Posts tagged as:

exploit

How a free breakfast day at McDonalds can lead to malware danger

McDonald's Meal Malware

McDonald's Meal Malware

I don’t know if you’re the sort of person who wakes up in the morning, and the first thing you long for is a McDonalds’ breakfast – but if you are, you might just be exactly what malware authors are looking for.

Researchers at SophosLabs have seen a malicious email that has been spammed out across the world in the last couple of days pretending to come from McDonalds.

The email claims that the fast-food giant is offering free breakfasts in each and every of their many thousands of restaurants around the globe. Chances are that there are many people who would love the prospect of munching on a McDonalds first thing in the morning.

McMalware Email

McMalware Email

Part of the email reads as follows:

McDonalds invites you to The Free Breakfast Day which will take place on 26 June, 2011, in every cafe of ours.

Free Day’s menu!
- Ranch Snack Wrap (Crispy)
- Chicken Selects Premium Breast Strips
- Premium Caesar Salad with Grilled Chicken
- Strawberry Triple Thick Shake
- McCafe Hot Chocolate

Print the invitation card attached to the letter and show it at the cash desk of any of our restaurants.

But beware! There is no such thing as a free lunch… or breakfast.

The attached file is, of course, malicious. Sophos detects the ZIP file as Troj/BredoZp-DV and the Invitation_Card.exe file contained within as the Troj/Bredo-HU Trojan horse.

In an attempt to fool computer users into believing the file is safe, the EXE file has a Word icon.

Don’t forget – you should always be suspicious of unsolicited attachments sent to you via email!

http://nakedsecurity.sophos.com/2011/06/21/free-breakfast-day-mcdonalds-malware/

{ Comments on this entry are closed }

Google Says Hundreds Of Gmail Accounts Hijacked

Google Gmail Hacked

Google Gmail Hacked

An attack from China has affected hundreds of users, including senior U.S. government officials, Chinese political activists, officials in several Asian countries such as South Korea, military personnel, and journalists.

Google has detected a campaign to gather Gmail account credentials that appears to originate from Jinan, China, and is warning users to take a few minutes to review their security settings.

Eric Grosse, engineering director for Google’s security team, said in a blog post that hundreds of users have been affected, including senor U.S. government officials, Chinese political activists, officials in several Asian countries such as South Korea, military personnel, and journalists.

“The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings,” Grosse said.

By changing these settings, which are only evident through the appropriate Gmail Settings tab page, the attackers could generate copies of incoming and outgoing email that would be forwarded without the account holder’s knowledge.

Google declined to provide further details or information about those it believes may be behind the attack.

In January 2010, Google reported that it had uncovered “a highly sophisticated and targeted attack on our corporate infrastructure originating from China.” Google said at the time that it had reason to believe that one of the main goals of the attackers was to compromise the Gmail accounts of Chinese human rights activists.

In that respect, the attack was not very successful: While Google acknowledged that the attackers had stolen unspecified intellectual property, it stressed that only two Gmail accounts appeared to have been accessed.

Jinan, capital of Shandong Province in Eastern China, happens to be the location of the Lanxiang Vocational School, one of the two Chinese schools linked to the 2010 attack against Google.

An October 2009 report on Chinese cyber espionage prepared by defense contractor Northrop Grumman said that the Chinese military maintains at least six technical reconnaissance bureaus for gathering cyber intelligence in the Lanzhou, Jinan, Chengdu, Guangzhou, and Beijing military regions.

The current attack differs from the 2010 attack in that it doesn’t involve a vulnerability in Google’s infrastructure; it is simply a phishing campaign to dupe users into revealing their Gmail login credentials.


Google said that it detected the phishing campaign through its cloud-based security and abuse detection systems, through the reports from users, and through a report published in February on the Contagio blog, a collection of malware samples and threat analysis. The company said it has notified victims and the relevant government authorities.

