Just a few hours ago, Koobface has increased its Twitter activity, sending out tweets with different URL links pointing to Koobface malware. This is in contrast with previous Koobface Twitter activity wherein only three TinyURLs pointing to Koobface were used. As of writing, there are a couple of hunded Twitter users affected by Koobface in the past [...] Post from: TrendLabs | Malware Blog - by Trend Micro Koobface Increases Twitter Activity
- Hacker News
If you’re a service provider wringing your hands over the so-called zero-day exploit for OpenSSH, it may be time for a reality check. After several days of scrambling to confirm an anonymous claim on the Full-Disclosure mailing list about a dangerous OpenSSH vulnerability, many experts are ready to call the assertion a hoax. The prevalence of OpenSSH use as an Internet connectivity encryption tool makes the thought of an unknown security hole bring forth plenty of sweat on the brows of IT geeks around the world. Which is why it is no surprise that some folks overreacted a bit this week. In fact, on July 5 the U.S.-based hosting firm Host Gator even shut down all SSH access to its shared and reseller customers in a preemptive strike against the potential vulnerability. But the truth is, security gurus say, the more they look at evidence for the zero-day exploit the more it looks like a run-of-the-mill brute-force attack. “I have exchanged some emails with one of the victims of the...
- Hacker News
MIR-ROR 1.1 is available on the CodePlex MIR-ROR site. This is a minor update to the MIR-ROR script including a repaired path declaration. We also removed a pause statement to promote improve WMI scripting with MIR-ROR.MIR-ROR is a specialized, command...
- Hacker News
A worm designed to propagate through email is the main proponent used in the DDoS attacks against high-profile websites in the United States and South Korea. Detected as WORM_MYDOOM.EA by Trend Micro, it is suspected to have arrived in victims’ inboxes as an attachment to email messages. Upon execution, it registers itself as a system service [...] Post from: TrendLabs | Malware Blog - by Trend Micro MYDOOM Code Re-Used in DDoS on U.S. and South Korean Sites
- Hacker News
Posted by Cody Pierce As reports came out regarding the new Microsoft 0day[1] in msvidctl.dll I started to take interest, as information about the specifics of the vulnerability were nonexistent. I was curious about the origin of the issue, what is required to trigger it, whether it is only present in the MPEG2TuneRequest interface, and what other CLSIDs may be affected (besides the 40+ they kill in their advisory). When dealing with 0day we must be aware of very specific details of a vulnerability so we can properly protect ourselves. Grabbing a copy of the exploit from one of the many sites publicly reporting the issue I narrowed down the needed html to trigger the vulnerability. var myObject=document.createElement('object');myObject.data='logo.gif';myObject.classid='clsid:0955AC62-BF2E-4CBA-A2B9-A63F772D46CF'; Everything else in the exploit is unrelated to the actual vulnerability. The heap fill is for exploitation, and the height and width properties are unnecessary. This can also...
- Hacker News