Recent Posts

[Threat Level Elevated]

Threat Level Elevated
A vulnerability has been found in Apple QuickTime (for Windows) that could be used to run arbitrary code. (Secunia advisory here: http://bit.ly/cq2vts) RealPlayer has updated its video player for all operating systems to fix a variety of vulnerabilities. Bulletin here: http://bit.ly/aVv05o Microsoft has posted an advisory that explains the "DLL preloading attacks" and offers a work-around tool that "allows customers to disable the loading of libraries from remote network or WebDAV shares. (Advisory here:
http://www.sunbeltsecuritynews.com/SMJAYI/100901-advisory

Adobe has posted Shockwave Player version 11.5.8.612 for Windows and Mac to fix critical vulnerabilities in version 11.5.7.609 and earlier that could allow an intruder, to run malicious code on the affected system. Microsoft is warning that users who have failed to update their Java Runtime Environment (running versions up to 6 update 18) are vulnerable to drive-by downloads of Trojan Win32.TrojanDownloader.Unruy. (Microsoft's Technet blog piece here:
http://www.sunbeltsecuritynews.com/SMJAYI/100901-advisory3

ACROS Security Company is reporting that Apple iTunes for Windows is vulnerable to a malicious dynamic linked library file that could be loaded and run from local drives, remote Windows shares or Internet shares. (Advisory here:
http://www.sunbeltsecuritynews.com/SMJAYI/100901-advisory2


Recent Updates
Google Chrome version 5.0.375.127 (Linux, Mac and Windows).
Adobe Reader and Acrobat versions 8.2.3 and 9.3.3.
Opera 10.61 (PCs, Mac and Linux).


This Week's Top 10 Spyware Threats


1. Trojan.Win32.Generic!BT: Trojan
2. Trojan.Win32.Generic!SB.0: Trojan
3. MyBrowserBar: Hijacker
4. Trojan-Spy.Win32.Zbot.gen: Trojan
5. INF.Autorun (v) (fs): Trojan
6. Trojan.Win32.Generic.pak!cobra: Trojan
7. Trojan.HTML.FakeAlert.e (v): Trojan
8. Worm.Win32.Downad.Gen (v):Worm.W32
9. Trojan.HTML.FakeAlert.d (v): Trojan
10. Trojan.Win32.Bamital.c (v): Trojan

[Threat Level Elevated]

Threat Level Elevated
Google has released Chrome version 5.0.375.127 (Linux, Mac and Windows) to fix nine significant vulnerabilities.

Adobe has posted updates for Reader and Acrobat 9.3.3 as well as Adobe Reader and Adobe 8.2.3 to fix the highly publicized vulnerability that could crash the application and allow an attacker to take control of the affected system. ACROS Security Company is reporting that Apple iTunes for Windows is vulnerable to a malicious dynamic linked library file that could be loaded and run from local drives, remote Windows shares or Internet shares.

Danger Zone Topics
Working under our ClearCloud should make searching safer but be aware of these dangerous topics in spam and search results: Justin Bieber, "OMG" posts on Facebook and "resume" spam with infected attachments. Also take heed as McAfee has determined that Cameron Diaz is now the most dangerous celebrity to search for online, with Julia Roberts coming in second.

Recent Updates
A couple of updates for you Opera has gone to version 10.61 (PCs, Mac and Linux) and Apple QuickTime to 7.6.7. That's it for this week.

This Week's Top 10 Spyware Threats
1. Trojan.Win32.Generic!BT: Trojan
2. Trojan-Spy.Win32.Zbot.gen: Trojan
3. INF.Autorun (v) (fs): Trojan
4. Trojan.Win32.Generic.pak!cobra: Trojan
5. Trojan.Win32.Bamital.c (v): Trojan
6. Exploit.PDF-JS.Gen (v): Exploit
7. Trojan.Win32.Generic!SB.0: Trojan
8. Trojan.Win32.Meredrop: Trojan Downloader
9. Trojan.Win32.Malware.a : Trojan
10. Worm.Win32.Downad.Gen (v):Worm.W32

[Threat Level Elevated]

Threat Level Elevated
Opera has announced the release of version 10.61 of its browser for PCs, Mac and Linux.

