The old adage of everything old is new again resurfaced last week as a new email worm reminiscent of the love letters and Anna Kournikova email worms from a decade ago infected systems around the globe. Using a Windows screensaver file containing malicious code, the “Here you have” virus pretends to offer links to PDF documents or videos before actually installing a worm on the user’s computer. Once on a system, the malware spreads by disabling antivirus programs and exploiting PC users’ address books. So far, organizations such as Google, NASA, ABC-Disney, Coca-Cola and Comcast have been hit.
Following the worldwide outbreak, Symantec, along with other antivirus companies, issued recommendations to help companies mitigate the threat and stop it from spreading ( Read More… )
August was a busy month for IT security professionals. Not only were they dealing with significant developments in malware threats, many experts were left dumbfounded by Intel’s announcement that it would acquire McAfee. While we are all trying to make sense of it all, only time will tell. Here are some of the top endpoint security stories of August 2010. ( Read More… )
The fallout for DLL exploits is growing, as newly published research shows that binary planting bugs are not limited to Microsoft programs alone.
According to recently published lists, programs such as Mozilla Firefox and Adobe Photoshop have been added to the increasing number of vulnerable DLL applications that include Microsoft Word 2007, Microsoft Office Visio 2003, and Microsoft Office PowerPoint 2010. The DLL bugs, Microsoft says, are caused by applications passing an insufficiently qualified path when loading an external library. Of the 520 DLL exploits found by researchers at Acros Security, most were DLL file loading issues. The rest were due to insecure loading of executables such as exe. and .com files.
In a recent video post, CoreTrace’s Greg Valentine demonstrates how the base operating system is susceptible to the DLL hijack vulnerability, and how application whitelisting protects systems by blocking all attempts made by PowerPoint to execute corrupt DLL files.
With application developers still the ones responsible for fixing affected applications, one of the biggest challenges organizations face is knowing the number of applications that are potentially vulnerable to DLL bugs. On the other hand, networks protected by whitelisting solutions such as BOUNCER by CoreTrace aren’t hit with the extra time and resources needed to research and clean up applications impacted by malicious DLL files.