See photos taken from Black Hat 2009 and Defcon, both held last week in Las Vegas, Nev.
Browsing Category: Malware
From CNN (John D. Sutter)
Remember Conficker? The hugely talked-about computer worm seemed poised to wreak havoc on the world’s machines on April Fool’s Day. And then … nothing much happened.
But while the doom and gloom forecast for the massive botnet — a remotely controlled network that security experts say infected about 5 million computers — never came to pass, Conficker is still making some worm hunters nervous. Read the full story [cnn.com]
During their presentation at the Black Hat and Defcon hacker conferences next week in Las Vegas, security experts will release a tool that can be used to break into Oracle databases.
Chris Gates and Mario Ceballos will present Oracle Pentesting Methodology and give out “all the tools to break the ‘unbreakable’ Oracle as Metasploit auxiliary modules,” according to a summary of their presentation on the Defcon Web site. Read the full story [cnet.com]
Malicious hackers have found a new vulnerability in Adobe’s ever-present Flash software and are using rigged PDF documents to launch exploits against Windows targets.
The Adobe Flash Player flaw, which is currently unpatched, affects millions of Windows XP and Windows Vista users. Adobe has acknowledged a “potential vulnerability” but, inexplicably, has not seen it fit to warn of the zero-day attacks or issue pre-patch mitigation guidance to tens of millions of its customers.
From CNet News (Josh Lowensohn)
Microsoft is bringing out the big guns to combat instant message spam and phishing attacks done to users of its Live Messenger network. The Redmond, Wash.-based software giant filed a civil lawsuit Thursday in King County Superior Court in Seattle against Funmobile, Mobilefunster, and several individuals, who Microsoft says is responsible for the intentional misuse of the service to gain the personal information of its users.
In the suit (which is embedded below), Microsoft cites a multitude of attacks including IMs that appear to be coming from users they know, as well as phishing attacks that mimic the look and feel of an outside service, or an official Microsoft support page. Read the full story [cnet.com] Also see Microsoft’s explanation [microsoft.com]
Exploit code for a “highly critical” vulnerability in Mozilla Firefox has been released on the Internet, putting millions of Web surfers at risk of remote code execution attacks.
The vulnerability is currently unpatched, according to an advisory from Secunia.
From IDG News Service (Jeremy Kirk)
Twitter is suspending the accounts of some users whose computers have fallen victim to a well-known piece of malicious software that has targeted other sites such as Facebook and MySpace.
The malware, Koobface, is designed to spread itself by checking to see if person is logged into a social network. It will then post fraudulent messages on the person’s Twitter account trying to entice friends to click the link, which then leads to a malicious Web site that tries to infect the PC. Read the full story [computerworld.com]
The ongoing DDoS attacks that have been targeting a series of U.S. government sites as well as some commercial sites is likely not the work of any government organization and is being executed by an old piece of malware that is designed to ruin files on infected PCs rather than steal data, experts say.
From Zero Day (Dancho Danchev)
Researchers from NetQin Tech. are reporting on a newly discovered mobile malware variant (Transmitter.C) distributed through a modified version of legitimate mobile application. Upon execution, the malware attempts to automatically spread by SMS-ing hundreds of messages linking to a web site where a copy of it (sexySpace.sisx) can be found. Read the full story [ZDNet.com].
It looks like the distributed denial-of-service attack, once the favorite tactic of script kiddies and professional hackers alike, is coming back into favor. Attackers have been conducting an ongoing DDoS attack against the Federal Trade Commission’s main site, as well as some other government sites over the last few days.