TechBlog

H-Online: Users of Windows XP are reporting more problems with recent automatic updates. Three security updates for .NET Framework 2.0 and 3.5 are at the center of the problem, labeled as patches KB2518664, KB2572073 and KB2633880 in Windows XP’s automatic update feature. On affected systems, the installation of these patches proceeds without error but after a short time, the update service says it would like to install them again and will keep reinstalling the patches if allowed. Microsoft’s general advice in this situation is to reset Windows Update components, though it has yet to offer any specific advice. It is interesting to note that the three patches in question were not released on Microsoft’s official patch day.

H-Online: A new type of phishing strategy, which aims to trick unsuspecting users into installing a trojan by pretending to be an account cancellation request from Facebook, has been discovered by Sophos. The email messages link to a third party application on the site that will install a Java applet and then prompt the user to update their Flash player, but will actually deliver the trojan malware. The email messages that are sent out claim to be from Facebook and state: “We are sending you this email to inform you that we have received an account cancellation request from you.” However, Facebook never sends such account cancellation confirmation messages via email. Users who want to cancel their Facebook account can do so by visiting facebook.com/deactivate.php to deactivate their account; they may later delete it after a cool down period has passed. ...

GFI Wrote: In September, our friends at Sophos wrote about a fake BBC website offering up the “chance” to work from home for predictably large sums of money. No more than a day later, we were covering fake BBC video posts targeting Facebook users. Today we’re looking at a fake BBC URL which drops the end-user onto a “work from home and earn $10,000+ a month” fake news site, but not before it’s attempted to load up the PC with malware via a rather nasty collection of exploits. The URL in question is bbcmoneynews(dot)com: ...

ISC Diary: There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port. Since there is no patch available for this vulnerability yet, you might want to do the following: Block any file upload function in your php applications to avoid risks of exploit code execution. Use your IPS to filter known shellcodes like the ones included in metasploit. Keep PHP in the current available version, so you can know that you are not a possible target for any other vulnerability like CVE-2012-2336 registered at the beginning of the month. Use your HIPS to block any possible buffer overflow in your system. Source: http://isc.sans.edu

theregister.co.uk wrote: A Brit who distributed a Trojan horse that posed as a patch for popular shoot-em-up game_Call of Duty_ has been jailed for 18 months. Lewys Martin, 20, of Deal in Kent, used the malware to harvest bank login credentials, credit card details and internet passwords from the compromised Windows PCs of his victims. Martin then apparently laundered the credentials via underground cybercrime forums, earning $5 or less for every credential, directing proceeds of his criminal activity towards an offshore account in Costa Rica, funds which remain beyond the reach of UK police. ...

File-sharing website The Pirate Bay (TPB) has been hit by a Distributed Denial of Service (DDoS) attack. The site has been largely inaccessible for the last 24 hours, and the service is intermittent in the UK. The Pirate Bay has confirmed the attack on its Facebook page, saying that it did not know who was behind it, although it “had its suspicions”. A provider of DDoS defense systems said that it was unlikely that the attack came from hacking group Anonymous. ...

The H-Online: Avira says that it has resolved the problems caused by a Service Pack that was released for its Windows products earlier this week. Users are advised to trigger a manual update to download the fix. Once installed, the update should prevent the program from blocking legitimate Windows applications on systems running Avira. On Monday, Avira released “Service Pack 0” for all of its Windows products. Once the update was installed, the “ProActiv” behavioral monitoring component in Avira Antivirus Premium 2012 and Avira Internet Security 2012 blocked the execution of essential programs and trusted system processes. For example, ProActiv blocked the Windows registry editor (regedit.exe) and the task scheduler (taskeng.exe). ...

The H-Online: Version 7.7.2 of QuickTime for Windows has been released to address a total of 17 security vulnerabilities in the media player. According to Apple, these include integer, stack and buffer overflows, as well as memory corruption issues, all of which could be could exploited by an attacker to crash the application or execute arbitrary code on a victim’s system. For an attack to be successful, a user must first open a malicious web site or a specially crafted file. ...

The H-Online: RealNetworks is warning users about multiple security vulnerabilities in its RealPlayer media player application for Windows; the company says that none of the, now fixed, holes are known to have been used to compromise systems. The released update, version 15.0.4.53 of RealPlayer, closes three security holes. One hole is related to ASM RuleBook parsing that could be exploited by an attacker to remotely execute arbitrary code, another is a memory corruption problem related to MP4 file handling in the QuickTime plugin used by RealPlayer, and the third is a buffer overrun in the Media parser. ...

The H-Online: Google has announced that Chrome 19 is the new stable version of its open source based web browser. As usual, the browser sees a number of security fixes: this time there are seven high-severity fixes specifically for Chrome including various use-after-free and out-of-bounds errors. Two fixes with a wider impact than Chrome are also mentioned – a workaround for a Linux NVIDIA driver bug and an “off-by-one out-of-bounds” write in libxml. In all, $7500 was paid out in rewards to security researchers, and Google notes it has also paid out $9000 to researchers to stamp out bugs before they reached its stable channel. ...