Windows Vista & Windows 7 Kernel Bug Can Bypass UAC

Now this is not the first time Windows UAC has hit the news for being flawed, back in February 2009 it was discovered that Windows 7 UAC Vulnerable – User Mode Program Can Disable User Access Control and after that in November 2009 it was demonstrated that Windows 7 UAC (User Access Control) Ineffective Against Malware. A zero-day for Windows 7 back in July of this year also bypassed Windows UAC....

November 30, 2010 · 4 min · 744 words · Omid Farhang

Fake Trojan Removal Kit serves up ThinkPoint Rogue

You might want to steer clear of the following fake security program, being promoted as a “Windows Trojan Removal Kit” but actually hijacking your PC in the form of the ThinkPoint rogue with a mixed (24/43) detection rate. The file is currently being offered up by your typical “fake security scan” pages, such as microsoftwindowssecurity152(dot)com. Those familiar with this particular rogue will be aware that it tends to stick with domains similar to the one above....

November 30, 2010 · 1 min · 133 words · Omid Farhang

Firesheep author takes backhanded pot-shot at free speech

Sophos Labs: Two weeks ago, an automatic session-hijacking plugin was released for Firefox. It was named Firesheep, and it’s been downloaded over 600,000 times so far. The decision to release Firesheep publicly is a controversial one. On the good side, it’s reminded people that some of their common web surfing habits are dangerously insecure. Many websites use HTTPS (secure HTTP) for login, which protects your password. But they revert to insecure HTTP for the rest of the session....

November 7, 2010 · 3 min · 569 words · Omid Farhang

No p*rn for you, naughty boy!

There are always peculiar things malware researchers discover while analyzing new samples. VirusTotal 24/43 Let’s remember the filename as HD Porn TV for later Our victim runs it thinking they will see the latest porno in HD quality. Instead they get a new browser ‘theme’ with a Turkish flavor: Internet Explorer: Firefox: The bad guys hijack Winsock: And filter traffic through: From now on, all ‘sensitive’ searches such as porn are no longer displayed:...

November 6, 2010 · 1 min · 105 words · Omid Farhang

PCWorld links to scareware

I was reading an article on PCWorld’s website about the upcoming Google Chrome OS: So far so good. Except that I inadvertently clicked on one of their sponsored links: which ironically states “Here is all about spyware removal and even more.” After a few redirects, my browser is hijacked by one of those FakeAV scanners: Here is the HTTP traffic capture screenshot and log: fiddlerlog1 Most computer users will end up with this on their PC:...

October 21, 2010 · 2 min · 236 words · Omid Farhang

Help keep your account safe with the Gmail security checklist

Posted by Diana Phan, Gmail Support Team October is National Cyber Security Awareness month and a good time for a reminder about why hijackers do what they do and how you can protect your account. Check out the Online Security blog to learn about common hijacking techniques and security practices that will help you stay one step ahead of the bad guys. To help ensure your Gmail account is safe, take a minute to visit the Gmail help center and complete their new security checklist....

October 16, 2010 · 1 min · 85 words · Omid Farhang

Facebook Introduces Disposable Passwords

Accessing Facebook from a public computer or Internet cafe can now be done more securely. Moving to enhance online security, Facebook on Tuesday said that it will soon offer users the ability to receive one-time passwords on their mobile phones and that it has already enabled the ability to sign out of Facebook remotely. “We’re launching one-time passwords to make it safer to use public computers in places like hotels, cafes or airports,” said Facebook product manager Jake Brill in a blog post....

October 15, 2010 · 2 min · 353 words · Omid Farhang

DLL Hijacking Evolved

Back in November 2007, I’ve seen this technique used by one of the variant of Worm called W32/Drom. The technique was not to execute the malicious file or component of the worm but to prevent Antivirus Program from running. The Worm queries the following Antivirus registries to get the Installation Path, once acquired, it creates a folder named “ws2_32.dll” with Hidden and System attributes on that location. As I test this technique, it prevented the program from running as it first loads the “ws2_32....

August 27, 2010 · 1 min · 199 words · Omid Farhang

Brand new 0-day Exploit. The world is going to end! Yet again…

Sigh… The latest “exploit” that affects hundreds of programs and will be the end of the world as we currently know it is actually a well documented feature of Windows. It has actually been around since the DOS days. In the old days we used to call these Companion viruses. It worked by using a different file extension that will be executed before the real executable. For example if you had a “gwbasic....

August 27, 2010 · 3 min · 440 words · Omid Farhang

A HijackThis Toolbar from Facebook?

Spam emails such as the one below have been doing the rounds on the Internet hoping to lure recipients into downloading a Facebook toolbar. If you download the file by clicking on “Download Here”, you’ll see a file with the icon shown below: If you take a closer look at the icon, “darkSector” is shown inside of it. How strange. Is this actually a Facebook toolbar? Let’s take a look at the property of the file since the file looks a bit fishy....

May 3, 2010 · 1 min · 195 words · Omid Farhang