Security Hero Rotating Header Image

Virus

Adobe Reader / Acrobat and Flash Remote Code Execution

Adobe Reader / Acrobat and Flash Remote Code Execution

Summary:

Fortinet’s FortiGuard Global Security Research Team investigates a vulnerability in multiple Adobe products through SWF.

Impact:

Remote Code Execution.

Affected Software:

  • Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions
  • Adobe Flash Player 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions

Solutions:

  • The FortiGuard Global Security Research Team released a signature “Adobe.Products.SWF.Remote.Code.Execution”, which covers this specific vulnerability.
  • Apply the suggested workaround from Adobe

The FortiGuard Global Security Research Team continues to monitor attacks against this vulnerability.

Fortinet customers who subscribe to Fortinet°¶s intrusion prevention (IPS) service should be protected against this remote code execution vulnerability. Fortinet°¶s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat’s lifecycle.

References:

URL: http://www.fortiguardcenter.com/advisory/FGA-2009-29.html

Its summer…Do you know what your kids are doing?, (Fri, May 29th)

Its summer…Do you know what your kids are doing?, (Fri, May 29th)

School is over or about to be over for many kids. With that comes many families whose parents work and kids will be left at home to relax and enjoy their summer vacation. This means alot of free time and an internet out there just waiting to be explored. Everyone is aware of the need to keep your kids safe while on the internet. But in some cases, there is a need to keep the internet and others safe from your kids. Let me explain that last comment. Kids with too much time on their hands get into trouble. You hear about it all the time on the news with kids getting into trouble with things such as vandalism, stealing,etc. What about kids getting into trouble on the internet?
Do a google search on the phrase teenage hacker and see what comes up. Kids are curious and learn fast. The internet can become a playground for them to explore and test out cool new programs and tools they find on the internet or write themselves. Chat rooms are available where kids can learn many things from others and want to try them for themselves. They can also get pulled into the wrong crowd on the internet and get in way over their heads fast. They may not even see anything wrong with it, its just computers after all.
Most of the filtering technology today focuses on web traffic. What are your kids looking at on the web. That is a good thing, but there are many other ports and protocols available and nothing watching them. Would you know if your child was running a botnet? Stealing credit card numbers? Hacking into websites? Its not a game and there are real consequences to it, even sometimes when the intent may have been to do good.Here are some recent examples:
Nineteen-year-old Dmitriy Guzner from New Jersey was part of an underground hacking group named ‘Anonymous’ that targeted the church with several attacks. He could face ten years in prison on computer hacking charges and is due to be sentenced on August 24. http://www.securecomputing.net.au/News/144850,teenage-hacker-pleads-guilty-to-church-of-scientology-cyber-attacks.aspx

Twitter has announced a review into four worm attacks on the site as a teenage hacker admits he could be jailed for his role in the stunt. http://news.sky.com/skynews/Home/Technology/Twitter-Worm-Attack-Biz-Stone-Announces-Review-As-Teenage-Hacker-Michael-Mooney-Speaks-Out/Article/200904215261579
A teenage hacker whose campaign to expose holes in Internet security sparked an FBI investigation was being sentenced in court today. http://www.independent.co.uk/news/business/news/teenage-hacker-to-be-sentenced-for-internet-crusade-676871.html

As parents, we need to also talk to our kids about the other dangers that are on the internet. Dangers such as hacking, virus making, botnet creation, stealing, etc. You may think your child is doing nothing but sitting on a computer playing. But keep in mind that computer on the internet is a portal to a whole nother world.

