Saturday, July 28, 2007

New (ish) Chinese exploit in the wild

Hi folks,

We are able to confirm that some Chinese websites are now using a WebThunder ActiveX exploit.WebThunder appears to be a Chinese P2P networking application that is quite popular there, but we think everyone else is pretty safe.

The main point is to be aware that the Bad Guys are still thinking and probing.

Cheers

Roger

Friday, July 20, 2007

Catching up

Hi folks,

Firstly, let us apologize for not blogging more frequently. The last couple of weeks have been tumultuous with some things we can discuss, and some we cannot.

Here's a summary...

(1) Dangerous searches still abound. Here are a few examples from the last day or two...

Robert Cleridge women's shoes - wrong choice gets a link to a known rootkitter

Wallpapers - wrong choice gets a WebAttacker

Janet Jackson photos - duh!

download constrained regression nonlinear - one might argue that a query that geeky deserves an exploit, except that we're all proud geeks here, so we cannot.

(2) The Storm botnet attacks have been unfolding in relentless waves. We cannot talk too much about that at the moment, except to say they've been very interesting and quite impressive.

(3) There are now at least six different exploit packs being sold ala WebAttacker. It seems to be an idea that is Catching On (tm). We'll write more about them over the next week or so.

Cheers

Roger

Tuesday, July 10, 2007

IE 0-day today

Hi folks,

Thor Larholm announced an IE 0-day today, which works like a champ. See his write-up here... http://larholm.com/2007/07/10/internet-explorer-0day-exploit/ ...

We have added a sig for it, so our users should be well-protected.

So far this is not in the Wild, but it is entirely too easy to modify for the Bad Guys to ignore.

I'm betting about 24 hours.

Cheers

Roger

Monday, July 02, 2007

Dangerous searches - July 1st, 2007

Hi folks,

I've had a few folks ask off-list how to find these "dangerous searches". The tongue-in-cheek answer is "It's really hard", unless you're running LinkScanner, and then it's still a bit hard. Nearly all the searches that we list here come up on the first or second page of search results, but _sometimes it depends on which search engine you're using_! It's a bit surprising, but even the google searches depend on which countries version of the engine you're searching.

Never the less, here are some of the entertaining "Dangerous searches" for the last few days...

"domestic warthog" ... i kid you not
"used building supplies georgia"
"penders grove primary school" ... MDAC exploit - the kids have been hacked
"akai 42 plasma tv review" ... this one can get you a fake codec ... usually a ZLOB rootkit downloader
"kittens" ... still nothing sacred
and
"plane tickets"

Cheers

Roger