Anti-Malware

The popular open source ecommerce web application osCommerce has been the target of a widespread malware attack, with security experts estimated the number of websites infected at close to 5 million.

Cyber criminals are exploiting a vulnerability in the shopping cart software to install malicious software that attempts to install itself on users computers when they visit an infected site. Since the attack was first identified by security firm Armorize, Google searches show that the number of infected sites in the index has grown from 90,000 to just under 5 million infected web pages.

Exploiting numerous security flaws in osCommerce, attackers residing in the Ukraine are inserting iframes into the unpatched online stores that secretly redirect visitors to the infected files. The infected files are being hosting on the domain names willysy.com and exero.eu. Not surprisingly, those two domains also attempt to exploit several Microsoft Windows vulnerabilities.

If you’re a website owner running osCommerce, it’s suggested that you immediately patch your software using the instructions provided by Armorize here and the osCommerce community here.

Continue Reading

Microsoft has issued a warning to the 900 million users of it’s Internet Explorer web browser admitting that they are at serious risk of having their PCs hacked and their private information stolen by attackers.

Microsoft has also confirmed that they haven’t developed a permanant patch for the exploit yet, however users are advised to apply a temporary fix that will prevent hackers from being able to exploit the vunerability and install malcious software (aka malware) which can infect a users PC simply by visiting a rouge of infected website.

According to Microsoft’s Angela Gunn “an attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicked that link, the malicious script would run on the user’s computer for the rest of the current Internet Explorer session”.

She went on to say that “such a script might collect user information (eg., email), spoof content displayed in the browser, or otherwise interfere with the user’s experience”.

Althought Mozilla Firefox and Google Crome have made inroads into the PC browser market, Microsoft’s Internet Explorer still remains the most widely used browser with over 50% marketshare.

For more information, visit the Official Microsoft blog post regarding this issue.

Continue Reading

Twitter has quickly moved to patch an exploit in their new URL wrapping service which allowed users to inject executable javascript code into their tweets.

Basically when you place a URL in a Tweet, Twitter takes the link and automatically formats it, only the link submitted by the user is not sanitised from security purposes – particularly removing any included quotes.

Before the patch, users where able to add on mouseover events which triggered javascript to be executed when a mouse hovers over a users Tweet – and do things like pop up annoying messages on the screen or automatically fill out the status field and post a Tweet.

Luckily Twitter has patched this exploit before it was discovered by cyber criminals and used as a means to mass distribute malware.

Continue Reading

The Microsoft Malware Protection Center Threat Research & Response Blog reports findings of a new variant in the Win32/Unruy family of trojan downloaders exploiting a known Java vulnerability.

According to Microsoft:

Infection can occur when a user visits a webpage that hosts a malicious Java applet. If the user’s browser runs a vulnerable version of the Java Runtime Environment (up to version 6 update 18), exploitation may be successful and malware may be installed.

A patch for this vulnerability was released back in March this year, and it is suggested that you apply this patch ASAP if you haven’t already. Again this highlights the increasing need to keep all your software up to date!

[Source]

Continue Reading

Trend Micro reports that August is becoming one of Mircosoft’s busiest months terms of security fixes. Last week we saw Microsoft issue updates for the LNK Vulnerability during an out-of-cycle patch and this months Patch Tuesday saw a record number of bullentins released – 14 in total.

Of the 14 vulnerabilities issued, 8 have been classified as criticial updates with the remaining 6 branded important. Interestingly, all versions of Windows are apparently affected by at least one of these vunerabililies and of the 8 critical vulnerabilities, atleast 1 specifically affets security flaws in Microsoft Office. Another is a security fix for Silverlight and predictably Internet Explorer is also in the mix.

Continue Reading

The LNK vulnerability that was first publicised a few weeks ago and then exploited to spread SALITY and ZBOT malware has now been fixed with an out-of-band patch issues yesterday by Microsoft.

This was the third out-of-band patch released by Microsoft this year, and only a week before the scheduled August patch Tuesday release. According to Microsoft they have “seen an increase in attempts to exploit the vulnerability,” leading the release of an early fix.

Regardless of the patch, the attacks designed to expoit the vulnerability are likely to continue and even become more common. Home users are advised to patch their systems ASAP to ensure they protect themselves from the threat.

Continue Reading