Posts Tagged ‘security’

Windows shortcut flaw goes wild?

Wednesday, July 21st, 2010

On July 16, Microsoft released Security Advisory 2286198 confirmed the Windows shortcut flaw that exposes all windows user of all current versions of Windows system to very serious attacks, including fully patched Windows 7 system.

Just by opening a directory containing the infected shortcut will get user infected. Once the infected shortcut icon is displayed in Windows Explorer, malicious code is launched without any further user interaction. Hackers have already developed malware that spreads via USB sticks, using this vulnerabilities.  Independent security researcher Frank Boldewin had found the attack is currently targeted toward the WinCC SCADA system by Siemens. “Looks like this malware was made for espionage,” Boldewin writes.

On Sunday, a researcher known as “Ivanlef0u” published aproof-of-concept code to several locations on the Internet. There is already a Metasploit module that implements the exploit with the WebDAV method.

To protect yourself from the attack, Microsoft suggests disabling the displaying of icon for shortcut and turning off WebClient service as workarounds against possible attacks. Please reference Microsoft advisory for details of how to “Disable the displaying of icons for shortcuts“. Another way to protect yourself is to use Didier Stevens’ tool Ariad .

Additional information on the flaw can be found in a blog post by the SANS Institute’s Internet Storm Centre here.

source:

Experts Warn of New Windows Shortcut Flaw

MS confirms Windows shortcut zero-day flaw

Preempting a Major Issue Due to the LNK Vulnerability – Raising Infocon to Yellow

Tags: , , ,
Posted in security news | No Comments »

New Linux OS REMnux Designed For Reverse Engineering Malware

Tuesday, July 20th, 2010

A new OS called REMnux has been released from Lenny Zeltser, a security expert specializing on malware reverse engineering. REMnux is a lightweight version of Ubuntu originally distributed as a VMware virtual appliance, which can be booted via several VMware products or through X-Windows. The OS was also recently released as an ISO image of a Live CD.

The classical approach to analyze malware is to set up a virtual machine on a computer specifically designed for that purpose and then release the malware and monitor how it affects the system. The drawback of this protocol is that much of the malware’s behavior can remain hidden, while deeper analysis is not a convenient option.

REMnux comes as a solution to these disadvantages and offers an alternative approach for taking apart a malicious code. Typically, infection of another laboratory system with the malware sample is followed by direction of the potentially-malicious connections to the REMnux “monitoring” ports.

This approach combines a generous number of popular malware-analysis, reverse-engineering, network monitoring, and memory forensic tools. Amongst them, REMnux contains three tools for analyzing Flash-specific malware, namely SWF tools, Flasm, and Flare. Furthermore, it contains several applications for analyzing malicious PDFs, such as the Didier Steven’s analysis tools. The OS also provides a lot of tools for de-obfucating JavaScript, including Rhino debugger, a NoScript-version of Firefox, JavaScript Deobfuscator and Firebug, and Windows Script Decoder. In addition to the above analysis tools, a small Web server, an IRC server, and a pseudo-DNS server are also included. Further, several tools for network monitoring and interactions, such as the virtual honeypot server, HoneyD, as well as Wireshark, INetSim, fakedns and fakesmtp scripts, and NetCat are also part of REMnux.

Behind the development of REMnux stands the idea of providing a useful set of tools for people interested in the field, rather than a be-all reverse-engineering environment. As Zeltser himself puts it: “This doesn’t have every tool in it, because I think people can get distracted with too many tools in there”. On the contrary, Zeltser states that this OS targets beginners or people that are not Linux experts. He also hopes that users’ input and comments will aid in further development of REMnux to reach an improved version of the OS.

Any interested and adventurous potential developers, who would like to contribute to the improvement of REMnux,  are welcomed to contact Lenny Zelter directly.

Tags: , , , , , , , ,
Posted in security news | No Comments »

Exploiting PDF files, without a vulnerability

Thursday, April 8th, 2010

Portable Document Format (PDF) files can be used to execute an embedded executable without exploiting any security vulnerabilities. These proof-of-concept PDF files targeting computers running Adobe Acrobat Reader or Foxit Reader PDF software, as Didier Stevens a security researcher warned, runs the embedded executable by launching a command that ultimately runs an executable.

(more…)

Tags: , , ,
Posted in security news | No Comments »

Are smartphones secure?

Monday, January 25th, 2010

Today’s smartphones are no more normal mobile phones, they are small personal computers. Therefore threats for smartphones are the same as for personal computers. The only difference form this point of view is that personal computers generally use Microsoft Windows as operating system, whereas there are a wide variety of mobile platforms. Due to this fact mobile platforms are harder to attack.

But the biggest danger for a mobile phone is one that is not one for personal computers: You can lose your mobile phone. This is not only a danger for smartphones but also for all mobile devices containing personal information. Another danger for smartphones is leaving them unattended or loaning it to people because they can install spyware on your smartphone. Additionally to spyware there are mobile viruses, worms and Trojans threatening your smartphone. They can spread using e-mail or via SMS.

Generally speaking, web-based and e-mail attacks are as possible with smarthones as they are with personal computers. Wi-Fi and Bluetooth are two technologies which can be dangerous too. Wi-Fi can be attacked by a man-in-the-middle attack and Bluetooth is also a target for attacks. A good discussion of Bluetooth security you can find here: part1, part2. Here you can find a FAQ on how to use your smartphone securely. Another interesting article about smartphone security can be found here.

Tags: , ,
Posted in presentation | No Comments »

The day has come!

Wednesday, April 1st, 2009

Today, April 1 2009 is the alleged Doomsday of the Conficker/Downadup worm activation. Conficker has lately been under the spotlight of many well known tech blogs and even news websites garnering lots of attention. Even Conficker fanpages have been created in popular social networking sites. Now that it’s here disappointment might strike the masses as reportedly “Conficker has activated. So far nothing has actually happened.” Still there’s plenty of time ahead, and since not all of the worm’s behavior is known there might be a surprise ahead for us.

(more…)

Tags: , , , ,
Posted in security news | 2 Comments »

Pwn2Own 2009 comes to a close

Wednesday, March 25th, 2009

The highly anticipated Pwn2Own competition came to a close at this year’s CanSecWest conference a couple of days ago. The undisputed winner: Chrome, Google’s newborn web browser.

(more…)

Tags: , , ,
Posted in security news | No Comments »