Vulnebilities – Page 4 – Paul's Tech Talk

Are You and Your Friends Fine — Virus Spam

PaulMarch 22, 2009

Logged into my Google Email and was checking my spam to see what I see and this one draws my attention:

I think I know where this is leading me but I click the link and this website with the Reuters logo pops up:

Now as you can tell this looks authentic but when I did go to this site, AVG detected some trojan. It blocked it, but the file that it is downloaded called “save.exe” and I have talked about [intlink id=”2991″ type=”post” target=”_blank”]flash player fake updates[/intlink]. I have seen other blogs talking about dirty bomb news report leads to malware. I don’t know about you but if I wanted to update my flash player, I go to the source and not use any links. It is wise not to download any programs or files and run them without properly checking them out for viruses and Trojans. You should have a fiewall and anti-virus running at all times and that will help but it is your actions that help your prevent from getting viruses or Trojans.

I hate Snopes Spam

PaulMarch 5, 2009

As you know Snopes is used to find out about urban Legend and Rumors:

I received a Virus alert from my RSS feed about Email virus warning. It even adds a Snope URL. The Author just copies and pasted the virus warning into the blog without even going to Snopes.
[ad#ad2-right]

According to Snopes and I’ll quote:
Although the Postcard virus is real, it isn’t a “BIG VIRUS COMING” (it’s already been around in multiple forms for a long time now), it will not “burn the whole hard disc” of your computer, CNN didn’t classify it as the “worst virus” ever, and it doesn’t arrive in messages bearing a subject line of ‘Invitation.’

[Via Snopes]

Now as you can tell the link described in the blog post was “http://www.snopes.com/computer/virus/postcard.asp”. If you went there, you’d have seen this as a not really true and some parts of this might be but that part about burning your Hard drive or even consider the Worst virus isn’t true.

Some things you need to consider before forwarding anything is:

Is it completely True?

Is it Legitimate? (True blown warning about something like a product recall or something important like that)

Does it Say to Forward? (if so it is probably not wise)

is it from a Friend (If so you might want to remind the friend nicely that it isn’t nice to send spam)

If you follow some of these suggestions you’ll be making the Internet a far better place for everyone. Remember if you don’t know, it’s time to learn. if you do know, it is time to teach. These are the fundamental aspects of using the internet the right way. Also if it is a fake virus warning you should tell them to get a Free Anti-virus and Firewall to better protect them. Also remind them that if they keep their system updated then they shouldn’t be too worried. Remember only you can prevent a Computer Virus and it’s up to you keep your system up to date.

Gmail Vulnerable to a Change PW Attack!

PaulMarch 3, 2009

Securiteam has made an announcement that Gmail has an issue. I will quote:

GMail is vulnerable to CSRF attacks in the “Change Password” functionality. The only token for authenticate the user is a session cookie, and this cookie is sent automatically by the browser in every request.

[ad#ad2-right]An attacker can create a page that includes requests to the “Change password” functionality of GMail and modify the passwords of the users who, being authenticated, visit the page of the attacker.

The attack is facilitated since the “Change Password” request can be realized across the HTTP GET method instead of the POST method that is realized habitually across the “Change Password” form.

[Via Securiteam]

One way to prevent this to a point is right now having GMAIL automatically connect securely. You would go into your settings in gmail and make sure it uses https connection:
This is one way to prevent the cookie attack but is still needing to be fixed. Since it is using the HTTP GET method it should use the HTTPS method as soon as you try accessing the site. Google needs to change to the HTTPS Get method instead to prevent this type of attack. If you have any other ideas for Google just leave a comment.

Cracking and Warez sites are Host of Trouble!!

PaulMarch 3, 20092 Replies

It is nothing to laugh at and should be understood that gamers have no freedom right now. That said this new Variant to Virux Trojan is in regards to Win32/Vitro Trojan. It seems tobe infecting .exe and .Scr files just like this.

According to Trend Micro:
[ad#ad2-right]

The downloaded malware include variants under the FAKEAV, TDSS, and VUNDO families. Infection chains, however, are notable for the presence of VIRUT and VIRUX malware. VIRUX and VIRUT attacks were initially about the volume of infected PCs. The numbers are massive enough to worry Web users and security researchers: around 20,000 PCs are infected per day
Read more: “Crack Sites Distribute VIRUX and FakeAV“

Now it seems to be more and more sites with getting computer infected. It also seems the Malware writers are using these servers for helping infect essentially gamers computers. So for the time being, if you have a favorite game and you want to:

No-CD Crack (This is good for those who want to play the game without the CD)

Key Gen Cracks (This is used for pirated version of a game)

Update Cracks (This is used to prevent CD checking or Also prevent Version Checking)

Game Cheats (This is usually a small program like a bot or some other way for the gamer to cheat)

And should not be Downloaded or USED!! I don’t say that lightly, because Gamers feel they should be able to play any game they want. Although this post will probably make the Gamer developers happy, I do this to tell people that these virus writers are using the gamers to distribute the Virus. I encourage all the gamers out there, that don’t want to loose their games to not download any more of these types of cracks. It seems the virus writers are wanting to infect systems and slow you down. You don’t want to slowed down do you? Please consider getting a Firewall and a Free Anti-virus software to better protect your system.

PDF Zero Day Vulnerability in the Wild

PaulFebruary 20, 2009

From sources all over the internet, Adobe made a sent out a Security bulletin yesterday:

APSA09-01 (Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat)

[ad#ad2-right]A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe Plans on patching this March 11, 2009

and According to some other reports are saying:

Symantec Security Response has received several PDF files that actively exploit a vulnerability in Adobe Reader. We are continuing to remain in contact with Adobe on this vulnerability in order to ensure the security of our mutual customers.

[via Symantec]

With PDF files being used all over the business world, this will create undo problems with the IT Field. This also could be used to make Botnets and make the network involved become sluggish. It must be warned that there are a whole wide variety of possibilities that could be done with this exploit. Shadowserver Foundation recommends disabling the Javascript in your Adobe Reader. Until the patch comes out you will need to be careful on what you open up and possibly check each and every PDF with an Anti-virus. This should help minimize the likely hood of getting a virus or Trojan, but is not going to be a 100%. The only way you can prevent a 100% right now is not to use PDFS until they have Fixed this problem.