Archive for the ‘Uncategorized’ Category

BitDefender® Issues Protection against Vulnerabilities in Internet Explorer® 6 and 7

Wednesday, March 17th, 2010

BitDefender® today has released an emergency update to shield users against the newly-discovered vulnerability in Internet Explorer® versions 6 and 7. Microsoft® has detailed the attack scenarios in security advisor #981374, but did not release a patch to mitigate the vulnerability.

Users running Internet Explorer versions 6 and 7 can get infected by simply visiting a specially crafted web page that uses highly obfuscated JavaScript code to create a use-after-free error, such as a pointer being accessed after the deletion of an object.

Anatomy of the attack

Initially, the user is lured into visiting a specially crafted web link advertised either via spam messages or as posted on bulletin boards, social networks etc. The respective webpage contains JavaScript code obfuscated using the escape function. In order to bypass detection from various antivirus products, the script calls a secondary JavaScript that replaces a variable with the unescape string.

Vulnerabilities in Internet Explorer 6 and 7 - obfuscated Java Script

Vulnerabilities in Internet Explorer 6 and 7 - obfuscated Java Script

The decrypted result is actually the malicious payload which will trigger a heap spray attack and will write the malicious code into the browser’s cache, making it persistent: every time the browser starts, the malicious code is executed without any subsequent intervention (drive-by download), which will result in the automatic download of a file called either notes.exe or svohost.exe (detected by BitDefender as Gen:Trojan.Heur.PT.cqW@aeUw@pbb).

This approach is similar to the one described in CVE-2010-0249 that has been used in targeted attacks against 34 major corporations including Google™ and Adobe™.

Vulnerabilities in Internet Explorer 6 and 7 - Javascript Details

Vulnerabilities in Internet Explorer 6 and 7 - Javascript Details

Mitigating the risks

Although Microsoft announced that the exploit is already in the wild, users haven’t been provided with a fix yet. Most likely, the vendor will issue a patch on the next “patch Tuesday”, namely on April 13. Since Internet Explorer® 8 is not vulnerable to the attack, the next logical step would be to upgrade immediately. However, many custom-made applications in the corporate environment are strongly interconnected with IE 6 or IE 7 and might not work as expected on Internet Explorer 8.

BitDefender is currently detecting the exploit and blocking the malicious code before inflicting any damage to the computer. Moreover, all BitDefender customers have been proactively protected against the infected binaries the exploit is trying to install on the local machine.

In order to stay safe, BitDefender recommends that you download, install and update a complete antimalware suite with antivirus, antispam, antiphishing and firewall protection and to manifest extra caution when prompted to open files from unfamiliar locations.

Post to Twitter

Tags: , , , ,
Posted in Uncategorized | 1 Comment »

Group calling itself ‘al-Qaida in Aceh’ says it survived Indonesian crackdown

Tuesday, March 9th, 2010

By: ALI KOTARUMALOS
Associated Press
03/06/10 7:00 AM EST

JAKARTA, INDONESIA — A group calling itself “al-Qaida in Aceh” claimed Saturday to be the target of a police crackdown in the Indonesian province, where authorities have arrested and charged suspected militants with planning terrorist attacks.

In a statement posted on the blog hosting site WordPress.com, the group said it had survived the police crackdown and pledged to continue its jihad against “Zionist Jews and Christians and apostates.” Later Saturday, WordPress blocked access to the blog for violating its terms of service.

It was not possible to authenticate the statement. Police spokesman Maj. Gen. Edward Aritonang said the statement was under investigation, and could yet prove to be a hoax.

Police have arrested 16 suspected militants in a series of raids in the deeply conservative province of Aceh since Feb. 22, the latest two on Saturday. Police suspect the group is linked to Jemaah Islamiyah, a Southeast Asian offshoot of al-Qaida that has been blamed for twin bombings last year on hotels in Jakarta, and 2002 bombings on the island of Bali.

“As of the 10th day of the pursuit against us, we survive to continue jihad although some of our brothers were captured and martyred,” the statement said.

“We hereby assure Muslims that we will uphold our pledge to jihad against the Zionist Jews and Christians and apostates until God awards us victory, or we become martyrs in the way of Allah,” it added.

Sidney Jones, Jakarta-based senior adviser for the International Crisis Group think tank, said she had never heard of the group and could not say whether the statement spoke for the militants in Aceh. She said militants in the province appeared to comprise several movements, including Jemaah Islamiyah.

President Susilo Bambang Yudhoyono said Friday that the group, which he did not name, had set up in Aceh believing that Indonesian security forces had lost interest in the province since a violent separatist movement ended there in 2005. He said members of the separatist movement were not part of the new group.

