Web2Secure: Web Security Blog

We are non-funded group of security enthusiast who contributes and updates to community with latest security treats. Use and handle whatever links shared within website could be harmful to your systems with own risks. Feel free to use the contents for commercial or non-commercial purposes. We're very appreciating if using our useful information’s to your website by referring back to this original website. Donation or clicking on ads is most welcome to continue maintains costs for this website.

Saturday, June 19, 2010

Rogue Antivirus Spam **20-June-2010

64.213.140.68

akoinav.cn

alalask3.cn

dunhah.cn

fast-systemguard.net

gosearchsecurity.net

mail.foryousite.net

mail.protectedsky.info

mail.sheltercloud.info

mail.thesafeguard.info

pay1.fastantivirpro.com

pay2.windowspcsuite.com

pay2.windowssystemsuite.com

protectedfield.com

relevantwebsearches.com

riwryse.cn

shieldcaskad.info

smart-virus-eliminator.com

taziqow.cn

update2.protectionsuite.net

update2.windows-pcdefender.com

update2.windowsguard-pro.com

update2.windowspc-defender.com

windows-pcdefender.com

www.foryousite.net

www.virusshield-scan.net

www.windowsenterprisedefender.com

www.windowspcdefender.net

ybaezot.cn

91.212.127.19

automaticsecurityscan.com

edscorpor.com

edsctrum.com

edsfiles.com

edsfilles.com

edsletter.com

edslgored.com

edsnewter.com

edsogos.com

edsspectr.com

edstoox.com

ns2.automaticsecurityscan.com

ns2.bigsecurityscan.com

ns2.extendfind.org

ns2.gescansecurity.org

ns2.getcaughtup.org

ns2.panelscansecurity.org

ns2.ridupfind.org

ns2.scanner-manufacturer.com

ns2.scanner-models.com

ns2.scanner-tips.com

ns2.searchjoin.org

ns2.searchmartiup.org

ns2.searchprasup.org

scanner-manufacturer.com

searchmartiup.org

searchprasup.org

searchprodinc.org

www.extendfind.org

www.getcaughtup.org

www.webgetcool.com

91.212.127.18

mail.worldbestsecurity.com

ns1.ridupfind.org

ns1.searchjoin.org

ns1.worldbestsecurity.com

ns2.edscorpor.com

ns2.edsctrum.com

ns2.edsfiles.com

ns2.edsfilles.com

ns2.edsletter.com

ns2.edslgored.com

ns2.edsnewter.com

ns2.edsogos.com

ns2.edsspectr.com

ns2.edstofee.com

ns2.edstoox.com

worldbestsecurity.com

www.worldbestsecurity.com

195.206.246.109

*.antivirus-greatest.com

*.antivirusgreatest.com

*.antivirusgreatesthome.com

*.antivirushot.com

*.antivirushothome.com

*.antivirusjetblast.com

*.antivirusjetcharter.com

*.antivirusjetengines.com

*.antivirusjetpilots.com

*.antivirusjetpump.com

*.antivirusjettech.com

*.antivirusjettoday.com

*.antivirustophome.com

*.clearprotectstore.com

*.desktopantivirusjet.com

*.freeclearprotect.com

*.freeprotectyou.com

*.mybestprotecton.com

*.myclearprotect.com

*.myfirstprotecton.com

*.myonlyprotecton.com

*.myownprotecton.com

*.mysafeprotecton.com

*.myususalprotecton.com

*.newclearprotect.com

*.newprotectyou.com

*.onmyprotection.com

*.protectyoublog.com

*.soft-processor.com

*.software-categories.com

*.software-platform.com

*.usualprotecton.com

*.yearprotecton.com

d8cd98f00.antivirus-greatest.com

freeeuronews.com

hostmaster.antivirus-greatest.com

hostmaster.antivirus-top.com

hostmaster.antivirusbast.com

hostmaster.antivirusgreatest.com

hostmaster.antivirusgreatesthome.com

hostmaster.antivirushot.com

hostmaster.antivirushothome.com

hostmaster.antivirusjetblast.com

hostmaster.antivirusjetcharter.com

hostmaster.antivirusjetengines.com

