IT SECURITY

R

raiv88

Rajeev Kumar
Made a new thread so that all It security related stuff can be posted out here..


IE flaw gave attackers entry, says McAfee
Published: 2010-01-14

A remotely exploitable flaw in Microsoft's Internet Explorer allowed attackers operating from Chinese servers to infiltrate at least one company, security firm McAfee stated in an advisory on Thursday.

The previously unreported vulnerability allows an attacker to compromise a victim's system just by loading a page from the Internet, the company said. The vulnerability is in all versions of Microsoft's Windows operating system, including Windows 7, it's most recent and secure OS, McAfee claims.

Previous reports claimed that attackers used a flaw in Adobe's Acrobat and Reader software to infiltrate targeted systems. McAfee's report underscores that some of the attacks used other vectors.

"While we have identified the Internet Explorer vulnerability as one of the vectors of attack in this incident, many of these targeted attacks often involve a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios," said George Kurtz, chief technology officer of McAfee in a blog post. "So there very well may be other attack vectors that are not known to us at this time."

On Tuesday, Google announced that it is considering exiting the Chinese market after sophisticated online attacks targeted its systems to breach the Gmail accounts of pro-democracy activists. The attack -- first noticed in mid-December and considered "highly sophisticated and targeted" -- resulted in the "theft of intellectual property" and affected at least twenty other companies, and as many as 34, according to sources.

Microsoft released an advisory on Thursday, describing the issues as an invalid pointer reference that affects Internet Explorer 6, 7, and 8 on all versions of Windows. Running in protected mode on Windows Vista and later versions of Windows limits the vulnerability, Microsoft said.

The exploit, as written, would only work on Internet Explorer 6 and Windows XP, according to Dan Kaminsky, IOActive's director of penetration testing. Kaminsky, who had analyzed a "couple of samples," said that, while the exploit could be made to work on Internet Explorer 7 and 8 on Windows XP, getting it to work on Windows Vista and Windows 7 would be very difficult, because of those operating systems' defenses.

"The vulnerability is present on all versions of IE, but because ASLR (Address Space Layout Randomization) is in place on Windows 7 and Windows Vista, those are much harder to attack," Kaminsky said.

McAfee researchers found the name "aurora" in the file path of the software, so they have dubbed the attacks "Aurora." Confusingly, the name was also used in 2007 to describe a specific test showing the efficacy of cyber attacks on power infrastructure.

McAfee's Kurtz stated that the attacks demonstrate that companies have to worry about more than just data breaches and financial threats.

"The world has changed," Kurtz stated. "Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats. In addition to worrying about Eastern European cybercriminals trying to siphon off credit card databases, you have to focus on protecting all of your core intellectual property, private non-financial customer information and anything else of intangible value."
 
Zeus software behind one-in-ten botnets
Published: 2010-01-05


Build-your-own-botnet kits based on a family of malicious software known as Zeus account for about one out of every ten botnets, according to data collected by security firm Damballa.

The kits, which sell for $400 to $700, allow a would-be criminal with rudimentary technical skills to bake their own custom bot software and have become so popular that a large community of developers have created plugins to further customize the software, said Gunter Ollmann, vice president of research for the Atlanta-based firm. The firm tracks a few thousand botnets, more than 200 of which are based on the Zeus code, Ollman said.

"Zeus has picked up a lot of momentum," he said. "If you are a beginner, then you might have heard about Zeus from the press. And, if you are someone looking for specific features, the plugins allow you to do that."

Zeus, also referred to as Prg and Zbot, has become a popular amongst cybercriminals as a way to steal victims' financial information. Last month, a Zeus-based command-and-control server was found on a server instance hosted by Amazon cloud computing service, EC2. The discovery came a few days after one security firm warned Internet user that spammers where attempting to infect recipients with the Zeus bot.

Zeus is not the most sophisticated program out there, but it is widespread and affordable. Those considerations and the availability of a wide variety of plugins has made the software popular, said Ollmann.

"Zeus is coming to dominate the very low end of the market," he said. "The newbies that are getting into the market want to create their botnets from scratch. There are better kits available, but they cost more money.
 
Microsoft patches as fraudsters target IE flaw
Published: 2010-01-21

Microsoft released a patch for eight vulnerabilities in Internet Explorer on Thursday, fixing at least one previously undisclosed flaw in the company's Web browser currently being exploited by cybercriminals.

The security update, the second one for Microsoft so far this year, fixes six memory corruption vulnerabilities, another issue in handling URL validation and a flaw that would allow an attacker to bypass the cross-site scripting filter. Among the fixes is a patch for a flaw used by attackers operating from Chinese server who infiltrated networks at Google, Adobe and other companies. While security firms have reported several more general attacks appearing on the Internet, Microsoft continued to describe the threats as "limited."

"Microsoft continues to see limited and targeted attacks against Internet Explorer 6 only," the company said in a statement announcing the fix. "However, Microsoft recommends customers deploy this security update as soon as possible to protect themselves against the known attacks."

Over the weekend, more general attacks using the vulnerability were detected by security firm Websense, which found a single page hosting the attack. A day later, the firm discovered two more pages hosting similar attacks, according to its Security Labs blog.

We "identified two more malicious URLs that are used in live attacks," the company stated. "According to reports from our friends at Ahnlab, the second URL was spread through the Instant Messenger network Misslee Messenger, a popular IM client in South Korea."

Attacks have also reportedly focused on Chinese users, which account for much of the population of Internet Explorer 6 users.

