TechBlog

Recently, We received some malicious files which appeared to be signed by “Adobe Systems Incorporated”. On closer inspection, however, it was seen that the signature was just a ruse used by the malware author to give an air of legitimacy to the files. Virus writers are getting smarter and going that extra mile to digitally sign their files. Using this technique the malware authors could, for example, penetrate an environment where only signed files are allowed but the authenticity of the signature is not checked. ...

Just when we thought SEO using Flash was as interesting as SEO poisoning can get, it seems it’s getting even sneakier… Imagine a PDF file posted by someone evil online. Of course, Google being Google, the file is recognized as a PDF. And when we open it, it really is a PDF. No evil codes inside, just a good old vanilla PDF file. Three hours later… Google still says the file is a PDF. Brod (one of our geeky guys here) is attributing this to Google’s cache. ...

Microsoft has issued an advance notification for Patch Tuesday next week. The company said it expects to issue two patches, one for Windows and one for Office. Both are intended to patch vulnerabilities that could allow remote code execution and both are rated “important.” Microsoft Security Bulletin Advance Notification for March 2010 here.

This morning while I was enjoying my coffee I received an event notification for my personal Facebook account. It was for a group called “See Who’s Spying On Your Profile – GET NOTIFIED -”. and “See Everyone Who Views Your Profile”. Immediately, my security hat went on and I started to investigate. At first glace, they are both pyramid schemes. In both, you become a fan, then you have to suggest the page to 50 of your friends to move onto the next stage. From there the tactics diverge slightly. In the first one, you need to take a marketing quiz that asks for all sorts of personal info, and you need to put in your Facebook username and password, so they can “monitor” your profile. AND you have to provide them with your mobile number. Now wait a minute… why would they need my mobile number? ...

As we have commented before when content served up from adservers is compromised, the effects can be far reaching, potentially exposing huge numbers of victims to the malicious code as they innocently browse legitimate sites. The problem is further complicated by the fact that legitimate ad content is often heavily obfuscated, in order to evade ad-blocking technology. During the latter half of this week we have seen a whole batch of compromised adservers injected with malicious JavaScript to silently load malicious content from a remote site. A significant number of popular sites that load ads content from these servers have therefore been affected by this attack. ...

It’s official: Twitter has surpassed 10 billion tweets. While Gigatweet’s counter is down due to over-traffic., you can tell by the actual tweet ID numbers that we have crossed the magical threshold. The milestone shows that Twitter’s still growing at a rapid pace: it broke 1 billion tweets in November 2008 and 5 billion tweets just four months ago. So who was the lucky person that sent out tweet 10 billionth tweet? Tweet #10 billion apparently belongs to a protected user, as API calls won’t allow us to see that specific status update. Via @timdorr, here is Tweet #9,999,999,999 and tweet #10,000,000,001. ...

Barcode and QR code reader applications are now standard fare for smartphones and can be commonly found for free in any of the major app stores. But far less common are comprehensive services that let users make their own QR codes for free. This is why Microsoft’s TagReader, which was released in the Android Market today, is worth checking out. It’s similar to any number of barcode scanners available on the Android platform, except that it is designed to read Microsoft’s unique “Tags.” ...

Charlie Miller, the Pwn2Own contest winner for two years in a row, gives his take on Internet security. Guess what — your Mac OS is no less vulnerable than its Microsoft Windows counterpart. Windows 7 or Snow Leopard, which of these two commercial OS will be harder to hack and why? Windows 7 is slightly more difficult because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash by default). Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk at Black Hat DC showed how to get around these protections in a browser in Windows. ...

Web-based photo editing suite Picnik announced today that it has been acquired by Google for an unspecified amount that Picnik CEO Jonathan Sposato called a “very, very happy number.” The startup opened in 2005 and was chosen to be Flickr’s default photo editor in 2007 when Yahoo was introducing a host of new features to the popular photo sharing site. Long before Adobe released its Web-based version of Photoshop, Picnik was already going strong. ...

One of the issues malware writers deal with is having their programs load and execute on a victim’s computer. An unwary victim may click on an email attachment and have the malware run once. But in order to continue to be of value to the author, that piece of malware has to arrange for itself to be run after the computer inevitably gets rebooted. There are several well known ways to accomplish this task. The problem here is these methods are well known and security software know where to look. Which brings us to the topic of this blog entry. We recently came across a hacked copy of imm32.dll which is Microsoft’s Input Method Manager library. The authors inserted an extra imported library into the file’s import directory. The extra library name starts with “net” and the imported function name is randomized. ...