hostmaster.antivirusjetpilots.com

hostmaster.antivirusjetpump.com

hostmaster.antivirusjettech.com

hostmaster.antivirusjettoday.com

hostmaster.antivirustophome.com

hostmaster.clearprotectstore.com

hostmaster.desktopantivirusjet.com

hostmaster.freeclearprotect.com

hostmaster.freeprotectyou.com

hostmaster.mybestprotecton.com

hostmaster.myclearprotect.com

hostmaster.myfirstprotecton.com

hostmaster.myonlyprotecton.com

hostmaster.myownprotecton.com

hostmaster.mysafeprotecton.com

hostmaster.myususalprotecton.com

hostmaster.newclearprotect.com

hostmaster.newprotectyou.com

hostmaster.onmyprotection.com

hostmaster.protectyoublog.com

hostmaster.protectyouself.com

hostmaster.soft-processor.com

hostmaster.software-categories.com

hostmaster.software-platform.com

hostmaster.usualprotecton.com

hostmaster.yearprotecton.com

neweuronews.com

94.75.216.18

scsf2901.com

txxxsf.com

winsecureservice.com

Thursday, June 17, 2010

Skype 'Extras Manager' Vulnerability Found In The Wild

Reference: http://www.m86security.com/labs/i/Skype-Extras-Manager-Vulnerability-Found-In-The-Wild,trace.1347~.asp

On October 12th, 2009, Skype released an updated version (4.1.0.179) of their popular VoIP client, which fixed an unspecified vulnerability in their plug-in component for Skype called EasyBits Extras Manager. The EasyBits software is intended to protect commercial software, such as plug-ins, from illegal redistribution or unlicensed use.

Given the popularity of Skype, it is no surprise that cybercriminals are finding ways to target the users of the application. In this case, the cybercriminals have enough fodder available to them in the form of a potential vulnerability in the application itself. Vulnerability disclosures are one of the most common ways cybercriminals craft their exploits, including those seen in the exploit kits themselves. In this scenario, our Security Labs team has identified a working exploit in the wild that targets this vulnerability.

Figure 1: Skype exploit code found in the wild.

As illustrated in Figure 1, the malicious code exploits a Skype ActiveX vulnerability using primitive obfuscation techniques in order to bypass Antivirus security solutions. We can confirm this exploit code works successfully against vulnerable Skype installations. Testing this exploit page with VirusTotal, illustrates the dismal results achieved in Figure 2.

Figure 2: Virus Total Results Page.

It is interesting to note that within Skype's own release notes for the security vulnerability, they provide a recommendation to their users to "use virus protection services in case of any problems."

Unfortunately for those users, the virus protection would have failed. However, the core issue here is not the antivirus solution's ability to mitigate this threat, but the fact that the update process remains problematic for many companies. Many users continue to run outdated applications for months, even years, and these old versions continue to be exploited by cybercriminals. Even with the disclosure and security fixes provided by application developers, cybercriminals know that most users rarely update, making it not only easy but beneficial to monitor sites that post disclosures and proof of concept code.

Ask yourself: Do you know what version of Skype you're running?

Reference: http://www.m86security.com/labs/i/Skype-Extras-Manager-Vulnerability-Found-In-The-Wild,trace.1347~.asp

