I see users of McAfee are seeing a lot of complaints by their antivirus about this js/exploit packed.c.gen. One user is reporting that the weather underground site is raising a flag about this virus. I’m seeing indications that this may be a false positive.
Tag: javascript
-
WordPress Stats plugin not updating – fix
There are a lot of good things to like about the newer versions of wordpress. It seems to keep getting better. One of the really cool plugins is the WordPress.com stats plugin. This lets you have a nice simple stats interface accessible from your Dashboard on your wordpress blog. (It uses wordpress.com to track stats, so you’ll need a wordpress.com account to be able to use it. I set up a wordpress.com account some time back to be able to use the akismet plugin and the same key that you have for akismet can be used for the stats plugin.) You essentially upload the stats.php file into your wp-content/plugins folder, enable it in the plugins list, then enter your API key in the configuration page for stats. That’s all that should be to it, but I’ve noticed sometimes that’s not all it takes to get things going.
-
Firefox 2.0
Mozilla has released the 2.0 release of the Firefox web browser. Among the new features is built in spellcheck and javascript 1.7 support. However, there are critiques that are critical of the User Interface. (The blank bar, I thought, was the bookmarks toolbar folder area where you could put bookmarks of rss feeds or most frequently visited sites… I could be wrong…)
I do think George is right in one respect, tabbed browsing needs to be “more evident” in firefox.
-
Internet Explorer 0-day (take 2 of the last few days…)
The last zero day (activeX) seems to be less interesting than this NEW zero-day that really made a news splash in the last day. It looks as though this NEW 0-day affects VML… Incidents.org has good coverage here. Microsoft has an advisory up and they expect to release a patch on the next scheduled patch day (earlier if needed…. ahem….) Sunbelt is blogging about the “epic loads of adware” being pushed into systems via this vulnerability. Now, some workarounds….
-
Nasty Javascript attack possibilities
There were demonstrations of some nasty javascript attacks at Black Hat as well (as if the wireless driver issues wasn’t a big enough problem…) Javascript is a powerful language and can be used for many things, but in these demonstrations, it was used to track recently visited sites (by the browser victim) and identify the IP address of the victim on the internal LAN AND to alter firewall settings. From the way I read the article at the Security Fix – this is changing HARDWARE firewall settings.
-
Web 2.0 could lead to virus 2.0…
The last couple days, there’s been a virus spreading making use of yahoo mail’s interface. Usually web mail is considered a fairly safe way to get email, but in this case all that was done was the user clicking on a malicious email and the virus ran. It appears that javascript/AJAX/Web 2.0 applications are going to have to get closer scrutiny. In the Sans diary, they mention that they’ve analyzed javascript from several web applications and there are some that are vulnerable. (They’re contacting vendors.) They also point out web designers should keep this in mind as well..
The current worm could be readily modified to spread across many systems that do not escape javascript when displaying data from a foreign source. Many web developers should reexamine their code, and make sure that display functions do not deliver potentially malicious code.
-
Cross browser javascript vulnerability
It sounds like this vulnerability would take a great deal of user interaction, but cio-today is reporting on a browser vulnerability that affects pretty much every javascript enabled browser. According to Symantec …. “This issue is triggered by utilizing JavaScript ‘OnKeyDown’ events to capture and duplicate keystrokes from users,” and is a way that the attacker could scrape/log things that are typed in (bank information, passwords, etc.) Also, they say “In one scenario, a crafty programmer might be able to trick users into entering personal data into a seemingly secure field on an online payment form, giving the hacker access to anything typed within the field.”
-
More discussion on the Firefox 1.5.0.3 “image bug”
There’s quite a bit more discussion on a DOS bug in Firefox 1.5.0.3, the link goes to a site where they’ve confirmed the issue and there is a link there to a POC, so be cautious. It turns out that using javascript, image tags can be made to have a mailto: link which can automatically launch tons of instances of whatever default mailhandler a system has (essentially one for each image tag.) Right now, this sounds more like a Denial of Service risk, as I don’t see at this point any evidence that anything WORSE could be done than really freezing up the system with too many copies of the mail program open.
-
Network Security guide for the home or small business network – Part 14 – Alternative software
There are ways that risks can be avoided. Recently, there was what was called a zero-day exploit for Internet Explorer. As I write this, the exploit surfaced 3 weeks ago and tomorrow there will be a patch. The vulnerability would allow remote code execution through a vulnerability in the way javascript is handled. So, for that 3 week unpatched period, Internet Explorer in it’s default configuration is a sitting duck. Well, truth be told, there are other browser vulnerabilities, many unpatched. (That’s a common method for many spyware bugs to install.)