I'n Blog 之萬象真藏

gY7X 一、三種技術 
$H(JHe\C8 　　 
7btkNA\z* 　　1. 外掛輪詢技術 

%F ^DVrL 訪談時間: 2007.8.31日,下午13:00-15:00  
  訪談主題: 關於中國網頁防篡改技術分析 f4Xh5V  
  訪談地點: 賽迪網技術社區-網絡安全版塊與賽迪網技術交流群 ']f*TL?!  

受影響系統：

Microsoft Internet Explorer 7.0

Secunia Advisory:	SA26761
Release Date:	2007-09-10
Critical:	Moderately critical
Impact:	Unknown

Secunia Advisory:	SA26733
Release Date:	2007-09-10
Critical:	Less critical
Impact:	Cross Site Scripting

Secunia Advisory:	SA26732
Release Date:	2007-09-10
Critical:	Highly critical
Impact:	System access

Secunia Advisory:	SA26551
Release Date:	2007-09-10
Critical:	Less critical
Impact:	Cross Site Scripting

Posted by Mikko @ 22:37 GMT
A Skype worm is going around. It's spreading via Skype's instant-messaging functionality (Skype Chat). Users receive messages from their friends with links to innocent-looking URLs along these lines: http://www.myimagespace.net/erotic-gallerys/[removed]/dsc027.jpg http://www.fakme.org/erotic-gallerys/[removed]/dsc027.jpg Although the links look like they are pointing to an image, they are not. Instead, they point to a page that will try to download a program called DSC027.SCR to your machine. We've seen at least two different versions of this malware so far. When run, they both display one of the default built-in wallpapers in Windows (Soap Bubbles.bmp):

Brian Krebs posted an article "Banner Ad Trojan Served on MySpace, Photobucket", although this is not the first time RightMedia (now owned by Yahoo) has been discovered serving up malicious code via their servers. I blogged about this previously, as has Sandi Hardmeier reports "Right Media was implicated in the distribution of winfixer malware".

Brian goes on to report "The banner ads in question were traced back to an ad network exchange run by a company called RightMedia, which was recently bought by Yahoo!. The ads were being delivered to RightMedia's network from a third-party ad server. According to ScanSafe, those third-party servers included in their rotation several malicious ads that used Macromedia Flash files to load an invisible "iFrame" (used to insert content from another Web site into the current Web page)."

DNS問題又添一樁。MSN首頁遭轉址事件才平息，資安廠商隨即發現一隻會盜改DNS伺服器設定的木馬，會讓搜尋龍頭Google變身色情網站。

上週傳出因DNS(網域名稱系統)設定錯誤，導致台灣區首頁遭轉址的微軟MSN事件才剛平息，趨勢科技又警告用戶注意一個會竄改電腦DNS伺服器設定的木馬程式家族TROJ_DNSCHANG，感染後電腦將會向惡意DNS伺服器發送需求，使用者便可能被導引到錯誤的網站，「使用者將會被導引向釣魚和色情網站，騙取個人資訊或網站流量，」趨勢科技技術顧問簡勝財說。

即時通訊與VoIP軟體Skype今(10)天傳出遭蠕蟲攻擊事件，受感染用戶無法使用該軟體、防毒軟體也會被關閉，Skype表示正積極處理中。

近幾個月以來在Windows Live Messenger(MSN)使用者間傳佈、以相片作為誘餌的病毒疑似出現Skype版本。Skype台灣區總代理PChome Online今表示陸續接獲用戶與內部使用者發出疑似Skype病毒的通報指出，在收到Skype連絡人傳來的連結，點擊並下載、執行該連結指向的圖片檔後，便會發生Skype被強制停留在「勿打擾」狀態，無法更動、使用的狀況，且會持續送出該惡意連結給其他連絡人，「如同把Skype綁架，」 PChome Online行銷處總監曾薰儀說。

Microsoft is planning to release five security bulletins on September's Patch Tuesday.

While only one—a vulnerability in Windows—is deemed critical, three of the advisories address vulnerabilities that can lead to system takeover: the Windows flaw, flaws in MSN Messenger and Windows Live Messenger, and holes in Visual Studio.

The IM client vulnerability in particular should be given priority, experts say.

"If the Windows Messenger vulnerability lends itself to a chat-based attack vector, then organizations and users of the ubiquitous Microsoft Messenger should pay attention, because this would be a prime candidate for spreading malware and viruses," said Paul Zimski, senior director of market and product strategy for PatchLink, in a statement.

Robert Whiteley and Natalie Lambert have seen the future—and in it, traditional network security is dead. At least that is the message the two Forrester Research analysts delivered to a crowd at the Forrester Security Forum in Atlanta Sept. 6.
According to them, in the next five years the Internet will be the primary connectivity method for businesses, replacing their private network infrastructure as the number of mobile workers, contractors and other third-party users continues to grow. In this new world, which Whiteley and Lambert called "Internet Everywhere," corporations will have to redefine network security and focus on data encryption, managing risk at the endpoint and having strict data access controls, they said.

Some corporations, such as the energy giant BP, have already taken big steps towards deperimeterization—a term created by the Jericho Forum to describe a strategy that focuses on protecting data with tactics such as encryption rather than traditional efforts aimed at fending off attacks from intruders at the network's boundary. BP has taken some 18,000 of its 85,000 laptops off its LAN and allowed them to connect directly to the Internet, the two said.

I had just finished writing up this story of a European country with a defense agency site that's got its database dangling out for all the world to play with, when Exploit Prevention Labs Chief Technology Officer Roger Thompson pointed to about a dozen poisoned government sites that are hosting pages serving malware and porn.

Thompson says that he expects there are many more, which wouldn't surprise me—a quick Google search yesterday turned up plenty.

EPL reports that the hacked .gov sites are dishing out malware via drive-by download and social engineering. The front pages give off no clues of having been compromised, but they're hosting pages that serve junk. EPL has identified city governments such as lasalle, il and frenchsettlement-la as being compromised.