The out-of-band update, called such as it falls outside of Microsoft's regularly scheduled Patch Tuesday, follows last week's announcement that Google and other major technology companies came under attack from servers based in China. While initial reports focused on a recently patched flaw in Adobe Acrobat and Reader as being the vector for the attacks, analysis of some of the malicious files confirmed that a zero-day flaw in Internet Explorer was used.

Security experts have recommended that users upgrade to the the latest version of Internet Explorer that has additional protection to make exploitation more difficult, especially on Windows Vista and Windows 7. More drastically, technical branches of the French and German government have recommended that users move to a non-Microsoft browser.
 
Google offers bounty on browser bugs
Published: 2010-02-02

Google announced last week that the company had joined the ranks of a small group of other organizations that pay researchers for finding bugs in its code.

The company will pay $500 per bug found in Chromium, the open-source code that powers the company's Chrome Internet browser, Google stated in a blog post published on Thursday. For extremely critical issues, as judged by the company's security team, Google will pay $1,337 -- a play on hackerspeak for "leet" or elite.

"We are hoping that the introduction of this program will encourage new individuals to participate in Chromium security," Chris Evans, a member of Google's Chrome security team, stated in the blog post. "The more people involved in scrutinizing Chromium's code and behavior, the more secure our millions of users will be."

The search giant is far from the first company to agree to pay security researcher who find and privately disclose bugs. Google's program is based on browser maker Mozilla's bug bounty. In addition, security firms TippingPoint and iDefense both pay for critical bugs in other companies' software, using the information to protect their own customers.

In the blog post, Google's Evans appeared to indicate that only responsibly disclosed vulnerabilities would be considered for a reward and that bugs publicly disclosed without giving Google developers time to fix would not be considered.

"We encourage responsible disclosure," Evans wrote. "Note that we believe responsible disclosure is a two-way street; it's our job to fix serious bugs within a reasonable time frame."

Bug bounties allow researchers to receive a small amount of cash for their research, but pale in comparison to the fees that critical issues can command from cybercriminals and government cyber programs. Exploits for a serious flaw in a popular program can sell for more than $100,000
 
Keyloggers


Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.


Beware of keyloggers and please do not use others laptop or computers....Nowdays most of the cyber PC has keyloggers installed in them.
If u want to avoid giving out and personal and important information ....please use a trusted computer
 
Keyloggers can be easily downloaded by any1....
It is very simple to use that noobs use it to hack passwords!!
 
raiv88 said:
Made a new thread so that all It security related stuff can be posted out here..


IE flaw gave attackers entry, says McAfee
Published: 2010-01-14

A remotely exploitable flaw in Microsoft's Internet Explorer allowed attackers operating from Chinese servers to infiltrate at least one company, security firm McAfee stated in an advisory on Thursday.

The previously unreported vulnerability allows an attacker to compromise a victim's system just by loading a page from the Internet, the company said. The vulnerability is in all versions of Microsoft's Windows operating system, including Windows 7, it's most recent and secure OS, McAfee claims.

Previous reports claimed that attackers used a flaw in Adobe's Acrobat and Reader software to infiltrate targeted systems. McAfee's report underscores that some of the attacks used other vectors.

"While we have identified the Internet Explorer vulnerability as one of the vectors of attack in this incident, many of these targeted attacks often involve a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios," said George Kurtz, chief technology officer of McAfee in a blog post. "So there very well may be other attack vectors that are not known to us at this time."

On Tuesday, Google announced that it is considering exiting the Chinese market after sophisticated online attacks targeted its systems to breach the Gmail accounts of pro-democracy activists. The attack -- first noticed in mid-December and considered "highly sophisticated and targeted" -- resulted in the "theft of intellectual property" and affected at least twenty other companies, and as many as 34, according to sources.

Microsoft released an advisory on Thursday, describing the issues as an invalid pointer reference that affects Internet Explorer 6, 7, and 8 on all versions of Windows. Running in protected mode on Windows Vista and later versions of Windows limits the vulnerability, Microsoft said.

The exploit, as written, would only work on Internet Explorer 6 and Windows XP, according to Dan Kaminsky, IOActive's director of penetration testing. Kaminsky, who had analyzed a "couple of samples," said that, while the exploit could be made to work on Internet Explorer 7 and 8 on Windows XP, getting it to work on Windows Vista and Windows 7 would be very difficult, because of those operating systems' defenses.

"The vulnerability is present on all versions of IE, but because ASLR (Address Space Layout Randomization) is in place on Windows 7 and Windows Vista, those are much harder to attack," Kaminsky said.

McAfee researchers found the name "aurora" in the file path of the software, so they have dubbed the attacks "Aurora." Confusingly, the name was also used in 2007 to describe a specific test showing the efficacy of cyber attacks on power infrastructure.

McAfee's Kurtz stated that the attacks demonstrate that companies have to worry about more than just data breaches and financial threats.

"The world has changed," Kurtz stated. "Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats. In addition to worrying about Eastern European cybercriminals trying to siphon off credit card databases, you have to focus on protecting all of your core intellectual property, private non-financial customer information and anything else of intangible value."
Click to expand...

Hey friend, thanks for sharing the information in IT security as we know that IT security is the process of protecting information from illegal accessibility, use, disclosure, disruption. There are many anti virus are available in order to protect our data. Well, i am uploading a document for be
 

Attachments

You must log in or register to reply here.
Back
Top