Archive for the ‘Alerts’ Category

Ransomware Password Revealed

Monday, March 27th, 2006

A trojan horse virus is spreading across the Internet that encrypts Word documents, spreadsheets, and databases.  It then leaves a file demanding $300 in return for the password necessary to decrypt the ransomed files.  However, Technicians at Sophos have extracted the password (yes, it looks like a path name):

C:\Program Files\Microsoft \Visual Studio\VC8

This kind of attack seems to be growing.  So keep those anti-virus and firewall programs up-to-date.

 

Author:  Tom Olzak

Listen to our Podcasts –> add to my PodNova

Free training modules available at http://adventuresinsecurity.com/SCourses

 

 

User Awareness Alert: IE Exploit Strikes, Installs Spyware

Saturday, March 25th, 2006

“The unpatched CreateTextRange vulnerability in Internet Explorer is already being used by at least one Web site to install spyware on users’ machines, a security organization said Friday.

“‘We just received a report that a particular site uses the vulnerability to install a spybot variant,’ the SANS Institute’s Internet Storm Center (ISC) warned Friday in an alert. ‘It is a minor site with insignificant visitor numbers according to Netcraft’s ‘Site rank.’”

 Read the whole Story

 

Listen to our Podcasts –> add to my PodNova

Free security training available at http://adventuresinsecurity.com/SCourses

 

User Awareness Alert: Open source digital signatures might be vulnerable

Monday, March 13th, 2006

“A pair of security bugs in cryptography software could allow an attacker to insert content into a digitally signed message or forge signatures on files.

“The flaws lie in the open-source GNU Privacy Guard software, also known as GnuPG and GPG, the GnuPG group said in two alerts. The software, a free replacement for the Pretty Good Privacy cryptographic technology, ships with many open-source operating systems such as FreeBSD, OpenBSD and many Linux distributions” (By Joris Evers, CNET News.com Published on ZDNet News: March 10, 2006, 2:38 PM PT).

Read the rest of the article

Listen to our podcasts –> add to my PodNova

Free Security Training available at http://adventuresinsecurity.com/SCourses.html

 

Technical Security Alert: Rootkits can be hidden in virtual machines

Monday, March 13th, 2006

“Security researchers have uncovered new techniques to hide the presence of malware on infected systems. By hiding rootkit software in virtual machine environments, hackers have the potential to avoid detection by security software, boffins at Microsoft Research and the University of Michigan warn” (John Leyden, published 13 March 2006 in The Register).

View the rest of the article

Listen to our podcasts –> add to my PodNova

Free Security Training available at http://adventuresinsecurity.com/SCourses.html

 

User Awareness Alert: New IM Malware

Tuesday, March 7th, 2006

“An anti-virus vendor warned Tuesday that two new worms spreading on Microsoft’s and America Online’s instant messaging networks delete files and leave systems open to hijacking.

“Symantec posted alerts for the “Hotmatom” and “Maniccum” worms, and ranked both as a level “2″ threat. The Cupertino, Calif.-based security company uses a 1 through 5 scale to label worms, viruses, and Trojans”

Read the rest of the story

Listen to our podcasts –> add to my PodNova

Your email:  
subscribe unsubscribe  

User Awareness Alert: Legal Worm

Monday, March 6th, 2006

A new worm is working  its way throught the Internet.  Known as Bagle.do, the worm threatens email recipients with legal action if they don’t open the attached .exe file and respond to the sender.

 For the whole story, click here

 Listen to our Podcasts –>  add to my PodNova 

(User Awareness Alerts are a service provided by Erudio Security, LLC)

BIOS Rootkit Attacks: What’s the Real Risk?

Wednesday, February 1st, 2006

As I’ve written in previous articles, the frequency of malicious rootkit installations is increasing.  Now it seems that even the BIOS is a potential target.  John Heasman, principle security consultant for Next-Generation Security Software, announced this week that a collection of functions known as the Advanced Configuration and Power Interface (ACPI) could be used to deposit a rootkit in the BIOS in flash memory.  This is rather easy to do, said Heasman, because the ACPI has a high level programming language that’s easy to learn and easy to use.

When I read this story, which was covered on almost every security web site, I was initially concerned.  Who wouldn’t be?  The BIOS is the most fundmental layer of functionality in any PC.  But the more I thought about it, the more I wondered about how much risk a BIOS rootkit actually presents to a business network.  After some research, I concluded that the risk is very low for businesses that take normal precautions.

In this article, we’ll look at rootkit technology, how engineers or programmers flash the BIOS, the typical safeguards protecting BIOS access, and what you can do to protect your business from BIOS rootkit issues.

(more…)

New Worm in the Wild

Wednesday, January 25th, 2006

From US-CERT 

Nyxem Mass-mailing Worm
added January 24, 2006

US-CERT is aware of a new mass-mailing worm known as Nyxem (CME-24). This worm relies on social engineering to propagate. Specifically, the user must click on a link or open an attached file.

The Nyxem worm targets Windows systems that hide file extensions for known file types (this is the default setting for Windows XP and possibly other versions). The worm’s icon makes it appear to be a WinZip file. As a result, the user may unknowingly start the worm.

Once a Windows system is infected, the malicious code may:

  • Attempt to harvest email addresses stored on the infected system
  • Utilize its own SMTP engine to send itself to the harvested email addresses
  • Disable anti-virus and file sharing programs
  • Spread itself using all available Windows network shares on the infected system
  • Modify the active Desktop

In addition, on February 3, 2006, the worm will destroy files with the following extensions: DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DM.

Although there is limited information concerning this potential threat, US-CERT strongly encourages users and system administrators to implement the following workarounds:

  • Install anti-virus software, and keep its virus signature files up-to-date
  • Block executable and unknown file types at the email gateway

Additionally, US-CERT strongly encourages users not to follow unknown links, even if sent by a known and trusted source. Users may also wish to visit the US-CERT Computer Virus Resources for general virus protection information.

Your email:  
subscribe unsubscribe