Dark Reading
Risky Business
Download Now
Download Now
Download Now
Google Searchers Find Malware
Hackers create a lookalike Google Italy site and lure users to download malicious appsOct 12, 2006 | 09:10 AM
By Tim WilsonDarkReading
Some visitors to the Google Italy site are getting an unwelcome surprise this week, as a look-alike site hijacks their browsers and installs malware on their machines.
Researchers at IT security vendor SurfControl plc 's Global Threat Expert center reported today that they have discovered an "evil twin" Website that looks almost exactly like the Google Italy site. In an exploit known as "typosquatting," attackers have built the evil twin under a URL that is spelled slightly differently, duping users who might make an errant keystroke or click on a bad link.
When users enter, the fake site automatically attempts to install ActiveX controls on their PCs. If the installation is successful, the site drops a Trojan horse that redirects the homepage to a site filled with adult content.
In addition, the site installs a package of malware on the user's PC, including adware and a keylogger that can be used to monitor the user's keystrokes and send the information to a remote location. Some users have also experienced attempts to send spam through the infected machines, including spam with malware attached, SurfControl said.
Users can fight the fake by turning off Internet Explorer's ability to automatically install ActiveX controls, the security vendor says. If ActiveX controls are turned off, the user cannot be infected without giving the go-ahead for installation.
— Tim Wilson, Site Editor, Dark Reading
Hackers Miss Their Target -- By About 2,000 Miles 09/03/2010
Qualys Releases QualysGuard PCI 5.0 with New Dashboard and Interactive Workflows 09/03/2010
DNS DDOS Threats and Corresponding Mitigation Strategies 03/23/2010
Spoofing Server - to - Server Communication: How You Can Prevent It 03/11/2010
DIGITAL ASSETS
Extend Security to the Edge with Web App Security
09/02/2010
Subscribe to RSSHackers Miss Their Target -- By About 2,000 Miles
Firewalls Top Purchase Priority In 2010, Survey Says
Misconfigured Networks Are Easiest Prey, Hacker Survey Says
MORE KEYHOLE
Published:2010-08-19
Severity:High
Description:Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.
Published:2010-08-19
Severity:Low
Description:Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
|