Police say 14 of the suspects confessed to undergoing paramilitary training, including weapons use and hand-to-hand combat. They say the militants were preparing for a terrorist attack against an undisclosed target.

They face up to 20 years in prison if convicted.

On Saturday, two more suspected militants were arrested in Aceh but have yet to be charged, Aritonang said. He declined to detail the circumstances of those arrests.

Post to Twitter

Tags: , , , ,
Posted in Uncategorized | Comments Off

For hire: Cyber mud-slingers in China

Saturday, January 16th, 2010

BEIJING, Jan 16 — On July 29 last year, Beijing software company Qihu 360 met with a public relations disaster.

Almost overnight, an online posting lambasting the firm appeared on hundreds of popular Internet forums. It then attracted hundreds of thousands of hits and replies in an unusually short time.

The anonymous author — who claimed to be a former employee — said the firm had been stealthily collecting confidential information about its customers through its freely downloadable anti-virus software.

Qihu 360 immediately rebutted the contents of the posting on its website and in the media.

But damage had been done. In the months that followed, the firm found itself doing more fire-fighting as similar waves of accusatory postings flooded the cyber world, one after another.

Now, a study by an Internet expert has revealed that this saga — and as many as half of all other similar cases of cyber mud-slinging — was likely to have been engineered by a burgeoning industry of dodgy “Internet public relations companies” in China.

For a fee, these companies — ostensibly responsible for advertising clients’ products online — can launch online smear campaigns against any individual or firm.

Industry insiders say what usually happens is that companies secretly pay these firms to help besmirch their rivals.

For as cheap as 0.1 yuan or 1 mao (5 sen) a posting, these secret hit squads mobilise their networks of paid netizens to put out multiple postings and fabricate countless “angry” replies on the most popular virtual forums.

One such company, Beijing Jing Dian Dian Public Relations, chalked up revenue of 2 million yuan last year for dozens of assignments, each paying around 30,000 to 50,000 yuan.

“We can reach 200,000 netizens through our networks,” company owner Zhao Chen told The Straits Times.

Zhao, 28, used to work for a traditional public relations outfit. He struck out on his own in 2005.

Other than smearing, his company can also do the opposite — get its foot soldiers to lavish praise on clients. These foot soldiers are organised around cell-like communities in QQ — a popular social networking software in China — and his company just has to pay the heads of these communities.

Such corporate cyber campaigns are less well-known in China than the alleged activities of the army of netizens paid 5 mao by the government for each posting they make defending the government from criticism.

Those netizens have come to be known as Fifty Cents Party, or wu mao dang.

The viral campaign phenomenon troubles social commentators because, in the absence of public opinion polls in tightly controlled China, news organisations and China-watchers routinely use Internet sentiment to gauge public opinion on a range of topics.

Professor Lu Benfu from the China Academy of Sciences — whose study was made public on a programme on the state-owned news network CCTV last month — told The Straits Times: “If you track the data for many of these incidents, you find that they do not follow the natural cycles and patterns of Internet activity.”

When a posting is not tinkered with, the number of hits it receives will peak once or twice, with each lasting no longer than three days.

But when a posting is deliberately engineered, it gets a steady stream of peaks lasting for months — even if no new information is actually added.

And the dirt is almost self-perpetuating. Mass postings attract further attention, because most forums in China have a ranking system that gives prominent display to the “hottest” postings.

At least three companies — engaged in this sort of cyber corporate warfare — interviewed by The Straits Times admitted that their ilk was becoming quite common.

Many were formed in the last three years, and there are now an estimated 1,000 such outfits in China, they say.

The typical company employs just 10 to 15 people, but might have an ad hoc army of hundreds of thousands of foot soldiers across the country.

A netizen nicknamed Song Zang Zhe told The Straits Times that he had been working as a part-time foot soldier for about a month “for fun, and a little extra cash”. He makes 1 mao to 5 mao for each posting, and averages 8 yuan an hour. Based on this rate, a full-timer could make 1,500 yuan a month.

There have been calls for a clampdown, with a top legislator — Yao Xiaoying, a representative in the National People’s Congress — demanding regulations banning such companies.

“If we turn a blind eye to this phenomenon, we are being irresponsible towards the entire Internet community,” she said.

Lu suggests that online forums self-regulate by requiring netizens behind popular postings to reveal their real names before their postings can be displayed on the front page of a forum.

But Beijing-based lawyer Liu Kun said: “This is a small price that we have to pay for the freedom of the Internet.

“As Internet users become more savvy, they will be able to tell which postings are engineered, and such smear campaigns will gradually become less effective.” — Straits Times

Post to Twitter

Posted in Uncategorized | Comments Off