June 17, 2008 1:36 PM PDTPosted by Elinor MillsSecure Computing researchers have discovered a new variant of the DNSChanger Trojan in the wild that attacks routers, meaning any Web surfing computer on that network could be at risk of being redirected to a malicious Web site.The DNSChanger Trojan changes the DNS settings to point to a host Web site address supplied by the attackers, Sven Krasser, director of data mining research at Secure Computing, said in an interview with CNET News.com on Tuesday."Your network is essentially reconfigured to do all the (domain) name resolutions over this malicious name server," he said.The DNSChanger Trojan is able to access all the settings and functions on the router. It only knows about a few popular router Web interface URLs that it can use to change DNS settings at this time, but that is expected to change and more routers will be affected, according to a Secure Computing blog entry.The Trojan is believed to be created by the creators of the family of malware called "Zlob," which masquerades as an ActiveX video codec.
ivan0914 發表在
痞客邦
留言(0)
人氣()
ZDNet新聞專區:Robert Vamosi
2008/06/19 13:06
發佈不到一天,Firefox 3就爆出第一個安全弱點。
ivan0914 發表在
痞客邦
留言(0)
人氣()
文章來源: 中關村在線 2008-06-16
據研究人員報告,一種被稱之為「zlob」(又稱dnschanger)的特洛伊木馬病毒已經被發現,這種病毒可以攻擊受害者的互
聯網路由器,並監控受害人的網絡流量。
研究人員指出,當受害人自己的Windows系統被感染之後,zlob木馬會嘗試猜測路由器的用戶名和密碼組合,如果成功,此木馬會改變受害者路由器的DNS,使所有的網絡流量都可以被監控。
很早之前研究人員就警告說總有一天惡意軟件會威脅到路由器產品,zlob則是首次被發現可以實現此功能的木馬病毒。
ivan0914 發表在
痞客邦
留言(0)
人氣()
緩衝區溢出好比是將十磅的糖放進一個只能裝五磅的容器裡……
堆棧溢出(又稱緩衝區溢出)攻擊是最常用的黑客技術之一。我們知道,UNIX本身以及其上的許多應用程序都是用C語言編寫的,C語言不檢查緩衝區的邊界。在某些情況下,如果用戶輸入的數據長度超過應用程序給定的緩衝區,就會覆蓋其他數據區。這稱作「堆棧溢出或緩衝溢出」。
一般情況下,覆蓋其他數據區的數據是沒有意義的,最多造成應用程序錯誤。但是,如果輸入的數據是經過「黑客」精心設計的,覆蓋堆棧的數據恰恰是黑客的入侵程序代碼,黑客就獲取了程序的控制權。如果該程序恰好是以root運行的,黑客就獲得了root權限,然後他就可以編譯黑客程序、留下入侵後門等,實施進一步地攻擊。按照這種原理進行的黑客入侵就叫做「堆棧溢出攻擊」。
為了便於理解,我們不妨打個比方。緩衝區溢出好比是將十磅的糖放進一個只能裝五磅的容器裡。一旦該容器放滿了,餘下的部分就溢出在櫃檯和地板上,弄得一團糟。由於計算機程序的編寫者寫了一些編碼,但是這些編碼沒有對目的區域或緩衝區——五磅的容器——做適當的檢查,看它們是否夠大,能否完全裝入新的內容——十磅的糖,結果可能造成緩衝區溢出的產生。如果打算被放進新地方的數據不適合,溢得到處都是,該數據也會製造很多麻煩。但是,如果緩衝區僅僅溢出,這只是一個問題。到此時為止,它還沒有破壞性。當糖溢出時,櫃檯被蓋住。可以把糖擦掉或用吸塵器吸走,還櫃檯本來面貌。與之相對的是,當緩衝區溢出時,過剩的信息覆蓋的是計算機內存中以前的內容。除非這些被覆蓋的內容被保存或能夠恢復,否則就會永遠丟失。
在丟失的信息裡有能夠被程序調用的子程序的列表信息,直到緩衝區溢出發生。另外,給那些子程序的信息——參數——也丟失了。這意味著程序不能得到足夠的信息從子程序返回,以完成它的任務。就像一個人步行穿過沙漠。如果他依賴於他的足跡走回頭路,當沙暴來襲抹去了這些痕跡時,他將迷失在沙漠中。這個問題比程序僅僅迷失方向嚴重多了。入侵者用精心編寫的入侵代碼(一種惡意程序)使緩衝區溢出,然後告訴程序依據預設的方法處理緩衝區,並且執行。此時的程序已經完全被入侵者操縱了。
ivan0914 發表在
痞客邦
留言(0)
人氣()
TO SUBSCRIBE, UNSUBSCRIBE, OR CHANGE YOUR SUBSCRIPTION, go to:
http://www.dragonsoft.com.tw/epaper/
DragonSoft (Chinese/English) Vulnerability and Threat Knowledge Base:
http://vdb.dragonsoft.com/
Contents:
ivan0914 發表在
痞客邦
留言(0)
人氣()
常見的木馬所有隱藏啟動方式木馬的最大的特點之一就是它一定是要和系統一起啟動而啟動,否則它就完全失去了意義!!!
