tag
Microsoft

Anatomy of a Biting Bunny – The Infected Microsoft Catalog Update

Aryeh Goretsky posted a blog about a trojan program in a Microsoft catalog update. I thought it might be a little interesting to know how this can happen and why it doesn’t happen more often. As it turns out, it was once my job to make sure that Microsoft did not release infected software. Initially

Trojan in Microsoft Update Catalog – A Bunny Bites Back

  UPDATE #1 Randy Abrams has posted a follow-up article, Anatomy of a Biting Bunny – The Infected Microsoft Catalog Update with additional information about how update services work, why they might distribute third-party code and what might be done to prevent malware from being distributed on services like Microsoft's Windows Update in the future.  7-FEB-2011.   Last

Microsoft’s recent MHTML Vulnerability – Follow up

  Just a quick follow up on the Microsoft Security Advisory (2501696) post that my colleague Randy Abrams wrote about on January 28th regarding Microsoft's recent MHTML vulnerability, which is listed by ESET as HTML/Exploit.CVE-2011-0096.A in our signature database.   Although reports remain low so far, any vulnerability in a particular version of Microsoft Windows

Resumen de amenazas de enero

Escuchá el resumen mensual de amenazas en formato podcast: Nuevamente compartimos con ustedes el resumen mensual de amenazas más importantes del mes de enero. En estos días, pudimos comprobar nuevamente que las redes sociales son un blanco muy importante a la hora de distribuir malware. En este caso, la afectada fue la red social de

MS10-092 and Stuxnet

…among the 17 security bulletins just released by Microsoft on Patch Tuesday, MS10-092 addresses the Task Scheduler vulnerability prominently exploited by Win32/Stuxnet…

Vulnerabilidad de Internet Explorer explotada

La explotación de vulnerabilidades les brinda a los atacantes la posibilidad de llevar adelante tareas delictivas como la distribución de malware. En este caso en particular la aparición de un nuevo 0-day en el navegador de Microsoft, Internet Explorer, nos ha alertado a todos debido a su criticidad y a la posibilidad de ejecución de

Java es más explotado que Adobe

El pasado lunes el centro de Microsoft Malware Protection, publicó en su blog un informe estadístico relacionado a la explotación de vulnerabilidades y las plataformas. En el mismo, se destaca el aumento de ataques hacia Java, superando así notablemente a Adobe, que en estos últimos tiempo ha sido blanco habitual de ataques . En el

That’s One Small Step for Windows…

And a giant step for users! While working on a blog soon to follow this I discovered a behavior in Windows 7 that Microsoft has changed to make a small, but meaningful improvement in security. For decades the bane of IT professionals has been users who double click on anything they can. This has lead

Stuxnet: ataque a sistemas de control industrial

Mientras los especialistas de la industria antivirus debaten sobre los temas de relevancia en materia de amenazas en la conferencia Virus Bulletin, aprovechamos la oportunidad para contarles justamente sobre una de las amenazas que fueron tratadas a través de dos papers en el evento, con un amplio debate suscitado el día de ayer. Se trata

Resumen de amenazas de septiembre

Como indicamos en reportes anteriores, el ambiente delictivo, en relación al desarrollo y propagación de amenazas, se encuentra de forma constante buscando nuevas  formas para lograr mayores indices de infección. Septiembre se caracterizó por presentar un crisol de metodologías de ataque y de propagación de amenazas bastante particular. Como todos los meses les presentamos un

DLL loading vulnerability

Scarcely had we got our breath back mainly after Microsoft addressed a serious vulnerability in handling .LNK (shortcut) files, before researcher HD Moore made public a serious security failure in the dynamic loading of libraries in Windows that came to light when he was investigating the .LNK issue.

Microsoft publicó parche de seguridad fuera de ciclo

Tal como anunciábamos el último viernes, Microsoft ha cumplido con lo que indicó hace unos días y ya está a disposición de los usuarios la actualización de seguridad MS10-046, que corrige la vulnerabilidad CVE-2010-2568, que se relacionaba a la forma en que Windows Shell manejaba los archivos LNK (accesos directos) en los sistemas operativos afectados

Save your work! Microsoft Releases Critical Security Patch

As expected, Microsoft has released a critical out-of-band patch for the LNK shortcut file vulnerability which received attention last month. As a critical patch, this update will be delivered through Windows’ Automatic Update service, as well as being directly available for download from Microsoft’s site without a Windows Genuine Advantage check. A reboot is required for the

Support Scams Part Umpteen

UK journalist Kevin Townsend has blogged today on what sounds like two support scam phone-calls of a type I’ve mentioned here a few times since a colleague at another company drew my attention to it last month.

A few facts about Win32/Stuxnet & CVE-2010-2568

We realize there have been a lot of articles in the blog now about the Win32/Stuxnet malware and its new vector for spreading, but when vulnerabilities emerge that can be widely exploited, it is important to share information so that people can protect themselves from the threat. Detection for Win32/Stuxnet and the shortcut (LNK) files

There’s Passwording and there’s Security

Kim Zetter’s article for Wired tells us that “SCADA System’s Hard-Coded Password Circulated Online for Years” – see the article at http://www.wired.com/threatlevel/2010/07/siemens-scada/#ixzz0uFbTTpM0 for a classic description of how a password can have little or no value as a security measure. Zetter quotes Lenny Zeltser of SANS as saying that ““…anti-virus tools’ ability to detect generic versions of

Win32/Stuxnet Signed Binaries

On July 17th, ESET identified a new malicious file related to the Win32/Stuxnet worm. This new driver is a significant discovery because the file was signed with a certificate from a company called "JMicron Technology Corp".  This is different from the previous drivers which were signed with the certificate from Realtek Semiconductor Corp.  It is

(Windows) Shellshocked, Or Why Win32/Stuxnet Sux…

…But that doesn’t mean that this particular attack is going to vanish any time soon, AV detection notwithstanding. Now that particular vulnerability is known, it’s certainly going to be exploited by other parties, at least until Microsoft produce an effective fix for it, and it will affect some end users long after that…

Microsoft Takes the Security out of Security Conferences

In May it was reported that IBM handed out some USB drives that were infected. A month later I spoke at a security conference that I will not name. I gave the AV (audio/visual) technician a USB key with my presentation on it to copy to the laptop they were using for the presentations. About

Marketing Misusing ESET’s Name

The individual concerned had received a phone call from someone claiming to be from Microsoft, and informing him that notification had been received concerning a virus infection on his PC, and offering to help him to install antivirus software. When asked what antivirus software was being offered, the caller claimed that it was ESET’s.

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.