Information Filled Under ‘Security’ Category

The Principle of Contrast in Web Design

A web design is made of many different elements, each having varying levels of importance and some demanding prominence over others. Some elements share a relationship, while others are not related at all. The tricky part is being able to communicate this visually and effectively.

View post:
The Principle of Contrast in Web Design

How the Koobface Gang Monetizes Mac OS X Traffic

Mac users appear to have a special place in the heart of the Koobface gang, since they’ve recently started experimenting with a monetization strategy especially for them – by compromising legitimate sites for the sole purpose of embedding them with the popular PHP backdoor shell C99 (Synsta mod), in an attempt to redirect all the Mac OS X traffic to affiliate dating programs, such as for instance AdultFriendFinder . The use of Synsta’s C99 mod is not a novel approach, the gang has been using for over an year and a half now. The original KROTEG injected script, is now including a ” hey rogazi ” message

Originally posted here:
How the Koobface Gang Monetizes Mac OS X Traffic

Wordpress injection attack and “affiliate ping-pong”

When talking about web attacks we tend to think of just defacement or malware distribution. As I shall show in this post, this is not always the case, though financial gain remains the common motive. The attack I describe below is all about driving web traffic, abusing affiliate schemes for profit.

Read the original:
Wordpress injection attack and “affiliate ping-pong”

Summarizing Zero Day’s Posts for January

The following is a brief summary of all of my posts at ZDNet’s Zero Day for January, 2010. You can also go through previous summaries , as well as subscribe to my personal RSS feed , Zero Day’s main feed , follow me or all of ZDNet’s blogs on Twitter . Recommended reading – Google-China cyber espionage saga – FAQ .

See more here:
Summarizing Zero Day’s Posts for January

InfoWorld – Security Tests of four major browsers

A series of informative articles reflecting security controls in four popular Windows browsers: Test Center: How secure is Internet Explorer? [The world's most popular browser is also the most frequently attacked, but comes with controls and management capabilities other browsers can't match.] http://www.infoworld.com/d/applications/test-center-how-secure-internet-explorer-343 Test Center: How secure is Google Chrome?

Go here to see the original:
InfoWorld – Security Tests of four major browsers

Troj/JSRedir-AK morphs into Troj/JSRedir-AR

On Friday, while researching the blog on Troj/JSRedir-AK I noticed a website with an infection of Troj/JSRedir-AK and a new piece of malware ( Troj/JSRedir-AR ). Like Troj/JSRedir-AK, Troj/JSRedir-AR has two distinct forms: injected into HTML files as a malicious tag the other appended to JavaScript files The Gumblar team appears to have replaced the Troj/JSRedir-AK infections with Troj/JSRedir-AR. Over the weekend Troj/JSRedir-AR was ~20% of infections to Troj/JSRedir-AK of ~8% (NB the JS/Sinowal-Gen at ~2%)

See the original post:
Troj/JSRedir-AK morphs into Troj/JSRedir-AR

Facebook/AOL Update Tool Spam Campaign Serving Crimeware and Client-Side Exploits

Continuing the Pushdo coverage from last week, the ” Your AOL Instant Messenger account is flagged as inactive ” ” or the latest update for the AIM ” themed campaign from the weekend, has once again returned to a well known theme, namely, the ” Facebook Update Tool ” spam campaign. The botnet masters have introduced several new name servers — domain suspension is pending — but continue using the same IP embedded on all the pages, for serving the client-side exploits, with a slight change in the directory structure

Read more:
Facebook/AOL Update Tool Spam Campaign Serving Crimeware and Client-Side Exploits

SPECIAL FBI WARNING – Best practices to avoid fraudulent scams

This is excellent advice to ensure your donations are received by those who are in need. SPECIAL FBI WARNING – Best practices to avoid scam attacks http://www.fbi.gov/pressrel/pressrel10/haiti011810.htm QUOTE : Therefore, before making a donation of any kind, consumers should adhere to certain guidelines, including the following: Do not respond to any unsolicited (spam) incoming e-mails, including clicking links contained within those messages

Here is the original post:
SPECIAL FBI WARNING – Best practices to avoid fraudulent scams

Sunbelt reports 95% of email is spam for users in Europe

Despite efforts to shutdown a few spammers recently, these email attacks continue to present challenges to users everywhere. Report from Europe: 95 percent of email is spam http://sunbeltblog.blogspot.com/2010/01/report-from-europe-95-percent-of-email.html http://www.enisa.europa.eu/media/press-releases/spam-survey-2009-the-fight-against-spam QUOTE : The European Network and Information Security Agency (ENISA) has released a report that says 95 percent of all email is now spam

More:
Sunbelt reports 95% of email is spam for users in Europe

Continued Sinowal activity

After one of my recent blog postings concerning the recent zero day IE vulnerability [ 1 ], I received a few questions and comments thanks to one of the comments I made: Finally, and perhaps most worryingly, this type of advice feeds the “right now we have a problem, but as soon as the patch is available, we can relax” school of thought. Will the online world be significantly safer once this patch is available and widely deployed?