方法一:註冊表啟動項:這個大家可能比較熟悉,請大家注意以下的註冊表鍵值:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows
ivan0914 發表在
痞客邦
留言(0)
人氣()
| Secunia Advisory: | SA30573 | |
| Release Date: | 2008-06-10 |
|
| Critical: | 
Less critical |
| Impact: | Cross Site Scripting
|
| Where: | From remote
|
| Solution Status: | Unpatched |
|
| Software: | PHP Image Gallery 1.x
|
|
| | This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released! |
|
ivan0914 發表在
痞客邦
留言(0)
人氣()
| Secunia Advisory: | SA30591 | |
| Release Date: | 2008-06-10 |
|
| Critical: | 
Moderately critical |
| Impact: | Manipulation of data
|
| Where: | From remote
|
| Solution Status: | Vendor Patch |
|
| Software: | Courier Authentication Library 0.x |
ivan0914 發表在
痞客邦
留言(0)
人氣()
Published: 2008-06-09,
Last Updated: 2008-06-09 22:21:51 UTC
by Scott Fendley (Version: 1)
Last month, it was announced that there was a significant issue involving the Psuedo Random Number Generator (PRNG) on Linux distributions derived from Debian or Ubuntu. This issue caused the keys used for secure transmissions via SSL or SSH (and other applications) to be very predictable. If you missed out on these diary entries please see the below URLs.
One of our readers contacted the handler on duty to see if we had seen any reports since then of active attacks concerning this attack vector. The standard SSH port (22/tcp) has been at normal levels for the past several weeks with one exception (on May 27-28) per the data at Dshield.
ivan0914 發表在
痞客邦
留言(0)
人氣()
發佈時間:2008.06.06 05:07 來源:賽迪網 作者:BO
【賽迪網-IT技術報導】隨著計算機及網絡應用的擴展,電腦信息安全所面臨的危險和已造成的損失也在成倍地增長,特別是各種黑客的增多,一些個人用戶也時常遭到不同手段的攻擊,這不得不引起我們的重視。 對於個人用戶來說,除了病毒和木馬,網頁中的隱形代碼也開始嚴重地威脅著我們的安全,但大多數人卻缺乏自我保護意識,對隱形代碼的危害認識不夠,甚至在自己不知情的情況下被別人竊取了重要資料。因為隱形代碼具有比較大的隱蔽性,到目前為止,還沒有什麼病毒防火牆能很好地阻止隱形代碼的攻擊,大多數甚至根本就不能發現。所以我們更應該高度警惕網頁代碼中的隱形殺手。一般來說網頁代碼中的「隱形殺手」大致分為以下幾類:
隱形殺手1 佔用CPU
通過不斷地消耗本機的系統資源,最終導致CPU佔用率高達100%,使計算機不能再處理其他用戶的進程。
「隱形殺手1」代碼的典型惡作劇是通過JavaScript產生一個死循環。這類代碼可以是在有惡意的網站中出現,也可以以郵件附件的形式發給你。現在大多數的郵件客戶端程序都可以自動調用瀏覽器來打開HTM/HTML類型的文件。這樣只要你一打開附件,屏幕上就會出現無數個新開的瀏覽器窗口。最後讓你不得不重新啟動計算機。
ivan0914 發表在
痞客邦
留言(0)
人氣()
Published: 2008-06-07,
Last Updated: 2008-06-07 01:04:58 UTC
by Jim Clausing (Version: 1)
On 28 May, I posted a story asking for your input. Last weekend got busy, so I didn't post the results, but since I had another shift coming up, I figured I'd do it now. I got quite a few responses (my apologies for the length of this diary), but many of them made good points, so I'm going to share them here mostly unedited. So, without further ado....
ivan0914 發表在
痞客邦
留言(0)
人氣()
Posted by
Robert Vamosi 1 comment Microsoft is planning seven security bulletins for its Patch Tuesday this month, the company
announced Thursday. Three of the bulletins are deemed critical by Microsoft, and cover Bluetooth, Internet Explorer, and DirectX. The Internet Explorer bulletin is expected to be cumulative and might include some remediation for the Safari for Windows vulnerability
disclosed last month by Nitesh Dhanjani. Three of the bulletins are termed important, and cover WINS, Active Directory, and PGM. One of the bulletins is considered moderate and covers
kill bits. The bulletins will be released on Tuesday.
資料來源 http://news.cnet.com/8301-10789_3-9959752-57.html?part=rss&subj=news&tag=2547-1009_3-0-20
ivan0914 發表在
痞客邦
留言(0)
人氣()
