Microsoft’s released six security updates

October 29th, 2007   •   No Comments   

Microsoft’s released six security updates and re-released one for this month.

MS07-055 – addresses a vulnerability in Windows (KB 923810)
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution

Severity Rating: Critical

MS07-056 – addresses a vulnerability in Windows (KB 941202)
Security Update for Outlook Express and Windows Mail

Severity Rating: Critical

MS07-057 – addresses a vulnerability in Windows (KB 939653)
Cumulative Security Update for Internet Explorer

Severity Rating: Critical

MS07-058 – addresses a vulnerability in Windows (KB 933729)
Vulnerability in RPC Could Allow Denial of Service

Severity Rating: Important

MS07-059 – addresses a vulnerability in Windows (KB 942017)
Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site

Severity Rating: Important

MS07-060 – addresses a vulnerability in Microsoft Office (KB 942695)
Vulnerability in Microsoft Word Could Allow Remote Code Execution

Severity Rating: Critical

Re-released

MS05-004 – addresses vulnerabilities in Windows and Windows Server (KB 887219)
ASP.NET Path Validation Vulnerability (887219)

Severity Rating: Critical

You can Download these updates for your PC from the Microsoft Update Web site .

XSS Attack Technique used by attackers

October 28th, 2007   •   4 Comments   

XSS attacks can be perform in two different ways, non-persistent and persistent. Non-persistent attacks require a user to visit a specially crafted link laced with malicious code. Upon visiting the link, the code embedded in the URL will be echoed and executed within the user’s web browser. Persistent attacks occur when the malicious code is submitted to a web site where it’s stored for a period of time. Examples of an attacker’s favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to click on any link, just simply view the web page containing the code.
Here’s how?

Persistent Attack

Most of the web sites host bulletin boards where registered users may post messages. A registered user is commonly tracked using a session ID cookie authorizing them to post. If an attacker were to post a message containing a specially crafted JavaScript, a user reading this message could have their cookies and their account compromised.
Cookie Stealing Code Snippet:

Non-Persistent Attack

Most web portals offer a personalized view of a web site and greet a logged in user with “Welcome, “. Sometimes the data referencing a logged in user are stored within the query string of a URL and echoed to the screen.
Portal URL example:

In the example above we see that the username “Joe” is stored in the URL. The resulting web page displays a “Welcome, Joe” message. If an attacker were to modify the username field in the URL, inserting a cookie-stealing JavaScript, it would possible to gain control of the user’s account.

A large percentage of people will be suspicious if they see JavaScript embedded in a URL, so most of the time an attacker will URL Encode their malicious payload similar to the example below.

URL Encoded example of Cookie Stealing URL:
c1

Decoded example of Cookie Stealing URL:
c2

SpyShredder : Manual Removal Instruction

October 27th, 2007   •   5 Comments   

Today someone asked me if I could remove Spy-Shredder, as it becomes challenge for him to remove it completely. He said that he dumped AVG Anti Spyware free version on the system and find SpyShredder, and removed it. Although after every restart it reappears again n again.

Tech details:

Spy-Shredder, is the successor to the rogue anti-spyware program called SpySheriff. SpyShredder get installed on your computer without your permission through the use of some Trojans program and other malware. Once installed, the Trojans will display message boxes on your screen stating the following:

NOTICE: If your computer has been running slower than normal, it may be infected with Viruses, Adware or Spyware. Spy-Shredder will perform a quick and completely FREE scan of your system for malicious programs.

Here I’m posting a quick n successful guide to remove it manually.

1. First Open Task Manager (Ctrl+Alt+Del/Esc)

2. Now Go to the processes tab, and end the following three processes (if its thr)
SpyShredder.exe
avp.exe
mgrs.exe

3. Unregister the following files one by one. (By clicking start -> Run -> and typing regsvr32 /u ***)
where i have typed ***, replace with the following file names (do 1 at a time)
SpyShredder.exe
avp.exe
mgrs.exe

4. Go to My computer and browse to C:\Program Files. Look for a folder named SpyShredder. Delete this folder (when you delete the folder hold the Shift key on your keyboard to perminantly delete it)

5. Restart the PC.

Hackers claim zero-day flaw in Firefox

October 26th, 2007   •   8 Comments   

firefox-lock

Originally posted By Joris Evers, News.com

SAN DIEGO, The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon.

