Antivirus XP 2008 Be careful with what you click! This Trojan makes you believe that there are viruses/worms in your computer, makes you download a file named XPantivirus2008_v880421.exe (v880421 is a variable component in the file) and installs another executable named xpa.exe which is a worm. This will create entries in multiple locations including ProgramFiles, […]

Read More →

SQL injection attacks are the techniques used by hackers to inject malicious SQL queries into the Web Applications to steal information from the stored database. SQL injection attacks are on the rise and these days attackers are targeting Social Networking Sites, Online Shopping Cart web pages and other such web based applications. Search Engines are […]

Read More →

Any message that appears to have come from a friend in the network is trusted by default. By this nature, social networking sites are the easy targets for worm writers to spread the attack. Also, behavioral analysis is possible by looking at enormous amount of content available. An attack that is targeted is thus possible, […]

Read More →

Russian-Georgian Cyber attack Is it real? There are evidences attributing to that though we cannot conclude for sure. “Cyber Warfare” is still the term that can be set aside for the future, though such evidences are making it appear more real. It will only be a speculation at this point in time. It can even […]

Read More →

MS Bulletins – Aug 2008 11 Security Advisories were released this month, covering about 26 flaws in Microsoft Windows, Microsoft Office, and Internet Explorer, http://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx The very critical ones being MS08-041 and MS08-042 as these are being exploited in the wild. The SecPod plugins for Nessus are uploaded and we had made a Snort signatures […]

Read More →

With the release of latest DNS Cache poisoning attack, DNSSEC is gaining some attention. As it is supposed to provide cryptographic means to prevent such attacks. Though it doesn’t prevent DDOS attacks that have come to known in the DNS space, it is a good step forward to consider DNSSEC. But, why DNSSEC implementation efforts […]

Read More →

Microsoft MS08-033, MS07-064 Revised The revision included DirectX 9a in the vulnerable list. DirectX 9a users are advised to install the hotfixes. WinRemotePC 2008 Packet Handling Denial of Service Vulnerability Inserting huge amount of data of the order of 30000 bytes to replace “Service Pack n” string in the message, in repeated manner causes the […]

Read More →

Microsoft Access Snapshot Viewer ActiveX Control Vulnerability Snort signatures were developed for this vulnerability, based on the POC available. There’s a coverage at, http://www.emergingthreats.net/ The signatures can also be downloaded at www.secpod.org/snort-signatures/

Read More →

More on DNS Cache Poisoning Issue: We updated the advisory after seeing number of other vendor products releasing updates and more advisories are getting released, Debian – http://lists.debian.org/debian-security-announce/2008/msg00185.html RedHat – http://rhn.redhat.com/errata/RHSA-2008-0533.html Ubuntu – http://www.ubuntu.com/usn/usn-622-1 Talking about collaboration, http://www.securityfocus.com/columnists/477?ref=rss SANS summarized the issue very well, http://isc.sans.org/diary.html?storyid=4687&rss     Microsoft Word Could Allow Remote Code Execution: Microsoft […]

Read More →

Big day for security researchers, vendors, administrators with Microsoft’s Patch Tuesday release. The release of the patch for DNS cache poisoning attack simultaneously by major vendors makes it all the more interesting and keeps us all busy. I must say a well coordinated effort by vendors. Current Activities: 1. Vulnerabilities in DNS Could Allow Spoofing […]

Read More →