Security Fix
Main
Security
MalwareMSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 |Mon, 31 Mar 08
The Curious Case of Dmitry Golubov
http://blog.washingtonpost.com/securityfix/2008/03/the_curious_case_of_dmit
ry_gol.html?nav=rss_blog
Earlier this month, Security Fix took a look at Dmitry Ivanovich Golubov, a Ukrainian politician once considered by U.S. law enforcement to be a top cybercrime boss. Golubov took rather strong exception to the way he was characterized in that post, denying involvement in any type of cybercrime activity. The problem, Golubov claimed, is that the FBI confused him with someone else. According to Golubov, he was the victim of identity theft. Someone gained access to his passport, scanned it and posted it online along with a note confessing his involvement in a multinational credit card theft ring. According to Golubov, the note read: "I Dmitry Golubov, leading hacker, I hack banks, but I have nothing to fear because the police with me at the same time, and in order for you to believe me that I am not afraid I show you my passport, as well as my home
Mon, 31 Mar 08
U.S.-Based ISPs Count Known Terror Groups as Clients
http://blog.washingtonpost.com/securityfix/2008/03/us_based_isps_aiding_kno
w_terr_1.html?nav=rss_blog
Herndon, Va.-based Network Solutions said Wednesday that it suspended Hizbollah.org, an official site of Hezbollah, a Lebanese political and paramilitary group. Turns out, Network Solutions, which was one of the original firms in the domain registration business, was accepting payment for the domain in violation of a U.S. law that bars American companies from doing business with organizations listed by Uncle Sam as terrorist groups. Closer inspection also reveals that Network Solutions and other U.S.-based Internet service providers and domain registrars provide services to other groups on the government's list of terrorist organizations. For example, Network Solutions also is the registrar for The Palestine Information Center (palestine-info.com), a Web site tied to Hamas, a group listed on the U.S. State Department's list of Foreign Terrorist Organizations. FTOs are designated under section 219 of the Immigration and Nationality Act, which makes it illegal "for a person in the United States or
Mon, 31 Mar 08
Don't Depend on Anti-virus to Save You
http://blog.washingtonpost.com/securityfix/2008/03/dont_depend_on_your_anti
virus.html?nav=rss_blog
Last week I wrote a story about how anti-virus companies are struggling to keep up with the huge volumes of viruses and other malware being released on the Internet. The story examined the various ways the anti-virus industry has responded and how those changes are affecting consumers. Source: AV Test Labs From the story: Malware writers increasingly are taking steps to ensure that computers infected with their creations stay infected, according to security researchers. In years past, no matter how quickly an anti-virus product shipped updates to detect the most recent malware, most anti-virus software would eventually sound the alarm if a virus managed to slip past its initial defenses. But more of today's cyber criminals are continuously updating the malware they have managed to install on victims' computers replacing older malicious files with new ones in a bid to keep them hidden. Frankly, the key points in the story
Mon, 24 Mar 08
Network Solutions Pre-Censors Anti-Islam Site
http://blog.washingtonpost.com/securityfix/2008/03/networksolutions_precens
ors_an.html?nav=rss_blog
Web site name registrar Network Solutions is blocking access to a site owned by a controversial Dutch politician known for his confrontational views about Islam and Muslim immigrants. The move by one of the largest companies in the domain registration business is notable, experts say, because it may be the first documented case of Internet pre-censorship by a major U.S.-based Web registrar. The site in question is fitnathemovie.com, which is registered by Dutch Party for Freedom leader Geert Wilders. Wilders has said that he planned to post a short film on the site designed to rally support for banning the Koran in Holland. Wilders has said that Islam's holy scripture urges followers to commit violent acts. Network Solutions imposed its block on Wilders's site Saturday evening, at which time it hosted little more than an image of the Koran on its homepage. But a company spokeswoman said Sunday evening that
Sat, 22 Mar 08
They Told You Not To Reply
http://blog.washingtonpost.com/securityfix/2008/03/they_told_you_not_to_rep
ly.html?nav=rss_blog
When businesses want to communicate with their customers via e-mail, many send messages with a bogus return address, e.g. "somethinghere@donotreply.com." The practice is meant to communicate to recipients that any replies will go unread. But when those messages are sent to an inactive e-mail address or the recipient ignores the instruction and replies anyway, the missives don't just disappear into the digital ether. Instead, they land in Chet Faliszek's e-mail box. As owner of www.donotreply.com, the Seattle-based programmer receives millions of wayward e-mails each week, including a great many missives destined for executives at Fortune 500 companies or bank customers, even sensitive messages sent by government personnel and contractors. The majority of the e-mails naturally are from spammers, who also are quite fond of using Faliszek's domain name in the "From" field of their junk e-mails. Some of the non-spam bounce-backs are fairly harmless, like the ones he gets every
Thu, 20 Mar 08
White House Taps Tech Entrepreneur For Cyber Post
http://blog.washingtonpost.com/securityfix/2008/03/white_house_taps_tech_en
trepre.html?nav=rss_blog
The Bush administration is planning to tap a Silicon Valley entrepreneur to head a new inter-agency group charged with coordinating the federal government's efforts to protect its computer networks from organized cyber attacks. Sources in the government contracting community said the White House is expected to announce as early as Thursday the selection of Rod A. Beckstrom as a top-level adviser based in the Department of Homeland Security. Beckstrom is an author and entrepreneur best known for starting Twiki.net, a company that provides collaboration software for businesses. For more on this, see the full story published on washingtonpost.com.