An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer’s Mac OS X and Linux, they said.

“Internet Explorer, everybody knows, is not very secure. But Firefox is also fairly insecure,” said Spiegelmock, who in everyday life works at blog company SixApart. He detailed the flaw, showing a slide that displayed key parts of the attack code needed to exploit it.

Video: Hackers claim Firefox zero-day flaw
Is the browser more vulnerable than thought?

Video: Hackers vs. Firefox
Mozilla antsy about expolited Firefox flaws.

Visit http://news.zdnet.com/2100-1009_22-6121608.html for more information on this issue.

Firefox Update Plugs 8 Security Holes

October 25th, 2007   •   No Comments   

firefox

Mozilla has recently announced update to its Mozilla Firefox Web browser that corrects at least eight separate security flaws, including two that Mozilla flagged as especially serious. Firefox users should have already received an update that brings the browser to version 2.0.0.8.
Mozilla also says that these update may create some problem for MAC user. If u want to learn more about these updates or if u r looking for diagnose any glitches with updates or other browser related question then u can visit this Forum http://forums.mozillazine.org/viewforum.php?f=38

More Link:-
Firefox essential Plug-ins
Firefox recommended Add-ons

Twick your Firefox to make it more Faster

October 24th, 2007   •   No Comments   

Just follow these simple Steps to Boost your Firefox to make it work much more faster then evr.

Type “about:config” into the address bar of ur Firefox & hit enter.

>Scroll down and look for the following entries:

network.http. pipelining
network.http. pipelining. maxrequests
network.http. proxy.pipelining

>Alter the entries as follows:

Set “network.http. pipelining” to “true”
Set “network.http. proxy.pipelining ” to “true”
Set “network.http. pipelining. maxrequests” to some number like 30.

Now right-click anywhere and select New-> Integer. Name it “nglayout.initialpa int.delay” n set its value to “0”. & You r done.

[Here this value is the amount of time the browser waits before it acts on information it receives.]

Make Your Internet Explorer As Fast As FireFox

October 23rd, 2007   •   No Comments   
Do u know that it is possible to make your Internet Explorer as fast as Firefox, if not then follow these simple steps:

Just Go to Start>Run n type regedit to open your registry editor, Once it open, navigate to key HKEY_CURRENT_ USER\Software\ microsoft\ Windows\Current Version\Internet Settings. Now in right side pane Right click > New > DWORD. type MaxConnectionsPerServer > You can set value (higher the value, the higher
speed u get, Exmpl : 99). Create another DWORD >type MaxConnectionsPer1_0Server. Now put same high value as mentioned above. Finally Restart Internet Explorer. And u r done.

The Ghost In The Browser

October 22nd, 2007   •   No Comments   

Today I found an interesting link on the Analysis of Web-based Malware produced by Google to present the state of malware on the Web and emphasize the importance of this rising threat. This whitepaper is really awesome where they discussed different mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets, here they also point out large number of the exploits found having to do with website vulnerabilities, including those found within ASP and PHP and additionally a big chunk was delivered through holes in the site that allowed XSS.

All about threats and Vulnerabilities: As we know this thing very well that more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host.

Test your Antivirus with EICAR file

October 19th, 2007   •   No Comments   

eicar

 EICAR Antivirus Testing Standard
(E
uropean Institute for Computer Antivirus Research)

To Test Just Copy & Paste the following line in Notepad n save it as EICAR.COM

[email protected][4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

When done, the resulting file will have either 68 or 70 bytes.
When u scans this file with any anti virus, it will report finding EICAR Test-¬NOT virus!!.
It is really very important to know that this is not a Virus n will not infect your Computer anyway, actually The Eicar Standard AntiVirus Test File is a combined effort by antivirus vendors throughout the world and EICAR organisation to come up with one standard by which customers can verify their antivirus installations

