Just by opening a directory containing the infected shortcut will get user infected. Once the infected shortcut icon is displayed in Windows Explorer, malicious code is launched without any further user interaction. Hackers have already developed malware that spreads via USB sticks, using this vulnerabilities.  Independent security researcher Frank Boldewin had found the attack is currently targeted toward the WinCC SCADA system by Siemens. “Looks like this malware was made for espionage,” Boldewin writes.

On Sunday, a researcher known as “Ivanlef0u” published aproof-of-concept code to several locations on the Internet. There is already a Metasploit module that implements the exploit with the WebDAV method.

To protect yourself from the attack, Microsoft suggests disabling the displaying of icon for shortcut and turning off WebClient service as workarounds against possible attacks. Please reference Microsoft advisory for details of how to “Disable the displaying of icons for shortcuts“. Another way to protect yourself is to use Didier Stevens’ tool Ariad .

Additional information on the flaw can be found in a blog post by the SANS Institute’s Internet Storm Centre here.

source:

Experts Warn of New Windows Shortcut Flaw

MS confirms Windows shortcut zero-day flaw

Preempting a Major Issue Due to the LNK Vulnerability – Raising Infocon to Yellow

The classical approach to analyze malware is to set up a virtual machine on a computer specifically designed for that purpose and then release the malware and monitor how it affects the system. The drawback of this protocol is that much of the malware’s behavior can remain hidden, while deeper analysis is not a convenient option.

REMnux comes as a solution to these disadvantages and offers an alternative approach for taking apart a malicious code. Typically, infection of another laboratory system with the malware sample is followed by direction of the potentially-malicious connections to the REMnux “monitoring” ports.

This approach combines a generous number of popular malware-analysis, reverse-engineering, network monitoring, and memory forensic tools. Amongst them, REMnux contains three tools for analyzing Flash-specific malware, namely SWF tools, Flasm, and Flare. Furthermore, it contains several applications for analyzing malicious PDFs, such as the Didier Steven’s analysis tools. The OS also provides a lot of tools for de-obfucating JavaScript, including Rhino debugger, a NoScript-version of Firefox, JavaScript Deobfuscator and Firebug, and Windows Script Decoder. In addition to the above analysis tools, a small Web server, an IRC server, and a pseudo-DNS server are also included. Further, several tools for network monitoring and interactions, such as the virtual honeypot server, HoneyD, as well as Wireshark, INetSim, fakedns and fakesmtp scripts, and NetCat are also part of REMnux.

Behind the development of REMnux stands the idea of providing a useful set of tools for people interested in the field, rather than a be-all reverse-engineering environment. As Zeltser himself puts it: “This doesn’t have every tool in it, because I think people can get distracted with too many tools in there”. On the contrary, Zeltser states that this OS targets beginners or people that are not Linux experts. He also hopes that users’ input and comments will aid in further development of REMnux to reach an improved version of the OS.

Any interested and adventurous potential developers, who would like to contribute to the improvement of REMnux,  are welcomed to contact Lenny Zelter directly.

Researcher said that Adobe’s PDF Reader will block the file from automatically opening but he warned that an attacker could use social engineering tricks to get users to allow the file to be opened. With Foxit Reader there is no warning.

This kind of attack does not use JavaScript code and does not exploiting a vulnerability so neither disabling JavaScript neither patching Adobe Reader will prevent this.

A few days later another researcher Jeremy Conway posted an attack showing that PDFs are “wormable”. It’s possible to launch an attack internally from one PDF onto another already existing PDF, raising the possible of a PDF worm.

Finally a further modified attack, showing how a single malicious PDF could infect an unlimited number of documents was posted by Jeremy.

But the biggest danger for a mobile phone is one that is not one for personal computers: You can lose your mobile phone. This is not only a danger for smartphones but also for all mobile devices containing personal information. Another danger for smartphones is leaving them unattended or loaning it to people because they can install spyware on your smartphone. Additionally to spyware there are mobile viruses, worms and Trojans threatening your smartphone. They can spread using e-mail or via SMS.

Generally speaking, web-based and e-mail attacks are as possible with smarthones as they are with personal computers. Wi-Fi and Bluetooth are two technologies which can be dangerous too. Wi-Fi can be attacked by a man-in-the-middle attack and Bluetooth is also a target for attacks. A good discussion of Bluetooth security you can find here: part1, part2. Here you can find a FAQ on how to use your smartphone securely. Another interesting article about smartphone security can be found here.

The people at F-Secure have uploaded a presentation about Conficker on Youtube. Follow the links below to watch it.

Case Conficker – Part 1

Case Conficker – Part 2

Apple’s Safari was the first to fall this year, with Microsoft’s IE8 and Mozilla Firefox following shortly after. Chrome was the only survivor, and although bugs were identified in it, competition participants were unable to exploit them due to the browser’s sanbox feature.

One of the winners, Charlie Miller stated in a ZDNet interview that the vulnerability he used was one that he had originally found while preparing for the competition last year. Instead of disclosing it at that time, he decided to save it for this year. This is part of his new philosophy, according to which bugs have commercial value and they shouldn’t be disclosed to vendors for free.

“I have a new campaign. It’s called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away,” Miller told ZDNet. “Apple pays people to do the same job so we know there’s value to this work.”

This year’s competition also targeted mobile browsers for Windows Mobile, BlackBerry, Android, Symbian, and the iPhone, all of which came through unscathed. The winners got to walk away with a $5000 prize per successful exploit and of course the brand new laptop they managed to hack.

Further Reading:

• Chrome only browser left standing after day one of Pwn2Own
• Browser security: Pwn2Own topples all but Chrome
• Google Chrome, Mobile Browsers Survive Security Challenge
• Pwn2Own 2009 ends: Smartphones & Chrome unbroken