Archive for the browser Category

« Older Entries

Make sure your Java is up to date

By derek | Filed in browser, Exploits, Java, Malware, Security advice, updates, Warnings and Alerts

 

Public Java Exploit Amps Up Threat Level — Krebs on Security:
http://krebsonsecurity.com/2011/11/public-java-exploit-amps-up-threat-level/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29

“An exploit for a recently disclosed Java vulnerability that was previously only available for purchase in the criminal underground has now been rolled into the open source Metasploit exploit framework. Metasploit researchers say the Java attack tool has been tested to successfully deliver payloads on a variety of platforms, including the latest Windows, Mac and Linux systems.”

“The exploit attacks a vulnerability that exists in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier. If you are using Java 6 Update 29, or Java 7 Update 1, then you have the latest version that is patched against this and 19 other security threats. If you are using a vulnerable version of Java, it’s time to update. Not sure whether you have Java or what version you may be running? Check out this link, and then click the “Do I have Java?” link below the big red “Free Java Download” button. Apple issued its own update to fix this flaw and other Java bugs earlier this month.”

 

Share

Microsoft Fixit for Duqu 0 day exploit

By derek | Filed in browser, Exploits, Malware, microsoft, Phishing, Privacy, Security advice, Tips & Settings, Warnings and Alerts, Windows

Temporary fixit & workaround for 0 day exploit relating to duqu malware

Fixit & unfixit here http://support.microsoft.com/kb/2639658

Advisory with manual “fixes”  http://technet.microsoft.com/en-us/security/advisory/2639658

My considered advice is that you won’t need it and you should wait until Microsoft issue a full patch
So far all attacks have been directly targetted against specific companies or Government departments,  That might change as the skiddies get hold of the exploit

Using the fixit might make some applications/ word docs  or websites not display correctly ( or even at all )  if they use embedded True type fonts & they haven’t been set to gracefully fall back on standard system fonts

If we start to see general attacks, then I will update this & suggest using the fixit

An additional workaround to prevent Websites attacking you by using embedded fonts is to set Internet Explorer font downloads to prompt instead of allow . That way you at least get an alert if a font is being downloaded and you can make an educated opinion as to whether it is likely to be malicious

  • Open Internet Explorer
  • On the Tools menu, click Options and then click the Security tab.
  • Select Custom and click Settings.
  • Scroll to the Downloads section.
  • Change the Font Download setting from  Enable to Prompt
RoboForm: Learn more...
Share

Fake Firefox update

By derek | Filed in browser, firefox, mozilla, spam

Lots of spam emails circulating with following content

New update arrive.

Your security is our top priority. Our open source security process means we have an international community of experts working around the clock to monitor the latest threats. As soon as a security threat is discovered, we write a patch and release an update to stay one step ahead. Downloading Firefox updates is a very important part of staying safe online. Firefox is constantly evolving as our community finds ways to make it better, and as we adjust to the latest security threats. Keeping your Firefox up-to-date is the best way to make sure that you are using the smartest, fastest and . most importantly . safest version of Firefox available. A Firefox update will not make any changes to your bookmarks, saved passwords or other settings. However, there is a possibility that some of your Add-ons won.t be immediately compatible with new updates. Re-installing Firefox will not affect your settings, bookmarks or preferences in any way. A Firefox software update is a quick download of small amounts of new code to your existing Firefox browser. These small patches can contain security fixes or other little changes to the browser to ensure that you are using the best version of Firefox available. Update in a click : firefox-7.0.1

needless to say the download is a trojan, identified by several antiviruses as carpberb and by others as Z-bot Please don’t fall for it Firefox 7 isn’t out yet, although it will be soon

Share

June 2011 Adobe updates

By derek | Filed in adobe, browser, Exploits, Malware, Privacy, updates, Warnings and Alerts

As if you needed more updates this week…

APSB11-16 – Security Advisory for Adobe Reader (v10.1) and Acrobat (v10.1 et al.)
http://www.adobe.com/support/security/bulletins/apsb11-16.html

APSB11-17 – Security Update Available for Adobe Shockwave Player v11.6.0.626
http://www.adobe.com/support/security/bulletins/apsb11-17.html

APSB11-18 – [Yes, yet another] Security update available for Adobe Flash  Player (v10.3.181.26)
http://www.adobe.com/support/security/bulletins/apsb11-18.html

Share

Another new URGENT Adobe flash security update

By derek | Filed in adobe, Apple, browser, Chrome, Exploits, firefox, Malware, microsoft, mozilla, updates, Warnings and Alerts

http://www.adobe.com/support/security/bulletins/apsb11-13.html
An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android. This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.
Adobe recommends users of Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.22 (10.3.181.23 for ActiveX). Adobe expects to make available an update for Flash Player 10.3.185.22 for Android during the week of June 6, 2011.