See more here:
Continued Sinowal activity

Security is hard

The year debuted with ‘ Operation Aurora ‘: Google and over 30 other companies were hit by a spear phishing attack which resulted in theft of intellectual property from Google and probably other companies. Spear phishing is a targeted form of phishing in which an e-mail message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT. The attackers used an Internet Explorer 6 zero day vulnerability

Originally posted here:
Security is hard

Operation Aurora: More on the IE zero day

Following last week’s announcement of the new zero day vulnerability in Internet Explorer, and its role in high profile, targeted attacks [ 1 , 2 ], the news wires have been hot with announcements about ‘what to do’. Particularly strong warnings have been sent within Germany and France , with web users urged to use alternative browsers until a patch is made available.

Read more:
Operation Aurora: More on the IE zero day

IE zero day exploit prime suspect in Google attacks

Since last week Google disclosed some facts about the attacks against Gmail accounts of Chinese human rights activists and decided to review the feasibility of doing business in China everybody was wondering just what kinds of exploits were used in attack. It was clear that the recently patched Adobe Reader vulnerability described in APSB10-02 was the prime candidate for the attack, since the vulnerability has not been patched when the attacks occurred in mid December. Recent examples of PDF exploits which are well documented in ISC handler’s diaries show just how complex the attacks can be

Go here to see the original:
IE zero day exploit prime suspect in Google attacks

Pushdo Serving Crimeware, Client-Side Exploits and Russian Bride Scams

UPDATED, Friday, 15, 2010: The gang continues rotating the campaigns by targeting different brands. Over the 24 hours they’ve spamming the well known ” Notice of Underreported Income ” theme this time targeting HM Revenue and Customs (HMRC) , and have also introduced new portfolios of typosquatted domains next to changing the client-side exploits serving iFrame embedded on each and every page

See more here:
Pushdo Serving Crimeware, Client-Side Exploits and Russian Bride Scams

Registered malware

As already discussed by Mike , malware authors love to innovate when it comes to persistence and hiding their nefarious creations from detection, and although most of the schemes are not unknown to analysts, they still show that malware authors are constantly on the prowl and evolving their techniques. The example I have is of yet another registry-centric malware which by the nature of its construction has several advantages to defeating naive security software. The sample, detected as Troj/RegExec-A , is essentially a multi-component threat of sorts comprising of at least 3 components (Dropper/installer, Payload and Loader.) The dropper or installer component sets up the registry key and possibly some default payload and then installs the Loader component to be auto-launched by any number of autorun methods.

Continue reading here:
Registered malware

Acunetix WVS Version 6.5 build 20100111 released

An updated build of Acunetix WVS Version 6.5 has been released with a number of new security checks and bug fixes. New security checks: Test for File Upload IIS bug filename.asp;.jpg Test for WP-Forum 2.3 vulnerabilities JBoss rmi ping (network script) Bug Fixes: Bugfix: Modified forms notifications from CSA Bugfix: CSA: Workaround for window.open with null parameters Fixed: In some specific scenarios the scheduler queue was restarting on its own Fixed: Node was not expanding automatically when manually adding a new logout link in the LSR How to upgrade to build 20100111: On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download.  To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Excerpt from:
Acunetix WVS Version 6.5 build 20100111 released

Outlook Web Access Themed Spam Campaign Serves Zeus Crimeware

UPDATED: Sunday, January 10, 2010 – The post has been updated with the latest domains spammed within the past 24 hours. UPDATED: Saturday, January 09, 2010 – The post has been updated with the latest domains spammed within the past 24 hours. The spam campaign is ongoing

Continued here:
Outlook Web Access Themed Spam Campaign Serves Zeus Crimeware

Top Ten Must-Read DDanchev Posts For 2009

The following ten posts have been featured due to their insightful content, comprehensiveness of the topic covered, and due to plain simple exclusivity in the time of publishing, and not necessarily based on page views. Thank you for being a regular reader of my personal blog. Feel free to subscribe to my RSS feed , keep track of my posts at ZDNet’s Zero Day , or follow me on Twitter

See the original post here:
Top Ten Must-Read DDanchev Posts For 2009

Top Ten Must-Read Posts at ZDNet’s Zero Day for 2009

The end of the year naturally means a rush to come up with ‘best of the best’ top lists consisting of your finest content. However, based on personal observations, during the holidays season the short attention span of the average reader becomes even shorter with everyone looking forward to taking a well-deserved break. Therefore, the first working week of the new year appears to be the perfect moment to summarize some of my most insightful posts/analysis published at ZDNet’s Zero Day for 2009

Go here to read the rest:
Top Ten Must-Read Posts at ZDNet’s Zero Day for 2009

Summarizing Zero Day’s Posts for December

The following is a brief summary of all of my posts at ZDNet’s Zero Day for December, 2009. You can also go through previous summaries , as well as subscribe to my personal RSS feed , Zero Day’s main feed , or follow all of ZDNet’s blogs on Twitter . 01

Read more:
Summarizing Zero Day’s Posts for December