China cages game Trojan hackers
(Go directly to jail, do not collect any gold)
http://www.theregister.co.uk/2009/12/17/china_jails_game_trojan_vxers/

Film review site hacked to spew malicious PDFs

Hackers on Thursday exploited a vulnerability on Ain't It Cool News that redirected anyone visiting the movie review site to a server containing a malicious Adobe Reader file.

http://www.theregister.co.uk/2009/12/18/aintitcool_malware_attack/

Hi malware fighters,

Last week av vendor CA revealed the detection of a botnet inside Amazon’s EC2 cloud:
http://community.ca.com/blogs/securityadvisor/archive/2009/12/09/zeus-in-the-cloud.aspx & http://blogs.zdnet.com/security/?p=5110

But according to Scan Safe’s Mary Landesman it already existed for a couple of years.

“In spite of recent messages distributing malware through Amazon’s cloudservices is not a new phenomenon. It has been happening since June last where Amazon’s S3 service is concerned and since February 2008 takes place at Amazon’s EC2 service”, reports Landesman. This totaled up during the last three years to 80 unique malware incidents where Amazon was concerned. 22 incidents took place during 2007, 13 during 2008 and 45 were seen this year. Re: http://blog.scansafe.com/journal/2009/12/17/amazon-cloud-has-rained-malware-before.html

“It is no guarantee for a safe malcode location.” Therefore links to the Amazon cloud should be treated extra carefully, just like links to other sources. On the other hand “cloud malware” can be easily halted as Amazon will not treat this lightly, allthough they were rather lax in removing it,

polonus

Hi CharleyO and all the other malware fighters,

The zero-day hole in Adobe Reader and Acrobat will not earlier be patched as the next patch round within three weeks’ time (that is in the new year) and hackers now abuse it actively to infect systems.
An out-of-band patch for this critical hole would have a negative impact, according to Adobe’s Brad Arkin…

You can be protected here, for Adobe recommends customers follow the mitigation guidance below, utilizing the Adobe Reader and Acrobat JavaScript Blacklist Framework, until a patch is available.

Windows: For end-users on Windows, download the compressed file from here: http://download.macromedia.com/pub/acrobat/updates/APSA09-07_C_Reg_Keys.zip
, and double-click on the appropriate registry setting, based on your version of Reader or Acrobat, to populate the JavaScript Blacklist Framework. Adobe will automatically reset the value during the next update.

http://kb2.adobe.com/cps/532/cpsid_53237.html

polonus

nods :-\

Don’t you think it would be a neat idea, to have anti-virus “bots” with different scan engines running around the internet scanning every website it comes across, and then saving the information and location of the suspicious site. Until Bot 2 with a different engine comes around and confirms what Bot 1 found.

/End day dreaming.

Hi Alan|Cvette,

We already have that aboard - the avast webshield is protecting you, and FlashGotters and NoScripters of all lands have been protected against previous, present and future threats from the day FG and NS came around and with Request Policy extensions to top it off, I will browse my Fx or Flock browser with full confidence. And if NS extension would come to Chrome or SRWare’s Iron I would use that browser for the additional built in tab “sandbox” security that now has landed also in Firefox 3.7 Minefield. So there is still hope for you and your dream has already been realized, you just have to install it, and then the people of Shadowserver Foundation are working your dream every day: http://www.shadowserver.org/wiki/

I wish you Merry Christmas and a Happy NewYear,

pol

I always have my “light bulb” moment a few years too late ;D hahaha. I sure do love Firefox though:

Adblock+
BetterPrivacy
Browser Defender
CS Lite
Finjan
Ghostery
Lastpass
NoScript
WOT

I feel naked browsing in IE without those, IEtab is nice too so I don’t have to switch if a website requests I use IE.

I only wish Avast!'s sandboxing would work with my Firefox :-[

Iron is pretty cool, I never really use it or Chrome that much though. I’m trying out Google Frame right now which is basically Chrome’s best features in Internet Explorer.

Merry Christmas pol!

Interesting read:
http://en.wikipedia.org/wiki/Honeypot_(computing)

Data Doctor 2010 will make you sick

Data Doctor 2010, an encryption trojan via our old “friends” iframedollars. It encrypts the files on your hard drive very rapidly if you’re unfortunate enough to be victimized by it.

Facebook is getting worse everyday!! God Damn Koobface!!

Take care about what you are seeing in facebook, what you click on and what you do, The Koobface worm is growing too fast and I’ve seen most of my friends are hacked by this nasty worm and their account is sending malware links to their friends via comment on their wall, private message or chat.

1. More Info: http://boelectronic.blogspot.com/2009/12/facebook-money-mule-or-credit-card.html
2. More Info: http://boelectronic.blogspot.com/2009/12/check-your-friends-facebook-ims-may.html
3. Clicking on the links in my own test (I did in my test machine, I’m not infected!) redirected to… (Screenshot and info in the follow link): http://boelectronic.blogspot.com/2009/12/oh-oh-oh-santa-delivering-fakeav.html

(posts in my blog are collected from other companies blogs).
[I posted that Koobface Sample to avast!, hope avast! detect it soon]

definitely staying away from Facebook, I hate it anyway ;D thanks for the heads up ;)…I’ll let my friends using it regularly know about the risks, again.

I dropped Facebook as soon as they messed with my privacy settings. >:(

Facebook user with no problems what so ever.

I have changed all the settings to best suit me and will not accept any application requests. nor do I upload any pictures in any social networking sites.

I don’t have any problems using fb.

nmb

+1

Become a Fan on Facebook:
http://www.malwarebytes.org/forums/index.php?showtopic=16409

I’m already.

nmb

Don’t do Facebook…doesn’t MBAM have a Twitter account?

Follow us on Twitter!
http://www.malwarebytes.org/forums/index.php?showtopic=16338

Thank you, YK.

Pharma link spammers invade Live Space

Live.com Exploited as Pharma-Fraud Cover

From Norman Security

Summing up 2009 - predictions for the year to come
http://www.norman.com/security_center/security_center_archive/2009/74565/en