0-day vulnerability in Firefox

Larry Dignan wrote in his blog about Firefox vulnerability that allows to collect session information, including session cookies and session history. Firefox is not vulnerable by default but via addons.

This means that Firefox can leak information which allows attacker to load any javascript file on a machine.

List of add-ons
is quite long so most of Firefox users might have one or more of those.

Mozilla security chief Window Snyder said that this will be corrected in 2.0.0.12
version which should be released soon.

Other links related to issue:

Link 1
Link 2

Valentine worms on the way

Valentine day is just two weeks ahead and two new worms are spreading; Nuwar.OL and Valentin.E.

Both come with a fake loveletter.

Nuwar.OL comes in email with love related header like: "I Love You Soo Much", "Inside My Heart" or "You… In My Dreams". By clicking a link you get infected. Website has a big pink heart in it.

After that worm will attempt to send mails to the ones in address book which results in computer slowness and increased network traffic.

Valentin.E comes in email attachment named "friends4u" with .scr extension. It will install new desktop wallpaper during infection frauding user. After successful installation it will attempt to infect other computers.

Source: Panda

The growth of malware

Sunbelt reported in its blog scary thing about the growth of malware.

See numbers from below (amount is number unique samples)

1997 137,716
2000 176,329
2006 972,606
2007 5,490,960

So it other words number of malware was 5 times bigger in 2007 than it was in 2006.

Some of that amount is explained by variants; it means new versions of same malware.

Source:Sunbelt

About half a million computers get bot infection daily

About half a million computers get bot infection daily, tells PandaLabs in its 2007 annual report.

Around 11 percent of all computers belong to botnets which is extremely scary. Those computers send over 85 percent of all spam mail.

- Creator of botnet can lease it to others. Internet criminals use those in many criminals acts like infecting those computers and for DoS (Denial of Service) attacks. One of the most commonly used ways is sending of spam mailsm, tells PandaLabs leader Luis Corrons.

In year 2007 over a half of home user mails were spam. And situation is even more difficulties in companies, same amount was there between 80 and 95 percent.

The origin of spam mail was in almost 60 percent of all cases Russia and in 60 percent of all cases USA. Other major spammer countries were Turkey (6 %), Germany (5 %) and Great Britain (3 %).

Source: Panda

Vulnerability found in UPnP devices

Universal Plug and Play protocol devices have found to have a serious exploit method.

When user launchs a hostile Shockwave Flash file, Flash can be used to control UPnP compatible devices in same network.

One possible exploit is changing DHCP server name server settings to those attacker wants them to be.

That's why one should take UPnP off from workstations and other devices in network if no UPnP is used.

Some links can be found from below:
http://www.gnucitizen.org/blog/hacking-the-interwebs
http://www.us-cert.gov/current/index.html#upnp_router_exploit
https://www.kb.cert.org/vuls/id/347812

Comodo Firewall Pro 3.0.15.277 released

Comodo Firewall Pro 3.0.15.277 has been released.

Release notes:

* Fixed the bug causing Windows Updates to fail in Windows Vista
* Fixed the bug causing Windows to show "Access Denied" message while deleting a folder

Download latest version from here

Java Runtime Environment (JRE) 6 Update 4 out

Java Runtime Environment (JRE) 6 Update 4 has been released.

It is important to remove older Java versions via add/remove programs before installation as they have exploitable security holes.

New version of java can be downloaded from here

Microsoft apologizes from Office users

I blogged earlier that Microsoft blocks some old format format in Office 2003 SP3 because of insecurity.

Now David LeBlanc from Microsoft Office team has replied to that in his blog

"In the KB article we stated that it was the file formats that were insecure, but this is actually not correct. A file format (with some exceptions, like .hlp files) isn't insecure – it's the code that reads the format that's more or less secure. The parsers we use for these older formats aren't as robust as the code we've written more recently, which is part of our decision to disable them by default"

"Some of the formats blocked are from products built by companies other than Microsoft, and we apologize for implying that there were any problems in those companies file formats."

Microsoft offers now .reg files for easier changing of security settings, links can be found from that blog.

LeBlanc states also that:

"we're not removing support – we're making the default safer. If you're among the users who do need to be opening these formats, we will continue to support you."

January windows updates come out tomorrow

Microsoft will release tomorrow 2 security updates, one of them being classified as critical and another as important.

Also Malicious Software Removal Tool will be updated.

More info can be found here

Zango infects FaceBook

Adware Zango spreads now in FaceBook and has infected already 3 per cent of all users, in total over a million accounts.

Fortinet warns about Secret Crush which contains Zango. This programs send itself automatically to 5 friends.

Guillaume Lovet from Fortinet said that profit-making programs for FaceBook are in on the rise. He also states that community sites like FaceBook become more dangerous all the time and those users with browsers with non-patched vulnerabilities are in greatest danger.

Zango has been able to spread fast as users don't consider programs in FaceBook as dangerous as eg. email attachments.

Source: vnunet

Office 2003 SP3 blocks old file formats

Office 2003 SP3 upgrade removes supports for old Word-, Excel-, 1-2-3-, Quattro- and Corel Draw - file formats.

That can cause troubles in companies which have a lot of old file formats in their systems.

Microsoft said that those file formats will be blocked by default because they are less secure than new ones and can that's why cause a risk to user.

Wired magazine thinks in its blog that Microsoft maybe doesn't want to fix Office but takes off file formats with probable leak advantages.

Microsoft has released a solution which requires registry editing.

Source: Wired

MVP Award

Happy new year to all :)

I received MVP award from Microsoft on Jan 1st.

I still can't believe it's true.

Here is more information about MVP program
and here is my MVP profile.

Trying to add more blog entries soon :)

Shaba