AdwareAdware is software that presents banner ads or in pop-up windows through a bar that appears on a computer screen. Those advertising spots usually can’t be removed and are consequently always visible. The connection data allow many conclusions on the usage behavior and are problematic in terms of data security.BackdoorsA backdoor can gain access to a computer by going around the computer access security mechanisms.A program that is being executed in the background generally enables the attacker almost unlimited rights. User’s personal data can be spied with the backdoor’s help, but are mainly used to install further computer viruses…

[ Read the rest of the story in the original article... ]

Hackers have programmed a Trojan that uses Google Groups newsgroups to distribute commands. Trojan distribution via newsgroups has existed for more than a decade, but using newsgroups as a command and control channel is a new innovation.
The Grups Trojan itself is quite simple and is only noteworthy for the command and control structure it deploys. The malware is programmed to log into a Chinese language newsgroup to receive commands, Symantec security researcher Gavin O’Gorman writes.
When successfully logged in, the Trojan requests a page from a private newsgroup, escape2sun. The page contains commands for the Trojan to carry out.…

Earlier this week, Swiss programmer Ruben Unteregger who has been reportedly working for a Swiss company ERA IT Solutions responsible for coding government sponsored spyware, has released the source code of a trojan horse that injects code into the Skype process in order to convert the incoming and outgoing voice data into an encrypted MP3 available at the disposal of the attacker.
When the trojan, currently detected as Trojan.Peskyspy, executed, it injects a thread into the Skype process and hooks a number of API calls, allowing it to intercept all PCM audio data going between the Skype process and underlying…

The National Credit Union Administration is warning all Credit Unions about malicious hackers and a low tech attack by mailing branches CDs with malware on them.
Using a somewhat dated but still effective Social Engineering attack, a package designed to look as though it was mailed by the NCUA is sent to the branch. The package contains CDs with the attacker’s malware on it, and an accompanying letter (PDF) which informs the branches, ironically, about phishing scams. The letter directs the personnel to review the “training material” on the enclosed CD. Once branch employees proceed as directed, the malware…

[ Read the rest of the story in the original article... ]

 
Researchers are sounding the alarm for a serious administrator password-reset vulnerability affecting the latest version of WordPress, the popular open-source blog publishing platform. An attacker could exploit this vulnerability to compromise the admin account of any wordpress/wordpress-mu 2.8.3 and older.
The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin account of any WordPress of WordPress MU (multiple user) installation.
The attack uses an ability of PHP to not only set values on variables, but also make them arrays. Basically a GET request can add data like: http://www.example.com?data
PHP takes…

Some time ago I had the good fortune to work with some developers on a Facebook application that was underperforming. Through a very robust investigation of the application, it was discovered that a large number of invalid requests were being passed to the server. It was the victim of a Distributed Denial of Service attack utilizing Facebook platform and a popular application to bring down the application.

What Can a Developer Do?

Before instantiating ANY code, check your signatures! There are a number of ways to do this, but for starters, check the $_REQUEST['fb_sig_app_id'] and be sure it’s yours!
Spot check…

[ Read the rest of the story in the original article... ]

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets. Microsoft mentions that they are aware of active exploits against this vulnerability and at the moment there is no patch, just a a workaround. Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft advisory…

Thousands of websites have been hit by fast-moving exploit code that installs a cocktail of nasty malware on visitors’ computers by targeting a previously unknown vulnerability in some versions of Internet Explorer.
The compromised websites link to a series of servers that exploit a zero-day vulnerability in an IE component that processes media. The vulnerability affects those using the XP and 2003 versions of Windows, Microsoft warned in advisory 972890.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the local user,” company security representatives wrote. “When using Internet Explorer, code execution is remote…