkable in itself, other than the fact that it's aimed at
Mac users.
As Gadi mentioned, there are a number of known issues that Apple has
> pull off, we can safely say the "future" you state below is here now.
>
> Now, what is interesting is that any exploit requiring social
> engineering to work has so far been less of a problem than the vast
> majority of "remote buffer overflow" exploits like the Blaster and SQL
> worms. Social engineering-required malware still works, and works
> well,
> but not with the same success of remote buffer overflow malware. There
> is very little we in the security space can point to as a
success...but
> the overall decrease in remote buffer overflows is one.
I have run across a design issue in VMware's scripting automation API that
diminishes VM guest/host isolation in such a manner to facilitate privilege
escalation, spreading of malware, and compromise of guest operating systems.
VMware's scripting API allows a malicious script on the host machine to
execute programs, open URLs, and perform other privileged operations on any
guest operating system open at the console, without requiring any
credentials on the guest operating system. Furthermore, the script can
execute programs even if you lock the desktop of the guest OS.
Dear all,
I want to share with you this phenomenon.
Web malwares are heavily attacking big hosting providers during the last days.
In particular, as I know, attacks were moved against GoDaddy (USA) and Aruba (Italy). All index files were infected. If you are a customer of the above providers, it's enough to remove the malware script, if your website was infected.
There are a couple of malwares attacking Aruba, at the moment. I just did some reverse engingeering of the last one I found.
Twitter.com is being used to support the script execution.
Cheers,
Angelo Rosiello
'OS X is the new Windows 98.'
Its sensationalist and of no use, especially when posted to lists that
are supposedly populated with security experts. Everyone here is aware
of the consequences of malware and the manipulation of end users to
spread it. Of course its interesting that a criminal group has taken
to spreading this but hyping up the consequences of it do nobody any
good and is just spreading FUD. To me it seems like the original
poster is trying to get a quote in some tech/security/computer
magazine.
Classifications:
* Attack Method: Unknown
* Country: France
* Country: Libya
* Outcome: Planting of Malware
* Vertical: Government
To iframe or not to iframe, this is the question. As malware becomes more
popular, the number of incidents, mostly insignificant, in which malware was
planted on a hacked site is rising and WHID is not the right place to list
NOTE: Resending this was blocked last time.
Profit-driven malware has gotten very good at using Social Engineering
(backed up with Exploits) to spread itself. Zlob and it Codecs are one
particular example that has worked very well on Windows, even by
simply getting the user to install the software willingly. The
Storm/Zhelatin/Russian Business Network group however are by far the
best at this. They have shown time and time the power of simple Social
Engineering in order to infect victims machines. Zlob may have been
the first for profit malware to make the jump, but if it proves
Hi Vladimir,
Please understand that I will not enter that discussion any longer.
Please note that :
V3D> is not malware/intrusion or malware in the form unused in-the-wild
V3D> is not vulnerability.
Is false. It is recognised malware, else the test woulnd't make sense -
obviously.
those markers is parsed and interpreted. Furthermore PDF files are read from
the bottom to the top.
Adobe Acrobat nor the FoxitReader care too much about the data that
comes prior the magic byte, the kaspersky engine does, not only does
it care, it fails to detect the malware inside the PDF file.
I will spare you the details, a PDF file is bascialy a container that
starts with %PDF and ends with %%EOF.
What follows are the details of this evasion, note this one is generic
WINDOWS REQUIRES IMMEDIATE ATTENTION
=============================
ATTENTION ! Security Center has detected
malware on your computer !
Affected Software:
Microsoft Windows NT Workstation
Microsoft Windows NT Server 4.0
ABSTRACT
Nowadays most of the malware applications are either packed or protected.
This techniques are applied especially to evade signature based detectors
and also to complicate the job of reverse engineers or security analysts.
