» 2007 » November - Enterprise Security Update

Hundreds of infected machines per hour

November 24th, 2007 No Comments »

A new MSN Messenger botnet is growing by hundreds of computers per hour. This Trojan is another IRC bot variant that is spreading through MSN Messenger by sending itself in a zip file under two file names, both masquerading as digital camera images, one ending with .exe and the other with .pif. These attachments may come through messages from a known contact on your “buddy list”. This is the first Trojan found to date that scans for VNC connections (remote access) likely looking to increase the botnet’s number of connections.

Tags: CyberCrime, Emerging Threats, Malware

Author: Christopher

(No Ratings Yet)

Loading ...

Microsoft finally patches URI handling flaws

November 14th, 2007 No Comments »

If you heard of maliciously rigged PDF files, then you probably have been waiting for Microsoft to patch this vulnerability that they originally blamed FireFox for back in July. Known attack vectors exist in these applications while used with Internet Explorer 7:

Mozilla Firefox (2.0.0.5 and lower)
Skype (3.5.0.238 and lower)
Adobe Acrobat 8.1
Miranda 0.7
Netscape 7.1
MIRC chat for windows

Back early in October, Microsoft released Security Advisory 943521 about the vulnerability and reports of remote code execution with the promise of a new patch. As of today, the patch is released as security bulletin MS07-061.

Windows XP & Windows 2003 Servers using Internet Explorer 7 should update as soon as possible to this patch.