Not so long ago, examples of fake Firefox websites / downloads were in the news with the sites involved serving Hotbar installs. It seems the tactic of offering up Firefox (but giving you something else entirely) is going to be around for a little while. Below is a site promoting a Firefox .xpi called “The Dislike Button”, designed to let you add an “I dislike this” note to Facebook posts: ...
Mozilla Foundation has released version 3.6.2 of its Firefox browser a week early. The group had said the update would be available March 30. The update fixes a widely reported vulnerability (CVE-2010-1028) that prompted Germany’s CERT to advise Web users to switch to another browser until a fix was made. (My blog post “Germany’s CERT warns against Firefox use” ) Intevydis researcher Evgeny Legerov had found that Wide Open Font Format decoder in Firefox had an integer overflow in its font decompression mechanism. The flaw involved a memory buffer that was too small to handle a downloadable font. Legerov had found that exploiting the vulnerability could crash a victim’s browser making it possible to run arbitrary code on the system. ...
Älypää, a popular Finnish game and quiz site, announced a database breach late last night. Over 127,000 account names and passwords were leaked. The site has currently suspended access and doesn’t maintain any personal details but Älypää users should determine whether or not they recycle their passwords elsewhere. If so, those accounts are at risk of being hacked. CERT-FI guidelines can be found here. Here’s a list of the top 20 domains on the list: ...
We found this interesting and malicious little mechanism. The hosts file on a machine under investigation was modified to redirect the victim’s browser to a well known legitimate site (in this case google.com) whenever he attempted to contact a list of nearly 400 sites. The list was a “Who’s Who” of the anti-malware world – most places where someone with an infected machine would go to get help. The altered hosts file he found contained many lines beginning with ‘#’ followed by gibberish. These would be seen as comments by any browser and ignored. Concealed among the commented lines are lines containing the domain name redirections. When the commented lines are stripped, we find all the listed security related websites being redirected to “209.85.129.99” which is the IP address for google.com. ...
Recently, Opera team submitted its Opera mini app to Apple for inclusion in iTunes app store. It may take quite some time for the opera app to be approved. Till then you can see below the official screenshots of Opera Mini running on iPhone.
For the current vulnerability in Internet Explorer 6 and 7 which already gets actively exploited on the net, Microsoft is already testing a patch. The company is still considering whether to release the patch on the regular Patchday or out-of-band. Meanwhile, a “Fix-it”-solution is available. With some registry changes the affected peers factory in iepeers.dll gets disabled by a mouse click. You can download it from Microsoft’s knowledgebase.
We previously reported a phishing attack on the Indian Income Tax Department. Phishing emails boasting of tax refunds were sent to users in an attempt to entice citizens to enter their credentials on a bogus website. Recently, new attacks have been observed in which the phishing website states that taxes can be paid online. As the fiscal year in India draws to an end, more people are rushing to pay taxes before the deadline. ...
Hi folks, One of our researchers recently discovered that the Liberty exploit kit included a fairly new exploit from November 2009 … http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3867 . The fact that there was something fairly new in terms of exploits was interesting to start with, but then we looked at the text on the exploit page…. Lehman Brothers?! Coffee Party??!! Holy Activists, Batman!!! It’s politically motivated!!!! Then we looked at the stats page (all these toolkits come with a sophisticated admin page), and saw that the top referrer was ad.yieldmanager.com! Holy Advertisers, Batman! Activists who know how to use exploit kits, _and_ the ad network!!! ...
Yesterday there was a volcanic eruption in Iceland, near the Eyjafjallajoekull glacier, that has led the Icelandic authorities to declare a state of emergency in southern Iceland. People living nearby have been evacuated in case of glacial melt water flooding and the airspace near the now active volcano is effectively closed off. As you have probably already guessed, any event which commands a high level of public interest will be pounced on quickly by the makers of fake antivirus software in order to make a quick buck. This incident is no exception. ...
Generally speaking, most website defacements I see tend to look the same with political activist Y decrying political activist Z, or leet hax0rs posting up a mile-long shoutout list to their crew. This one is, er, a little different – a defacement of what appears to have been a site involved in fish logistics and / or preservation, fish2see(dot)dk. I can only imagine the horror on the face of the site admin who woke up this morning to be confronted by this: ...