-
Archive for February, 2008
- Feb 16th, 2008
-
How to Remove Win32 AutoRun Worm - Funny UST Scandal - XMSS.exe
Yesterday I got a new type of “Stupid Worm” hidding in background as xmss.exe. It copied itself on Local disk and Windows Directory (%Windir%). Terminated “Windows Task Manager”, Windows Command Prompt (DOS-Prompt) & crashed System Internal Process Explorer (procxp.exe).Its not a funny video
According to McAfee, this worm is known as W32/Autorun.worm.g.
It can propagate itself over removable media and network drives and cause execution of malicious code via an autorun.inf file.
- Feb 14th, 2008
-
Blackhat SEO Spammer targeting High PR WordPress Blog
I’ve been monitoring mattheaton.com “wordpress.net.in goro spam injections” for this past few months. Noticeably, the blackhat spamming method is changing dramatically. For those who are still unaware of Wordpress Goro Spam please read my earlier post → Wordpress.net.in Spam injection& Gaming Bluehost & Hostmonster CEO’s Blog.thinkingphp.org (PR6) & jensfrake.com (PR7) has been hijacked by “Wordpress Blackhat SEO Spammer” for this month. Both sites were running on WordPress 2.3.2.
By now the <div id=”goro”> signature has been replaced with “Inline CSS” wrapper.
Cloacking Check on Mattheaton.com
- Normal Browser
- 32,246 characters - mattheaton-com-source.txt
- Google bot
- 34,646 characters - mattheaton-com-googlebot-source.txt
- Difference
- 2,400 characters
- Feb 11th, 2008
-
Google Toolbar 5 βeta
Google Toolbar 5 (βeta) is out. You can download it at toolbar.google.com/T5/. Whats New
- Custom Button and new Google Gadgets Support
- Smart suggestion for navigation error (ie: 400 - 500 error)
- Google Notebook Integration - save notes and image
- Improved Autofill
Check out the Google Toolbar 5 (beta) youtube videos ↓
(more…) - Feb 10th, 2008
-
Firefox 2.0.0.12 Information Leak Vulnerability
We are going to see Firefox 2.0.0.13 probably by end of this week. Check out this directory transversal code using view-sources: & resource: scheme
view-source:resource:///
translate to file:///C:/Program%20Files/Mozilla%20Firefox/You can read/include firefox pref settings with this code. <script src=”view-source:resource:///greprefs/all.js”></script>
Workaround
Install No-script Add-ons.
- Feb 9th, 2008
-
Adobe Acrobat, Acrobat 3D & Reader Multiple Vulnerabilities
A JavaScript Buffer Overflow in Adobe Acrobat, Acrobat 3D & Reader allowed remote attacker to execute arbitrary code. The code will run with the privileges of the target user opening the PDF document. Excerpt from iDefense Public Advisory;
Adobe Reader and Acrobat implement a version of JavaScript in the EScript.api plug-in which is based on the reference implementation used in Mozilla products. One of the methods exposed allows direct control over low level features of the object, which in turn allows execution of arbitrary code.
Workaround
Disabled Adobe Reader & Acrobat JavaScript. Perform Update ↓
Update -Adobe Acrobat & Reader version 8.1.2
Adobe released version 8.1.2 of Adobe Reader, Acrobat & Acrobat 3D to address
these vulnerabilities.- Adobe Reader 7 and 8 users update to Adobe Reader 8.1.2
- Acrobat 8 users on Windows update to Acrobat 8.1.2
- Acrobat 8 users on Macintosh update to Acrobat 8.1.2
- Acrobat 3D version 8 users on Windows update to Acrobat 3D version 8.1.2
These vulnerabilities were discovered by Greg MacManus of VeriSign iDefense Labs.