Thu, 20 Mar 08
Apple Patches 93 Security Holes
http://blog.washingtonpost.com/securityfix/2008/03/apple_patches_93_securit
y_hole.html?nav=rss_blog
Apple this week pushed out one of its biggest bushels of security updates in a long while, fixing more than 90 vulnerabilities in nearly every major component of its operating system and supporting software. Apple also released updates for the Windows version of its Safari Web browser. Updates are available for server and desktop versions of Mac OS X Tiger (10.4.x) and Leopard (10.5.x). Mac users can grab the updates via the built-in Software Update feature. Safari for Windows users should run the bundled Apple Software Update program to grab the latest version. By my count, Apple fixed at least 93 security vulnerabilities if you include the Safari bundle. Although, to be fair, many of the flaws addressed in the OS X bundle include fixes for OS X versions of third-party applications. For example, nearly 20 of the updates correct problems in the Mac version of ClamAV, an anti-virus program.
Wed, 19 Mar 08
Hannaford Breach May Presage '08 Trend
http://blog.washingtonpost.com/securityfix/2008/03/hannaford_breach_may_pre
sage_0.html?nav=rss_blog
The Hannaford Bros. supermarket chain said Monday that a breach of its computer systems may have given criminals access to more than four million credit and debit cards issued by nearly 70 banks nationwide. While the banks appear all but ready to blame Hannaford for failing to follow payment card industry standards on security, there are signs that this may be the first of many cases to surface this year wherein the affected retailer was hacked even though it appeared to be following all of the security rules laid out by the credit card associations. The Boston Globe's Ross Kerber today writes that Hannaford is still investigating the specifics of how the data was taken, but that the company's chief executive said the data "was illegally accessed from our computer systems during transmission of card authorization." Translation: The hackers snatched the credit/debit card data sometime between when the customer swiped
Sun, 16 Mar 08
The Anatomy of a Vishing Scam
http://blog.washingtonpost.com/securityfix/2008/03/the_anatomy_of_a_vishing
_scam_1.html?nav=rss_blog
A series of well-orchestrated wireless phone-based phishing attacks against several financial institutions last week illustrates how scam artists are growing more adept at fleecing consumers by exploiting security holes in seemingly unrelated Internet technologies. The scams in this case took the form of a type of phishing known as "vishing," wherein cell-phone users receive a text message warning that their bank account has been closed due to suspicious activity, and that they need to call a 1-800 number to reactivate the account. Victims who called the number reached an automated voice mail box that prompted callers to key in their credit card number, expiration date and PIN to verify their information (the voice mail systems involved in these sorts of scams usually are run off of free or low-cost Internet-based phone networks that are difficult to trace and shut down). According to Lawrence Baldwin, the security forensics professional who was
Fri, 14 Mar 08
Ukrainian CyberCrime Boss Leads Political Party
http://blog.washingtonpost.com/securityfix/2008/03/ukranian_cybercrime_boss
_leads.html?nav=rss_blog
A Ukrainian man once known as one of the top ringleaders in Eastern Europe-based organized cyber crime is now heading up a new political party there. Dmitri Ivanovich Golubov, a 24-year-old from Odessa, is leading the upstart "Internet Party of Ukraine," a party he helped create shortly after parliamentary elections in the country last fall. In 2005, Golubov -- a.k.a. "script" -- was arrested and jailed on charges of trading in credit and debit card credentials stolen via computer viruses and password-snatching Trojan horse programs, thefts that caused millions of dollars in losses to banks over several years. U.S. Postal Investigative Service Photo U.S. investigators said Golubov was among the top henchmen at Carderplanet.com, an online fraud forum that once facilitated credit and debit card fraud for about 7,000 scammers around the globe. So open and brazen were the curators of this fraudster bazaar that Carderplanet.com actually ran Internet ads
Thu, 13 Mar 08
Six Degrees of E-Separation
http://blog.washingtonpost.com/securityfix/2008/03/six_degrees_of_eseparati
on_1.html?nav=rss_blog
If you've ever played the game "Six Degrees of Kevin Bacon," you know there's a lot of truth to it. It's based on the notion that any actor can be linked through his or her film roles to Mr. Bacon. And if you've ever spent some significant time on social networking sites, it's pretty easy to see how this game can be applied to you or your friend's real connections. So, it should come as no surprise that the same dynamic may work amongst victims of computer viruses. I came up with the nutty idea for this experiment after stumbling upon a trove of data stolen by a single keystroke logger, which appeared to be in operation between June and September of 2007, according to the time- and date-stamped records. During that time, the criminal(s) responsible for distributing that keylogger ensnared some 10,000 victims, stealing more than 20 gigabytes worth
