SECURITY WARNINGS & Notices - Please post them here

General Topics
521

also from Omid`s blog

Watch out for this dangerous hacker…he may erase your hard drive… ;D ;D ;D
http://whatthehell.eu/hacker-story

522

Hi Pondus,

And what would you think of this, malcreants signing their malcode with MS Authenticode, certified malware, who would believe this?
http://www.f-secure.com/weblog/archives/00001973.html

So look out, you good people, it is a nightmare out there or soon to be,

polonus

523

Must be DST… ;D ;D ;D ;D ;D…

http://www.stophiphop.com/modules/marketplace/images/TS-black-IHacked127001-02.jpg

524

Testing Reveals Security Software Often Misses New Malware
http://www.cio.com/article/597263/Testing_Reveals_Security_Software_Often_Misses_New_Malware?taxonomyId=3089

525

Then there are those that feel the sky is falling ::slight_smile:

There needs to be a sanity check! ???

526

Misplaced warning at this link :

http://forum.avast.com/index.php?topic=61138.msg516039#msg516039

527

Misplaced notice at this link :

http://forum.avast.com/index.php?topic=61279.msg517655#msg517655

528

Critical udates for Adobe Acrobat and Reader
http://www.norman.com/security_center/security_center_archive/2010/84420/en

529

Hi malware fighters,

In Amsterdam a couple of important HTTP-protocol flaws will be revealed: the vulnerabilities are for all programs and services that make use of the HTTP-protocol, e.g. Internet Explorer, Firefox, Microsoft Office, buts also Twitter, Hotmail, Facebook and iPhone Apps. MS and Facebook could mend these flaws in their code, but closing the holes for the HTML-protocol itself won’t be that easy and swift a task…
So that is why I use HTTPS-everywhere extension inside the Mozilla browser for now, NoScript will protect the user as well, so all my search queries go via encrypted.google.com, my good friends,

polonus

530

Using HTTPS stops avast from being able to scan your web activity.
At this point, I’d rather depend on avast! to protect me. :slight_smile: (This is my opinion)

531

Couldn’t agree more, why use the web shield if you are going to cripple it by using an add-on to use https.

Not to mention a point polonus makes that NoScript also protects you to a degree in firefox, by switching to https you are actually reducing that effectiveness as the rules in NS by default are different for https (active content in https connection, see image). So not only are you blocking avast you are also reducing the effectiveness of noscript, a poor swap in my opinion.

532

DavidR,

The avast shields keeps working I guessed, the https everywhere is only for a couple of sites that give this additional service (alas google via encrypted.google, because of the school filter circumvention issue), it would be a sad thing indeed that we weren’t protected on/via https connections. Is that so? I have the extension now disabled for the mo, but like to hear a bit more on the issue why https is not protected by avast via their port 12080 shield connection,

polonus

533

It isn’t only for a couple of sites and they are looking at adding other sites, not to mention some of the sites they do include notably facebook (I believe, or some such social networking site/s), which are large targets for malware.

It is a simple fact https is encrypted and the web shield can’t monitor/scan encrypted traffic so it doesn’t even try. So you loose that level of protection on https pages, it may well be picked up by the file system shield, but that isn’t assured and certainly not any hacked site, redirect, exploit issues.

You only need monitor the web shield whilst browsing an https site and you will see zero scanning of https pages/content. Why do you think I have been banging on about it every time you mention this add-on.

534

I’m surprised to hear that from you Pol…how do you want to scan encrypted traffic :slight_smile: remains that the file shield will interact at disk level…but hey that’s not the same level of protection anymore :wink: This said there’s no risk surfing on https on a few sites (allowing it), I do that myself, on twitter for instance, where there’s nothing hosted >>> if malware is linked there it’s out of twitter, so the webshield will interact again. I’d be more careful with Facebook (that I hate anyway), because stuff is hosted there, so yes there are definitely some sites where ssl is not advised at all.
The main point of using ssl is to get the privacy that you can’t get on http in the case that bad guys would be eavesdropping the network…but the downside is that “malwarewise”, you’re almost on your own there.

ps: but again, I think switching to ssl is fine on a very restricted number of sites, like Google docs (on your account) and as a rule on nothing shared from another account.

535

Hi guys!

One question,

Is Google search exploited, or is a FP from avast!?

my avast! found in many occasions a JS-ScripIP-inf trojan trying to download to my computer when I make searches through Google.

iRanzel

attach: report file from Web Shield

536

Hi iRanzel,

It is w\Xw.google.com.pr that has been hacked: t’s the Peace Crew, formerly known as Terrorist Crew, a group of politically motivated hackers supporting the Palestinian cause, who recently defaced the Microsoft New Zealand sites. Earlier this year, they attacked a number of Nato and US military websites.

The principal Peace Crew character is a hacker known as Agd_Scorp, allegedly of Turkish origin. Others prominent members are rx5 and Cr@zy_King.

I don’t know just how exactly did they go about this hack, but it seems to have something to do with modifying the DNS records of the hacked domains, which in effect re-directs prospect visitors to a site designed by the hackers. This particular exploit is known as “SQL Injection vulnerability”.
source(s):
Microsoft NZ Hack:
http://w0rm.us/tag/peace-crew
http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=1

NATO Hack:
http://news.softpedia.com/news/Palestinian-Supporters-Hack-NATO-and-U-S-Arm

DNS Record Types:
http://en.wikipedia.org/wiki/List_of_DNS_record_types

SQL Injection:
http://en.wikipedia.org/wiki/SQL_injection

Use for searches the encrypted.google.com serviced, that is https and not that easy to hack or do your searches at
Ixquick, they also do not retain your search queries, http://ixquick.com/do/metasearch.pl

But looking for keygens is the royal route into your computer for malcode, because it often comes bundled with it…

polonus

537

Hi malware fighters,

A FOOBAR by GoogleChrome as some take it - Flash Player installed a la default with their latest update of the browser, a security nightmare, Google says: you, the user, do not have to install anything and maintain anything, we’ll do that for you. The option to fall back on a player you installed yourself is still there in the browser, but for that you have to opt out, but even as Flash Player comes sandboxed in GoogleChrome, isn’t it better to go on with HTML5 and let Flash die a silent death, it is and was a security nightmare, folks?

polonus

538
But looking for keygens is the royal route into your computer for malcode, because it often comes bundled with it..

polonus

Exactly, is the best way to find new malwares and send to avast! labs. I hate piracy… is one of the causes of the recessions and crisis. Including lost jobs.

Edit: Thanks for your info polonus.

539

Not sure if the Beeb was a little late reporting this… http://news.bbc.co.uk/2/hi/technology/10473495.stm

Has anybody used the workaround? http://support.microsoft.com/kb/2219475

540

Installed ages ago on my XP Pro system when it was released June 14, 2010