Archive for March, 2007

Fake IE7 downloads

Saturday, March 31st, 2007

Bad guys are always looking for ways to get innocent people to download malware onto their PCs.  Our friends at Sunbelt Software shows us one of their latest tricks - fake IE7 downloads:

There is spam out there that tries to get you to download IE 7. It’s fake, of course. When you click on the image, you are then offered to download a trojan (Sunbelt Sandbox analysis here, VirusTotal results here). Antivirus coverage is mediocre.

More on the animated cursors vulnerability

Friday, March 30th, 2007

Here's some more info on the animated cursors vulnerability.  This information is from McAfee:

Preliminary tests demonstrate that Internet Explorer 6 and 7 running on a fully patched Windows XP SP2 are vulnerable to this attack.  Windows XP SP0 and SP1 do not appear to be vulnerable, nor does Firefox 2.0.  Exploitation happens completely silently.

The vulnerability lies in the handling of malformed ANI files.  Known exploits download and execute arbitrary exe files.  This vulnerability is reminiscent of MS05-002.

Interesting

Apple “unmodding” modded Apple TV boxes

Friday, March 30th, 2007

Is Apple "unmodding" modded Apple TV boxes?  It seems like they might be:

Several of us over in the Awkward TV IRC(l0rdr0ck, myself, and others) have had our Mod’d Apple TV’s played with over night(SSH/VNC disabled), our guess is apple has started to fight back the mod’d Apple TV’s. This is a warning to all of you to block your Apple TV from the internet by going into your routers settings and denying it internet access!

It's that old chestnut - company subsidizes hardware in order to sell additional services (because that's where the long term money is) and then feels that they own the hardware.

Microsoft Security Advisory (935423) – Vulnerability in Windows Animated Cursor Handling

Friday, March 30th, 2007

Animated cursors could be harmful to your PC's health:

Microsoft is investigating new public reports of attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.

As a best practice, users should always exercise extreme caution when opening or viewing unsolicited emails and email attachments from both known and unknown sources.

Some points worth noting:

  • Those of you out there using Internet Explorer 7 on Windows Vista are protected from currently known web based attacks due to Internet Explorer 7.0 protected mode.
  • By default, Outlook 2007 uses Microsoft Word to display e-mail messages which protects customers from the HTML e-mail preview and attack vector.
  • In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker could also attempt to compromise a Web site to have it serve up a Web page with malicious content attempting to exploit this vulnerability. An attacker would have no way to force users to visit a Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site or a site compromised by the attacker.

Best way to protect yourselves is to use e-mail messages in plain text format if you are using Outlook 2002 or a later version, or Windows Mail.

YouGetItBack.com

Thursday, March 29th, 2007

Have you ever lost a cell phone, MP3 player or PDA?  You need YouGetItBack.com.

It used to be that when you lost something valuable, it was gone for good.
Those times have changed. Now if you lose it... 7 times out of 10 you get it back!

Yougetitback.com combines security labeling and modern communications technology with a no-nonsense, 24/7 return service, plus a finder's return incentive, to maximise the chances of you recovering lost or stolen items.

Schemes such as this have worked with keys for years, I see no reason why it shouldn't help recover lost gadgets (the only difference is that keys have little commercial value, electronics are a different matter).

YouGetItBack might help you recover your lost property, but it's better not to lose your stuff in the first place!