-
Hallo! Keep an eye of this! :shockingzap:
"Truth will rise above falsehood as oil above water."
Miguel de Cervantes Saavedra (1547-1616). Spanish writer.
- DNS Cache Poisoning Attacks -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, April 11, 2005 - "@RISK" (the SANS community's consensus bulletin) has reported a problem in the default configuration of the DNS servers in the DNS system in Windows NT and Windows 2000 (prior to SP3). Other configurations are also reportedly vulnerable and being studied.
SANS Internet Storm Center (ISC) has been actively analyzing reports of large-scale DNS cache poisoning attacks. By carrying out this type of attack, the attacker can redirect traffic for legitimate domains (for example, windowsupdate.com) to an IP address controlled by the attacker. The attacks have been used to redirect popular domains belonging to certain financial, entertainment, travel, health and software companies to the attackers' servers in order to install malware on users systems.
Microsoft has published an article KB241352 that describes how to configure a registry key on Windows 2000 (prior to SP3) and NT 4.0 (SP4 and later) to harden a DNS server's configuration. It is recommendable to upgrade to version 9.x in order to forward DNS servers running BIND. It is also recommendable to upgrade to Windows 2000 (SP3 or later) and Windows 2003 for Windows DNS servers, as these versions offer protection against cache poisoning attacks in their default configuration.
More information at http://isc.sans.org/presentations/dnspoisoning.php and at http://support.microsoft.com/default...b;en-us;241352
NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.
------------------------------------------------------------
The 5 most frequently detected viruses by Panda ActiveScan, Panda Software's free online scanner:
1)Mhtredir.gen; 2)Shinwow.E; 3)Netsky.P; 4)Sdbot.ftp; 5)Downloader.WT.
------------------------------------------------------------
To unsubscribe from Oxygen3 24h-365d, please visit:
http://www.pandasoftware.com/unsubscribe.asp
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
Lagu
-
Perhaps you has noticed this?
"My desire has been to deliver over to the detestation
of mankind the false and foolish tales of the books of chivalry"
Miguel de Cervantes Saavedra (1547-1616), escritor español.
- Weekly summary -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, April 24, 2005 - This week's report on viruses and intruders includes several new threats that have emerged this week; two variants of the Mytob worm, a variant of the Mitglieder Trojan and a new version of the Bancos Trojan.
The new variants of Mytob -Mytob.BC and Mytob.BD- open backdoors in affected computers. This action allows the BC variant to connect to a web server and the BD variant to connect to an IRC server, where they wait for commands from a malicious user. What's more, they modify the system HOSTS file so that the user cannot access the websites of certain antivirus companies. These worms spread via email, across networks protected with weak passwords and by exploiting the LSASS vulnerability. They also download other malware, such as the Faribot.A worm.
The Bancos.FC Trojan has also appeared this week. This malicious code goes memory resident and has keylogger functions. Bancos.FC waits for a dialup modem connection to be established (it only affects this type of connection). When this happens, it checks if the websites visited coincide with the address of any of the banking entities included in its code. If it finds any matches, it collects the information entered through the keyboard and sends it to an Internet server. Bancos.FC cannot spread alone, it needs external intervention to do so.
Finally, Mitglieder.CG is a Trojan that aims to disable certain security tools (antivirus and firewalls), which could be installed on the computers it affects. To do this, it can delete files and Registry entries or end the processes running in memory. What's more, it modifies the system HOSTS file so that the user cannot access the websites of certain antivirus companies.
Mitglieder.CG seems to have been mass-mailed, either manually or through zombi computers, and tries to download other malware from different websites.
For further information about these and other computer threats, visit Panda Software's Encyclopedia: http://www.pandasoftware.com/virus_info/encyclopedia/
------------------------------------------------------------
To unsubscribe from Oxygen3 24h-365d, please visit:
http://www.pandasoftware.com/unsubscribe.asp
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
Lagu
-
Hallo!
Read this!
- A Trojan threatens the confidential data of the clients
of thousands of banks worldwide -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)
MADRID, April 28, 2005 - PandaLabs reports the appearance of the NL variant of the Bancos Trojan, programmed to intercept the confidential data of the clients of over 2,500 banking portals. Panda Software has already informed law enforcement authorities of the appearance of this malicious code.
This Trojan cannot spread by itself, but needs to be distributed manually by third-parties. Bancos.NL can therefore be distributed through traditional channels (floppy disks, CD-ROM), or email messages, Internet downloads, FTP transfers, P2P networks, etc.
In the event that a user executes the file containing Bancos.NL, the Trojan will be installed on the system under the name MSCVC.EXE. It then starts monitoring the user's Internet activity, waiting for a connection to be established with one of the 2,500 Internet addresses listed in its code. When this happens, it registers all the information about bank account numbers, credit cards, passwords or any other information entered by the user. This information is sent to an Internet server where it can be collected by cyber criminals.
"Although this malicious code does not have any technical characteristics that make it stand out from other Trojans programmed to steal banking details, its danger lies in the large number of users that could be affected by Bancos.NL. In fact, the addresses of the banking portals listed in the Trojan's code belong to financial entities in 120 countries worldwide. These countries include Germany and Switzerland with over 200 addresses each," explains Luis Corrons, director of PandaLabs.
To prevent Bancos.NL or any other malicious code entering computers, Panda Software advises users to take precautions and to update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect this new malicious code.
Panda Software's clients can already access the updates for installing the new TruPrevent(tm) Technologies along with their antivirus protection, providing a preventive layer of protection against new malware. For users with a different antivirus program installed, Panda TruPrevent(tm) Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection..
