Posts Tagged ‘Google’

How, How, How… It’s Christmas !

Posted by spaquet on January 3, 2011  |   Comments Off

Well, looks like Microsoft is giving away some gifts to best friends “hackers” thanks to an other best friend: Googlebot.

According to Michal Zalewski, a security researcher at Google, data concerning at least one “clearly exploitable crash” in the Microsoft browser was inadvertently disclosed to people who were using a Chinese IP address. Details about the bug, which resides in the mshtml.dll component, were stored on a server that had accidentally been indexed by Google…

The bug leads to arbitrary crashes in the EIP, or extended instruction pointer, of machines running the Microsoft browser. Zalewski said the flaw “is pretty much fully attacker-controlled.” It was uncovered using cross_fuzz, a security tool the researcher developed in his spare time more than two years ago to identify potential security vulnerabilities in IE, Firefox, and other browsers. Since its release, the tool has helped to identify nearly 100 various browser bugs.

More information can ben obtained at Michal’s blogs : here and here

Even the top ones …

Posted by spaquet on December 18, 2010  |   Comments Off

Among the titles silently thrust on marks was HDD Plus, a piece of malware that falsely claims users have serious system errors that can only be fixed by buying a premium version of the program. The tainted banner ads used code from the Eleonore and Neosploit crimeware kits to exploit at least seven previously patched vulnerabilities in applications such as Adobe Reader, Oracle’s Java, and Microsoft’s Internet Explorer.

An ad platform is a huge advantage to malware attackers because it allows them to get their exploits in front of potentially millions of people who have no reason to believe they’re under threat.

In the attack documented by Armorize, the miscreants appear to have tricked account managers with the use of ADShufffle.com, a domain that fed the malicious banners. The address was designed to look to AdShuffle.com, which regularly works with ad platforms.

UP4B offers a wide range of process and network analysis to make sure that your network is protected against what is really important for your business: information leak, network protection (penetration testing,…), network availability and more.

Feel free to contact us for more information on our IT Security services and get your company IT Sec ready.