Criminals today can hijack active online banking sessions, and new Trojan horses can fake the account balance to prevent victims from seeing that they're being defrauded.
Traditionally, such malware stole usernames and passwords for specific banks; but the criminal had to access the compromised account manually to withdraw funds. To stop those attacks, financial services developed authentication methods such as device ID, geolocation, and challenging questions.
Unfortunately, criminals facing those obstacles have gotten smarter, too. One Trojan horse, URLzone, is so advanced that security vendor Finjan sees it as a next-generation program.
Greater Sophistication
Banking attacks today are much stealthier and occur in real time. Unlike keyloggers, which merely record your keystrokes, URLzone lets crooks log in, supply the required authentication, and hijack the session by spoofing the bank pages. The assaults are known as man-in-the-middle attacks because the victim and the attacker access the account at the same time, and a victim may not even notice anything out of the ordinary with their account.
http://www.pcworld.com/article/182889/banking_trojan_horses.html?tk=rss_news
Tuesday, November 24, 2009
Sunday, November 22, 2009
Microsoft Internet Explorer CSS Handling Code Execution Vulnerability (0day)
Title : Microsoft Internet Explorer CSS Handling Code Execution Vulnerability (0day)
VUPEN ID : VUPEN/ADV-2009-3301
CVE ID : GENERIC-MAP-NOMATCH
CWE ID : VUPEN VNS Only
CVSS V2 : VUPEN VNS Only
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2009-11-21
A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the "getElementsByTagName()" method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.
VUPEN has confirmed the vulnerability on fully patched Windows XP SP3 systems with Internet Explorer 7 and 6.
Affected Products
Microsoft Internet Explorer 7
Microsoft Internet Explorer 6
Solution
Disable Active Scripting in the Internet and Local intranet security zones.
VUPEN Security is not aware of any vendor-supplied patch.
References
http://www.vupen.com/english/advisories/2009/3301
VUPEN ID : VUPEN/ADV-2009-3301
CVE ID : GENERIC-MAP-NOMATCH
CWE ID : VUPEN VNS Only
CVSS V2 : VUPEN VNS Only
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2009-11-21
A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the "getElementsByTagName()" method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.
VUPEN has confirmed the vulnerability on fully patched Windows XP SP3 systems with Internet Explorer 7 and 6.
Affected Products
Microsoft Internet Explorer 7
Microsoft Internet Explorer 6
Solution
Disable Active Scripting in the Internet and Local intranet security zones.
VUPEN Security is not aware of any vendor-supplied patch.
References
http://www.vupen.com/english/advisories/2009/3301
Tuesday, November 17, 2009
Windows SMB Subject to Denial-of-Service Attack Windows 7
Microsoft is continuing to investigate holes in its Server Message Block (SMB) file-sharing protocol used in Windows.
Late Friday, Microsoft put out a yet another Security Advisory, saying it was looking into "new public reports of a denial-of-service vulnerability" in SMB.
The reported exploits touch SMBv1 and SMBv2 on Windows 7 and Windows Server 2008 R2 operating systems, according to the software giant.
Vista, Windows Server 2008, XP, Windows Server 2003 and Windows 2000 are not affected.
"Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable," said Dave Forstrom, a spokesman for Microsoft Trustworthy Computing. "If exploited, this DoS vulnerability would not allow an attacker to take control of, or install malware on, the customer's system but could cause the affected system to stop responding until manually restarted."
Last Friday's advisory is the second such advisory since Redmond released one in September. This also marks the second time in as many months that news about vulnerabilities in the SMB program has emerged.
Forstrom said the default firewall settings on Windows 7 will help block attempts to exploit this latest DoS issue.
He added that while Microsoft is not currently aware of active attacks, customers should "review and implement the workarounds outlined in the advisory until a comprehensive security update is released."
http://mcpmag.com/articles/2009/11/16/windows-smb-subject-to-denial-of-service-attack.aspx
Late Friday, Microsoft put out a yet another Security Advisory, saying it was looking into "new public reports of a denial-of-service vulnerability" in SMB.
The reported exploits touch SMBv1 and SMBv2 on Windows 7 and Windows Server 2008 R2 operating systems, according to the software giant.
Vista, Windows Server 2008, XP, Windows Server 2003 and Windows 2000 are not affected.
"Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable," said Dave Forstrom, a spokesman for Microsoft Trustworthy Computing. "If exploited, this DoS vulnerability would not allow an attacker to take control of, or install malware on, the customer's system but could cause the affected system to stop responding until manually restarted."
Last Friday's advisory is the second such advisory since Redmond released one in September. This also marks the second time in as many months that news about vulnerabilities in the SMB program has emerged.
Forstrom said the default firewall settings on Windows 7 will help block attempts to exploit this latest DoS issue.
He added that while Microsoft is not currently aware of active attacks, customers should "review and implement the workarounds outlined in the advisory until a comprehensive security update is released."
http://mcpmag.com/articles/2009/11/16/windows-smb-subject-to-denial-of-service-attack.aspx
Subscribe to:
Posts (Atom)
