December 2006 - Posts
MS06-044 in the wild (Update)
Posted by
Sergio Piñeiro
at
29 December 06 08:17
We have recorded a video, to see the exploit in action. First, the user connects to a web page which uses the exploit to launch the download of the files: q1.dll y q2l.exe. Then, when q2.exe is executed, it moves the dll to another directory to prevent
Read More...
All I want for Christmas...
Posted by
Sergio Piñeiro
at
28 December 06 06:06
Spain is different. We even have April Fool's day on December, 28! But nonetheless, today's post is gonna be serious. Really. Christmas are here to stay, at least for a few more days. Santa Claus gives way to New Year's Eve and the Three Wise
Read More...
MS06-044 in the wild
Posted by
Sergio Piñeiro
at
27 December 06 05:32
A few days ago some small e-Commerce sites were compromised. You can find more information at [ http://www.securityfocus.com/archive/75/455149 ]. Those sites were being used to distribute payloads for a Microsoft vulnerability, MS06-044 [ http://www.microsoft.com/technet/security/Bulletin/MS06-044.mspx
Read More...
Lineage morph
Posted by
Sergio Piñeiro
at
26 December 06 05:34
We don't usually talk about Lineage malware. We use to receive samples almost every week. Those samples used to be trojans, specifically password stealers, which affected players of this game. But we have come across something new. This time, it is
Read More...
Apple bugs month?
Posted by
Sergio Piñeiro
at
21 December 06 11:08
In the beginning was the Month of the Browser Bugs ( http://browserfun.blogspot.com/ ). In November was the Month of the Kernel Bugs (http://kernelfun.blogspot.com/ ) and now it's time for the Month of the Apple Bugs. Two security researchers have
Read More...
Skype trojan
Posted by
egonzalez
at
20 December 06 01:16
After two days of confussion, it seems that the skype-related piece of malware is not really a worm, but a trojan, though there can be different points of view: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=716 http://www.f-secure.com/weblog/archives/archive-122006.html#00001054
Read More...
Are you planning to hack in Spain? Think twice...
Posted by
egonzalez
at
19 December 06 04:49
The Spanish law has taken another step forward. From now on, hacking into systems is a criminal act. This will include attacks against intimacy as well as the damage caused to companies or public organizations. On the other hand, cloning, using or posessing
Read More...
Skype or sk-hype worm?
Posted by
egonzalez
at
18 December 06 05:20
There is a rumour about a possible skype worm being active. So far, all we have seen is a piece of encripted code which contains what might be a list of calls to several functions (still unknown). However, there are two main options: 1.- The worm exists.
Read More...
Is our data safe?
Posted by
egonzalez
at
15 December 06 02:02
It has been published that over 100 million cases of identity theft have taken place since 2005. This can happen in several ways, but it is no news that the main character in this story is the laptop. It can be lost or it can be stole, but the information
Read More...
Kids at risk?
Posted by
egonzalez
at
14 December 06 02:29
The European Union has proposed the ".kid" domain extension for children web sites. The goal is to increase the children's security on the web. Will this be enough as to really protect the content of the sites? How can we avoid anyone from
Read More...
Microsoft Security Advisory (929433): Word
Posted by
Sergio Piñeiro
at
07 December 06 10:34
There has been some news regarding a new word vulnerability . There is not much information available. Basically you have to open an infected document for the attack to become successful. Targets are: Word 2000 Word 2002 Word 2003 Word Viewer 2003 Word
Read More...
New worm: W32/SpyFormShared.A.worm
Posted by
Sergio Piñeiro
at
07 December 06 08:54
We have come across a new worm, which has some characteristics that make it suitable for a blog post. The first thing is that it is large, arount 325.120 bytes packed with UPX. This made us wonder what was inside, and what made it so big. First, we learned
Read More...
Greetings from the Air
Posted by
egonzalez
at
06 December 06 05:51
To be precise, from a Boeing 747-400 travelling from Singapore to Frankfurt, at 970 km/h and 9753m. Kuala Lumpur is just behind and there are still a few kilometers to go. I have not received any attempts to connect to my system so far, so I suposse there
Read More...
Attacks on VoIP
Posted by
egonzalez
at
05 December 06 09:55
That is the title of the presentation I brought to Auckland and it simply talks about the possible scenario we may be facing in the future when Voice over Internet Protocol (VoIP) becomes a standard for communication. In fact this "crystal ball exercise"
Read More...
Adware/MegaTds
Posted by
Sergio Piñeiro
at
05 December 06 05:53
On Friday we talked about Adware/Spyware, and we provided a list with a brief explanation of the top variants we are detecting. Today we are going to see one of those in action. Here is a video that shows how a redirector works. This time it acts against
Read More...
Greetings from AVAR
Posted by
egonzalez
at
04 December 06 06:20
The 9th AVAR conference is being held at Skycity Center in Auckland (New Zealand). People from 20 countries around the world are sharing their knowledge and their experiences to help fighting the malware that is going around. The first day has been very
Read More...
Adware, spyware and PUPs
Posted by
Sergio Piñeiro
at
01 December 06 10:41
December 1st, it's review time. This month, adware still holds the first position followed closely by PUPs. We are getting little spyware this time. There are not many changes on the top ten list, so let's make a quick summary. " Gator "
Read More...
Wifi can make you happy
Posted by
Sergio Piñeiro
at
01 December 06 08:43
On Wednesday we talked about Wifi, and how connecting to the Internet is becoming a trivial task. Today our colleague Enrique is flying to the AVAR conference. Although he has been flying for some time, this is the first time he is able to use Internet
Read More...
Categories
No tags have been created or used yet.
Archives
July 2008 (3)
June 2008 (6)
May 2008 (7)
April 2008 (9)
March 2008 (8)
February 2008 (13)
January 2008 (5)
December 2007 (3)
November 2007 (8)
October 2007 (9)
September 2007 (6)
August 2007 (5)
July 2007 (8)
June 2007 (7)
May 2007 (12)
April 2007 (10)
March 2007 (7)
February 2007 (15)
January 2007 (16)
December 2006 (18)
November 2006 (19)
October 2006 (6)
Favourites
www.pandasecurity.com
NanoScan Blog
Panda Research Blog
Infected Or Not Blog
Site feed
RSS 2.0
Atom 1.0