Saturday, November 30, 2013

CPE: McAfee AudioParasitic: Episode 36: malware distributed via P2P


length: 00:23:02
malware distributed via P2P: typically file with mp3 & mpeg extension, but actually ASF tfile that when run will force window media player to navigate to an URL & that URL is an executable

high percentage of limewire search result are those rough media file format

some give you the impression that you need code & show you where to download the codec, which is an executable file when it’s run, it gives error message, meanwhile in the background  is downloading more trojan and malware , mainly adware and spyware

nuwar: never show up in the top 10

is some  respect this is kind of old school adware company .

Previously many big player kinda closed up shopw after the federal trad commission went ahead with lawsuit against them.

Race to Zero a contact that will be held in Def Con:
Ppl give some sample and they have to get them pass through all scanners
Static AV testing has its limit.

Encouraging people writing AV evasion is bad

The fact that they wont share the share the sample/code- we cant check whether the attack really works, whether we are aware of the method, whether they testbed is correct – they do whatever they will

Labels: ,

posted by omarg at 9:32 PM 0 Comments

Friday, November 29, 2013

CPE: McAfee AudioParasitic: Episode 35: M$ security bulletins


length: 00:13:30
4 bulletins covering 6 vulnerabilities

Most critical: MS08-026 , MS08-029

1 was used in the wild: Access vulnerability

It’s interesting because the researcher was frustrated wby the fact M$ not taking any action to the vulnerability that has been reported- so he started to put a lot of PoC to Full Disclosure with the message:
“well, M$ consider this is not unsafe, so I guess it’s OK for me to send the link of there exploit to everybody….”

Mdb. Extension
Outlook thread these file as unsafe – prevent the client to access it
The attacks use word doc to hide the db file to different extension – client is not longer blocking the file
.doc now is the point of entry

2 remote code execution in word – also affect Macs
2 DoS on the M$ antimalware

In the last 2 year SSX took over BoF

Labels: ,

posted by omarg at 6:32 PM 0 Comments

Thursday, November 28, 2013

CPE: McAfee AudioParasitic: Episode 34: SPAM & online gaming risk


length: 00:24:33
SPAM experiment:
It’s exponential grow of spam to people  that go spammy website & buy stuff from spammy website

We see localized language SPAM

How much malware got distributed via SPAM?  post analysis would be interesting.

A lot of people talk about:
-          DL
-          NAC
-          Virtualization
Danger associated with online gaming:
Number 2 most targeted for trojan
The fact is most gamers reluctant to put any security application because the perception of impact to performance.

There is quite a lot of money in the virtual currency

In China: QQ coins – because it’s redeemable as real world money
Second life: grid status allow 55k ppl lost 60 days
Effective to communicate with lots of people

Labels: ,

posted by omarg at 5:14 PM 0 Comments

Monday, November 25, 2013

itilt: diaper in japan

in japan, the number of diaper for old people outsell the number of diaper sold for babies.

Labels:

posted by omarg at 5:07 AM 0 Comments

Friday, November 22, 2013

ITILT chicken

intersting thing i leant today
chicken body temperature is 42C
1/2 of the checken in the world come from a company called  aviagen
a male aviagen chicken, can represent 50 million chicken, about 70 million kg of meat.
it takes only 35 days to grow a checken to be ready to slaughter, 2kg

Labels:

posted by omarg at 3:32 PM 0 Comments

Sunday, November 10, 2013

another day... another IE 0-day

posted by omarg at 9:01 PM 0 Comments

Wednesday, November 6, 2013

another day.. another 0-day

MS TIFF vulnerability CVE-2013-3906

http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx

http://technet.microsoft.com/en-us/security/advisory/2896666

M$ said user action is required... but can we consider turning on computer as user action?

Labels: ,

posted by omarg at 10:21 PM 0 Comments