Wed, 12 Mar 08
Microsoft Patches 12 Office Security Holes
http://blog.washingtonpost.com/securityfix/2008/03/microsoft_patches_12_off
ice_se_1.html?nav=rss_blog
Microsoft today issued four updates to fix at least a dozen security vulnerabilities in its Office software products. All of the updates earned Microsoft's "critical" label, meaning attackers could exploit the flaws to break into Windows systems with little or no help from users. Included in today's Patch Tuesday roundup are fixes for just about every Office suite or stand-alone product that Microsoft currently supports -- going back to Office 2000 and including Office for Mac software and various Office Viewer components. One of the updates, which mends at least seven flaws in different Office titles, patches a security hole that hackers were exploiting as early as last week, according to reports from US-CERT and the SANS Internet Storm Center. Interestingly, that patch and one other address security holes found in Office 2007, a product that underwent rigorous code review in an attempt to minimize the kinds of security weaknesses
Tue, 11 Mar 08
When Ads Go Bad
http://blog.washingtonpost.com/securityfix/2008/03/when_ads_go_bad.html?nav
=rss_blog
A long-time trusted source recently alerted me that some inappropriate advertisements were running on Neopets.com, a Web site full of addictive Macromedia Flash games aimed at pre-teens. Surprisingly, the curators of Neopets.com -- major media conglomerate Viacom -- are disavowing responsibility for the racy ads, saying they did not exist on their network and instead were the result of adware or spyware on my source's computer. Included is a screenshot taken of one of the multiple ads I found on the site, which linked back to Internet dating site True.com. A Neopets.com spokesperson said the ads could not have possibly have been served through its site, and that the ads must have been displayed by malicious software. "This appears to be a 'malicious' software program and we are aggressively investigating its origin," the company said in an e-mailed statement. "We would never accept this type of ad on any of
Fri, 7 Mar 08
The FDIC Computer Intrusion Report
http://blog.washingtonpost.com/securityfix/2008/03/the_fdic_computer_intrus
ion_re.html?nav=rss_blog
Last week, Security Fix featured the highlights from a non-public report by the Federal Deposit Insurance Corp. (FDIC) that examined a huge recent spike in the cost of computer intrusions for banks and consumers. I chose not to publish the report itself at the time, but due in part to the large number of requests I've received from people inside the financial sector who claim to have never seen such figures from the government before, I've decided to release a slightly redacted version of it (the original version contained a number of case studies that included potentially sensitive data about ongoing law enforcement investigations). FDIC Division of Supervision and Consumer Protection: Cyber Fraud and Financial Crime Report, November 9, 2007 (as of June 30, 2007) (Doc). For those who don't have Microsoft Word, a less attractive HTML version of the report is available here. I should note that while the
Fri, 7 Mar 08
The MonaRonaDona Extortion Scam
http://blog.washingtonpost.com/securityfix/2008/03/the_411_on_the_monaronad
ona_ex.html?nav=rss_blog
Online tech support forums are starting to light up over an increasing number of PCs sickened by something called the "MonaRonaDona virus," a piece of malware that threatens to trash host computers. As it happens, MonaRonaDona appears to be a relatively innocuous invader that was created to scare people into purchasing a fake new anti-virus product. I first read about MonaRonaDona in a discussion thread over at the excellent DSL Reports Security Forum, where members traded tips on removing the bugger. Nobody seems to know how the thing wiggles into infected PCs in the first place, but the one thing that's clear is that this invader's primary purpose is to call as much attention to itself as possible (that kind of behavior is always a red flag, because most modern malware succeeds by being stealthy and unobtrusive). This piece of malware disables a number of programs on the victim's PC,
Fri, 7 Mar 08
An Opera Update And A Farewell to Netscape
http://blog.washingtonpost.com/securityfix/2008/02/security_updates_for_net
scape.html?nav=rss_blog