Google is advising Gmail users to consider steps to improve the security of their accounts. The company recommends using two-factor verification, using a strong password, only entering account information at the proper Google domain, checking Gmail settings for unknown forwarding addresses or unauthorized account delegation, watching for suspicious account activity warnings, using Google Chrome, and reviewing security education materials available online.

{ Comments on this entry are closed }

Google rolls out a security patch for Android to fix an encryption hole

Google Android Security

Google Android Security

Google is rolling out a security patch for Android that fixes a vulnerability reported to have affected 99 per cent of users.

The patch fixes an issue flagged by German security experts that could allow hackers to look at personal information in the Google calendar and contacts apps.

The University of Ulm researchers said that in Android 2.3.3 and earlier these apps transmitted unencrypted information to retrieve an authentication token, or Authtoken, from Google. This left an opening where criminals could steal the token through WiFi snooping.

Once a hacker had one of these Authtokens, they could use it for several days, accessing your private information and potentially impersonating an individual smartphone. In Android 2.3.4 this flaw is fixed, but it was mentioned that 99 per cent of Android users were still using versions 2.3.3 and earlier, which meant they were all at risk.

But now Google is updating all of the endangered handsets with a silent server-side patch that won’t require any action by Android users, forcing servers to use an encrypted HTTPS connection when syncing with a handset.

A Google spokesperson said, “We’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.”

Sophos security consultant Graham Cluley praised Google’s actions but added, “Concerns still remain as to how easy it would be to fix a serious security vulnerability on the Android devices themselves, given that Google is so reliant on manufacturers and carriers to push out OS updates.”

from The Inquirer http://www.theinquirer.net

{ Comments on this entry are closed }

Google and Mozilla Fix Browser Flaws

Google and Mozilla Fix Browser Flaws

Google and Mozilla Fix Browser Flaws

Google and Mozilla have released new versions of their browsers, plugging plenty of security holes along the way.

Hundreds of bugs have been fixed in the Google Chrome update, after the company said it would be releasing a “new stable version” of the browser every six weeks.

So far Google has followed through with its promise and introduced the patches along with a new HTML5 parser and file API, among other features.

“Also, if you choose to block sites from setting any data in your browser’s content settings for cookies, you can now use a new dialog for managing blocked cookies in bulk,” noted Jeff Chang, product manager for Google Chrome, in a blog.

Google recently launched a security advice page offering some tips on how users can protect themselves from hackers.

Mozilla, meanwhile, has made Firefox versions 3.6.11 and 3.5.14 available for download, patching nine vulnerabilities along the way.

Five of the flaws were ranked as critical, meaning they could be exploited “to run attacker code and install software, requiring no user interaction beyond normal browsing,” Mozilla explained.

“As always, we recommend that users keep up to date with the latest stability and support versions of Firefox, and encourage all our users to upgrade to the very latest version, Firefox 3.6.11,” advised Firefox release manager Christian Legnitto.


from » http://www.itpro.co.uk

Need help with virus and malware removal? Have questions about computer cleanup and system optimization? You can contact me here.

{ Comments on this entry are closed }

Microsoft: Biggest Patch Tuesday Ever

Microsoft plans biggest Patch Tuesday ever

Microsoft plans biggest Patch Tuesday ever

Microsoft is due to issue its biggest ever Patch Tuesday, with 16 bulletins set to be addressed.

Microsoft has planned its biggest ever Patch Tuesday for October, with a total of 49 vulnerabilities set to be fixed. This is over three times the number of security holes fixed in last month’s Patch Tuesday.

Of the 16 bulletins, four have been rated critical, where the flaws could lead to remote code execution. These four affected all versions of Windows.

One of the critical vulnerabilities affects Internet Explorer versions 6, 7 and 8, whilst two of the flaws, classed as “important,” affected Microsoft Office – one for Word and one for Excel on all platforms.

This Patch Tuesday announcement also marked the first time Microsoft Word 2010 had been included in an advisory.

The vulnerabilities are due to be patched on 12 October.

{ Comments on this entry are closed }

Windows 7 Service Pack Leaked

Windows 7 Service Pack 1 Leaked

Windows 7 Service Pack 1 Leaked

I ts release date is a month away but the first combined service pack for Windows 7 and Windows Server 2008 R2 is available as a torrent.

The first service pack (SP1) for Microsoft’s Windows 7 and Windows Server 2008 R2 products has been leaked onto the internet.

The beta had only been released to testers for a matter of days before it emerged as a torrent. But downloaders run the risk of malware and infections if they chose to take this route.

The SP1 build number is 7601.16562.100603-1800.

Microsoft confirmed the release of SP1 earlier this month but warned users there would be no major changes to the operating system.

“SP1 will simply be the combination of updates already available through Windows Update and additional hot-fixes based on feedback by our customers and partners,” wrote Gavriella Schuster, general manager of Windows at Microsoft, on the Windows blog.

“In other words, customers can feel confident about deploying Windows 7 now!”

So far SP1 is only available in English, German, Japanese, French and Spanish and if you want the genuine article, the release date is set for the end of July.

Microsoft also confirmed last week it had sold 150 million licences of Windows 7 since its launch eight months ago – equating to seven copies sold every second.


from » http://www.itpro.co.uk

Need help with virus and malware removal? Have questions about computer cleanup and system optimization? You can contact me here.

{ Comments on this entry are closed }

New Windows XP Flaw Leaves PCs Exposed

New Windows XP Faw Leaves PCs Exposed

A British security researcher has discovered a new zero-day vulnerability that exploits a soft spot in XP’s Help and Support Centre to take over PCs.

A new zero-day flaw has been found in Windows XP that could allow cyber criminals to take control of users’ PCs.

The bug takes advantage of a security gap in XP’s Help and Support Centre, which leaves the remote assistance tool vulnerable to being taken over by attackers, who would then be able to execute tasks on infected PCs.

By embedding commands in web addresses, hackers could activate the remote assistance tool and issue commands to the PC in question over the internet. The flaw was discovered by British security researcher Tavis Ormandy, who reported it to Microsoft earlier this week.

“At least Microsoft Windows XP, and Windows Server 2003 are affected. The attack is enhanced against IE >= 8 and other major browsers if Windows Media Player is available, but an installation is still vulnerable without it,” Ormandy wrote on the Full Disclosure mailing list.

“Machines running versions of IE less than 8 are, as usual, in even more trouble. In general, choice of browser, mail client or whatever is not relevant, they are all equally vulnerable.”

Microsoft has confirmed it is investigating the matter, but criticised Ormandy for waiting just four days before making the full details of the flaw public, complete with a worker exploit and suggested workaround.

“Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk,” said Mike Reavey, director of Microsoft’s Security Research Centre.

Need help with Windows XP Security? Have questions about computer cleanup and system optimization? You can call me at (262) 203-4459 or email me here.

He emphasised that Microsoft wasn’t aware of any working exploits, and confirmed that users of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 had nothing to worry about.

However, Ormandy countered that the risk was sufficient to make holding on to the information irresponsible. “Upon successful exploitation, a remote attacker is able to execute arbitrary commands with the privileges of the current user,” Ormandy wrote. “I’ve concluded that there’s a significant possibility that attackers have studied this component, and releasing this information rapidly is in the best interest of security.”

The vulnerability comes to light just days after a bumper set of Microsoft’s customary Patch Tuesday fixes was sent out, though there is no word yet as to whether it will force the firm to send out an out-of-cycle update.

Microsoft has promised to issue a security advisory on the matter as soon as possible.

In the meantime, Ormandy suggests deleting the HCP key entry within the HKEY_CLASSES_ROOT section of the Registry as a temporary workaround. However, Microsoft warns that doing so will break not only any links hackers may be using to manipulate systems, but also any legitimate help links using the hcp://protocol.


from » http://www.itpro.co.uk

Need help with virus and malware removal? Have questions about computer cleanup and system optimization? You can contact me here.

{ Comments on this entry are closed }