Adobe is still investigating the impact to the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions of Adobe Reader and Acrobat for Windows and Macintosh operating systems. Adobe is not aware of any attacks targeting Adobe Reader or Acrobat in the wild.

RoboForm: Learn more...
Share

Cybercriminals Hoping You’ll Bite iPhone 5 Bait

By derek | Filed in Apple, browser, Exploits, Iphone, Malware, Phishing, Rogue Software, scams, Warnings and Alerts

Online criminals know there are enough gadget hounds out there to make a scam surrounding any shiny new Apple device a surefire moneymaker. To that end, they’ve already begun sending out phishing emails for the iPhone 5.

The phishing emails appear to be official emails from Apple.com, with the title “Finally. The amazing iPhone 5. Now available in black edition.” The body of the message shows a hand holding a transparent iPhone, followed by an enticing offer to “check it out,” according to MacRumors.

Although there’s been much speculation about the next generation iPhone, Apple has not set a release date for it. In fact, Apple hasn’t even announced it yet, but that isn’t stopping this cleverly crafted Mac-themed scam from spreading.

So what are you checking out when you click the link to see the new iPhone 5?

You won’t receive any info about the smartphone, but you will enable a rigged Windows file to run malicious code on your computer. And you’ll also be taken to a phony Apple Web page that asks for your Apple ID and other sensitive information.

Apple announces new products, especially ones of this magnitude, in highly publicized press conferences. So if you receive an unsolicited email purporting to have information about the new iPhone 5, ignore it, DELETE IT WITHOUT EVEN READING IT.

story from: http://www.securitynewsdaily.com/cybercriminals-hoping-youll-bite-iphone-5-bait-0813/

This malware is quite well detected by many antivirus companies, but not all. It is a fairly standard Zapchast IRC trojan that will attempt to download lots of other crap & malware to your computer.

It also appears to try to  perform a DDOS flood attack against several other competing Mirc users and channels to block their channels, so no doubt will turn out to be connected to the typical fake AV scams and stealing your money

Share
Tags: , , , , , ,

Microsoft is aware of nine fraudulent digital certificates issued by Comodo

By derek | Filed in browser, Exploits, firefox, Malware, microsoft, mozilla, Phishing, Privacy, Rogue Software, scams, Skype, updates, Warnings and Alerts

The full advisory can be found on the Web at: http://www.microsoft.com/technet/security/advisory/2524375.mspx.

===========================
SUMMARY
===========================
Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.

Certificates for the following Web properties are affected:

• login.live.com
• mail.google.com
•www.google.com
• login.yahoo.com (3 certificates)
• login.skype.com
• addons.mozilla.org
• “Global Trustee”

Comodo has revoked these certificates, and they are listed in Comodo’s current Certificate Revocation List (CRL). In addition, browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used.

An update is available for all supported versions of Windows to help address this issue. For more information about this update, see Microsoft Knowledge Base Article 2524375 (http://support.microsoft.com/kb/2524375).

Typically, no action is required of customers to install this update, because the majority of customers have automatic updating enabled and this update will be downloaded and installed automatically. For more information, including how to manually install this update, see the Suggested Actions section of this advisory.

===========================
RECOMMENDATIONS
===========================
Review Microsoft Security Advisory 2524375 for an overview of the issue, details on affected components, suggested actions, frequently asked questions (FAQ), and links to additional resources. MSRA Security Partners who are experiencing issues believed to be related to the issues described in this advisory should contact us via e-mail or by calling 888-HELPSEC with your custom Access ID.

