Posts Tagged 'malicious'

Bell Canada source of most malicious activity

Bell Canada’s Internet service carried the most viruses, spam, computer attacks and other so-called “malicious activity” in the country in the last half of 2007, says cyber-security firm Symantec.

Symantec, producer of the widely used Norton Antivirus software, conducts a twice-yearly global Internet security investigation. The company detected a whopping 711,912 new malicious code threats to the Internet in 2007, up dramatically from 125,243 in 2006.

The study named Canada the No. 9 hot spot for malicious activity, far behind the United States at No. 1.

Being the nation’s largest Internet provider, it’s not surprising that Bell’s Internet users were either knowingly or unknowingly responsible for 17 per cent of what’s termed “malicious” or “undesirable” activity here, said Dean Turner, Calgary-based director of Symantec’s Global Intelligence Network.

“Honestly, I think it’s just because they (Bell) are the biggest target,” he said. “They have the largest percentage of broadband users in Canada at 24 per cent.” (link)

Malicious javascript code can take control of your router

Researcher Dan Kaminsky tomorrow will show attendees of the RSA security conference how a Web-based attack could be used to seize control of certain routers.

Kaminsky has spent the past year studying how design flaws in the way that browsers work with the Internet’s Domain Name System (DNS) can be abused in order to get attackers behind the firewall.

But at the RSA Conference in San Francisco, he will demonstrate how this attack would work on widely used routers, including those made by Cisco’s Linksys division and D-Link.

The technique, called a DNS rebinding attack, would work on virtually any device, including printers, that uses a default password and a Web-based administration interface, said Kaminsky, who is director of penetration testing with IOActive. (link)

Hackers manage to exploit the Interweb

Safari for Windows vulnerable to exploit

Juan Pablo Lopez Yacubian has discovered two vulnerabilities in Safari, which can be exploited by malicious people to conduct spoofing attacks or potentially compromise a user’s system.

1) An error when downloading e.g. a .ZIP file with an overly long filename can be exploited to cause a memory corruption.

Successful exploitation may allow execution of arbitrary code.

2) An error in the handling of windows can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.

The vulnerabilities are confirmed in version 3.1 for Windows. Other versions may also be affected. (link)

iPhone and iPod Touch vulnerable to malicious code

A new exploit will either lock up your iPhone or iPod Touch or crash your Safari browser on your PC or Mac OS desktop if you simply visit a maliciously coded Web site. Unlike an earlier exploit that required users to click to become infected, the new code published by iPhoneWorld requires no user interaction.

So far, Apple has had no comment.

The code was first reported in January and exhausts the memory in Safari, which in turn will cause your iPhone or iPod Touch to freeze, or your desktop Safari to crash. “Given the nature of this issue,” said the BugTraq newsgroup vulnerability report, “remote code execution may also be possible, but this has not been confirmed.” (link)

Security vendor discovers database of stolen FTP usernames and passwords

A fresh discovery by security vendor Finjan Inc. provides yet another example of how easy it is becoming for almost anyone to find the tools needed to break into, infect or steal data from corporate Web sites.

The San Jose-based vendor announced today that it has uncovered an illegal database containing more than 8,700 stolen File Transfer Protocol server credentials including usernames, passwords and server addresses. Anyone can purchase those credentials and use them to launch malicious attacks against the compromised systems.

The stolen credentials belong to companies from around the world and include more than 2,500 North American companies, some of whose Web sites are among the world’s top 100 domains, according to Yuval Ben-Itzhak, Finjan’s chief technology officer.

The FTP credentials would allow malicious hackers to break into and upload malware of their choice to compromised servers literally with a click or two, he said. “You could pick any server you wanted in the list, pay for it” and launch an attack with very little effort, Ben-Itzhak said. (ComputerWorld)

Malicious code everywhere

Sometimes it’s good to be reminded of the dangers of web surfing. Who’s been caught surfing “unfamiliar” sites? Hand up, I see you in the back, come on, be honest. It happens, most of the time we just ignore any odd errors and chalk it up to poor coding. Maybe that error was intentionally coded and maybe you got a virus. Keep your security stuff up to date and stop surfing for porn.

“I got a taste today of the ever present danger that is the Internet. A client of mine is often in the news, so I watch for articles using Google Alerts. Once a day, I’m sent an email listing the new web pages Google found that contain my client’s name. After doing this for well over a year without incident, Google today included a malicious web page in the list of those referencing my client. The page tried to install malicious software on my computer. Hopefully the details of the scam, described below, will educate anyone not yet sufficiently skeptical about life on the Internet.” (link)

Researcher discovers security flaw with Skype

Security researcher Aviv Raff has discovered and demonstrated a flaw within Skype that allows malicious code to be run under certain circumstances. The problem is caused by Skype’s web control. The program uses Internet Explorer to render internal and external HTML, but does so using “Local Zone” security settings.

Actually taking advantage of the bug would require malware authors to find a trusted site with a cross-zone scripting error. These types of errors are relatively common, and allow for the execution of potentially unsafe scripts as if they carried higher permissions than they actually do. Such scripts have a wide variety of potential applications (some of which might be picked up by other security features, such as Vista’s UAC), but a wide range of potential activity could go completely unblocked and unnoticed. (link)

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 29 other followers

Technorati – Blog Search

Add to Technorati Favorites

submit express