Apple has released QuickTime version 7.6.7 to fix a buffer overflow vulnerability in that could enable a malicious web page to execute arbitrary code.

Adobe has released Flash Player 10.1.82.76 (Linux, Macintosh, Windows and Solaris) and Adobe AIR version 2.0.3 to fix multiple vulnerabilities that could allow an intruder to take control of a system.

Adobe released out-of-band updates to fix vulnerabilities in: Acrobat 9.3.3 (Windows and Macintosh), Reader 8.2.3 and Acrobat 8.2.3 (Windows and Macintosh), Reader 9.3.3 (Windows, Macintosh and UNIX)

Foxit has released Foxit Reader 4.1.1.0805 to address a vulnerability associated with the improper rendering of PDF documents.

Danger Zone Topics
Take heed my friends if you are searching around the Internet or perusing your email, it seems there are some dangerous, cruddy things out there such as Fake Patch Tuesday emails, fake Microsoft's Software Removal Tool which will put in more malware than it would remove. So stay alert.

This Week's Top 10 Spyware Threats
1. Trojan.Win32.Generic!BT: Trojan
2. INF.Autorun (v) (fs): Trojan
3. Trojan-Spy.Win32.Zbot.gen: Trojan
4. Trojan.Win32.Generic.pak!cobra: Trojan
5. Trojan.Win32.Meredrop: Trojan Downloader
6. Worm.Win32.Downad.Gen (v):Worm.W32
7. Trojan.Win32.Generic!SB.0: Trojan
8. Trojan.ASF.Wimad (v): Trojan
9. FraudTool.Win32.FakeAV.gen!droppedData (v): Trojan
10. Trojan.Win32.Malware.a : Trojan

[Threat Level Elevated]

Threat Level Elevated
We are back down to Elevated from last week's high. In the meantime, Foxit has released Foxit Reader 4.1.1.0805 to address a vulnerability associated with the improper rendering of PDF documents. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

And Adobe has announced that it will release out-of-band updates to fix a number of vulnerabilities, including the much-discussed CVE-2010-2862, the week of August 16. Updates include: Acrobat 9.3.3 (Windows and Macintosh), Reader 8.2.3 and Acrobat 8.2.3 (Windows and Macintosh) and Reader 9.3.3 (Windows, Macintosh and UNIX). Make sure you get these updates folks.

Microsoft has issued Security Bulletin MS10-046 to fix the vulnerability Windows that allows a specially crafted shortcut (LNK file) to enable execution of arbitrary code with the privileges of the user.

Firefox plug-in NoScript version 2.0 has been released. The open-source extension for Mozilla's Firefox browser blocks the execution of JavaScript, Java, Flash and other scripted content.

Apple has released Safari 5.0.1 and Safari 4.1.1 for Windows and Mac OS X to fix multiple vulnerabilities in Safari and WebKit.

Danger Zone Topics
Tread softly when searching for these dangerous topics in spam and search results: .pdf files (Adobe vulnerability, above, and two unpatched iPhone vulnerabilities), Attachments with .lnk or .pif extensions (exploits for recently patched Windows flaw) have been reported.