A new version of the Opera Web browser fixes at least three security vulnerabilities in the software. Separately, a security patch from AOL marks the final update for the venerable Netscape browser. The latest update from AOL will be the last for Netscape: AOL officially ends support for it on March 1, meaning it has no further plans to ship security updates for Netscape or otherwise maintain the browser. While Netscape's share of the browser market today is practically negligible compared to that of Internet Explorer, Firefox and Opera, this final version is a bit of an unceremonious goodbye for a browser that helped introduce so many people to the World Wide Web back in the mid-1990s. In 1998, Netscape released the source code for the Netscape Communicator browser. By doing so, it helped formed the basis of the Mozilla.org project -- an open source initiative that laid the groundwork
Fri, 7 Mar 08
When Blocking Porn Isn't Enough
http://blog.washingtonpost.com/securityfix/2008/02/when_blocking_porn_isnt_
enough_1.html?nav=rss_blog
Last year, Security Fix looked at a free service that helps parents and other network administrators block adult Web sites for all of the PCs they control, without installing any software. Now, the company and community that built that service has expanded it to allow administrators to filter a wide range of online content, from hate speech sites and social networking forums to sites promoting drugs and alcohol. The service comes from OpenDNS, the company responsible for Phishtank.com, a community-based effort that collects data on phishing sites. Phishtank's data about scam sites is fed to anti-phishing features built into Web browsers like Firefox and Opera. For several months now, OpenDNS has offered that anti-phishing service - along with the adult site filtering feature - to anyone who creates a free account with the company. OpenDNS is now rolling out a beta feature that allows users to block content based on
Fri, 7 Mar 08
YouTube Censorship Sheds Light on Internet Trust
http://blog.washingtonpost.com/securityfix/2008/02/pakistan_censorship_orde
r_take.html?nav=rss_blog
If you happened to be searching for a video at YouTube.com Sunday afternoon, there's a good chance your browser told you it was unable to locate the entire Web site. Turns out, much of the world was blocked from getting to YouTube for part of the weekend due to a censorship order passed by the government of Pakistan, which was apparently upset that YouTube refused to remove digital images many consider blasphemous to Islam. According to wire reports, Pakistan ordered all in-country Internet service providers (ISPs) to block access to YouTube.com, complaining that the site contained controversial sketches of the Prophet Mohammed which were republished by Danish newspapers earlier this month. The people running the country's ISPs obliged, but evidently someone at Pakistan Telecom - the primary upstream provider for most of the ISPs in Pakistan - forgot to flip the switch that prevented those blocking instructions from propagating out
Fri, 7 Mar 08
Hackers Exploiting Facebook, MySpace Plug-ins
http://blog.washingtonpost.com/securityfix/2008/02/hackers_exploiting_faceb
ook_my.html?nav=rss_blog
If you use Internet Explorer (versions 6 or 7) to browse the Web, listen up: Criminals are starting to exploit security holes in several widely installed IE plug-ins to plant invasive software when users are coerced or tricked into visiting one of several Web sites. In an alert posted Friday evening, security software vendor Symantec said it is seeing malicious Web sites popping up trying to exploit vulnerabilities in a set of ActiveX controls produced by Aurigma, a technology company whose image transfer browser plug-in is licensed and distributed by a number of major Web sites to help IE users upload pictures. Currently, Facebook.com and MySpace.com are among the biggest distributors of this ActiveX plug-in, but they are hardly the only ones. Symantec warns that if visitors don't have the Aurigma plug-ins installed, the sites will probe for other vulnerable IE plug-ins, including two recently discovered from Yahoo! and one
Fri, 7 Mar 08
How Not To Write a 'Geek Wanted' Ad
http://blog.washingtonpost.com/securityfix/2008/02/how_not_to_write_a_geek_
wanted.html?nav=rss_blog
When you're trying to hire a computer security professional to manage the network for one of the nation's largest counties, it's probably not the best idea to advertise to the world the precise digital defenses you have in place to protect the region's virtual castle. Take, for instance, the following ad posted to business networking site LinkedIn. The hiring employer in this case is Riverside County, Calif., which claims to be the 16th largest county in the U.S. They're looking for a new chief information security officer (CISO). Here are their requirements, verbatim: "Must have experience with firewalls (PIX/Border Manager), anti-virus (McAfee/Norton), Intrusion Detection/Intrusion Prevention Systems (IDS/IPS), virtual private networks (VPN), remote access systems (RAS), public key infrastructure (PKI), encryption (3DES), digital certificates (Versign, Entrust), routers (CISCO IOS), sniffers (Network Associates), distributed denial of service attacks (DDOS), biometrics, DMZ/Transaction Zones, business continuity planning, auditing, HIPAA and related regulatory compliance requirements,
