The FORWARD project blog

Typhoid Adware is a software which resembles the healthy carrier of typhoid called  Typhoid Mary. This kind of threat works to the full potential on computer networks and specifically on wireless networks. Actually, the internet cafes and other similar public places where the customers can access internet wirelessly without any data encrpytion, are the most convenient places for being infected Adware software. Typhoid Adware comes from another’s person computer and convinces other laptops to communicate with it and not the legitimate access point. Then the Typhoid adware automatically inserts advertisements in videos and web pages on the other computers.

John Aycock who co-authored a paper with assistant professor Mea Wang and students Daniel Medeiros Nunes de Castro and Eric Lin have come up with solutions which support computers with security defences against threats of various Adwares like the Typhoid Adware.

Click here for more information.

A vulnerability has been discovered in  64-bit Windows 7 , in graphics display component that could be exploited to crash the system or potentially take control of the computer by running code remotely.The vulnerability is  in the Canonical Display Driver (cdd.dll) which could allow code execution(Microsoft isn’t aware of this ,cause vulnerable code execution is unlikely due to memory randomization)  caused due to an error while drawing in kernel space by using the cdd.dll . This can be exploited to dereference invalid memory in a write operation and corrupt kernel memory.When the Windows Aero theme is installed, does not perform the expected data parsing after user-mode data is copied to kernel mode, which allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a crafted image file.

http://news.cnet.com/8301-27080_3-20005420-245.html?tag=mncol;title

http://www.microsoft.com/technet/security/advisory/2028859.mspx

http://secunia.com/advisories/39577

The XSS filter that was the developed from Microsoft and added to the last IE version to prevent XSS attacks can be used for the very exact opposite reason! The cross-site scripting (XSS) filter can be abused by attackers to launch cross-site scripting attacks (XSS) on websites and web pages that would otherwise be immune to this threat.

The IE8 filter works by scanning outbound requests for strings that may be malicious. When such a string is detected, IE8 will dynamically generate a regular expression matching the outbound string. The browser then looks for the same pattern in responses from the server. If a match is made anywhere in the server’s response, the browser assumes that a reflected XSS attack is being conducted and the browser will automatically alter the response so that the XSS attack will be unsuccessful.

(more…)

According to the security firm Bkis, this worm has delevoped a more efficient way of persuading people follow the steps that lead to the trap and achieving its goals. The main means of spreading are Yahoo Instant Messanger and Skype, so the first indirect contact with the malware is done via a message that is selected from a various set of messages which is followed by a link.

An example of that kind of messages is shown below.

(more…)

A recent critical vulnerability has been identified in Windows Outlook Express, Windows Mail and Windows Live Mail. This security issue can allow remote code execution if the users visits a malicious e-mail server. The attacker can gain the same privileges of the computer as the user has.The security update addresses the vulnerability by correctly validating e-mail server responses.Patches have been released.

source:

http://www.theregister.co.uk/2010/05/12/may_patch_tuesday/

http://www.microsoft.com/technet/security/Bulletin/MS10-030.mspx

The cross-site scripting enables malicious attackers to inject client-side script into web pages viewed by other users. As The Register reported in November, Internet explorer 8 contains a bug and can be exploited to introduce cross-site scripting. In other words the attacker can figure out a flaw in IE 8 as a result to create a specific string to tranformed into an actual attack on the web page.

(more…)

Clickjacking is a hacking technique first seen in 2008 that fools users in to clicking on elements hidden in a iframe. It seems not to be so dangerous hacking technique as the cross-site scripting and cross-site request forgery but it is expected to extend to a powerfool tool for hacking web applications. For this reason a tool has been introduced at the Black Hat security conference in Barcelona by Context developer Paul Stone which will be helpful to improve clickjacking defences.

Click here for more details