Security Hero » Backdoor

Asante FM2008 10/100 Ethernet switch backdoor login

invalid string — Sat, 25 Jul 2009 05:55:53 +0000

Bugtraq: Re: Asante FM2008 10/100 Ethernet switch backdoor login

Re: Asante FM2008 10/100 Ethernet switch backdoor login

URL: http://www.securityfocus.com/archive/1/505230

increased Backdoor.Coreflood infections

invalid string — Fri, 29 May 2009 15:58:23 +0000

increased Backdoor.Coreflood infections

Posted by auto319326_at_hushmail.com on May 29

Is anyone else seeing an increasing in Backdoor.Coreflood
infections on their network? I have not yet been able to pinpoint
the infection vector. Has anyone seen coreflood being dropped by a
specific set of web pages?

Cheers,
Tim

URL: http://seclists.org/incidents/2009/May/0001.html

A lesson in FUD

invalid string — Wed, 27 May 2009 00:07:47 +0000

Mydoom: A lesson in FUD

Fear, uncertainty and doubt can have very real effects on security, especially when uninformed ‘experts’ are too quick to jump to conclusions. Mydoom was an example. In the last week of January 2004, a new worm was discovered squirming its way across the Internet.

Security researchers quickly realized this was the fastest-spreading e-mail worm yet, eclipsing even the promiscuous Sobig worm. Craig Schmugar of McAfee saw a line of code containing the text “mydom”, and said of his decision to call it Mydoom: It was evident early on that this would be very big. I thought having “doom” in the name would be appropriate.

The original Mydoom worm carried two payloads:

- A distributed denial-of-service (DoS) time bomb, set to go off on the first of February that year – A remote access backdoor that allowed an infected MS Windows computer to be controlled without its user’s knowledge

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31460

Backdoor in com_rsgallery2 gallery extension for joomla

invalid string — Tue, 26 May 2009 16:45:04 +0000

Bugtraq: Backdoor in com_rsgallery2 gallery extension for joomla

Backdoor in com_rsgallery2 gallery extension for joomla

URL: http://www.securityfocus.com/archive/1/503824

Backdoor in com_rsgallery2 gallery extension for joomla

invalid string — Tue, 26 May 2009 16:00:01 +0000

Backdoor in com_rsgallery2 gallery extension for joomla

outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M8z3L-0002Ld-Ef for email@address; Tue, 26 May 2009 16:58:59 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 0676F143742; Tue, 26 May 2009 09:55:15 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Unsubscribe: List-Subscribe: Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 20495 invoked from network); 26 May 2009 06:03:34 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:mime-version:content-type:content-transfer-encoding :content-disposition:message-id; bh=MB1mx9CQQuOY66iO10m6OSm8RpcN7hzm4chypF1iqaQ=; b=szq0ATS2nMDoJRaMY3wCQJSl/85ukP7SrMSEEA39v17z6ZIKfaVFhn/Vovsh0xPgVg CLrHyhdG+8/vwSrtV4PDNWX9L/3YmMR9PdRBcGFQGaeFarknizRbwnfodiEZYfU6pHJv jlrh7wSu7WVLsjh2iCD8olkaEMRhImp81uCZg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; b=n438N3ZnZLskV3v0hK0T6jzyRgpqntHuwd8WfOvx/huQqW6xwcPlAhHI5e7WSt/sfJ TpS+dy8IFUgBRxhgMqKtYpjGSkf8myOHcUKgyWzCW06453ZYgciKc4lXc58hINUn45dl poe0LZrOxKaz7JRP9KaqlmoI3cxGgUrhbq9Fw= User-Agent: KMail/1.9.10 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200905260803.32323.jvnkrk@gmail.com> X-IMAPbase: 1176125385 9186 Status: O X-UID: 9186 Content-Length: 2498 X-Keywords:

Hackers use PDFs to take over PCs

invalid string — Thu, 23 Apr 2009 05:27:29 +0000

Hackers use PDFs to take over PCs

Want to be more secure online? Stop using Adobe Acrobat reader to open PDF documents in your browser. That’s what F-Secure virus hunter Mikko Hypponen, the closest thing to a rock star holding court at the RSA security conference, is advocating.

Ditching Adobe Acrobat Reader will greatly reduce your chances of getting your PC infected by a drive-by download, says the pony-tailed Hypponen, who was recently profiled in Vanity Fair. “That’s my advice,” says Hypponen, “I don’t expect a Christmas card from Adobe.”

The bad guys are increasingly using security flaws in Adobe Acrobat Reader browser plugins to open a backdoor to your hard drive. These instructions get implanted when you visit a tainted website. The next time you use Adobe Reader, a very tiny poisoned PDF from the bad guys also opens and installs the backdoor that may allow them to take over your computer.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=30993

.NET Framework Rootkits

invalid string — Tue, 07 Apr 2009 13:34:57 +0000

.NET Framework Rootkits

Posted by Erez Metula on Apr 7

Hello,
Attached are the presentation + whitepaper I’m going to talk about at BlackHat conference next week in Amsterdam, titled ".NET Framework Rootkits – Backdoors inside Your Framework".

The main threats of Framework level rootkits are

* Hidden malware
*…

URL: http://seclists.org/fulldisclosure/2009/Apr/0062.html