Fri, 7 Mar 08
Wall Street Reports Increase In PC Intrusions In '07
http://blog.washingtonpost.com/securityfix/2008/02/wall_street_reports_high
er_pc_1.html?nav=rss_blog
On Thursday, Security Fix featured an exclusive look at data pulled from an unreleased government report showing a steep increase in the amount of funds that banks, businesses and consumers lost last year due to computer hacking and malicious software attacks. Today, I'd like to highlight recently released figures, which show that trading giants on Wall Street also have grappled with a significant rise in computer intrusion-related fraud during that same period. In the first half of 2007, companies involved in managing securities and futures trades reported a 47 percent increase in the number of fraudulent or suspicious transactions attributed to computer break-ins, according to data released last month by the Financial Crimes Enforcement Network (FinCEN). Financial institutions are required to file suspicious activity reports (SARs) when a suspected fraudulent or illegal transfer of funds exceeds $5,000. According to FinCEN, trading institutions filed more computer intrusion-related securities fraud reports in
Fri, 7 Mar 08
Banks: Losses From Computer Intrusions Up in 2007
http://blog.washingtonpost.com/securityfix/2008/02/banks_losses_from_comput
er_int.html?nav=rss_blog
U.S. financial institutions reported a sizable increase last year in the number of computer intrusions that led to online bank account takeovers and stolen funds, according to data obtained by Security Fix. The data also suggest such incidents are becoming far more costly for banks, businesses and consumers alike. The unusually detailed information comes from a non-public report assembled by the Federal Deposit Insurance Corporation, the federal entity that oversees and insures more than 9,000 U.S. financial institutions. The statistics were gathered as part of a routine quarterly survey called the Technology Incident Report, which examines so-called suspicious activity reports (SARs). In this case, SARs that were filed in the 2nd Quarter of 2007. SARs are federally mandated write-ups that banks are required to file anytime they spot a suspicious or fraudulent transaction that amounts to $5,000 or more. A copy of the report was provided by a trusted source
Fri, 7 Mar 08
Research May Hasten Death of Mobile Privacy Standard
http://blog.washingtonpost.com/securityfix/2008/02/research_may_spell_end_o
f_mobi.html?nav=rss_blog
Researchers at a computer security conference in Washington, D.C. this week detailed a method for dramatically reducing the cost and time needed to crack the security that prevents eavesdropping of GSM-based mobile phones. The weaknesses in the GSM encryption technology -- a 64-bit scheme known as A5/1 -- were first detailed nearly a decade ago, but cracking the code has generally required a great deal of patience and some very expensive hardware (with hardware costs alone exceeding $1 million). U.S. based GSM carriers -- including AT&T and T-Mobile -- as well as most European GSM providers are among the dozens of mobile providers and billions of handsets worldwide using A5/1 as their privacy standard. Most of the previously detailed methods for cracking A5/1 encrypted GSM communications involved "active attacks," injecting data packets into the carrier's system or circumventing the encryption altogether by tricking a nearby target's phone into connecting to
Fri, 7 Mar 08
Fake Prez. Campaign Video Spreads Malware
http://blog.washingtonpost.com/securityfix/2008/02/fake_prez_campaign_video
_sprea.html?nav=rss_blog
Spammers are taking advantage of public awareness about the U.S. presidential race to trick people into installing malicious software. A recent blast of spam purports to contain links to a video of Sen. Hillary Clinton (D-N.Y.) on the campaign trail, links that in fact lead to software that tries to turn the viewer's PC into a spam-spewing zombie. The spam campaign, detailed in a brief writeup by researchers at Symantec Corp., encourages recipients to click on a link to download a video interview with Clinton. The link actually fetches a Trojan downloader, which in turn tries to pull down another nasty file that installs a rootkit -- a package of tools designed to hide malicious files on the system and prevent their removal. The malicious program also contacts several different Internet servers for instructions to enlist the victim's PC's help in future spam campaigns. Symantec detects this threat as Trojan.Srizbi.
