Monday, September 21, 2009



A security hole that is two years old is being exploited by scammers.


If the front gate of your castle is your login page to Yahoo Mail, they’ve done a good job of securing it,” said Ryan Barnett of Breach Security regarding a backdoor that exists due to Yahoo’s failure to carry out a variety of security checks that follows the login page of Yahoo Mail. Barnett told Yahoo about the hole in 2007.


The article also notes that the company also has no rules barring weak passwords for its users.
“Yahoo! takes online security very seriously. We are investigating the situation and will take appropriate action,” said a company spokesman.


Source: The Register
Posted by at 2 comments:

Tuesday, September 15, 2009

‘Shipping confirmation’ malware.




Sophos has posted a blog entry about malware regarding ’shipping confirmation’.


The spam tells a user to open an attached zip file. Two examples are included in the blog entry. Both of them notes that the user has ordered an electronic item and that the item has been shipped to their shipping address. The zip file is supposed to contain a tracking number for the order. The malwares are detected as Mal/Bredo-A, Mal/BredoZp-A and Troj/BredoZp-C.The remote site where the malware report home to is classified as a known C&C point.


Source: Sophos
Posted by at 1 comment:

Tuesday, September 1, 2009

Skype Trojan

A researcher for Sophos has created a Trojan for research and education purposes. This Trojan injects code into a .dll component of the skype application which then hooks into the send and receive of skypes API’s. This allows the Trojan to intercept the incoming and outgoing conversations being transmitted between callers and send this video and audio data back to the attacker. Worse yet the Trojan can deliver its payload if only 1 of the two parties are protected. This means that if your computer is protected but the person on the other end is not you can still have the words stolen literally right out of your mouth.

Source: Sophos
http://www.sophos.com/blogs/sophoslabs/v/post/6257

For Virus Removal Services check out the HeroTechs service:
http://www.herotechs.biz/long-island-computer-repair-virus-removal-with-security-overhaul.html
Posted by at 1 comment:
Subscribe to: Posts (Atom)