shellprompt's blog

McDonalds Phishing

unixlabs — Mon, 29 Dec 2008 16:24:10 +0000

The research guys at trend have found a gem – A phishing McDonalds survey with $75 “cash back”.

Getting a Taste of McDonald’s Phish Fillet | TrendLabs | Malware Blog – by Trend Micro

MagpieRSS – vulnerable to XSS

unixlabs — Mon, 29 Dec 2008 16:23:58 +0000

I found this post interesting on the XSS forums. MagieRSS does not sanitise the XML as it is being parsed. more information to be found here PoC here.

another variant of the IE7 exploit….

unixlabs — Fri, 19 Dec 2008 19:35:06 +0000

here is another variant of the IE7 zero day. I work in security, but I know how to use the spellchecker. link.

IE 7 Exploit write ups.

unixlabs — Fri, 19 Dec 2008 19:31:49 +0000

Good write ups by Websense and HDM

Browser Security Handbook.

unixlabs — Tue, 16 Dec 2008 22:43:54 +0000

Google produced the browser security handbook for general release – here

Bit9 vulnerable applications of 2008 report.

unixlabs — Mon, 15 Dec 2008 20:49:57 +0000

see here for what Bit9 Considers to be the vulnerable apps of 2008.

more discussion on the zero day IE exploit.

unixlabs — Sat, 13 Dec 2008 14:57:39 +0000

More interesting data on the IE zero day exploit(now thought to effect IE5 and 6) – this time from the team at secunia post here . Microsoft’s current recommendations are still weak – IE Enhanced security mode (Server), restrict user permissions and use the high internet zone are poor solutions to this problem. – full article here

ZDNET have put together screenshots on how to configure the browser settings to limit this attack here

UPDATE: – Microsoft are releasing a out of band patch – details here

Prevx report on Fiesta malware toolkit statistics.

unixlabs — Fri, 12 Dec 2008 09:15:58 +0000

The analysis guys at Prevx have monitored the latest version of the Fiesta malware toolkit which currently offers 25 different exploits to the unknowning visitor.

They have gathered some statistics – showing that IE 6 is still an important attack vector.

MSIE6.0 – 1422 possible victims – 427 Infections – 30.0% Target to Infection
Ratio

MSIE7.0 – 1547 possible victims – 103 Infections – 06.65% Target to Infection
Ratio

MSIE8.0 – 13 possible victims – 1 Infection

Full Prevx Post here

restoring machines after malware infection have removed the safeboot option

unixlabs — Fri, 12 Dec 2008 09:11:22 +0000

Update: Restoring Safe Mode with a .REG file, and a Live CD « Didier Stevens

useful blog on how to recover that damaged machine.

Symantec report on the underground economy

unixlabs — Fri, 12 Dec 2008 09:10:25 +0000

Internet Security Threat Report – Symantec Corp.

Symantec have posted their latest threat report. Have your cheque books ready to purchase your new security products.