URL: http://isc.sans.org/diary.php?storyid=6490&rss

4116

4116

BAT/Qhost.NBP (2), INF/Autorun (3), PDF/Exploit.Pidief.ONM, PDF/Exploit.Pidief.ONN (2), PDF/Exploit.Pidief.ONO, PDF/Exploit.Pidief.ONP (2), Win32/Adware.BHO.NCX, Win32/Adware.Coolezweb (4), Win32/Adware.InternetAntivirus, Win32/Adware.PersonalAntivirus, Win32/Adware.SpywareRemover, Win32/Adware.SystemSecurity (18), Win32/Agent.PMR (2), Win32/Agent.WPI, Win32/AntiAV.AZQ, Win32/AntiAV.NAO (2), Win32/AutoRun.ABH, Win32/AutoRun.ADR (2), Win32/AutoRun.FakeAlert.BR, Win32/AutoRun.FakeAlert.M, Win32/AutoRun.VB.CN (2), Win32/Bagle.RG, Win32/Delf.NSQ (3), Win32/Dialer.NHQ (3), Win32/Dialer.NHR (3), Win32/FlyStudio.NMJ, Win32/FlyStudio.NMK, Win32/Hupigon.NPD, Win32/Injector.PK, Win32/IRCBot.ADZ, Win32/Koobface.NBG (2), Win32/Koutodoor.AB, Win32/Koutodoor.AD, Win32/Koutodoor.AE (4), Win32/Koutodoor.G, Win32/Kryptik.QY, Win32/Olmarik.GW (2), Win32/Olmarik.HG (4), Win32/Olmarik.IB, Win32/Peerfrag.BA, Win32/Peerfrag.BG, Win32/Peerfrag.BH, Win32/Popwin.NBJ (2), Win32/PSW.OnLineGames.NMP, Win32/PSW.OnLineGames.NMY, Win32/PSW.OnLineGames.OKC, Win32/PSW.Small.NBE (4), Win32/Qhost, Win32/Qhost.NIJ (2), Win32/Rootkit.Agent.KZU, Win32/Rootkit.Ressdt.NBS, Win32/Spy.Banker.QRW (2), Win32/Spy.Banker.QYO (3), Win32/Spy.Banker.QZB (2), Win32/Spy.Banker.QZC (2), Win32/Spy.Goldun.NFA, Win32/Spy.Zbot.JF (3), Win32/Spy.Zbot.PG (2), Win32/Spy.Zbot.RD, Win32/Spy.Zbot.RN, Win32/Tifaut.C (4), Win32/TrojanDownloader.Agent.PCZ, Win32/TrojanDownloader.Agent.PDA, Win32/TrojanDownloader.Agent.PDB, Win32/TrojanDownloader.Agent.PDC, Win32/TrojanDownloader.Agent.PDD, Win32/TrojanDownloader.Bagle.NBJ, Win32/TrojanDownloader.Bredolab.AB, Win32/TrojanDownloader.FakeAlert.AAX, Win32/TrojanDownloader.FakeAlert.ABV, Win32/TrojanDownloader.Small.OPS (2), Win32/TrojanDownloader.Zlob.CZK, Win32/VB.NHD, Win32/VB.OEY (2), Win32/Wigon.KX

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6085&Itemid=26

Microsoft DirectShow Remote Code Execution Vulnerability

Microsoft DirectShow Remote Code Execution Vulnerability

Summary:

Fortinet’s FortiGuard Global Security Research Team investigates a vulnerability in Microsoft DirectX (DirectShow) through a specially crafted QuickTime media file.

Impact:

Remote Code Execution.

Affected Software:

  • DirectX 7.0 on Microsoft Windows 2000 Service Pack 4
  • DirectX 8.1 on Microsoft Windows 2000 Service Pack 4
  • DirectX 9.0 on Microsoft Windows 2000 Service Pack 4
  • DirectX 9.0 on Windows XP Service Pack 2 and Windows XP Service Pack 3
  • DirectX 9.0 on Windows XP Professional x64 Edition Service Pack 2
  • DirectX 9.0 on Windows Server 2003 Service Pack 2
  • DirectX 9.0 on Windows Server 2003 x64 Edition Service Pack 2
  • DirectX 9.0 on Windows Server 2003 with SP2 for Itanium-based Systems

Solutions:

  • The FortiGuard Global Security Research Team released a signature “MS.DirectShow.NULL.Byte.Overwrite”, which covers this specific vulnerability.

