Browsing Category: Vulnerabilities

Categories: Vulnerabilities

DarkReading’s Kelly Jackson Higgins is reporting on a new study that shows bot infections in the rise in the enterprise, most coming from  tiny, unknown botnets built for targeting victim organizations.

The three-month study of more than 600 different botnets found having infiltrated enterprise networks, researchers from Damballa discovered nearly 60 percent are botnets with only a handful to a few hundred bots built to target a particular organization. Only 5 percent of the bot infections were from big-name botnets, such as Zeus/ZDbot and Koobface. Read the full story [darkreading.com]

Read more...

Categories: Vulnerabilities

GENEVA — The critical MS08-067 vulnerability used by the Conficker worm to build a powerful botnet continues to be a lucrative security hole for cybercriminals.
During a presentation at the Virus Bulletin 2009 conference here, a trio of Microsoft researchers dissected the malware attacks linked to MS08-067 and found that criminal gangs are still exploiting the flaw to plant data-theft Trojans on vulnerable Windows machines.

Read more...

Categories: Vulnerabilities

GENEVA —  Cyber crime gangs in China are penetrating the hard disk recovery cards on computers in Internet cafes and using a combination of zero-day flaws, rootkits and ARP spoofing techniques to steal billions of dollars worth of online gaming credentials.
According to Microsoft anti-virus researcher Chun Feng, five generations of the Win32/Dogrobot malware family have perfected the novel rootkit technique to hijack System Restore on Windows — effectively allowing the malicious file to survive even after the compromised machine is reverted to its previous clean state.

Read more...

Categories: Vulnerabilities

Apple has shipped iTunes 9.0.1to fix a critical security hole that puts Mac and Windows users at risk of computer takeover attacks.
The vulnerability could be used by hackers to launch code execution attacks via booby-trapped “.pls” files, Apple warned in an advisory.

Read more...

Categories: Malware, Vulnerabilities

Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole in Microsoft’s dominant Windows operating system.

A team of exploit writers led by Kostya Kortchinsky attacked the known SMB v2 vulnerability and created a remote exploit that’s been fitted into Immunity’s Canvas pen-testing platform. The exploit hits all versions of Windows Vista and Windows Server 2008 SP2, according to Immunity’s Dave Aitel.

Read more...

Categories: Vulnerabilities

Mozilla’s move to nudge Firefox users into updating the browser’s Flash Player plug-in has been a phenomenal success with about 10 million users clicking through to the Web page with Adobe’s patch.

Mozilla released some brief statistics to track the success of its new program, which serves up a visual warning to Firefox users if their version of the ever-present Adobe Flash Player plug-in is out of date. The program started last week with the releases of Firefox 3.5.3 and Firefox 3.0.14.

Read more...

Categories: Vulnerabilities

A new botnet has caused a sharp spike in click fraud because it is skirting the most sophisticated filters of search engines, Web publishers and ad networks, according to Click Forensics.
The company, which provides services to monitor ad campaigns for click fraud and reports on click fraud incidence every quarter, said on Thursday that the botnet’s architects have figured out a way to mask it particularly well as legitimate search ad traffic. Read the full story [computerworld.com]

Read more...