H-Online: It’s a record for Microsoft: 9 critical and 8 important updates close a total of 64 security holes. In the worst case, a number of the vulnerabilities allow for remote code execution; in other words, arbitrary code can be injected and executed, such as from specially crafted documents and websites. Microsoft put 44 of them in the category Exploitability Index 1, meaning that the code that exploits the flaw will probably go into circulation soon. ...
H-Online: In a post on their home page, the Flock developers have announced that support for their Chromium-based social web browser will officially be discontinued on 26 April 2011. Thanking their “loyal users” for their support, the developers encourage the Flock community to migrate to another browser. Flock began life as a cross-platform browser start-up in April 2005. Distinguishing itself from other browsers, Flock automatically managed updates and media from several popular social services, including MySpace, Facebook, Bebo, Digg, YouTube and Twitter. ...
SophosLabs: Are you in the habit of having complete strangers email you naked pictures of themselves? That’s the only reason I can think of that you can legitimately explain why your computer has been infected by the latest malware attack that has been spammed out around the world. Users are seeing messages in their inbox, which attempt to trick recipients into opening the attached file with the promise of a nude photo. ...
Mozilla Links: Mozilla has announced that it will release the first update for Firefox 4 on April 26, about a month after the original release, back in March 22. New with this release is that Mozilla will start using code names (somehow related to the main branch codename, in this case Tumucumaque) for udpates as well, as a way to help developers that follow Firefox development closely, more clearly understand what is coming when. ...
H-Online: Following on from last week’s S3M vulnerability in the VLC media player, a new advisory warns of a buffer overflow when playing MP4/MPEG-4 files.The bug, reported by Aliz Hammond, requires that a user open a specially crafted MP4 file. According to Secunia, the vulnerability is found in the MP4_ReadBox_skcr()function in the demultiplexer and is rated as “highly critical”. All versions from 1.0.0 to 1.1.8 are affected by the problem. ...
SophosLabs: Criminals and scammers on Facebook aren’t resting on their laurels… in fact, they are branching out and using multiple techniques all rolled into one scam. Tonight’s blockbuster spam is taking on several guises. One version is a likejacking attack that spams your wall with the message “Dad walks in on daughter… EMBARRASING!!!” and “This really has to be an awkward moment.” They seem to be quickly rotating through a long list of Google (goo.gl) short URLs to evade detection. ...
Avira TechBlog: Adobe released a security advisory in which it warns from a zero-day vulnerability within current version of Adobe Flash Player, Reader and Acrobat. Affected are Flash Player 10.2.153.1 and earlier versions for Windows, Mac, Linux and Solaris, the current version integrated in the Chrome web browser, and 10.2.156.12 and earlier versions for Android. The authplay.dll component of current and older version of Adobe Acrobat and Reader are also affected; according to Adobe, the sandbox of Acrobat Reader X prevents from execution of malicious payloads though. ...
Spam mails claiming to be from Twitter that send you to pharmacy sites are a popular wheeze for spammers, and here we go again. It seems I have “two PR messages from Twitter”. If that wasn’t enough to get me clicking (it isn’t), I can also join in on sports conversations, argue with bloggers and tell the World when I stumble into some form of natural disaster. Hammering one of the many links will actually take me to 219(dot)84(dot)119(dot)56/afternoon(dot)html, which will send me to pharmacydrugstorehealthprofessionals(dot)net. ...
Avira TechBlog: The malware authors every now and then send us virus researchers some messages. For example in the compiled binary itself, or as debug output. Now we found a Zbot Trojan variant which tries to evade detection by carrying a digital certificate and therewith looking more legitimate. And this certificate is registered to “DetectMe! 🙂 ”, also adding random data behind the certificate. We see hints like these regularly – malware authors proposing names for their malicious creations or suggesting a place where a signature based detection would be suitable. Of course, such hints are ignored by us for detection but make us smile for a short time. ...
Prevx Blog: In the last couple years there have been three major players who dominated the scene in the field of the kernel mode rootkit development. They are Rustock rootkit – with its latest build discovered in the wild in 2008 – MBR rootkit – firstly discovered in January 2007 – and TDL rootkit, which can be considered the most advanced kernel mode rootkit to date, able to infect both x86 and x64 versions of Windows operating system. ...