Rogue Antivirus Spam **18-June-2010

119.67.72.138

*.awardpipe.ru

*.batheconomy.ru

*.beliefcat.ru

*.birthbirth.com

*.birthdayhotel.ru

*.blowlist.com

*.blushcools.com

*.brothersbottle.com

*.cheaper-watchs.com

*.cheaperwatchs.com

*.dr-maxx-man.info

*.dropsblow.com

*.dropsrain.com

*.flushbounty.com

*.flushfull.com

*.forcetrain.ru

*.imperialtree.ru

*.lightgrape.ru

*.maxedman.info

*.oceanshort.com

*.platelap.com

*.printgound.com

*.raintask.com

*.sonrainbow.ru

*.sourcesocket.com

*.trackcart.com

*.uecawsnr.cn

*.villainmist.ru

*.warmlamp.com

7zh.uecawsnr.cn

admin.awardpipe.ru

admin.batheconomy.ru

admin.beliefcat.ru

admin.birthbirth.com

admin.birthdayhotel.ru

admin.blushcools.com

admin.brothersbottle.com

admin.cheaper-watchs.com

admin.cheaperwatchs.com

admin.dr-maxx-man.info

admin.dropsblow.com

admin.dropsrain.com

admin.flushbounty.com

admin.flushfull.com

admin.forcetrain.ru

admin.imperialtree.ru

admin.lightgrape.ru

admin.maxedman.info

admin.oceanshort.com

admin.platelap.com

admin.printgound.com

admin.raintask.com

admin.sonrainbow.ru

admin.sourcesocket.com

admin.trackcart.com

admin.villainmist.ru

admin.warmlamp.com

awardpipe.ru

batheconomy.ru

beliefcat.ru

birthbirth.com

birthdayhotel.ru

blowlist.com

brothersbottle.com

cheaper-watchs.com

cheaperwatchs.com

clickrich.ru

cqqek7g.acesaicb.cn

dr-maxx-man.info

dropsrain.com

flushbounty.com

flushfull.com

forcetrain.ru

getripped.warmlamp.com

imperialtree.ru

maxedman.info

oceanshort.com

onefree.birthbirth.com

platelap.com

printgound.com

raintask.com

sailhope.ru

sourcesocket.com

trackcart.com

uecawsnr.cn

villainmist.ru

warmlamp.com

www.dropsrain.com

74.118.192.25

ns1.additional-guard.com

ns1.bestpcprotection.net

ns1.cleanup-antivirus.com

ns1.cleanvir-onmypc.net

ns1.dospeed-scan.com

ns1.fastzonescan-now.com

ns1.fsalfibored.com

ns1.goodguardz.com

ns1.holdonyourzonescan.net

ns1.korn89.com

ns1.letmeguard-yourzone.com

ns1.liveguardfor-data.net

ns1.mypcdefender.net

ns1.ondeep-cleanatpc.net

ns1.onlinecheck-andscanpc.com

ns1.plotguardformypc.net

ns1.protect-zone.com

ns1.scan-for-pc.net

ns1.toscan-yourpcnow.net

ns1.vircuremy-pcnow.com

74.118.192.24

ns1.advanceddefender-pc.com

ns1.best-pcdefender.com

ns1.check44cirs.net

ns1.cleanpayzone.com

ns1.gameattraction.net

ns1.hot-cleanofyourpc.com

ns1.nat67go4it.net

ns1.scaner-pc.com

ns1.securitymasterav.com

ns1.smartguard20-td.com

ns1.system-scanner.com

ns1.use-cleanatyoursys.net

74.118.192.26

ns1.exodus150.net

ns1.hot-cleanofyourpc.net

ns1.mysoftprotect4.net

ns1.newsystem-guard.in

ns1.pcliveguard.com

ns1.protectedsystem.in

ns1.protectzone.net

ns1.systemdefender.in

ns1.systemscan-check.net

ns1.youcanbesureforsafe.net

74.118.192.20

ns1.analys-thread.com

ns1.cramsboom.net

ns1.hot50bull.com

ns1.myownguardian.net

ns1.mysecurityland.com

ns1.protectionsuite.net

ns1.sdaf65dsfu87sd.com

ns1.systemmupdates.com

ns1.systemprotection-zone.com

ns1.upcleanyourpcnow.com

ns1.vircheckpc.com

66.45.246.155

analtake.com

dogusarts.com

dreamartsonline.com

floraarts.net

great-blue-tube.com

great-tube-palace.com

greatvintagearts.com

green-real-tube.com

marina-tube.com

movie-film-tube.com

photoartsdirect.com

superartscenter.com

tube-portal-2010.com

world-tube-2009.com

www.159666.com

174.120.63.155

acrobat-reader-2010.com

acrobat-reader-update.com

actitudusa.com

adjustabledumbellsguide.info

affiliatesincome.info

auto-sales-leads.info

autopilotincome.info

babybathseat.info

babytubs.info

beatmakingprogram.com

bestxanax.com

blogntech.com