This Week's Top 10 Spyware Threats
1. Trojan.Win32.Generic!BT: Trojan
2. Trojan.Win32.Generic.pak!cobra: Trojan
3. Trojan-Spy.Win32.Zbot.gen: Trojan
4. INF.Autorun (v) (fs): Trojan
5. FraudTool.Win32.FakeAV.gen!droppedData (v): Trojan
6. Trojan.Win32.Generic!SB.0: Trojan
7. Worm.Win32.Downad.Gen (v):Worm.W32
8. Trojan.Win32.Malware.a : Trojan
9. Trojan.Win32.Meredrop: Trojan Downloader
10. LooksLike.Win32.PatchedDriver!A (v): Virus.W32

[Threat Level High]

Threat Level High
We have increased our Sunbelt Threat Level to "high" in light of vulnerabilities in three widely-used applications or systems and the vulnerability research that was publicized at the Defcon and Black Hat conferences in Las Vegas last week. Microsoft has issued Security Bulletin MS10-046 to fix the vulnerability (CVE- 2010-2568) in Microsoft Windows that allows an intruder to present a victim with a specially crafted shortcut (LNK file) that could enable the execution of arbitrary code with the privileges of the user. Make sure you get your patch on this. Go to http://www.windowsupdate.com and take it from there.

Secunia is warning of buffer overflow vulnerability in QuickTime Player that could enable a malicious web page to execute arbitrary code. No fix is available as of yet. Advisory SA40729:
http://www.sunbeltsecuritynews.com/100804-Secunia-Advisory


Danger Zone Topics
Oh boy as we get to walk in the danger zone (Don't go barefoot!) These are the dangerous topics in spam and search results: Trojanized Angelina Jolie film "Salt" (imagine that?), attachments with .lnk or .pif extensions (exploits for recently patched Windows flaw, above) have been reported.

Recent updates
Firefox plug-in NoScript version 2.0 has been released. The open-source extension for Mozilla's Firefox browser blocks the execution of JavaScript, Java, Flash and other scripted content.

Apple has released Safari 5.0.1 and Safari 4.1.1 for Windows and Mac OS X to fix multiple vulnerabilities in Safari and WebKit.

Google released Chrome 5.0.375.125 for Linux, Mac, Windows, and Chrome Frame fixing five vulnerabilities.

This Week's Top 10 Spyware Threats(only 9 were listed)
1. Trojan.Win32.Generic!BT: Trojan
2. Trojan-Spy.Win32.Zbot.gen: Trojan
3. Trojan.Win32.Generic.pak!cobra: Trojan
4. INF.Autorun (v) : Trojan
5. Worm.Win32.Downad.Gen (v): Worm.W32
6. FraudTool.Win32.FakeAV.gen!droppedData (v) Trojan
7. FraudTool.Win32.SecurityTool (v): Trojan
8. Trojan.Win32.Generic!SB.0: Trojan
9. Trojan-Downloader.Win32.Small: Trojan Downloader

[Threat Level Elevated]

Threat Level Elevated
Secunia is warning of a buffer overflow vulnerability in QuickTime Player that could enable a malicious web page to execute arbitrary code. No fix is currently available.

Mozilla has released Firefox v. 3.6.8 fixing a memory-corruption bug.

Apple has updated iTunes to version 9.2.1 to fix a buffer overflow vulnerability that could enable a malicious operator to use a malicious web page to execute arbitrary code on a victim machine (Available for Mac OS X v10.4.11 or later, Windows 7, Vista and XP SP2 or later).

Proof-of-concept code and exploits have been reported for the vulnerability (CVE-2010-2568) in Microsoft Windows that allows an intruder to present a victim with a specially crafted shortcut (LNK file) that could enable the execution of arbitrary code with the privileges of the user. Also, with a certain AutoRun/AutoPlay configuration, exploitation could occur without any interaction from the user. (Microsoft Security Bulletin here:
http://www.sunbeltsecuritynews.com/100728-Security-Advisory

Here are some recent updates: Opera version 10.60 is available. Google has released Chrome version 5.0.375.99 for Linux, Mac and Windows. Adobe has advised users of Adobe Reader to update to version 9.3.3.

Danger Zone Topics
If you are out there surfing away or perusing your emails, be aware of these dangerous topics in spam and search results. This week the Buy.com "invoice" phishing emails tops the charts.

