Computer Security and Virus Vulnerability Thread

[Quicky von Quick Quick III]

Hello.

This thread will be a running log of active virus, spyware, malware, or other computer security vulnerabilities. Feel free to post your own experiences or information relating to Computer Security.

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities: Affects MAC OS X.

Quote:

Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities. Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers. These issues affect versions *prior to* the following: JDK and JRE 6 Update 11 JDK and JRE 5.0 Update 17 SDK and JRE 1.4.2_19 SDK and JRE 1.3.1_24

[Quicky von Quick Quick III]

Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability

Quote:

The Microsoft Active Template Library is prone to a remote code-execution vulnerability. This issue affects a private version of the ATL used internally by Microsoft; components written by other vendors are unlikely to be affected. Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built against the affected library. Failed exploit attempts will result in a denial-of-service condition.

[Quicky von Quick Quick III]

StonedBootkit.dr (Windows ME, 2000, XP, Vista)

Quote:

StonedBootkit is a Master Boot Record (MBR) infecting trojan. It infects the Master Boot Record on the system hard disk. StonedBootkit can also exhibits characteristics of rootkit stealth-like behavior in that it hooks the system before Windows loads giving it the ability to hide from Windows and other applications running within Windows.
A proof-of-concept installs files under the following folders:

• c:\Stoned
• c:\Stoned\Applications
• c:\Stoned\Drivers
• c:\Stoned\Plugins

When it is done, it displays the following message: "TITLE: Successful / BODY: Written Successful. [[OKAY]]"

Using a Software Development Kit (SDK), this proof-of-concept trojan can be extended into other applications, drivers, and plugins.

[Quicky von Quick Quick III]

Generic PUP .x!99a42c160639 (Windows 9x/ME/XP/Vista/NT/2000)

Quote:

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

[Quicky von Quick Quick III]

Microsoft Windows TCP/IP Timestamps Code Execution Vulnerability (967723)

Quote:

A vulnerability in Microsoft's implementation of TCP/IP may allow remote code execution. The vulnerability exists due to the TCP/IP stack not cleaning up state information correctly. This causes the TCP/IP stack to reference a field as a function pointer when it actually contains other information. An attacker could exploit the vulnerability by sending specially crafted TCP/IP packets to a computer that has a service listening over the network. An attacker could then take complete control of an affected system and install programs; view, change, or delete data; or create new accounts with full user rights.

Course of Action: Patch is available: Microsoft Security Bulletin MS09-048 - Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)

[Quicky von Quick Quick III]

Top 10 Phishing Scams:

Quote:

1. security alert!
2. account notification!
3. account notification
4. please confirm your data!
5. Chase Bank: online banking notification
6. Chase Bank: necessary to be read!
7. Chase Bank: important notice
8. Chase Bank: important security notice
9. Chase Bank: account secure confirmation
10. Chase Bank customer service: security alert.

Top Brands Exploited by Phishing Scams:

Quote:

1. Amazon
2. CommonWealth Bank
3. eBay

Course of Action: Delete offending e-mails without opening. Play a game...

[Quicky von Quick Quick III]

(MS09-062) GDI+ WMF Integer Overflow Vulnerability (957488)

Quote:

A vulnerability in Microsoft GDI+ may allow remote code execution. The vulnerability exists in the way GDI+ allocates buffer size when handling WMF image files. The vulnerability could allow remote code execution if a user opens a specially crafted WMF image file or browses to a Web site that contains specially crafted content. Successful exploitation of this vulnerability could allow an attacker to take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Course of Action: Patch available: http://www.microsoft.com/technet/sec.../ms09-062.mspx

[Quicky von Quick Quick III]

Microsoft Windows Malicious Software Removal Tool

Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

For more information, please visit Microsoft's website.