Virus Information News

  1     2     3     4     5     6     7     8     9     10    | [Next]  [Last] of 172 page(s)

Microsoft looks to 'monkeys' to find Web threats

Security Focus

by Robert Lemos

May 17, 2005

Researchers at Microsoft are creating their own version of a million monkeys to crawl the Internet looking for threats in an effort to secure the Web for Windows.

The software giant's Cybersecurity and Systems Management (CSM) research group are building a system of virtual Windows XP computers that crawl the Web looking for sites that use unreported vulnerabilities to compromise customer's PCs. Dubbed "honeymonkeys," the virtual machines run a full version of Windows XP with monitoring software and crawl high-risk areas of the Web looking for trouble. "Just by visiting a Web site, (if) suddenly an executable is created on your machine outside the Internet Explorer folder, it is an exploit with no false positive -- it's that simple," Yi-Ming Wang, senior researcher with Microsoft Research, said during a presentation at the IEEE Security and Privacy conference in Oakland last week.

Triple-Barreled Trojan Attack Builds Botnets

EWeek

by Ryan Naraine

June 4, 2005

Anti-virus experts have detected signs of a massive, well-coordinated Trojan attack capable of creating botnets-for-hire. Is it the work of organized crime?

Anti-virus researchers are sounding the alert for a massive, well-coordinated hacker attack using three different Trojans to hijack PCs and create botnets-for-hire. According to Thompson, the wave of attacks start with Win32.Glieder.AK, dubbed Glieder, a Trojan that downloads and executes arbitrary files from a long, hardcoded list of URLs. Glieder's job is to sneak past anti-virus protection before definition signatures could be created and "seed" the infected machine for future use. At least eight variants of Glieder were unleashed on one day, wreaking havoc across the Internet.

Microsoft's Security Response Center: How Little Patches Are Made

EWeek

by Ryan Naraine

June 10, 2005

Tech Ed conference attendees get a behind-the-scenes look at how Redmond handles the creation of software patches—and an explanation for long delays in fixing known vulnerabilities.

Anxious to shed the company's image as having a lax attitude about software security, officials at the Microsoft Security Response Center are using the Tech Ed conference here to provide a rare glimpse at the step-by-step process used to create, test and roll out security patches. The software maker trained the spotlight on the operations of the MSRC during breakout sessions and one-on-one discussions with customers, stressing that all publicly and privately reported vulnerabilities are thoroughly investigated to determine whether customers are at risk. "We're on all the [security mailing] lists, just like you are, and we investigate everything, even if it's a post about a simple weird behavior in a product," said MSRC program manager Stephen Toulouse. By monitoring the public lists and underground hacker sites, Toulouse said the company is able to keep track of discussions about vulnerabilities that may not have been reported to Microsoft.

Botnet Hunters Search for 'Command and Control' Servers

EWeek

by Ryan Naraine

June 17, 2005

Convinced that the recent upswing in virus and Trojan attacks is directly linked to the creation of botnets for nefarious purposes, a group of high-profile security researchers is fighting back, vigilante-style.

The objective of the group, which operates on closed, invite-only mailing lists, is to pinpoint and ultimately disable the C&C (command-and-control) infrastructure that sends instructions to millions of zombie drone machines hijacked by malicious hackers. "The idea is to share information and figure out where the botnets are getting their instructions from. Once we can identify the command-and-control server, we can act quickly to get it disabled. Once the head goes, that botnet is largely useless," said Roger Thompson, director of malicious content research at Computer Associates International Inc.

Adobe falls through XML flaw

vnunet

by Iain Thomson

June 23, 2005

Adobe has issued a security advisory warning users to patch a flaw in its popular Acrobat and Reader software.

The bug lies within the Adobe Reader control and potentially allows a hacker to find files held locally on a PC. An XML script would need to be designed and inserted into a Javascript file which could then be used to open access to local files.

Get paid for hacking? It's not just for movies anymore!