This Week's Top 10 Spyware Threats
1. Trojan.Win32.Generic!BT: Trojan
2. Trojan-Spy.Win32.Zbot.gen: Trojan
3. INF.Autorun (v) (fs): Trojan
4. Trojan.Win32.Generic.pak!cobra: Trojan
5. Worm.Win32.Downad.Gen (v):Worm.W32
6. Trojan.Win32.Hiloti.gen.f (v): Trojan
7. Trojan.Win32.Generic!SB.0: Trojan
8. Trojan.Win32.Meredrop: Trojan Downloader
9. LooksLike.Win32.PatchedDriver!A (v): Virus.W32
10. Worm.Win32.Downad.Gen (v):Worm.W32

[Threat Level Elevated]

Threat Level Elevated
It seems that the bad guys have sniffed out another vulnerability in Windows. Microsoft has been extremely active and good about patching Windows and keeping the bad guys away. You may have noticed and we have mentioned it before that they have been attacking other applications like PDF files and Flash. But now there is a new one barking at Windows. Microsoft has not indicated when they will patch this vulnerability, but we would have to believe they are working on it. You can read more about this exploit below in Dirty Tricks under The Stuxnet Sting.

Our Spyware Research Manager Eric Howes had this to say about it: "Yes, its nasty business, and customers are getting hit with it." Dodi Glen, intrepid Malware Response Manager gave me the lowdown on it. "Our detection name for this is Trojan-Dropper.Win32.Stuxnet.a, which was released in definition set 6601. Microsoft has not indicated what they are doing about it as of yet. The best preventive practice is to keep definitions up-to-date and make certain your active protection is running."

Danger Zone Topics
Can the Internet be getting safer? Nah, but this week we do find only one dangerous topic in spam and search results, and that is - Buy.com "invoice" phishing emails. So should you get an email from "Buy.com" with an invoice... for crying out loud - don't answer it!!!

This Week's Top 10 Spyware Threats
1. Trojan.Win32.Generic!BT: Trojan
2. Trojan-Spy.Win32.Zbot.gen: Trojan
3. INF.Autorun (v) (fs): Trojan
4. Trojan.Win32.Generic.pak!cobra: Trojan
5. Trojan.Win32.Hiloti.gen.f (v): Trojan
6. Trojan.Win32.Meredrop: Trojan Downloader
7. LooksLike.Win32.PatchedDriver!A (v): Virus.W32
8. Worm.Win32.Downad.Gen (v):Worm.W32
9. Trojan.ASF.Wimad (v) Trojan
10. Trojan.Win32.Generic!SB.0: Trojan

[Threat Level Elevated]

Threat Level Elevated
Opera Lovers: Version 10.60 is available with an optimized JavaScript engine and support for HTML5 and WebM video.

Got Chrome: Google has released Chrome version 5.0.375.99 for Linux, Mac and Windows to patch a number of vulnerabilities, four of which are considered high priority.

Adobe: We have said it before but feel compelled to say it again: Adobe has advised users of Adobe Reader to update to version 9.3.3 to fix critical vulnerabilities could cause Reader to crash allow an attacker to take control of the affected system. Adobe security bulletin here: http://bit.ly/cnBEsX.

Danger Zone Topics
Just when you thought it was safe to surf, here are your dangerous topics in spam and search results: Buy.com "invoice" phishing emails, World Cup, Justin Bieber and of course last but not least Eminem's (fictitious) death video.

