Symantec’s Monthly State of Spam report for March showed an increase in bounced messages that found spammers forging sent email addresses and using them in the “From” header of their own Spam messages.

Reminiscent of Backscatter, spammers are taking advantage of mail transfer agents configured to send back a list of failed email recipient addresses, an explanation of the cause of failure, and a copy of the original email. This opens a window for Spam attacks, as anti-spam filters do not block most “failed email” replies. Since spammers forge the sender’s address, this mail is going to be received by people who have nothing to do with the Spam.

Corporate networks will feel the greatest burden of the increased attacks. Using increased bandwidth and an increase of unwanted Spam messages in users’ inboxes will result in lost productivity. Networks are encouraged to configure mail transfer agents to not send back a copy of the original failed messages and require signatures for outgoing emails.

Author: Christopher

(No Ratings Yet)

 Loading ...

Almost 300,000 web sites hosted with Internet Information Services are infected with a new malicious malware according to PandaLabs. By injecting SQL code in all pages hosted on the same IIS server, this vulnerability allows hackers to inject SQL code and redirect the visitor to a malicious site. The malicious page scans the visitors machine to find ways to compromise the visitors machine. Exploits are then downloaded and used to infected the redirected visitor based on the information found on the scan.

If your site is hosted with Internet Information Services it is highly recommended you check to see if your site is compromised. To check if your site is compromised, search your source code for the following IFRAME reference: “<script src=http://www.nihaorr1.com/1.js>”. If this IFRAME reference is found, remove them immediately and notify your IIS admin right away.

Author: Christopher

(No Ratings Yet)

 Loading ...

HP Australia has warned that optional USB keys shipped with some of its Proliant servers are infected with malware, bringing attention to the growing use of USB drives as a means to distribute viral infections.

The low risk worms, Fakerecy and SillyFDC, were found in a batch of 256MB and 1GB USB keys that shipped with the servers. It is undetermined how many infected keys, used for installing optional floppy-disc drives to servers, were distributed. An infected machine in the manufacturing factory is the likely cause of the incident.

The malware distributed is not considered an enormous threat, due in part to the low number of estimated users still utilizing floppy disk drives for data storage and that most hackers don’t find the virus valuable.

This is not the first incident of infection to come out of the factory; others have involved digital photo frames and similar products. Anti-virus software, if up to date, should detect both of the viruses involved in the Proliant USB attack as long the computer security software was installed after the floppy disk was added. Disabling autorun thwarts both Fakerecy and SillyFDC and may be the better option.

HP’s advisory, via local security clearing house AUSCert, can be found here. The SANS Institutes’s Internet Storm Centre has advice on avoiding USB malware-related peril here.

Author: Christopher

(No Ratings Yet)

 Loading ...

While Finjan was researching a server hosting a new version of NeoSploit crimeware toolkit, a database of over 8,000 ftp accounts was uncovered. 10% of Alexa’s top 100 domains login username & password are in the database. A majority of the accounts originate in the United States.

Also uncovered was a trading application that rates the quality of the compromised accounts according to location of the ftp server. This allows hackers to put a price on the stolen accounts.

These login credentials were stolen by appending an HTML iframe tag onto the victims website. This type of attack we are finding almost every day during our own research. Finjan identified government websites hosting similar malicious code on their websites. An example they talked about was a website belonging to a State Superior court.

Finjan is offering to identify if your website appears in this database by filling out this form.

Author: Christopher

(No Ratings Yet)

 Loading ...

A Dutch importer gave  a little more this holiday with their Victory LT-200 512MB USB media player.  Some of these devices are infected with the Worm.Win32.Fujack.aa worm according to Kaspersky Lab’s research team as mentioned on their blog.   Variants of the Fujack worm have been known to spread other programs to steal passwords for online games. 

 Malware is particularly dangerous on removable storage devices since applications can be set to run automatically when they are plugged in. 

Author: Christopher

(No Ratings Yet)

 Loading ...

A recent article on Forbes talks about a Lieutenant Colonel of the Army purchasing Apple Macintosh computers to decrease their risk of exploitation. Primarily in response to the recent security breach of the Pentagon back in June as well as a few other incidents. It is widely discussed that Macintosh computers are more secure than Windows & Linux based computers because fewer vulnerabilities exist for the Mac platform.

What I never hear talked about in these discussions is the alarming fact that Macintosh had five and a half more vulnerabilities per month on average than Windows throughout the year 2007. You can see the details and the numbers in a recent ZDNet article. It is quite common to see Macintosh users without any active Malware (Anti-Virus, Worm, Trojan, Spyware) protection.

Back in April 3Com held a short lived contest that resulted in compromising a fully patched Macintosh laptop for a prize of $10,000 and the MacBook.

Author: Christopher

(No Ratings Yet)

 Loading ...