Arstechnica

by Josh Meier

July 25, 2005

I remember the days when hackers kept security exploits to themselves in order to gain hacker points among their fellow hackers. These days they just sell them to companies like TippingPoint. .. or do they?

TippingPoint, part of 3Com, produces intrusion prevention systems for computer systems and, in order to get a leg up on the competition, they have started offering money in exchange for the disclosure of new security vulnerabilities. The idea is that they will be able to get a leg up on competing security products if they are able to patch a vulnerability before their competitors even know it exists. TippingPoint can then use the vulnerability information to update their own security software, while notifying the original software developer of the problem.

SANS: No Safety From Vulnerabilities

Internet News

by Sean Michael Kerner

July 25, 2005

IE vulnerabilities still abound, but Apple, Mozilla and Real Player users have little to gloat about.

There were 422 newly reported Internet security vulnerabilities in the second quarter of 2005, according to the SANS Institute. The number represents a 20 percent year-over-year and an 11 percent quarterly increase in reported vulnerabilities. SANS' quarterly update of the top 20 list of Internet vulnerabilities, released Monday, identifies the most critical of the 422 that resulted in widespread damage to both enterprise and home users. Six different vendors made the list, including Microsoft, Mozilla, Apple, Real Networks, Computer Associates and Veritas.

Lynn presentation leaks onto Net

TechWorld

by Kieren McCarthy

July 29, 2005

The controversial presentation by researcher Michael Lynn regarding exploitation of known holes in Cisco's router software has leaked onto the Internet.

This week, Cisco first pressured Lynn's former company Internet Security Systems (ISS) into removing the presentation from the line-up at the Black Hat security conference in Las Vegas. Then, when Lynn resigned from ISS in protest and threatened to go ahead with the presentation, Cisco took out an injunction against him. Lynn nevertheless did the presentation stating that he "had to do what was right for the country and the national infrastructure". Cisco, ISS, Black Hat and Lynn have since signed a legal agreement in which Black Hat and Lynn promised not to make the material available to anyone else. Lynn was also put under a series of controls including "unlawfully disassembling or reverse engineering Cisco code in the future ... [and] using Cisco decompiled code currently in his possession or control for any purpose."

Phishers hack eBay

Tech World

by John E. Dunn

August 2, 2005

A flaw has been discovered on eBay's website that would have allowed fraudsters to successfully redirect the sign-on process to a phishing site.

Reported by British antiphishing outfit Netcraft, the clever scam apparently started with fraudsters sending e-mails asking eBay users to update their accounts. So far so normal, as such fake eBay e-mails are currently one of the phishing world’s persistent lines of attack. Disarmingly, however, the link provided was genuine and led to the correct eBay sign-in page, signin.ebay.com. If users clicked on this, parameters embedded in the otherwise normal stream of characters at the end of the link actually redirected users away from the page after the sign-in page to a fake phishing page, via an open relay hosted at servlet.ebay.com.

Flies swarm around MS Honeymonkey

The Register

by Robert Lemos, SecurityFocus

August 9, 2005

Microsoft 's experimental Honeymonkey project has found almost 750 web pages that attempt to load malicious code onto visitors' computers and detected an attack using a vulnerability that had not been publicly disclosed, the software giant said in a paper

Known more formally as the Strider Honeymonkey Exploit Detection System, the project uses automated Windows XP clients to surf questionable parts of the Web looking for sites that compromise the systems without any user interaction. In the latest experiments, Microsoft has identified 752 specific addresses owned by 287 websites that contain programs able to install themselves on a completely unpatched Windows XP system. "The honeymonkey client goes [to malicious websites] and gets exploited rather than waiting to get attacked," said Yi-Min Wang, manager of Microsoft's Cybersecurity and Systems Management Research Group. "This technique is useful for basically any company that wants to find out whether their software is being exploited this way by websites on the internet."

  1     2     3     4     5     6     7     8     9     10    | [Next]  [Last] of 172 page(s)