bodyfatmonitorsguide.info

breastenlargementpillguide.info

buildingawindgenerator.com

buildyourfirstwebsite.net

business-seo-services.com

cildir.info

clickingfrenzypromotions.com

coloncleansingproductsguide.info

curinghemroids.com

currencyexchangechicagoil.com

derelickt.info

dgpad.com

digitalcookingthermometer.info

discountedauthentichandbags.com

duggus.com

e-mar.org

f6heartratemonitor.info

fatburneronline.info

gps-golf.net

greenteaweightlossguide.info

gsmofwny.org

handweight.info

heartratemonitorstrapless.info

helpfortroubledmarriage.com

hotrodpartsworld.com

howtojumphigherinbasketball.com

ideas-to-make-money.info

kimballlawrencece.com

krilloilsupplements.info

lawrenceashlandce.com

macplace.net

make-easy-cash.info

make-money-doing-nothing.info

marketing-automation-site.com

massagingcushion.info

memetyucel.com

morethaninsurance.info

mybestweightlosspills.info

myboxedbusiness.com

myflixreview.com

myhydroseedingstore.com

mysticmindsgathering.com

newbieincome.info

nglbattles.com

nglpro.net

percussionmassager.info

periodicgamer.com

pilatesyogamat.info

plansforshed.com

pollymartini.com

premium-seo-articles.com

progesteronecreamonline.info

proteinbarsguide.info

proteinshakesonline.info

purefishoil.info

replacementbrushheads.info

ronevo.com

shadowblackdog.com

sleepingmasksguide.info

surewaychem.com

symigallery.com

testosteronebooster.info

thelemontreesite.com

turkceturk.com

weightlossteaonline.info

www.dgpad.com

www.e-mar.org

xboxgl.com

xmasgiftideasguide.com

yogamatbagguide.info

yogatowel.info

84.22.98.19

2010-pdfpro.com

2010pdfpro.com

a84-22-98-19.cb3rob.net

download-2010-version.com

latest-2010-version.com

live-2010-football.com

members-site-online.com

membersareask.com

new-online-version.com

pdf-new-2010.com

pdf-new2010.com

pdf-pro-now.com

pdfnew-2010.com

safegateway-id.com

1.1.1.1

18sui.net

5991.com

5991.net

5portpwpwpw123.afraid.org

91tg.net

abraxasabstract.com

arservice.net

artspecialty.net

back-ns.de

bdlly.net

bedekbayit.co.il

besttoolsonline.com

blackhole.roccoc.net

blackholemedia.net

brandloyalty.de

broadmeade.net

builderspreferredmortgage.net

builderspreferredmtg.net

burbridgerealty.net

campjordan.net

corofinswiss.com

cosmos-of-ideas.net

csmv.qc.ca

customfurniturestudio.com

dancehookup.com

deborahyoung.net

devcell.com

djye.net

drehgeber.net

druekerco.net

engineering-joy.net

esuissefund.com

extremefrog.net

fake1.liscon.com

fd0.net

findcancerexperts.com

finitezero.net

flevodruk.com

fptraders.com

franken-connect.net

freespiritaero.net

global-encoder.net

globalencoder.net

goofymail.stipowered.com

green702.com

haodian.net

highlanderequipment.com

hillari.net

hualei.online.sh.cn

huongloc.com

indobetonline.com

indusensor.net

industrial-encoder.net

innovation-fighters.net

innovationfighters.net

inwto.net

jannickgroup.com

kio.kz

lovelands.net

mail.newtimescargo.com

mail2.gargox.com

mail2.klingler.net

mapaj.net

mars.dnsdc7.com

mein-expert-office.net

mein-express-office.net

mein-xpert-office.net

mein-xpress-office.net

meinexpertoffice.net

meinexpressoffice.net

meinxpertoffice.net

meinxpressoffice.net

meivert.net

mx1.schottdorf-it.de

mx2.autoanoleggio.com

my-expert-office.net

my-express-office.net

my-xpert-office.net

my-xpress-office.net

myexpertoffice.net

myexpressoffice.net

myipservice.com

myxpertoffice.net

myxpressoffice.net

n2ngw.nyser.net

novatitlellc.com

nowhere.ce2l.net

nowhere.lucky.pitux.allnet.fr

nsasex.net

s-tassociates.com

schottdorf-it.de

searchltc.net

server.no