The FortiGuard Global Security Research Team continues to monitor attacks against this vulnerability.

Fortinet customers who subscribe to Fortinet°¶s intrusion prevention (IPS) service should be protected against this remote code execution vulnerability. Fortinet°¶s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat’s lifecycle.

References:

URL: http://www.fortiguardcenter.com/advisory/FGA-2009-20.html

Advanced Two-Way Firewall for Mac OS X unveiled

Advanced Two-Way Firewall for Mac OS X unveiled

ProteMac has announced ProteMac NetMine 1.2, their network firewall for Mac OS X. ProteMac NetMine intercepts all network activity traveling from and to your Mac and from every an application of your Mac. NetMine firewall can prevent all unwanted outside and inside traffic from reaching protected machines.

Firewall can restrict or prevent outright the spread of networked computer worms, trojans, viruses and malware. NetMine firewall is a new breed of information security technology designed to protect Mac OS X computers from attack from outside network and from software on your computer.

The two-way firewall stops inappropriate or malicious access to your computer from both internal and external network sources. As a frontline defense, it prevents malware from spreading, providing protection against hackers, loss of personal data, unknown malware, and unauthorized program activity.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31491

4114

4114

IRC/SdBot, Win32/Adware.Coolezweb (5), Win32/Adware.InternetAntivirus, Win32/Agent.WPI, Win32/AutoRun.Autoit.P, Win32/AutoRun.Delf.CB (2), Win32/AutoRun.IRCBot.AM (2), Win32/BHO.NLG, Win32/Kryptik.QW, Win32/Olmarik.HG (4), Win32/PSW.YahooPass.AF, Win32/Spy.Webmoner.NBN, Win32/Spy.Zbot.CK, Win32/TrojanClicker.Delf.NBA, Win32/TrojanClicker.Delf.NDS, Win32/TrojanClicker.Delf.NFC, Win32/TrojanDownloader.Adload.FIB (2)

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6083&Itemid=26

4113

4113

BAT/Agent.NBW, PDF/Exploit.Pidief.ONK, Win32/Adware.Antivirus2008 (2), Win32/Adware.Coolezweb (2), Win32/Adware.InternetAntivirus (5), Win32/Adware.SystemSecurity (4), Win32/Agent.NXT, Win32/Agent.PHC, Win32/Agent.PKT (2), Win32/Agent.WPI (4), Win32/AutoRun.Agent.OG, Win32/AutoRun.Agent.OH, Win32/AutoRun.Agent.OI, Win32/AutoRun.FakeAlert.AF (3), Win32/AutoRun.KS, Win32/AutoRun.VB.DQ, Win32/Boberog.AC, Win32/Dialer.NHP (2), Win32/Hupigon.NPB, Win32/Hupigon.NPC, Win32/Injector.PH, Win32/Injector.PI, Win32/IRCBot.ADZ (2), Win32/KeyLogger.BitLogic, Win32/NetPass (2), Win32/Obfuscated.NCY, Win32/Olmarik.HG (4), Win32/Poebot, Win32/Prosti.NCL (2), Win32/PSW.LdPinch.NJG, Win32/PSW.WOW.NKO (2), Win32/PSW.YahooPass.NAD (2), Win32/PSWTool.IEPassView.NAD, Win32/PSWTool.MailPassView.150, Win32/PSWTool.PassFox.111 (2), Win32/Rustock.NIH, Win32/Rustock.NIK, Win32/Sohanad.BM, Win32/Sohanad.NEJ, Win32/Spy.Banker.QZA, Win32/Spy.KeyLogger.NEC (2), Win32/Spy.Zbot.CK, Win32/Spy.Zbot.JF, Win32/Spy.Zbot.RL, Win32/Spy.Zbot.RM, Win32/StartPage.BR, Win32/StartPage.NKJ (3), Win32/TrojanClicker.Agent.NGT (2), Win32/TrojanClicker.VB.NHG (2), Win32/TrojanClicker.VB.NHH, Win32/TrojanDownloader.Agent.PAQ (2), Win32/TrojanDownloader.Agent.PCY, Win32/TrojanDownloader.Bredolab.AB (2), Win32/TrojanDownloader.FakeAlert.UX, Win32/TrojanDownloader.Small.NTQ (3), Win32/TrojanDownloader.Small.OCS (2), Win32/TrojanDownloader.Small.OOT, Win32/TrojanDownloader.Small.OPP, Win32/TrojanDownloader.Small.OPR, Win32/TrojanDownloader.Zlob.CZK, Win32/TrojanDropper.VB.NHW, Win32/TrojanProxy.Wintu.B