The time one must spend on unpacking or decrypting malware layers is often
very long and in fact remains the most complicated task in the overall
process of malware analysis. In this report author proposes MmmBop as a
relatively new concept of using dynamic binary instrumentation techniques
CALL FOR PAPERS
DIMVA 2011
Eighth International Conference on
Detection of Intrusions and Malware & Vulnerability Assessment
Organized by GI SIG SIDAR
In Cooperation with
IEEE Computer Society Task Force on Information Assurance
Classifications:
* Attack Method: Unknown
* Country: France
* Country: Libya
* Outcome: Planting of Malware
* Vertical: Government
To iframe or not to iframe, this is the question. As malware becomes more
popular, the number of incidents, mostly insignificant, in which malware was
planted on a hacked site is rising and WHID is not the right place to list
///////////////
Architecture of the vulnerable HP Info Center software gives an attacker few different
attack vector combinations:
- remote automated download and execute (e.g. malware instalation)
- remote registry arbitrary key access (e.g. attack preparation, remote system info gathering)
- remote registry data modification (e.g. sensitive data manipulation, malware instalation, DoS attacks)
- system disk data area manipulation and user documents alteration (e.g. system files manipulation,
sensitive user documents access, entire system crash DoS attacks)
> Classifications:
>
> * Attack Method: Unknown
> * Country: France
> * Country: Libya
> * Outcome: Planting of Malware
> * Vertical: Government
>
> To iframe or not to iframe, this is the question. As malware becomes more
> popular, the number of incidents, mostly insignificant, in which malware was
> planted on a hacked site is rising and WHID is not the right place to list
Eric's talk seems to be a good start on risk analysis of gadgets generically.
The design of Vista gadgets seems particularly troubling since it seemed to
have several design flaws which were the subject of the paper.
> Given what an incredible attack vector they are (it's pretty much an open
> invitation to get malware onto PCs), I'm amazed there haven't been any
> serious exploits yet. I guess the relatively low uptake of Vista (compared
> to the XP installed base) has meant that they're not a significant target
> for the malware industry just yet, since it's still more profitable to do a
> drive-by iframe exploit and hit all OSes than to mount a Vista-only attack.
Classifications:
* Attack Method: Unknown
* Country: France
* Country: Libya
* Outcome: Planting of Malware
* Vertical: Government
To iframe or not to iframe, this is the question. As malware becomes more
popular, the number of incidents, mostly insignificant, in which malware was
planted on a hacked site is rising and WHID is not the right place to list
* In the US a small financial firm in Montana lost the information of all
its 226,000 customers
(http://www.webappsec.org/projects/whid/byid_id_2008-08.shtml)
But the incident I want to focus on this week is one I just added from late
last year: In India a large newspaper site was broken into and malware was
planted on it
(http://www.webappsec.org/projects/whid/byid_id_2007-85.shtml). Why is it
important? based on a recent report by WebSense, 51% of the sites hosing
malware are legitimate sites that have been broken into. This is a major
shift in web based threats. For end users, it is not sufficient anymore to
Hello Readers, here we are with issue20 of ClubHack Mag for the month of September 2011. This time the theme is Malwares.
This issue covers following articles:-
0x00 Tech Gyan - Rootkits are Back with the Boot Infection
0x01 Tool Gyan - Tools for Reverse Engineering and Malware Analysis
0x02 Mom's Guide - Introduction to Malware & Malware Analysis
0x03 Legal Gyan - Law relating to Cyber Pornography in India
0x04 Matriux Vibhag - Ostinato - Wireshark in Reverse
0x05 Poster of the Month - Angry Malwares
>
> WINDOWS REQUIRES IMMEDIATE ATTENTION
> =============================
>
> ATTENTION ! Security Center has detected
> malware on your computer !
>
> Affected Software:
>
> Microsoft Windows NT Workstation
> Microsoft Windows NT Server 4.0
CALL FOR PAPERS
DIMVA 2011
Eighth International Conference on
Detection of Intrusions and Malware & Vulnerability Assessment
Organized by GI SIG SIDAR
In Cooperation with
IEEE Computer Society Task Force on Information Assurance
> Microsoft's
> software allowed investigators to identify which IP address was being
> used to operate the
> botnet, Gaudreau said. And that cracked the case." This is not
> difficult, detect a DST
> (destination) for malware sent from Farmer John's machine. Simple, good
> guys win,
> everyone is happy.
>
> The concept of Microsoft's Malicious Software Removal tool not being a
> backdoor is
Next Page>>
|
