Anti-Malware

The popular open source ecommerce web application osCommerce has been the target of a widespread malware attack, with security experts estimated the number of websites infected at close to 5 million.

Cyber criminals are exploiting a vulnerability in the shopping cart software to install malicious software that attempts to install itself on users computers when they visit an infected site. Since the attack was first identified by security firm Armorize, Google searches show that the number of infected sites in the index has grown from 90,000 to just under 5 million infected web pages.

Exploiting numerous security flaws in osCommerce, attackers residing in the Ukraine are inserting iframes into the unpatched online stores that secretly redirect visitors to the infected files. The infected files are being hosting on the domain names willysy.com and exero.eu. Not surprisingly, those two domains also attempt to exploit several Microsoft Windows vulnerabilities.

If you’re a website owner running osCommerce, it’s suggested that you immediately patch your software using the instructions provided by Armorize here and the osCommerce community here.

Continue Reading

Mobile Applications installed on Google Android phones that are infected with Malware have managed to make there way onto some users phones via the Android Market, prompted internet search giant Google to remotely activate a ‘kill switch’ that allows them to remotely destroy the apps in question.

Malware threats on mobile devices are a growing concern in the telecommunications industry, with a increasing number of threats being geared specifically towards the Android mobile operating system.

Google has claimed in a blog post that the applications where removed within minutes, and has now taken further action to prevent these attacks occuring in the future. For the post:

“We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications”

“You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.”

Google says the the kill switch feature has been available to them since 2008, but was only used for the first time in June 2010 on two apps.

Continue Reading

Microsoft has issued a warning to the 900 million users of it’s Internet Explorer web browser admitting that they are at serious risk of having their PCs hacked and their private information stolen by attackers.

Microsoft has also confirmed that they haven’t developed a permanant patch for the exploit yet, however users are advised to apply a temporary fix that will prevent hackers from being able to exploit the vunerability and install malcious software (aka malware) which can infect a users PC simply by visiting a rouge of infected website.

According to Microsoft’s Angela Gunn “an attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicked that link, the malicious script would run on the user’s computer for the rest of the current Internet Explorer session”.

She went on to say that “such a script might collect user information (eg., email), spoof content displayed in the browser, or otherwise interfere with the user’s experience”.

Althought Mozilla Firefox and Google Crome have made inroads into the PC browser market, Microsoft’s Internet Explorer still remains the most widely used browser with over 50% marketshare.

For more information, visit the Official Microsoft blog post regarding this issue.

Continue Reading

The Microsoft Malware Protection Center Threat Research & Response Blog reports findings of a new variant in the Win32/Unruy family of trojan downloaders exploiting a known Java vulnerability.

According to Microsoft:

Infection can occur when a user visits a webpage that hosts a malicious Java applet. If the user’s browser runs a vulnerable version of the Java Runtime Environment (up to version 6 update 18), exploitation may be successful and malware may be installed.

A patch for this vulnerability was released back in March this year, and it is suggested that you apply this patch ASAP if you haven’t already. Again this highlights the increasing need to keep all your software up to date!

[Source]

Continue Reading

Trend Micro reports that August is becoming one of Mircosoft’s busiest months terms of security fixes. Last week we saw Microsoft issue updates for the LNK Vulnerability during an out-of-cycle patch and this months Patch Tuesday saw a record number of bullentins released – 14 in total.

Of the 14 vulnerabilities issued, 8 have been classified as criticial updates with the remaining 6 branded important. Interestingly, all versions of Windows are apparently affected by at least one of these vunerabililies and of the 8 critical vulnerabilities, atleast 1 specifically affets security flaws in Microsoft Office. Another is a security fix for Silverlight and predictably Internet Explorer is also in the mix.

Continue Reading

Adobe has released some critical security updates for Adobe Reader and Acrobrat on all platforms and it is strongly advised that users install these updates as soon as possible. Vunerabilities in PDF documents found on the web are often targeted by cyber criminals looking to spread malware.

The update follows are recent zero-day attack that was reported earlier last month.

Continue Reading