PDFs containing exploits for the recent 0-day vulnerability in Acrobat Reader are now being actively sent out through spambots. The folks at the IBM ISS X-Force say they’re seeing infected PDFs being spammed out and that it looks like the traffic is mainly coming from Taiwan, though those may be spoofed addresses.
Browsing Category: Malware
In a statement on Monday, the BBC said that its decision to purchase and use a botnet to espose the malware epidemic had been “in the public interest”.
“It was not our intention to break the law,” the BBC told ZDNet UK on Monday. “There is a powerful public interest in demonstrating the ease with which such malware can be obtained and used; how it can be deployed on thousands of infected computers without the owners even knowing it is there; and its power to send spam e mail or attack other websites undetected.”
Credit card giant Visa has taken Heartland Payment Systems and RBS WorldPay off its list of service providers that are compliant with the PCI Data Security Standard.
Dave Kennedy and Kevin Long from Verizon’s security team are offering some of the best advice I’ve seen regarding the ongoing attacks against an unpatched Adobe Acrobat/PDF vulnerability.
I’ve complained bitterly about the lack of mitigation guidance from Adobe and I’m happy to see the Verizon researchers filling in the blanks and offering suggestions to reduce your exposure to these attacks.
On the Microsoft Secure Windows Iniative blog, software engineer Chengyun discusses the default behaviour of ActiveX controls embedded in Office documents. The software giant also provides information on how can an attacker abuse ActiveX and how Office users can change the behavior of ActiveX controls embedded in Office documents.
A new version of the Koobface worm is making the rounds of Facebook this week, this time in the guise of an invitation to view a fake YouTube video. The link takes users to a page asking them to install an updated version of the Flash player, which is instead a piece of malware.
The resilient Conficker worm has spent the last few months wreaking havoc on millions of infected PCs around the world, and it now looks like the worm is set to potentially cause some trouble for Southwest Airlines as well. Computerworld is reporting that the infected machines will attempt to contact a site owned by the airline on March 13 in attempt to download new instructions.
ZDNet’s Dancho Danchev is pointing to a new research paper (.pdf) that shows that 75.8% of the phishing sites analyzed (2486 sites) were hosted on compromised web servers to which the phishers obtained access through Google hacking techniques (search engine reconnaissance).