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6082&Itemid=26

4110

4110

BAT/TrojanDownloader.Ftp.NDM, BAT/TrojanDownloader.Ftp.NDN, IRC/SdBot (2), PDF/Exploit.Pidief.ONF, Win32/Adware.AntiVirus1, Win32/Adware.Antivirus2008, Win32/Adware.AntivirusPlus (2), Win32/Adware.BHO.NCX, Win32/Adware.MySideSearch, Win32/Adware.NaviPromo (2), Win32/Adware.PersonalAntivirus (2), Win32/Adware.PrivacyComponents, Win32/Adware.UltraAntivirus2009 (3), Win32/Adware.Virtumonde (2), Win32/Adware.WinPCDefender, Win32/Agent.DKR (2), Win32/Agent.PGA, Win32/Agent.PKT, Win32/Agent.PMI (3), Win32/AntiAVNAK (2), Win32/Autoit.FV (2), Win32/AutoRun.FlyStudio.KC, Win32/AutoRun.IRCBot.AK, Win32/AutoRun.KS, Win32/AutoRun.VB.CX (2), Win32/AutoRun.VB.DP (2), Win32/Bagle.RD, Win32/BHO.NOR, Win32/Delf.ODU, Win32/Delf.OJB, Win32/Dialer.NAD, Win32/Hupigon.NOU, Win32/KillAV.NDT (4), Win32/KillProc.NAF, Win32/Kryptik.QR, Win32/Kryptik.QS, Win32/Mebroot.BL, Win32/Mebroot.BM (2), Win32/Mebroot.BN (2), Win32/Olmarik.GW, Win32/Olmarik.HG (2), Win32/Olmarik.HX (2), Win32/Olmarik.HY (2), Win32/Olmarik.HZ (2), Win32/OlmarikIA (2), Win32/Patched.AW, Win32/PcClient.NDW, Win32/Peerfrag.BD, Win32/Peerfrag.BE, Win32/PSW.Agent.NJL, Win32/PSW.OnLineGames.NMP (7), Win32/PSW.OnLineGames.NMY (11), Win32/PSW.OnLineGames.NNU (4), Win32/PSW.OnLineGames.ODJ (2), Win32/PSW.OnLineGames.OKC, Win32/PSW.OnLineGames.OKD, Win32/PSW.OnLineGames.XTT, Win32/Rootkit.Agent.NLY (2), Win32/Rustock.NIL (2), Win32/SpamTool.Agent.NCL, Win32/Spy.Banker.QYV (2), Win32/Spy.Banker.QYW (2), Win32/Spy.Banker.QYX (2), Win32/Spy.Zbot.JF (2), Win32/Spy.Zbot.RK, Win32/TrojanClicker.Delf.NHF, Win32/TrojanDownloader.Agent.OXA, Win32/TrojanDownloader.Agent.PCX, Win32/TrojanDownloader.Delf.ORH, Win32/TrojanDownloader.FakeAlert.AAX, Win32/TrojanDownloader.FakeAlert.ACE, Win32/TrojanDownloader.FakeAlert.ACT, Win32/TrojanDownloader.Small.OCS, Win32/TrojanDownloader.VB.NXX (2), Win32/TrojanDownloader.Zlob.CUG, Win32/TrojanDownloader.Zlob.CZW (2), Win32/TrojanDropper.Mudrop.NAM, Win32/TrojanDropper.VB.NHX (3), Win32/TrojanProxy.Small.NCA, Win32/Wigon.KU (2)