Fri, 7 Mar 08
Beware Bogus E-Valentines
http://blog.washingtonpost.com/securityfix/2008/02/beware_bogus_evalentines
.html?nav=rss_blog
If you want to express your affection for someone this Valentine's Day, try to find a more original way to do it than by sending e-greeting cards. You could be training your loved one to respond to scammers who are quite actively using fake electronic cards as a ruse to install malicious software. As I've noted before, I've never been a huge fan of the online greeting card business, principally because e-cards condition people to click on links in e-mails they weren't expecting, which is almost universally a bad idea. Cyber crooks - most notably the author(s) of the Storm worm - have already begun blasting out malicious links disguised as e-Valentines. Some, like those spotlighted by anti-virus maker F-Secure, arrive as cute or lovey-dovey HTML images. Others, like this still-active scam that pretends to be a Hallmark e-greeting card, spoof the legitimate companies that run the biggest e-card delivery
Fri, 7 Mar 08
Microsoft's Valentine: 17 Security Updates
http://blog.washingtonpost.com/securityfix/2008/02/microsofts_valentine_14_
securi.html?nav=rss_blog
Microsoft today pushed out software updates to fix a large number of security flaws in computers running its Windows operating systems and other software. Notable among the patches is a critical roll-up of fixes for Internet Explorer, the Web browser used by the majority of the world's online population. Today's bundle of fixes corrects at least 17 security vulnerabilities found in Microsoft products ranging from Windows to Microsoft Office and Works, to Internet Information Services (ISS), a popular Web server. At least 10 of the flaws earned Microsoft's most serious "critical" rating, meaning they could be exploited by attackers to break into PCs and install software with little or no help from the victim. For example, the IE update addressed four of those critical flaws, each of which Microsoft said could be exploited merely by convincing an IE user to visit a malicious/hacked Web site or open a poisoned HTML
Fri, 7 Mar 08
Apple Releases Tiger, Leopard Security Updates
http://blog.washingtonpost.com/securityfix/2008/02/apple_releases_tiger_leo
pard_s.html?nav=rss_blog
Apple is pushing out updates to plug at least 10 different security holes in computers powered by its Tiger (OS X 10.4.x) and Leopard (10.5.x) operating systems. Mac users can grab the latest patches via Software Update or directly from Apple Downloads. One of the updates fixes eight vulnerabilities in OS X Leopard and Leopard Server. The other patch plugs four security holes in OS X Tiger. Among the more interesting flaws corrected in the Leopard release involves a problem with the way Apple's built-in Launch Services interacts with Time Machine, a slick new system backup utility included in Leopard. Launch Services lets users open applications, files or URLs in a way similar to the Finder application on OS X. Apple says that even when an application has been uninstalled from the system, Launch Services may allow it to be started if it is still present in a Time Machine
Fri, 7 Mar 08
Hackers Exploit Adobe Reader Flaw
http://blog.washingtonpost.com/securityfix/2008/02/hackers_exploiting_adobe
_reade.html?nav=rss_blog
Security Fix has learned that at least one of the security holes in the popular Adobe Reader application that was quietly patched by Adobe this week is actively being exploited to break into Microsoft Windows computers. On Wednesday, we alerted readers that Adobe had pushed out a patch to plug unspecified security holes in its ubiquitous and free Acrobat Reader program. According to information released Friday by iDefense, a unit of Verisign, Web site administrators on an online Italian forum first spotted hackers taking advantage of the flaw on Jan. 20, 2008, when tainted banner ads were identified that served specially crafted Acrobat PDF files designed to exploit the hole and install malicious software. iDefense says that on Friday it saw the same banner ad tactic being used in the wild to install a Trojan horse program. That Trojan, dubbed "Zonebac," disables various anti-virus products and modifies the victim's search