ArcaVir News

.avi files can be dangerous for Windows

Mon, 06 Sep 2010 12:29:20 +0200

Windows operating system is prone to attack using crafted .avi files. An attacker may exploit a hole in Microsoft MPEG Layer-3 codecs and cause buffer overflow condition. For a successful attack a cybercriminal only needs to lure user to open crafted file.

The flaw affects Vista, XP, Server 2003 and Server 2008. Microsoft published patches.

source: Security Focus
06.09.2010

Spammers attack Ping

Mon, 06 Sep 2010 12:27:54 +0200

The new Apple's social networking service Ping was attacked by spammers. Ping allows users to create profiles, follow friends and music stars, update status, share photos, album reviews or information about music.

Spammers have already attacked Ping sending a lot of messages. Apple probably did not use any anti-spam filters.

Profiles of U2, Lady Gaga, Justin Bieber and Linkin Park has been affected by spam posted in comments.

"Lady Gaga's profile is so clogged with spam that's about all that's in it. Any time you allow people to post a message, you are going to have spam problems. It's amusing to me that Apple would launch such a major service without considering that" - said Chat Wisniewski, security expert from Sophos.

Spammers try to lure users eg. to fill the affiliate marketing survey to receive free iPhone 4.

Source: SC Magazine
06.09.2010

Nigerian spammer punished

Mon, 06 Sep 2010 12:26:36 +0200

Nigerian citizen was sentenced by US court to 13 years in prison for his role in Nigerian scam. Okpako Diamreyan was sent for up to 151 months to prison. It will be followed by three years of supervised release. He has to pay USD 1,02 million as restitution to his victims.

Diamreyan was pleaded guilty to fraud and sending fake e-mails. He promised his victims a 20% cut if they help him to transfer from 11,5 to 23,4 million USD from Ghana to US.

In total 67 people fell victims for the scam. Diamreyan earned USD 1,3 million.

Source: SC Magazine
06.09.2010

Money stolen from a university

Fri, 03 Sep 2010 13:23:33 +0200

Cybercriminals have stolen around USD 1 million from University of Virginia. An attack on one campus was launched last week. The university did not reveal any details. "All I can say now is we have a possible computer hacking situation under investigation. I can also tell you that as far as we can tell, no student data has been compromised" - university's spokesperson said.

Sources familiar with the case informs that attackers infected university's controller computer and made one fraudlent transfer in the amount of USD 996 000 to Agricultular Bank of China.

Source: SC Magazine
03.09.2010

Spying on scanner

Fri, 03 Sep 2010 13:21:41 +0200

Some of HP's all-in-one network devices contain vulnerability that allows spy on corporate network. Flaws are present in WebScan tool. Vulnerabilities allows attacker within LAN to connect to scanner and check for any documents left there.

The hole may be exploited eg. by creating a script that makes routine check of the scanner looking for confidential documents. It is also possible to retrieve any document scanned via WebScan.

Experts say, devices of other manufacturers that use similar functionality, may also be vulnerable.

Source: SC Magazine
03.09.2010

Flaws in Chrome

Fri, 03 Sep 2010 13:11:54 +0200

Several highly critical flaws were found in Google Chrome allows attacker to bypass security restrictions, steal data or take control over victim's system. Unspecified errors allow also to spoof URL.

The mayority of flaws were not specified. It is known that the errors allow to launch XSS attack, bypass sandbox boundaries, there are also "integer errors". The browser did not properly restrict access to the clipboard that allows attacker to set up clipboard content.

Flaws were fixed 6.0.472.53.

Source: Secunia
03.09.2010

Flaw in WebKit engine

Thu, 02 Sep 2010 12:45:52 +0200

A flaw was reported in WebKit engine that is used eg. by Apple's Safari browser. The vulnerability allows attacker to remotely launch malicious code in contex of user by enticing user to visit malicious website.

The flaw was patched in Safari 5.0.1, 4.1.1 and in iTunes.

source: Security Focus
02.09.2010

New tool for .dll vulnerability

Thu, 02 Sep 2010 12:40:55 +0200

Microsoft published "Fix It" tool that protects against attacks using malicious .dll files. The tool completes last week's advisory issued by Microsoft. Those advisory caused some software not working properly (eg. GIMP, Chrome, Firefox). "When installed, this tool still needs to be configured in order to block malicious behavior, and customers have asked us for our recommended setting. As a result, our Security Research & Defense team...has worked with our Microsoft Fix It team to develop a Fix It to enable our recommended setting which blocks most network-based attack vectors" - said Jerry Bryant.

Microsoft investigates also its own software to find which programs are prone to .dll attack. The best way to protect computer is to install patches from applications' vendors.

Source: SC Magazine
02.09.2010

Fake links on Twitter

Wed, 01 Sep 2010 13:14:05 +0200

Some accounts in Twitter service sends fake URL that allegedly leads to websites containing an update for TweetDeck. In fact the software conains malicious code known as Troj/Agent-OOA.

The accounts mentioned were hacked or established by hackers. The malicious code is a trojan with rootkit capabilities. Security experts warn users they should not to install software from unknown sources.

Source: SC Magazine
01.09.2010

How to attack Windows

Wed, 01 Sep 2010 13:11:58 +0200

Spanish security researcher Ruben Santamarta discovered a way to take control over Windows operating system via vulnerability in Apple QuickTime. The method allows to bypass DEP and ASLR technologies in operating system by enticing user to visit maliciously crafted website.

An attack may be launched against Windows XP, Windows Vista and Windows 7 when user browsers with Internet Explorer with QuickTime plugin versions from 4.x and newer.

source: Information week
01.09.2010