===========================
ADDITIONAL RESOURCES
===========================
• Microsoft Security Advisory 2524375 – Fraudulent Digital Certificates Could Allow Spoofing –http://www.microsoft.com/technet/security/advisory/2524375.mspx

• Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc

More details on Comodo blog

Share

The problem with the Prefetch function in Firefox and Chrome

By derek | Filed in browser, Chrome, Exploits, firefox, Privacy, Warnings and Alerts

Did you know that Firefox and Chrome both have a feature that fetches pages and links that it thinks you might be going to click on? This can slow down your computer and browsing dramatically. The majority of problems come up when using a search engine, particularly Google with its “preview function”.
The pre-fetch function in these browsers silently loads every link in the background and caches ( stores) the pages in your internet temporary files folder used by Firefox or Chrome. So far Internet Explorer has resisted the temptation to do this.
It also has another major problem when using security software that blocks dangerous or known malicious IP numbers or web addresses. You either get constant alerts about malicious pages attempting to infiltrate your computer or pop up warnings saying xxxx address or IP number has been blocked. Some security softwares will block you from the original page that you are attempting to visit because of the preloaded link to a potentially malicious site, that can lead to major problems with search engines. In 99% of the time, you have absolutely no intention of ever visisting that site, it is just Firefox or Chrome being helpful and preloading the pages for you Read the remainder of this entry »

Share
Tags: , , , ,

Beware of New year e-cards

By derek | Filed in browser, Exploits, Malware, microsoft, mozilla, Phishing, Rogue Software, scams, spam, Warnings and Alerts

Please avoid all untrusted Happy New Year e-card links. The Shadowserver Foundation is warning of a new malicious and advanced botnet that has just been discovered and ressembles the Storm Worm designs.

New Fast Flux Botnet for the Holidays: Could it be Storm Worm 3.0/Waledac 2.0?
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20101230
Those of us here at Shadowserver hope you’re having a wonderful holiday season and are ready to bring in the new year. We were trying to relax and enjoy relatively quiet times until we noticed a new spam campaign that recently started. At first it looked like your regular old holiday e-card scams that have been around for years.

However, upon closer inspection it looks like we could be dealing with the next generation of Storm Worm or Waledac. If you consider Waledac to be Storm Worm 2.0, this looks like it could be version 3.0 or at least Waledac 2.0. There are no real version numbers of course, but we don’t have anything else to call it yet. What’s it involve you ask?

CHARACTERISTICS OF NEW BOTNET

Well here’s the list of what we’ve seen so far:

* Large scale Spam campaigns sending out e-mails with links
* New malicious domains that are fast flux! (TTL of 0 and name servers that frequently update IPs)
* Links are to several hacked websites hosting HTML pages that refresh to new malicious domains
* Links are also directly to new malicious domains
* Malicious domains hosting links to fake flash player and refreshes to exploit pages
* Malware installs that begin beaching to several hosts over HTTP (what we dubbed HTTP2p with Waledac)
* Malware that’s been updated to look a bit more like legitimate than past variants
* A very buggy network that is not often available (upstream devices not available)
* Changing/Updated binaries

AVOID THESE E-CARD MESSAGES:

Let’s start with the Spam Campaign. We’ve seen a multitude of subject lines and bodies. Below you’ll find a list of subjects we’ve seen and an example e-mail message. These are coming from all over the Internet with spoofed sender addresses.

Greeting for you!
Greeting you with heartiest New Year wishes
Greetings to You
Happy New Year greetings e-card is waiting for you
Happy New Year greetings for you
Happy New Year greetings from your friend
Have a happy and colorful New Year!
l want to share Greeting with you
New Year 2011 greetings for you
You have a greeting card
You have a New Year Greeting!
You have received a greetings card
You’ve got a Happy New Year Greeting Card!

Share
Tags: , , , , , ,

List of public DNS services

By derek | Filed in browser, Malware, Phishing, Privacy, Uncategorized

Until fairly recently, nobody bothered with changing their DNS server. Everybody used the ones provided by their ISP. Today, there are several providers worldwide that provide free public DNS service with additional features like  blocking known malware sites,  blocking known phishing sites, parental controls and some even say that their services are quicker and more  reliable.

Here are a  few of the  better known and more reliable ones . It's up to you to choose the one that has the  features or protection that you want.

You will  find instructions on  how to change DNS addresses on their webpages.

OpenDNS
208.67.222.222
208.67.220.220

Google Public DNS
8.8.8.8
8.8.4.4

Norton DNS (Symantec Corporation)
198.153.192.1
198.153.194.1

ScrubIT (ScrubDNS Inc.)
67.138.54.100
207.225.209.66

DNS Advantage (Neustar Inc)
156.154.70.1
156.154.71.1

Comodo Secure DNS (Comodo Security Solutions Inc.)
156.154.70.22
156.154.71.22

Share
Tags: , , , ,