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6079&Itemid=26

Host file black lists , (Wed, May 27th)

Host file black lists , (Wed, May 27th)

Henry Hertz Hobbit who maintains a black list of bad hosts wrote in today with some host file links

and comments on them. I have included most of his comments with very little editing

(I removed a few names and comments about other list maintainers and corrected a bit of the grammer).

I have NOT verified all of the lists than Henry discusses below. Our users should be warned that

I have seen poorly maintained lists block legitimate sites in the past.

We have had some less attentive or overly aggressive list maintainers use our hosts

list as a block list even though it clearly states DO NOT USE AS A BLOCK LIST

and then blame isc.sans.org for the listing, http://isc.sans.org/ipsascii.html.

Other handlers have written some excellent diaries about blacklists addressing issues

such as Spam blocking by RBLs, Blacklists and politics,

and making the right choice in black list selection:

http://isc.sans.org/diary.html?storyid=3194

http://isc.sans.org/diary.html?storyid=3042

http://isc.sans.org/diary.html?storyid=1309

For more information on host based blocking this site has a good descriptions,

some lists that are on Henrys lists and some additional lists didnt include in his set.

http://www.malwarehelp.org/how-to-effectively-prevent-malware-hosts-file.html

>From Henry Hertz Hobbit:

Two old venerable lists are MVPHosts and hpHosts.

http://www.mvps.org/winhelp2002/hosts.htm

http://hosts-file.net/

MalwareDomainList is here with their lists and they block ONLY sites with malicious

content (no ads or trackers / spies):

http://www.malwaredomainlist.com/hostslist/hosts.txt

http://www.malwaredomainlist.com/

http://www.malwaredomainlist.com/mdl.php

The French connection consists of what I would call the MVPHosts file with a Franais twist

(there are some trackers that are quite prevalent if France that don’t exist any place else):

http://sysctl.org/cameleon/hosts

http://sysctl.org/cameleon/

Another list that has the most comprehensive lists that may need some pruning:

http://rlwpx.free.fr/WPFF/hosts.htm

This list primarily don’t belong on the desktop but into something like this:

http://www.peereboom.us/adsuck/

And then there is my list which includes many of the hosts that MalwareDomainList lists.

http://www.SecureMecca.com/hosts.html

http://www.HostsFile.org/hosts.html

But I provide something far more powerful called a PAC (Proxy Auto Configuration) filter

that blocks unknown threats:

http://www.SecureMecca.com/pac.html

http://www.HostsFile.org/pac.html

http://www.SecureMecca.com/Downloads/

Now I have heard you need an IQ of 130 plus or higher to use the PAC filter.

If that is a problem so be it. But consider the following points.

1. hpHosts (hosts-file.net) blocks approximately 3700 typo hosts.

I block them with just two hosts in the hosts file (ownbox.com and www.ownbox.com)

and these two rules in the PAC filter:

// OWNBOX FE TYPO

BadNetworks[i++] = 216.65.41.185, 255.255.255.255

BadNetworks[i++] = 216.65.41.188, 255.255.255.255

Now that cuts it down to size, doesn’t it? There is a lot of other power reducers and

falling through the cracks rules in there! Otherwise my file would be almost as large

as the list at rlwpx.free.fr/WPFF/hosts.htm.

