Winamp Plug-In Backdoor Wide Open To Viral Penetration:
Winamp media player users need to update their software following the discovery of multiple security holes, some of which provide a means to distribute malware via booby-trapped media files.
Version 5.6 of the software for Windows fixes a critical integer overflow vulnerability in the the "in_nsv.dll" plug-in library that leaves users exposed to viral attack – provided, of course, that they are first tricked into opening a maliciously constructed stream or media file.
The update from developers Nullsoft also addresses a potentially nasty, but probably less easy to exploit, bug involving the handling of midi files. The release also includes a number of performance and stability tweaks. [Date: 1 December 2010; Source: http://www.theregister.co.uk/2010/12/01/winamp_security_update/]
Malicious Kodak Galleries Used For Serving Trojan:
A variant of a highly specialized Trojan has appeared on fake sites mimicking Kodak Gallery pages, where potential victims are urged to download software that would supposedly allow them to watch the offered slideshow, but actually creates a folder with configuration files and copies a few executables into the System32 folder.
But before doing that, it actually does show the users a slideshow of car pictures, which acts as a smokescreen in order to hide the malicious activity. Further research by Sunbelt's experts reveals that the fact that the pictures are of a car might not be so random.
The Bayrob Trojan - of which this is a variant - has had a history of targeting eBay users, especially those buying motors and cars since that means that bigger amounts of money are involved. The Trojan spoofs various eBay pages and tries to trick the users into parting with their money. This particular variant has a very low detection rate.... [Date: 30 November 2010; Source: http://www.net- security.org/malware_news.php?id=1552]
Amazon Profiles Used For Spam:
Amazon's online store-front has a social networking component to it, where people with accounts can create user and seller profiles to share their interests, what they are reading, listening to, selling, etc. For the most part, anytime a site allows user-driven content to be published on the web we have seen some kind of abuse (for example, LastFM, Google Code, Adobe Groups).
Amazon's profiles are no different- most appear to "profile spam" advertise various pages on the adult sites: adultmediareviews [and] redspacetube. Some of the advertising language for redspacetube suggests illegal / child porn content. Google searches for both of the above domains show other sites hosting these similar "profile" spam advertisements. ...
The redspacetube domain has been identified as redirecting users to Trojan malware (FakeAV) in the past. ... The Amazon profile abuse is not limited to porn and malware spam, but also includes pharma spam. There are thousands of these profiles. [Date: 30 November 2010; Source: http://research.zscaler.com/2010/11/amazon-profiles-used-for-spam.html]
Blackhat Spam SEO & Google Search Fake AV: They Are Still There:
It's quite depressing to see that Google still contains numerous links to spam pages which lead to fake AV sites. While there are fewer of them, they are still there. This, despite the fact that attackers have not significantly changed their techniques in many months. They still hijack vulnerable sites and create spam pages with similar URL patterns.
The fake AV pages are mostly the same, using the same CSS and Javascript code and antivirus engines continually fail to detect the majority of the malicious executables. Here is a typical example of what users will still encounter. The site casino-jugendclub.de has been hijacked to host thousands of pages....
As usual, the page redirects real users coming from a search on Google, Yahoo! or Bing to a fake AV page. ... It mentions a "Windows Security Update", and is hosted on microsoftwindowssecurity145.com (still up at the time of writing).
It looks the same as traditional fake AV sites, with animation showing an antivirus scan of the computer. And again, the detection rate amongst AV vendors is only around 25%. [Date: 30 November 2010; Source: http://research.zscaler.com/2010/11/blackhat-spam-seo-fake-av-they-are.html]
Can You Really See Who Viewed Your Facebook Profile? Rogue Application Spreads Virally:
Once again, a rogue application is spreading virally between Facebook users pretending to offer you a way of seeing who has viewed your profile. ...
Messages spreading rapidly across the Facebook social network right now say: "OMG OMG OMG... I cant believe this actually works! Now you really can see who viewed your profile! on [LINK]." If you're tempted to click on the link you're taken to a webpage which encourages you to go a little deeper and permit an application to have access to your Facebook profile. ...
Scams like this have been used to earn commission for the mischief makers behind them, who have no qualms about using your Facebook profile to spread their spammy links even further. ...
[I]f you do continue, you'll find that your profile will be yet another victim of the viral scam - spreading the message to all of your online Facebook friends and family. ...
This current campaign is using a variety of different links - but via bit.ly we can see that at least one of them has already tricked nearly 60,000 people into clicking. [Date: 26 November 2010; Source: http://nakedsecurity.sophos.com/2010/11/26/can-you-really-see-who-viewed-your-facebook-profile-rogue- application-spreads-virally/]
No comments:
Post a Comment