In order to help as many users as possible scan and disinfect their computers, Panda Software offers Panda ActiveScan, free of charge, at http://www.pandasoftware.com. ActiveScan is also available to webmasters that want to include it on their websites. Those who would like to include it on their sites can request the HTML code from http://www.pandasoftware.com/partners/webmasters/
Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.
For further information about this and other malicious code, visit Panda Software's Virus Encyclopedia at http://www.pandasoftware.com/virus_info/encyclopedia/.
------------------------------------------------------------
To unsubscribe from Virus Alerts, please visit:
http://www.pandasoftware.com/unsubscribe.asp
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
__________________________________________________ ___________________________
"Without words, without writing and without books there would be no history,
there could be no concept of humanity"
Â*Â* Â*Â*Â*Â*Â*Â*Â*Â*Â* Hermann Hesse (1877-1962), German-born Swiss writer
Â*Â*Â*Â*Â*Â*Â*Â* Â*Â*Â* - Adobe ActiveX allows file discovery -
Â*Â*Â*Â*Â*Â*Â*Â* Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, April 27 2005 - A vulnerability has been reported within the Adobe Reader and Acrobat web control. This vulnerability means that, under certain circumstances, the Internet Explorer ActiveX control can make it possible to discover the existence of local files by monitoring the behavior of certain methods.
Adobe Reader contains a Safe for Scripting method with the definition of "VARIANT_BOOL LoadFile([in] BSTR FileName)". A malicious user could take advantage of this if they get their victim to access the website controlled by the attacker. On the website, the attacker can call the LoadFile method, passing in a local file name on their victim's computer. In this way the attacker would be able to determine whether a certain file was present on the victim's system.
Although it is not possible to get the contents of the file, this method can be useful to attackers to know the path or presence of certain files. Although this does not allow attackers to take complete control of the system, it can be used as part of more complex attacks.
Adobe has reported this situation at http://www.adobe.com/support/techdocs/331465.html and recommended updating to version 7.0.1 of the product.
NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.
------------------------------------------------------------
The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner:
1)Netsky.P; 2)Mhtredir.gen; 3)Agent.PF; 4)Qhost.AF; 5)Downloader.CGD.
------------------------------------------------------------
To unsubscribe from Oxygen3 24h-365d, please visit:
http://www.pandasoftware.com/unsubscribe.asp
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
I have update Adobe Reader to 7.0 + a patch so now I have version 7.1. This version is much faster to load than 6.01 and can handle 3D.
Lagu
-
Varnings
Read this
"There's no pleasure like meeting an old friend,
except, perhaps, making a new one."
Rudyard Kipling (1865-1936), British novelist.
- Two vulnerabilities discovered in Firefox -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, May 9, 2005 - According to the Secunia advisory SA15292 dated May 8, 2005, two vulnerabilities classified as extremely critical have been detected in the Firefox Internet browser.
These two flaws can be exploited to compromise the system through cross site scripting attacks. To do this, the onload() event can be exploited using a frame in a JavaScript page to access restricted elements, such as the history list. This can be exploited to run HTML and script code in the user's browser session.
The second vulnerability lies in the incorrect verification of the "IconURL" parameter in the "InstallTrigger.install()" function. It can be used to run arbitrary JavaScript code and elevate privileges in the affected system.
These vulnerabilities have been confirmed in version 1.0.3, but other versions, not yet confirmed, could be affected. More information is available on the Secunia website where the advisory is published, at http://secunia.com/advisories/15292/.
NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.
------------------------------------------------------------
The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner:
1)Sober.V; 2)Mhtredir.gen; 3)Netsky.P; 4)Shinwow.E; 5)Downloader.BSU.
------------------------------------------------------------
To unsubscribe from Oxygen3 24h-365d, please visit:
http://www.pandasoftware.com/unsubscribe.asp
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
Lagu
-
Thanks Lagu,
I'll be looking out for 1.0.4 then :mad:
-
And there I was thinking it was safer the Internet Explorer. Hey you guys! Stop using FireFox then the hackers can leave it alone and I can have it all to myself.
-
Firefox news about 1.0.4 available here http://www.mozillazine.org/
-
there are/will be vunerabilities in all programs just depends which is the most common -- which people will then find errors and exploit them.
-
1.04 is now available for download. See link above.
-
Linux kernel
:shockingzap:
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, May 17, 2005 - SecuriTeam has reported, at http://www.securiteam.com/unixfocus/5BP0G1FFPY.html, a vulnerability in the ELF binary format loader in Linux, which could be exploited to allow an attacker to gain root privileges and execute arbitrary code at kernel privilege level.
The versions of the Linux kernel that are vulnerable are:
- Linux kernel version 2.2 up to and including 2.2.27-rc2
- Linux kernel version 2.4 up to and including 2.4.31-pre1
- Linux kernel version 2.6 up to and including 2.6.12-rc42.2 to 2.2.27-rc2.
Some of the binary format modules (like ELF) provide an additional function to the kernel layer core_dump() in order to call this function if a fault occurs (such as a memory access error) when executing the binary. The kernel will call the core_dump() function if the process's limit for the core file (RLIMIT_CORE) is sufficiently high and the process's binary format supports core dumping.
The vulnerable code lies in fs/binfmt_elf.c and could allow local users to gain root privileges. Code could be run at kernel privileges level, potentially breaking out of Linux virtual machines. The patch for avoiding this problem has already been released.
NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.
Lagu