2. If you enable the PAC filter on Windows in IE you will have your eyes opened.

I had full debug on that way once and found the PAC filter was even working at the level

of tellimg me I sent a print-out to the network printer! But debug really should only

be used in Firefox with debug mode set to debugNormal. Do not turn debug on in Opera or

Safari (they kill it), or IE (you will have pop-up nightmares).

3. The REGEXPs are precompiled for speed. It is faster in debug mode than John LoVerso’s

original was without any debug. But then I noticed some of his ad patterns are pretty convoluted.

But if you have to interpret them every time …

4. I notice patterns that occur frequently enough that I block yet to be discovered

hosts with patterns like these:

BadHostParts[i++] = antispy // VOTRE CHOIX

BadHostParts[i++] = antivir // VOTRE CHOIX

There are of course some white-list rules to counteract the bad rules

(and now you are back to blocking in the hosts file):

GoodDomains[i++] = antispamfilterblocker.com

GoodDomains[i++] = antivirusyellowpages.com

GoodDomains[i++] = pcantivirusreviews.com

5. Even if hosts make it past the rules for the hosts and there is no host block,

for some of the malware there are patterns and I block them as I discover and

mentally count them and consider the count high enough to go into panic mode

(and I think a lot of people are already there now):

BadURL_Parts[i++] = av2008

BadURL_Parts[i++] = av2009

BadURL_Parts[i++] = sms.exe

BadURL_Parts[i++] = smsreader

Oh yes, HostsMan is available here:

http://www.abelhadigital.com/

URL: http://isc.sans.org/diary.php?storyid=6469&rss

4109

4109

IRC/SdBot, Win32/Adware.AdvancedCleaner (3), Win32/Adware.BHO.NCG, Win32/Adware.BHO.NCX, Win32/Adware.Coolezweb (2), Win32/Adware.PersonalAntivirus.AA, Win32/Adware.PersonalAntivirus.AB, Win32/Adware.SystemSecurity.AA (2), Win32/Adware.Virtumonde, Win32/Adware.WinPCDefender (2), Win32/Adware.WSearch, Win32/Agent.PME, Win32/Agent.PMF, Win32/Agent.PMG (6), Win32/Agent.PMH (2), Win32/AntiAV.NAK, Win32/AutoRun.Autoit.P, Win32/BHO.NOS, Win32/BHO.NPJ, Win32/BHO.TBL (2), Win32/Bifrose.ADR, Win32/Delf.OJA (2), Win32/Flyagent.NAV (2), Win32/Flyagent.NAW (2), Win32/FlyStudio.NMH, Win32/Injector.PB, Win32/Injector.PC, Win32/Koutodoor.AB (3), Win32/Koutodoor.G, Win32/Kryptik.QO, Win32/Kryptik.QP, Win32/Mebroot.BL, Win32/Merond.P (2), Win32/Olmarik.GW, Win32/Olmarik.HG (2), Win32/Popwin.NBI, Win32/PSW.OnLineGames.NMY, Win32/PSW.OnLineGames.OKB (3), Win32/PSW.QQPass.NEH (4), Win32/Rootkit.Agent.NLZ (2), Win32/Rootkit.Podnuha.NCB, Win32/Rustock.NIH, Win32/Rustock.NIK, Win32/Spy.Agent.NNQ, Win32/Spy.Banbra.NPR (2), Win32/Spy.Banker.QQJ, Win32/Spy.Banker.QYP (2), Win32/Spy.Banker.QYQ (2), Win32/Spy.Banker.QYR (2), Win32/Spy.Banker.QYS (2), Win32/Spy.Banker.QYT (2), Win32/Spy.Banker.QYU (2), Win32/Spy.Delf.NUL (2), Win32/SpyBot (2), Win32/StartPage.BR, Win32/TrojanDownloader.Adload.NFC, Win32/TrojanDownloader.Agent.PCW (2), Win32/TrojanDownloader.Autoit.NAM, Win32/TrojanDownloader.Bredolab.AA (2), Win32/TrojanDownloader.FakeAlert.AAX, Win32/TrojanDownloader.FakeAlert.ACS (2), Win32/TrojanDownloader.Flux, Win32/TrojanDownloader.Small.OPO, Win32/TrojanDownloader.Swizzor.NCA (2), Win32/TrojanDownloader.Zlob.CZK, Win32/TrojanDownloader.Zlob.CZV (3), Win32/TrojanDropper.Agent.OBD, Win32/TrojanDropper.Delf.NNK, Win32/VB.NRL, Win32/VB.OET (3)

