The folks at SecurityLab have a hoax up which uses XSS (Cross Site Scripting). It teaches a valuable security lesson, while having some fun.
(Hat tip to Gadi Evron)
This exploit is something of concern.
Ninja: Since email is a potential attack vector, securing that area is of some importance. The full version of our Ninja Email Security product includes two AV engines — Authentium and BitDefender. However, many customers only run the antispam portion of Ninja. So while the BitDefender AV engine in Ninja does detect these malformed .ani files, this will only be useful to customers if they’re using Ninja’s AV functionality.
However, Ninja does include intelligent attachment filtering, which looks past the extensions of many file formats to see what type of file is actualy bein sent. So we just posted an updated set of SMART definitions for anyone using Ninja 2.1.xxx which will allow you to create an attachment filtering rule to block .ani files regardless of what they have been named. In this way even if you’re not using Ninja’s AV functionality you can still block these files from getting to your users.
I’ve talked about unfortunately-named products before, but this absolutely takes the cake.
There’s a new product out called a Browser Condom.
It’s and [sic] advanced technology that allow [sic] you to run any kind of software in your computer without a risk of be [sic] infected with any kindof [sic] virus, spyware, trojan and any kind of malware. (VTD) , Virtually Transmitted Diseases.
The icon of the product is, well, a condom wrapper.
There’s so much room for so much humor here, it’s difficult to contain oneself.
But I run a respectable blog here, really. So I’ll let you do the dirty work: Comment away…
(A copious acknowledgment to Paperghost, who blogged first about this.)
A surprising post at SANs this morning:
A short overview of how the different email clients (in the supported list of Microsoft) are reacting to the animated cursor vulnerability (CVE-2007-1765) depending on the actions and settings of the email client.
The surprising element is that read in plain text mode makes some of the clients more vulnerable and actually only offers real added value -for this vulnerability- for Outlook 2003.
This is not a vulnerability to be taken lightly…
Greg Kras and I will be giving a preview of our new CounterSpy Enterprise 2.0 next Tuesday. (This is the version of CounterSpy designed for business use).
If you want to take a look, please join us:
A First Look at CounterSpy Enterprise 2.0When: Tuesday, April 3, 2007 2:00 PM (EDT)
To join the day of the event please visit:
Meeting ID: 92SSQC
Attendee Meeting Key: XR*mw9Z
Audio: Toll free: +1 (800) 416-4956
Toll: +1 (978) 964-0050
Participant code: 104764
There is spam out there that tries to get you to download IE 7. It’s fake, of course. When you click on the image, you are then offered to download a trojan (Sunbelt Sandbox analysis here, VirusTotal results here). Antivirus coverage is mediocre.
And just for fun, check out the source code of this spam.
The folks over at McAfee have written today about a new zero day, and it doesn’t look pretty. Our team is on high alert for this exploit and we are actively hunting for any sites which are using it.
Preliminary tests demonstrate that Internet Explorer 6 and 7 running on a
fully patched Windows XP SP2 are vulnerable to this attack. Windows XP SP0 and SP1 do not appear to be vulnerable, nor does Firefox 2.0. Exploitation happens completely silently.
The ani format is an animated cursor format. We’ll post more information as we get it.
Update: Microsoft security advisory here.