In the months since Stuxnet first hit our radar, I’ve wiped a lot of brickdust off my forehead. Mostly as a result of banging my head against the wall in the hope of distraction from yet another infuriating, unsubstantiated speculation about who wrote it, what it was for, and who was the target, repeated as … Read More. ESET ThreatBlog
License to code
None of us would want to be operated on by an unlicensed surgeon so why should we put trust in software applications written by unlicensed, uncertified programmers? Apple have seemingly taken the high-road by requiring programmers to register as Apple developers (for a small-but-not-negligible fee) before they can deploy their code to a device (even if its just
Corporate Identity Theft Used to Obtain Code Signing Certificate
Last week, the lab identified a curious set of spammed malware; files signed with a valid Authenticode code signing certificate. This is something we’ve seen before. But this case seemed odd because the contact information appeared very genuine. Usually a valid but malicious certificate uses clearly bogus or dubious details. I searched for a company that matched the name and address in the certificate and found small consulting firm that provides services related
Beware: Attackers Could Use New iPhone 4 Jailbreak Code to Carry Out Malicious Attacks
It seems like almost everyone I know has an iPhone, or at least wants one. Among iPhone users in the U.S.—where the phone’s operating system is locked and customers are limited to just one carrier—jailbreaking the devices is almost as popular. Jailbreaking Apple devices such as the iPhone essentially unlocks the operating system
W32.Changeup: Visual Basic Polymorphic Code Uncovered
W32.Changeup is a type of polymorphic worm written in Visual Basic (VB) and as we stated in the previous W32.Changeup blog, our analysis is focusing on the polymorphic behavior that the threat employs. There are many polymorphic worms but polymorphic worms written in VB are very rare. Analysis of malware written in Visual Basic can be tricky but I have spent some time analyzing this threat and in
Incoming search terms for the article:
fbviews org, miley cyrus uncovered, polymorphic encryption in vb, polymorphic worms symantec
Dell replacement server motherboards found with malicious code
Boards on new PowerEdge equipment and non-Windows systems not affected. According to a note on Dell’s company support forum, a small number of PowerEdge R410 replacement motherboards have been found infected with spyware. The company is notifying customers who have purchased the equipment. http://en.community.dell.com/support-forums/servers/f/956/t/19339458.aspx Someone from the company posting under the name “Matt M” wrote in response to a
Code for Shortcut Zero-Day Exploit is Public
If you’re not following Mikko’s Twitter feed, you may have missed yesterday’s news that public proof of concept exploit code for the Windows shortcut (.lnk) vulnerability has been released on exploit-db.com. This further escalates the danger of the shortcut vulnerability. So far, only the authors of the Stuxnet rootkit have utilized the flaw, but now there’s
Malware exploiting x86 machine code redundancy
Every AV product on the market in these days is furnished with an emulator which provides a safe sandbox for running executables files, before they get loaded and executed in the proper environment. By definition an emulator will never be exactly like ‘the real thing’, and malware authors continually try to exploit this fact in order to evade detection. In that sense x86
Incoming search terms for the article:
A blast from the past – the source code virus Induc.A
Some days ago, Andreas Marx (of av-test.org) sent a copy of a new virus to all antivirus companies, with a warning that infected files were found on some magazine CD/DVD’s. True enough, the virus was new to the attention of antivirus companies. The virus was W32/Induc.A. This is something of a rarity – it is a source code infector. These viruses do not propagate directly
[CVE-2010-0249] Vulnerability in Internet Explorer Could Allow Remote Code Execution
Microsoft advisory: http://www.microsoft.com/technet/security/advisory/979352.mspx This security flaw, which was revealed about a week ago, is a threat that we follow closely. As of this writing we and others have seen a limited number of in-the-wild attacks using this. Some of these attacks were quite serious, affecting large targets like Google and Adobe
Incoming search terms for the article:
Internet Explorer (6/7/8) Remote Code Execution – Remote User Add Exploit
Objective A malicious web site can be crafted using an exploit code that will allow IE (Internet Explorer) to be compromised and allow code to be executed on your computer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using IE. User accounts with limited privileges on the system could be less impacted than administrative users accounts with full user rights. Affected platforms: Microsoft Internet Explorer
Javascript code “likes this” on Facebook
We’re seeing a lot of reports in relation to dubious Facebook pages using Javascript to try and spam anybody who happens to be on your friends list. Here’s a typical example: Should the end-user hit the “Click here” button, rather nifty prompts appear that encourage them to do something a little bit silly: If you’re somebody that knows their way around the keyboard,
Adobe Reader PDF LibTiff Integer Overflow Code Execution
Abstract Vulnerability exists in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 where TIFF [Tagged Image File Format] is used to compile a PDF with shellcode which can do an arbitrary code execution making the host vulnerable. The twist is this does not use Java Script to do the exploit as we have seen for the past few days PDF Exploit mostly contains Java Script.
Incoming search terms for the article:
libtiff exploit integer, libtiff exploit pdf tag type, libtiff pdf, libtiff python pdf exploit, overflow and under flow of integer can be recover in java, pdf libtiff, pdf libtiff exploit, pdf libtiff exploit explained