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6078&Itemid=26

4108

4108

IRC/SdBot (2), SWF/Exploit.Agent.AB (2), Win32/Adware.Antivirus2008, Win32/Adware.BHO.NCX, Win32/Adware.SpywareProtect2009 (2), Win32/Adware.XPGuard, Win32/Agent.PIS, Win32/Agent.PIX, Win32/AutoRun.Agent.IE (3), Win32/AutoRun.FlyStudio.KB, Win32/AutoRun.VB.CD, Win32/Delf.NHH, Win32/Injector.MB, Win32/Injector.MC, Win32/Injector.MD, Win32/Injector.NV, Win32/IRCBot.ADZ, Win32/Koutodoor.AB (4), Win32/Koutodoor.G, Win32/Kryptik.QN, Win32/Lanc.A, Win32/Pacex.Gen (2), Win32/PSW.OnLineGames.OIX, Win32/PSW.YahooPass.NAD, Win32/StartPage.BR, Win32/TrojanClicker.Agent.NGS (2), Win32/TrojanDownloader.Agent.OXU, Win32/TrojanDownloader.Agent.OYU, Win32/TrojanDownloader.Banload.OOC, Win32/TrojanDownloader.Banload.OOP, Win32/TrojanDownloader.Bredolab.AA (2), Win32/TrojanDownloader.Delf.ORH, Win32/TrojanDownloader.Small.OKW (2), Win32/TrojanDownloader.VB.NWO, Win32/TrojanDownloader.Zlob.CZK, Win32/TrojanDropper.Agent.NSS, Win32/TrojanProxy.Small.NCA, Win32/Wigon.KU

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6077&Itemid=26

Facebook sued by user over virus

Facebook sued by user over virus

A Florida librarian and activist has filed a civil lawsuit against Facebook alleging that the social network failed to adequately protect users from a virus.

Theodore Karantsalis, of Miami Springs, Fla., is seeking $70.50 from Facebook in the lawsuit, which was filed a week ago in Miami-Dade county court.

Source – Cnet

Reddit It | Digg This | Add to del.icio.us

URL: http://www.pogowasright.org/article.php?story=20090526164503789

4107

4107

BAT/Qhost.NBP (2), Win32/Adware.PersonalAntivirus (3), Win32/Adware.SystemSecurity (3), Win32/Adware.SystemSecurity.AA, Win32/Adware.WinPCDefender (6), Win32/Agent.CCWW, Win32/Agent.NYJ (2), Win32/Agent.PMD, Win32/AutoRun.ABH (4), Win32/AutoRun.FakeAlert.AF, Win32/AutoRun.FlyStudio.KA, Win32/Delf.NSE, Win32/Injector.PA, Win32/Koobface.NBG (2), Win32/Kryptik.QM, Win32/Qhost, Win32/Spy.Banker.QQJ (3), Win32/Spy.Webmoner.NBR (3), Win32/Spy.Zbot.JF, Win32/TrojanDownloader.Agent.OZA, Win32/TrojanDownloader.DelfOTP, Win32/TrojanDownloader.Small.NZM, Win32/TrojanDropper.Agent.OBC

