Networkworld brings us this report that exploit code removed from websites can live on for quite a while in caching servers. Which, in a way is NOT news, but it’s worth remembering. Many times when someone visits a website, their really visiting a caching proxy server that has previously grabbed a copy of data from the original website. Many networks use cache servers to improve network performance. (i.e…. we have 20 people an hour hitting cnn.com why shouldn’t we just be able to download the page once?)
Tag: virus
-
Mandriva 2007 download now available
Several days ago there were announcements of the release of Mandriva 2007, only thing was, the download wasn’t available yet. Well, today the download appears available. I haven’t looked to see what differences there are between the free and the powerpack download (powerpack can be downloaded by club members as well.)
-
System patching 0-days and ancient-day vulnerabilities
There’s a good article at Michael Sutton’s Blog which points out something that really makes sense and I think many people are aware of, but with all the buzz that a new previously undisclosed vulnerability has, we forget. The point is this, there are plenty of machines online vulnerable to ancient flaws that have been known (in some cases for years.) In his article, he does a search for one specific vulnerability and finds targets. Some of the comments speculate that some may be honeypots, but I would doubt that a high percentage are and suspect that most are the real deal.
-
Hiding malware may evade antivirus
Sans had an interesting malware analysis this morning about a blob that appeared to be ascii text (gibberish) that was retrieved by a piece of malware. It turns out that the ascii text was a cleverly encoded exe file (windows executable or program file.) It took several iterations of their analysis to uncover the actual file. A followup referred to a study of “hiding” malware in various Microsoft Word supported formats and how successful (or unfortunately UNsuccessful) several antivirus programs tested were able to identify it. This was performed by running the files through virus total and the virus was the EICAR test pattern.
-
Google search for malware accessible to all…
The metasploit project is now hosting a malware search that uses Google. It essentially uses a binary google search technique that was referenced last week to find malicious files hosted on the web. Of course, this will be partly limited by Google’s indexing which recently has not been quite as thorough as before, but… all you have to do is search by a virus name and find matches. I can see where this is useful for research. What I DON’T understand is why Google doesn’t integrate scanning of content into the googlebot indexing. It would take a lot of processor power. Well…. I think Google would come close to having enough to take a stab at this. I think they should AT LEAST…
-
Web 2.0 could lead to virus 2.0…
The last couple days, there’s been a virus spreading making use of yahoo mail’s interface. Usually web mail is considered a fairly safe way to get email, but in this case all that was done was the user clicking on a malicious email and the virus ran. It appears that javascript/AJAX/Web 2.0 applications are going to have to get closer scrutiny. In the Sans diary, they mention that they’ve analyzed javascript from several web applications and there are some that are vulnerable. (They’re contacting vendors.) They also point out web designers should keep this in mind as well..
The current worm could be readily modified to spread across many systems that do not escape javascript when displaying data from a foreign source. Many web developers should reexamine their code, and make sure that display functions do not deliver potentially malicious code.
-
World Cup coverage
For anybody that didn’t notice, the World Cup has gotten underway in Germany. (For those that haven’t heard – every 4 years there’s a world football championship (here in the US we call it soccer).) The US National team is scheduled to play the Czech Republic Monday (the US side is in a tough group this time around.) Anyway, currently Germany/Costa Rica are tied 1-1 and I just tried out Google’s World cup results search. Just searching for world cup at Google yields current match scores and gives info on what match is up next. I was impressed that the update was within about a minute of Costa Rica’s equalizer goal….
-
The Great Cyberwar
It went un-noticed by most people for a few years. After all, the ones that were affected were just those that were “asking for it”. Where to start. Let’s see, back in the day there were some that sent out messages to other peoples computers and even when people tried to stop getting the messages they kept coming, so a few sites decided that if they could “blacklist” the places that these messages were coming from, they could help people deal with the mass of messages. So they did, and the people sending the unwanted messages were a bit frustrated and improved their distribution a bit, taking over virus infected pcs for sending their messages. The defenders matched and started blacklisting dialup addresses as mail sources. It was frustrating for those doing legitimate mail servers on a dynamic internet address, but there were legitimate ways to fix the problem. But the senders of the messages got mad.
-
Symantec Antivirus Remotely Exploitable Vulnerability
This is bad – whose defending the defender? eEye security has a bulletin announced that regards a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x They say other versions MAY be vulnerable they’re waiting for information from Symantec. Now, Symantec is probably the biggest selling antivirus package out there. It looks as though, from Symantec’s advisory, that the Norton Antivirus product line is not affected, ONLY “Symantec Client Security 3.1” and “Symantec Antivirus Corporate Edition 10.1”
They have released IDS updates to try to detect attempted exploits of this….
-
Multi-OS virus?
The multi-OS virus may be a proof of concept, but it could be a sign of bad things to come. Let’s face it, there have been viruses that have taken advantage of multiple ways of spreading (email/open network shares/instant messengers…) It would almost make sense that even though it’s POC…. it may be quickly incorporated into future virus strategies….