Archive for November, 2009

Beware of fake shopping sites

By derek | Filed in browser, Exploits, firefox, microsoft, mozilla, Phishing, Privacy, scams, Warnings and Alerts


With the seasonal shopping season well underway, watch out for fake shopping sites and phishing emails trying to get your identity & credit card details.

A slightly different approach came into my inbox today which asked me to confirm the item in my shopping basket. Now I haven’t shopped with Littlewoods online but you can be sure that thousands of people have and the same scam will be applied to just about every well known online shopping site this season.

The email looks quite believable
littlewoods_email

The website if you follow the link looks exactly like the real Littlwoods shopping site Account sign in page EXCEPT that the real Littlewwoods or ALL reputable shopping sites will have a Padlock icon and the  site address will start with HTTPS and the address bar will turn green to show that you are on a secure site

This screenshot shows the fake site and I have blanked out the address for safety reasons
littlewoods_web

These show how a genuine site will appear in Internet Explorer 8 on left and Firefox on right. Both show the padlock icon and a green safe address bar. A genuine shopping site will always start HTTPS to show a secure site when you are asked to put in any details. The front page of the site might be a normal http:
Unfortunately a lot of well known shopping sites haven’t yet signed up to the Extended Valuation green bar very secure system yet so watch for the closed padlock and HTTPS in the address bar to show a secure site. In Firefox browser the closed padlock is on the bottom right hand corner of the page, not in the browser address bar

littlewoods_IE real_littlewoods

I strongly recommend using ROBOFORM which keeps all passwords in a secure encrypted database that only you (not a keylogger or malware) can access and use it to create safe secure passwords

RoboForm: Learn more...

Share
Tags: , , ,

WOW wowmatrix keylogger

By derek | Filed in Exploits, games, Malware, Phishing, Privacy, Rogue Software, scams, Warnings and Alerts


I was notified of a google advert for a fake wowmatrix site. The original genuine wowmatrix is seen by many games players as not completely within the rules of the games
Wowmatrix is an addon that makes it easier to update and install other tweaks and addons to your game. Obviously using a fake version that downloads false addons & tweaks and installs them leaves you open to a lot of problems.

The advert on google looks like a search listing and it is only apparant that it is a sponsored listing or advert on close inspection

wowmatrix Read the remainder of this entry »

Share
Tags: , , , , , ,

Microsoft Lottery Spam

By derek | Filed in Exploits, Malware, microsoft, Phishing, Privacy, scams, spam, Warnings and Alerts

We seem to have a new batch of the Microsoft lottery spam emails again

These have a @live.com email address with what at first glance looks like it could be a proper microsoft or MSN email address ( they of course are not genuine Microsoft or associated with Microsoft in any way)

DO NOT fall for the scam & try to ring the 070240****** number . it is a premium rate number that will have along recorded message on it and cost you £0.50 per minute

You won’t get any money from these scammers but they will get money from you

I have blanked out the full email address and phone number from the image to save the unwary

MSlotteryscam

RoboForm: Learn more...
Share
Tags: , , ,

Microsoft Security Advisory 977544 vulnerability affecting SMB Protocol

By derek | Filed in browser, Exploits, Malware, microsoft, Warnings and Alerts

Microsoft Security Advisory 977544 Released

Today Microsoft released Security Advisory 977544 to provide information, including customer guidance, on a publicly reported Denial-of-Service (DoS) vulnerability affecting Server Messaging Block (SMB) Protocol. This vulnerability, in SMBv1 and SMBv2, affects  Windows 7 and Windows Server 2008 R2. Windows Vista, Windows Server 2008, Windows XP, Windows Server 2003 and Windows 2000 are not affected.

It needs to be made  clear that this is a DoS vulnerability that is unrelated to Microsoft Security Bulletin MS09-050 which addressed a remote code execution vulnerability in the SMBv2 protocol. This vulnerability would not allow an attacker to take control or install malware on a user’s system, but could cause the affected system to stop responding until manually restarted.

http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx

Share

Phishing

By derek | Filed in Exploits, Malware, Phishing, Privacy

I mentioned previously HERE that the criminals doing these phishing attacks are changing tactics to make it harder for the antiphishing measures to block them

We are seeing many more phishing attempts using the same technique of sending an HTML page as an attachment to an email and asking you, the victim, to fill in the form

Many people are falling for this, even more than those who click on  link in an email. Read the remainder of this entry »

Share

Sun Java Runtime Environment Multiple Vulnerabilities

By derek | Filed in browser, Exploits, firefox, Java, microsoft, mozilla, updates, Warnings and Alerts

Sun Java Runtime Environment Multiple Vulnerabilities
Affected:
JDK and JRE 6 Update 16 and earlier
JDK and JRE 5.0 Update 21 and earlier
SDK and JRE 1.4.2_23 and earlier
SDK and JRE 1.3.1_26 and earlier

Description: Sun’s implementation of the Java Runtime Environment (JRE) and Java Web Start contains multiple vulnerabilities. A specially crafted Java application, an audio or image file or an applet could trigger one of these vulnerabilities, with consequences ranging from arbitrary code execution with the privileges of the current user to denials-of-service and security restriction bypass. Note that, depending upon configuration, Java applets embedded in web pages may be opened automatically upon the loading of the page. One of the error is that the update mechanism does not update JRE to the new version when running on non-English Windows versions. There are errors in decoding DER encoded data and the parsing of HTTP headers which might lead to memory exhaustion. There is an authentication bypass vulnerability in JRE while verifying HMAC digests. Multiple buffer overflow and integer overflow vulnerabilities have been reported in JRE while processing specially crafted audio and image files. There is a command execution vulnerability in JRE which could be triggered by a specially crafted web page. There is a flaw in the implementation of security model permissions in the Java Web Start Installer. Some technical details for some of these vulnerabilities are publicly available.

Status: Vendor not confirmed, no updates available. [edit] Updates are available

References:
Zero Day Initiative Advisories
http://www.zerodayinitiative.com/advisories/ZDI-09-076
http://www.zerodayinitiative.com/advisories/ZDI-09-077
 http://www.zerodayinitiative.com/advisories/ZDI-09-078
http://www.zerodayinitiative.com/advisories/ZDI-09-079
http://www.zerodayinitiative.com/advisories/ZDI-09-080
Sun Security Advisories
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270475-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269870-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1
Product Home Page
http://java.sun.com
SecurityFocus BID
http://www.securityfocus.com/bid/36881

for this DO NOT rely on check for updates in JAVA control panel BUT go to http://java.com/en/download/ie_manual.jsp?locale=en&host=java.com:80

if you have a 64 bit version of windows, you need to install the standard 32 bit version AND the 64 bit version http://java.com/en/download/manual.jsp

Share

Adobe Shockwave Player Multiple Vulnerabilities

By derek | Filed in adobe, browser, Exploits, Malware, updates, Warnings and Alerts

 Affected: Adobe Shockwave Player versions 11.x

Description: Adobe Shockwave Player, with over 450 million users, is a multimedia player that allows Adobe Director applications to be published and viewed by a browser that is installed with a Shockwave plug-in.

 Multiple vulnerabilities have been reported in Adobe Shockwave Player, which be triggered by a specially crafted Shockwave content.  There is a error in the way the invalid index is used.  There are also a couple of issues caused by the inappropriate use of the invalid pointer.  And the last issue is a memory corruption error when processing string lengths.

 In all the cases successful exploitation might allow an attacker to execute arbitrary code in the context of the logged on user.

There is not enough public information about these vulnerabilities.

Status: Vendor confirmed, updates available.

References:

 Adobe Security Bulletin (APSB09-16)  http://www.adobe.com/support/security/bulletins/apsb09-16.html

Wikipedia Article on Adobe Shockwave  http://en.wikipedia.org/wiki/

Adobe_Shockwave Product Home Page  http://www.adobe.com/products/shockwaveplayer/

 SecurityFocus BID http://www.securityfocus.com/bid/36905

Adobe recommends Shockwave Player users install Shockwave Player version 11.5.2.602 available here: http://get.adobe.com/shockwave/
Remember: You need to install shockwave in Every Browser you use separately, if you wish to use it in your browser

Share