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6076&Itemid=26

4106

4106

BAT/Agent.NBV (2), INF/Autorun, Win32/Adware.PersonalAntivirus, Win32/Adware.SystemSecurity, Win32/Adware.SystemSecurity.AA, Win32/Adware.WinPCDefender (2), Win32/Agent.CIHM, Win32/Agent.NYI (6), Win32/Agent.PLZ (2), Win32/Agent.PMA, Win32/Agent.PMB (3), Win32/Agent.PMC, Win32/Autoit.AG, Win32/BHO.NOR, Win32/Buzus.AZGJ, Win32/Daonol.B, Win32/Daonol.C, Win32/Delf.NFV (2), Win32/Delf.ODU, Win32/Delf.OIY, Win32/Delf.OIZ (2), Win32/FlyStudio.NMG (2), Win32/Hupigon.NOY (2), Win32/Koutodoor.AA (3), Win32/Koutodoor.G, Win32/Kryptik.QK, Win32/Kryptik.QL, Win32/Olmarik.GW (2), Win32/Olmarik.HG (4), Win32/Rootkit.Ressdt.NBO, Win32/SpamTool.Agent.NCL, Win32/Spy.Agent.NNS, Win32/Spy.Banbra.NPQ, Win32/Spy.Banker.QNJ, Win32/Spy.KeyLogger.ME (4), Win32/Spy.VB.NDV, Win32/Spy.Zbot.JF (3), Win32/Spy.Zbot.NJ, Win32/Spy.Zbot.RI, Win32/Spy.Zbot.RJ, Win32/StartPage.NJS, Win32/TrojanClicker.Delf.NDJ, Win32/TrojanClicker.Delf.NDK, Win32/TrojanClicker.Delf.NDR (3), Win32/TrojanClicker.Delf.NGK, Win32/TrojanClicker.Delf.NGM, Win32/TrojanClicker.Delf.NHF, Win32/TrojanClicker.VB.NHF, Win32/TrojanDownloader.Agent.OYF, Win32/TrojanDownloader.Delf.OIF, Win32/TrojanDropper.Agent.OBB, Win32/TrojanDropper.Mudrop.ABZ, Win32/VB.OES (3)

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6073&Itemid=26

New cscope packages fix arbitrary code execution

[SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution

<!– Envelope-to: email@address Delivery-date: Mon, 25 May 2009 17:47:31 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M8dKl-0000wJ-NC for email@address; Mon, 25 May 2009 17:47:31 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id C8835144259; Mon, 25 May 2009 08:14:14 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 14511 invoked from network); 24 May 2009 08:28:08 -0000 Resent-Cc: recipient list not shown: ; Old-Return-Path: <jmm@inutil.org> X-Original-To: lists-debian-security-announce@liszt.debian.org Delivered-To: lists-debian-security-announce@liszt.debian.org X-Virus-Scanned: at lists.debian.org with policy bank moderated X-Spam-Flag: NO X-Spam-Score: -9.08 X-Spam-Level: X-Spam-Status: No, score=-9.08 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02, IMPRONONCABLE_2=1, LDO_WHITELIST=-5, MURPHY_WRONG_WORD1=0.1, MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5, PHONENUMBER=1.5] autolearn=ham X-policyd-weight: using cached result; rate: -6.1 Message-ID: <20090524082751.GA24821@galadriel.inutil.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) X-SA-Exim-Connect-IP: 82.83.229.75 X-SA-Exim-Mail-From: jmm@inutil.org X-SA-Exim-Scanned: No (on inutil.org); SAEximRunCond expanded to false X-Debian: PGP check passed for security officers Priority: urgent Resent-Message-ID: <h-kgsMJsh7H.A.NWB.VUQGKB@liszt> Reply-To: listadmin@securityfocus.com Mail-Followup-To: bugtraq@securityfocus.com Resent-Date: Sun, 24 May 2009 08:28:05 +0000 (UTC) Resent-From: list@liszt.debian.org (Mailing List Manager) X-IMAPbase: 1176125385 9179 Status: O X-UID: 9179 Content-Length: 5245 X-Keywords: