Today, our friends at Trend Micro blogged about a new attack vector using Microsoft Word documents. We saw this as well last week, and have written a detection for the dropped trojan. It’s not just a “lawsuit” that’s being spammed, we also picked up another form of this attack in our honeypots over the weekend: When you open the Word document, you see a “PDF”, but it’s actually not. It’s a JPG, which links to an executable. ...
Have you ever wanted to quickly send a file to a friend who’s online? Now you can share pictures, documents and other files directly with your friends while chatting in iGoogle and orkut, without having to switch to email to send the file as an attachment. File transfer works directly in the browser so you don’t need to install anything. Just start a conversation with a friend and click “Send a file…” in the “Actions” menu. After you select a file, your friend will be asked if they want to accept the transfer. You can learn more on the Google Talkabout Blog. ...
Using a Firefox 3.0 add-on created by developers in Hong Kong, Betanews was able to briefly establish a connection with the Internet via a proxy based in mainland China. With that proxy, we were able to confirm that searches performed using Google’s Hong Kong-based page were effectively blocked. Firefox 3.0 reported the blockage with this message: “The connection to the server was reset while the page was loading” — a message from the browser, not from an ISP. We used version 3.0.16 of Firefox (an older edition) because it is the only version compatible with China Channel, a tool made for the express purpose of testing China’s filtering ability. It has not been upgraded for version 3.6. ...
We’ve been seeing Fake AV programs getting more convincing for a while now. Some of the tricks employed by the guys behind these rogue programs include Windows-7-style fake scanners, in-browser “scanners”, and program features that ape other aspects of the operating system. Yesterday, though, we came across a misleading application called AntiVirusDemoFraud that is—how to say?—possibly a little less sophisticated than some in terms of user interface design. ...
Does a Facebook-specific antivirus application sound like a good idea? Maybe not. One of our analysts saw this particular application claiming to be an antivirus wreak havoc on his Friends list. Of course, there is no such thing. Once installed on one Friend’s account, this application tags 20 Friend into a picture such as the one below: If a Friend looking through the photos then clicks on the app’s (apparently randomly generated) link, they’ll see this: ...
Microsoft said today it will issue an out-of-band patch tomorrow for a vulnerability in Internet Explorer 6 and 7 that is being actively exploited. “The vulnerability exists due to an invalid pointer reference being used within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution,” Microsoft said in its Security Advisory 981374 earlier this month. ...
Could the manufacturers of DVD players (no, not just Blu-ray, but the original DVDs) owe back royalties to Alcatel-Lucent for the use of patented technology by way of the MPEG-2 codec? The MPEG Licensing Authority had asserted that Alcatel may have structured its 2006 merger with Lucent in such a way that it could hide up to five patents in a special trust, and spring their overdue royalties on the video industry long after DVDs already began the march to obsolescence. ...
Last month, Microsoft sent flowers to a mock funeral for Internet Explorer 6, in a show of support for the ideal that the old browser should be declared defunct worldwide. But for a few years yet, the company is still bound to support the product for those users (generally businesses) who refuse to upgrade it. That’s why new exploits that continue to target old browsers, such as IE6 and IE7, continue to get attention even a full year after the proper security fix — IE8 — has been deployed. ...
A few of days ago, we encountered an e-mail with a malicious RTF attachment. It was sent with a supposed lawsuit notification message. The e-mail didn’t mention any company by name and took a shotgun, rather than targeted, approach. Today, a security blogger forwarded us (and others) his version of the e-mail: At this point, it appears that the attachment has been replaced by hyperlink pointing to the Marcus Law Center. ...
Who wouldn’t want some tax benefits in the current economic times? Don’t phishers and scammers know that all too well! In a new phishing scheme, We found that Child Tax Credit is being used as bait to lure parents to disclose their financial data. This attack specifically tries to convince users to make claims for credit and lower their tax burden by using their children’s education expenses. According to the Internal Revenue Service (IRS) website [PDF], taxpayers may be able to reduce their federal income tax by up to $1,000 for each qualifying child. Making use of this information, spam email discusses the expensive education of children and quickly advises recipients to use this expense to make claims for tax credits under the numerous tax benefits provided by the IRS. They make a further appeal that as a U.S. citizen or resident, recipients should apply for their tax returns. According to the email, users can get a tax refund of $75,000 for their children’s education. To apply for a refund, users need to complete a form attached to the email message. The fraudulent email has an HTML attachment named “#1924819299.pdf.htm”. ...