Tag Archives: Flash player

Faketube.A Worm and Zapchast.EX Backdoor Trojan – PandaLabs Reports

Courtesy of Panda Security: This week’s PandaLabs report looks at a worm, and a backdoor Trojan.

The Faketube.A worm spreads via email. The message includes a link to access an erotic video. Some of the message subjects are: “Giga Video
Movie Britney Spirs and 8 Beverage Andorran” and “Stimulating Image
Britney Spirs and One Manifest South Korean”.

If users click the link, the browser opens and a fraudulent website is displayed, which resembles YouTube.

image

Additionally, users are asked to update their flash player version to see the video. If they accept, the worm is downloaded.

Zapchast.EX is a backdoor Trojan that spreads using a fake Christmas card. In order to view the card, users are asked to install a special version of flash player which is really the Trojan.

image

Once Zapchast.EX is installed on the system, it establishes connections with
several IP addresses, awaiting orders and gathering user information.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on Faketube.A Worm and Zapchast.EX Backdoor Trojan – PandaLabs Reports

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, internet scams, Internet Security Alerts, Malware Advisories, Panda Security, PandaLabs, trojans, Windows Tips and Tools, worms

Adobe Reader and Adobe Flash Player Vulnerabilities Remain Unpatched

image You phone 911 to report an emergency in your home – a fire, burglary, accidental fall; I’ll let you use your imagination to expand on this list. While you’re imagining; imagine this – the 911 operator instructs you not to worry, help will arrive within a week or so.

Computer users running Adobe Flash player (versions 9 and 10), as well as Adobe Reader and Acrobat 9.1.2, are currently subject to attack by cyber-criminals capitalizing on a zero-day vulnerability, and find themselves in an analogous position.

This is an extremely serious vulnerability which could result in a successful takeover of an attack victim’s computer through remote code execution. Like the 911 operator above, Adobe’s response to this vulnerability is, don’t worry we’ll get to you, we’ll fix it – just not now.

According to Adobe:

“We are in the process of developing a fix for the issue, and expect to provide an update for Flash Player v9 and v10 for Windows, Macintosh, and Linux by July 30, 2009 (the date for Flash Player v9 and v10 for Solaris is still pending). We expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX by July 31, 2009.”

To read the rest of Adobe’s response checkout “Security advisory for Adobe Reader, Acrobat and Flash Player”, at the Adobe site.

If you are like most computer users, you were probably only minimally interested in installing the latest updates of Adobe products since you may not have been aware of the important security patches they contain. In fact, you may not be aware of how important it is to keep all installed applications up to date, and patched.

Save yourself a lot of time and aggravation, and ensure that all your installed applications are always patched and up to date, by installing Secunia PSI, a free application which scans your PC for installed application vulnerabilities. In this case, it would have notified you of the Adobe vulnerabilities.

image

Without Secunia PSI installed, you leave yourself open to attacks and exploits that seem to be increasing in frequency.

image Consider this from ZDNet:

Ten free security utilities you should already be using –
Number one is the Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine.

For more information on Secunia PSI please read “Play Russian Roulette – Don’t Update Your Applications”, on this site. This review of Secunia PSI includes download links.

In the meantime: Steps you can take while waiting for Adobe to issue these critical patches –

As always, be cautious when browsing untrusted websites

Ensure your AV definitions are current

If you are running FireFox you should be running the NoScript add-on, and you might consider installing and running the Flashblock add-on. Both offer substantial protection. This solution is not perfect however, and you may still be vulnerable.

Run all software as a non-privileged user with minimal access rights.

Frankly, I do not use, nor would I ever use, an Adobe product on any of my systems. These zero day exploits against Adobe products seem to be never ending.

To read a comprehensive technical report on this issue, check out “Heap Spraying with Actionscript – Why turning off Javascript won’t help this time”, on the FireEye Malware Intelligence Lab site.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under Adobe, Application Vulnerabilities, Don't Get Hacked, Firefox Add-ons, Free Anti-malware Software, Freeware, Internet Safety, Malware Advisories, Online Safety, Security Rating Applications, Software, System Security, Windows Tips and Tools