This Week's Top 10 Spyware Threats
1. Trojan.Win32.Generic!BT: Trojan
2. Trojan-Spy.Win32.Zbot.gen: Trojan
3. Trojan.Win32.Generic.pak!cobra: Trojan
4. INF.Autorun (v) (fs): Trojan
5. Trojan.Win32.Generic!SB.0: Trojan
6. Worm.Win32.Downad.Gen (v):Worm.W32
7. Trojan.Win32.Malware.a: Trojan
8. Trojan.Win32.Zefarch (fs): Trojan
9. VirTool.Win32.Obfuscator.hg!b (v): Trojan
10. Exploit.PDF-JS.Gen (v): Exploit

[Threat Level Elevated]

Threat Level Elevated
iPod users take note: A large number of Apple ITunes accounts were compromised over the weekend (possibly by phishing) by a rogue developer who used them to purchase his own application. Users concerned about becoming victimized can change their ITunes passwords and removed their credit card info from the account.

Chrome Users: Google has released Chrome version 5.0.375.99 for Linux, Mac and Windows to patch a number of vulnerabilities, four of which are considered high priority.

Adobe has advised users of Adobe Reader to update to version 9.3.3 to fix critical vulnerabilities could cause Reader to crash allow an attacker to take control of the affected system. Adobe security bulletin here:
http://www.sunbeltsecuritynews.com/SMJAYI/100707-Security-Bulletin

Opera: Recent update to 10.54.

Firefox: Make sure you update to the latest version 3.6.6.

Danger Zone Topics
Be on the lookout for these threatening searches and spams: World Cup, Justin Bieber and Eminem's (fictitious) death video.

This Week's Top 10 Spyware Threats
1. Trojan.Win32.Generic!BT: Trojan
2. Trojan-Spy.Win32.Zbot.gen: Trojan
3. INF.Autorun (v) (fs): Trojan
4. Trojan.Win32.Generic.pak!cobra: Trojan
5. Worm.Win32.Downad.Gen (v):Worm.W32
6. Trojan.Win32.Generic!SB.0: Trojan
7. Exploit.PDF-JS.Gen (v): Exploit
8. Packed.Win32.Tdss.q (v): Trojan
9. Trojan.Win32.Malware: Trojan
10. Adware.Win32.FLVDirectPlayer: Adware Installer

[Threat Level Elevated]

Threat Level Elevated
Google has released Chrome 5.0.375.86 for Linux, Mac and Windows to fix a number of vulnerabilities which could allow execution of arbitrary code and cross-site scripting.

Apple has released iOS 4 for iPhone 3G (and later), and iPod touch (second generation and later) to fix vulnerabilities in several applications.

Opera 10.54 has been released, fixing a font vulnerability which could have permitted elevation of privileges

Mozilla has released Firefox 3.6.4 and 3.5.10 to fix multiple vulnerabilities which could allow execution of arbitrary code, denial-of-service attacks, loss of sensitive information, or launch of cross-site scripting attacks. Mozilla also released Thunderbird v3.0.5, fixing a total of 63 bugs in all platforms.

Apple has released iTunes 9.2 (Windows) to fix vulnerabilities in ColorSync, ImageIO, and WebKit packages that could allow intruders to execute arbitrary code or cause a denial-of-service condition. The updates include Adobe Flash Player plugin (v 10.0.45.2), which contains vulnerabilities. Users should upgrade to the latest version of the Flash Player (v 10.1.53.64).

Danger Zone Topics
As usual the crazies make it difficult for the rest of us to live - be on the lookout for these danger zone topics in spam and search results: Eminem's (fictitious) death video and Michael Jackson (anniversary of his death).

This Week's Top 10 Spyware Threats
1. Trojan.Win32.Generic!BT: Trojan
2. Trojan-Spy.Win32.Zbot.gen: Trojan
3. INF.Autorun (v): Trojan
4. Trojan.Win32.Generic.pak!cobra: Trojan
5. Trojan.Win32.Malware: Trojan
6. Exploit.PDF-JS.Gen (v): Exploit
7. Adware.Win32.FLVDirectPlayer: Adware Installer
8. Worm.Win32.Downad.Gen (v):Worm.W32
9. Trojan.ASF.Wimad (v): Trojan
10. FraudTool.Win32.FakeVimes (v): Trojan