Author Archives: BrianKrebs

Anti-virus Products Struggle Against Exploits

August 23, 2010

Roughly half of the exploits tested were exact copies of the first exploit code to be made public against the vulnerability. NSS also tested detection for an equal number of exploit variants, those which exploit the same vulnerability but use slightly different entry points in the targeted system’s memory. None of the exploits used evasion techniques commonly employed by real-life exploits to disguise themselves or hide from intrusion detection systems.

Among all ten products, NSS found that the average detection rate against original exploits was 76 percent, and that only three out of ten products stopped all of the original exploits. The average detection against exploits variants was even lower, at 58 percent, NSS found.

Adobe Issues Acrobat, Reader Security Patches

August 19, 2010

12 Comments

Adobe Systems Inc. today issued software updates to fix at least two security vulnerabilities in its widely-used Acrobat and PDF Reader products. Updates are available for Windows, Mac and UNIX versions of these programs. Acrobat and Reader users can update… Read More »

WinMHR: (Re)Introducing the Malware Hash Registry

August 19, 2010

26 Comments

Microsoft Windows users seeking more certainty about the security and integrity of downloaded files should take a look at a free new offering from Internet security research firm Team Cymru (pronounced kum-ree) that provides a solid backup to anti-virus scans.

The tool is actually an extension of an anti-malware service that Team Cymru has offered for several years, known as the “Malware Hash Registry.” The MHR is a large repository of the unique fingerprints or “hashes” that correspond to millions of files that have been identified as malicious by dozens of anti-virus firms and other security experts over the years. The MHR has been a valuable tool for malware analysts, but until now its traditional command-line interface has placed it just outside the reach of most average computers users.

Apple Patch Catchup

August 18, 2010

18 Comments

I’ve fallen a bit behind on blog posts about notable security updates (I was counting on August to be the slowest month this year, but so far it’s actually been the busiest!). Recently, Apple released a series of important patches that I haven’t covered here, so it’s probably easiest to mention them in all in one fell swoop.

NetworkSolutions Sites Hacked By Wicked Widget

August 16, 2010

23 Comments

Hundreds of thousands of Web sites parked at NetworkSolutions.com have been serving up malicious software, thanks to a tainted widget embedded in the pages, a security company warned Saturday.

Web application security vendor Armorize said it found the mass infection while responding to a complaint by one of its largest customers. Armorize said it traced the problem back to the “Small Business Success Index” widget, an application that Network Solutions makes available to site owners through its GrowSmartBusiness.com blog.

Spam King Leo Kuvayev Jailed on Child Sex Charges

August 11, 2010

32 Comments

A man identified as one of the world’s top purveyors of junk e-mail has been imprisoned in Russia for allegedly having sex with underage girls, KrebsOnSecurity.com has learned.

According to multiple sources, Leonid “Leo” Aleksandorovich Kuvayev, 38, was sent to a prison in the Russian Federation roughly six months ago. It is not clear how long his sentence is or precisely where he is being held.

Critical Updates for Windows, Flash Player

August 10, 2010

39 Comments

Microsoft issued a record number of software updates today, releasing 14 update bundles to plug at least 34 security holes in its Windows operating system and other software. More than a third of flaws earned a “critical” severity rating, Microsoft’s most serious. Separately, Adobe released an update for its Flash Player that fixes a half-dozen security bugs.

Shunning and Stunning Malicious Networks

August 10, 2010

22 Comments

McAfee just published the sixth edition of its Security Journal, which includes a lengthy piece I wrote about the pros and cons of taking down Internet service providers and botnets that facilitate cyber criminal activity. The analysis focuses on several historical examples of what I call “shuns” and “stuns,” or taking out rogue networks either by ostracizing them, or by kneecapping their infrastructure in a coordinated surprise attack, respectively.

Foxit Fix for “Jailbreak” PDF Flaw

August 8, 2010

16 Comments

One of the more interesting developments over the past week has been the debut of jailbreakme.com, a Web site that allows Apple customers to jailbreak their devices merely by visiting the site with their iPhone, iPad or iTouch. Researchers soon… Read More »

Crimepack: Packed with Hard Lessons

August 5, 2010

42 Comments

Exploit packs — slick, prepackaged bundles of commercial software that attackers can user to booby-trap hacked Web sites with malicious software — are popular in part because they turn hacking for profit into a point-and-click exercise that even the dullest can master. But one reason I’ve focused so much on these kits is that they also make it easy to visually communicate key Internet security concepts that often otherwise fall on deaf ears, such as the importance of keeping your software applications up-to-date with the latest security patches.

One of the best-selling exploit packs on the market today is called Crimepack, a kit that I have mentioned at least twice already in previous blog posts. In this post, we’ll take a closer look at the “exploit stats” section of a few working Crimepack installations to get a sense of which software vulnerabilities are most productive for Crimepack customers.