Free Antivirus Resources

October 15th, 2007   •   25 Comments   

Hey! are u Looking for:

||Free Virus Scanners || Free Trozan Scanner || Free Firewall || Free Vulnerability Test || Free Virus Removal || Free Email Protection || Free Anti-route Kit || Free Online Virus Scanners || Try before You Buy || Free Virus Encyclopedia ||

Here is the Complete List of Link :-
Which one is your 1st Choice? Pls Post Your Comment!

||Free Virus Scanners:|| 

Antidote Super Lite version

Avast! Free virus scanner (registration required)

Avira Antivir

BitDefender

Clam AV

ClamWin

Comodo Anti-Virus

Cyberhawk

Fprot

GrisSoft AVG This is the free edition of the AVG scanner

HandyBits

PC Tools AntiVirus

 

||Free Firewalls:|| 

AppArmorGood Security suite for Linux, freeware, open-source. AppArmor is also very useful for preventing scripts and programs running on Webservers from being hacked and exploited.

Comodo FirewallFree firewall for Windows 2000 and Windows XP SP2.

FirestarterFreeware open-source firewall for Linux with graphical user-interface.

Kerio Limited free editionKerio Personal Firewall 4 is available in two flavors – the full edition and the limited free edition.For Windows

Omniquad Personal Free personal firewall for Windows created by Omniquad.

Outpost Firewall FREEFree firewall for Windows. Created by Agnitum.

Premidius Firewall LiteFree firewall for personal use.

R-FirewallFreeware firewall for Windows, with many features.

SensiveGuardFree firewall for personal use. Windows 2000, XP.

x-Wall SeriesNon-free security software package, but the firewall component is free.

Zone Alarm(Basic version)Free basic PC desktop firewall for Windows.

||Online Scanners:||

Computer Associates

GFI online Trojan Scanner

Kaspersky Antivirus Scans suspicious files (upload of file required).

McAfee Free Scan (registration required)

Panda Activescan (registration required)

PC Pitstop

RAV antivirus

Symantec’s Security check Scan Virus & Check for Vulnerabilities

Trend Micro Housecall

||Free Email protection:||

GFI Email security test

Inbox

NemX

Slipstick

SpamDel

Trend Micro ScanMail

||Trial Version:||

Command AntiVirus This is the 30 day trial version.

Eset NOD32 antivirus Anti-virus evaluation versions for Windows.

Protector PLUS This is 30 day trial version.

QuickHeal 30-day anti-virus evaluation versions.

Kaspersky This is 30 day trial version.

McAfee Stinger — Standalone antivirus scans top 30 viruses

Norman Antivirus This is 30 day trial version.

Panda Software This is 30* day trial version.

Solo This is 30 day trial version.

Sophos This is 30* day trial version.

 

||Free Vulnerability test:||

GFI (Trial)

Shields Up!

Symantec’s Security check

Web Saint

||Virus Info/Encyclopedia:||

McAfee Virus Information LibraryDetailed information on where viruses come from, how they infect your system, and how to remove them.

AVP Virus Encyclopedia News on viruses, virus listings alphabetically or by category.

F-Secure Virus Information CenterNews and information on viruses

GetVirusHelp.comSite to help people understand today’s computer viruses and assist them in cleaning their own systems. Information is presented in a Q & A format.

Stiller Research’s Hoax PageDatabase of virus Hoaxes and other annoying misinformation. Symantec Virus databaseViruses listed alphabetically, threat list.

Trend Virus MapReal-time World Virus Tracking Center. It shows a map with the regional distribution of viruses worldwide during the past 24 hours, past 7 days and past 30 days. Trend Virus Information Center Virus Encyclopedia. Very useful site containing extensive lists (and background information) on many viruses.

Virus BulletinArticles, resources and journal on developments in the field of computer viruses and anti-virus products

Virus or Hoax?The World Wide Web pages of ‘Virus or Hoax ?’ are created to give you basic information about viruses, hoaxes, Trojan Horses, macro viruses and Internet related viruses, such as worms and email bombs.

VirusList.comVirus encyclopedia, anti-virus software, events, facts and commentary.