sightholder.net

sink.nosense.org

skybus.com

sm555.com

smoking-airline.net

smoothj.net

smtpbogus.asia1.com.sg

stockwood.us

stonepost.net

supportcvtest.com

test.interland.net

thaiha.net

theglassmithshop.com

thoo.net

topmediasystem.com

trucking123.com

ufosthetruth.com

ultrajazz.net

uncnet.net

visionaryretailer.net

widecomputer.net

wlan-controller-1.hivolda.no

wlan-gw.kymp.net

wlc.dir.garr.it

www.back-ns.de

www.etechdata.com.au

www.jason314.com

xpress-office.net

xpressdesktop.net

94.23.1.180

kagor.xorg.pl

truesafe39-pd.xorg.pl

www.xorg.pl

www2.truesafe39-pd.xorg.pl

xorg.pl

87.194.123.116

*.alesolo.ru

*.discount-bestwatches.com

*.drugshops24.com

*.fablips.ru

*.pharmacy-magazine.com

*.watchatlowprice.com

87-194-123-116.bethere.co.uk

cheapdrug-shop.com

discount-bestwatches.com

drugshops24.com

fablips.ru

filmsell.ru

watchatlowprice.com

220.112.35.82

gulfcoastnews9.com

gulfcoastnewsonline.com

www.gulfcoastnews9.com

91.207.192.25

securitymasterav.com

update2.savecompnow.com

update2.xorg.pl

94.102.63.61

bestnewpayment.com

pay2.additionalguard.net

pay2.windowsenterprisesuite.com

safetypayment.net

systemmdefender.com

systemonlinepayment.com

your-securepayment.com

94.102.63.67

additionalguard.net

mysecuritywall.com

pay2.pcliveguard.com

securityantivirus.net

smartmechanic.net

update1.windowsenterprisesuite.net

67.215.238.189

marfilks.net

89.248.160.161

*.nat67go4it.net

big100gun.com

garu58pik.com

lag22bull.net

nat67go4it.net

www1.nat67go4it.net

93.186.124.94

goodguardz.com

report.goodguardz.com

update2.winsystemupdates.xorg.pl

89.248.160.162

*.be-gin57ng.net

*.cas84nd6.in

*.erta49ng7.in

*.gasalink5.in

*.opensearch-zone.net

admin.opensearch-zone.net

be-gin57ng.com

be-gin57ng.net

hostmaster.cas84nd6.in

hostmaster.erta49ng7.in

hostmaster.gasalink5.in

lag22bull.com

lag50bull.com

opensearch-zone.net

pc-computer22.com

www1.cas84nd6.in

www1.gasalink5.in

www3.opensearch-zone.net

94.102.63.62

pay1.enterprisedefender.net

safety-payment.net

windowsadditionalguard.net

windowsenterprisesuite.net

209.212.147.241

*.freesys-scanner.net

protect-zone.com

secure1.protect-zone.com

www1.freesys-scanner.net

64.86.25.202

aqidohy.cn

as34as.com

clfhealingriver.org

freeforfan.net

graves111.com

iryixag.cn

kostinporest.com

mail.myairsecurity.info

mariaclara6.cn

mariaclara8.cn

registr100.com

www.fastsecurety.cn

yoriksli.net

74.118.192.25

ns1.additional-guard.com

ns1.bestpcprotection.net

ns1.cleanup-antivirus.com

ns1.cleanvir-onmypc.net

ns1.dospeed-scan.com

ns1.fastzonescan-now.com

ns1.fsalfibored.com

ns1.goodguardz.com

ns1.holdonyourzonescan.net

ns1.korn89.com

ns1.letmeguard-yourzone.com

ns1.liveguardfor-data.net

ns1.mypcdefender.net

ns1.ondeep-cleanatpc.net

ns1.onlinecheck-andscanpc.com

ns1.plotguardformypc.net

ns1.protect-zone.com

ns1.scan-for-pc.net

ns1.toscan-yourpcnow.net

ns1.vircuremy-pcnow.com

93.174.92.212

ns2.additional-guard.com

ns2.antivirusfilter-zone.com

ns2.bestpcdefender.com

ns2.cleanup-antivirus.com

ns2.cosmoset.net

ns2.doremisan7.net

ns2.duteronomy22.com

ns2.exodus130.com

ns2.fastzone-scannow.net

ns2.free-guard.net

ns2.freecitytour.net

ns2.fsalfibored.com

ns2.goodguardz.com

ns2.guardinfo.net

ns2.guardsearch.net

ns2.hot-cleanofyourpc.net

ns2.let-meguardyourpc.net

ns2.liveguardfor-data.net

ns2.myprotected-zone.com

ns2.mysecurityzone.net

ns2.mysoftprotect4.net

ns2.mysystemshield.net

ns2.newpc-scanner.net

ns2.onguard-zone.com

ns2.open-zoneguard.net

ns2.protectedfield.in

ns2.protectzone.net

ns2.rumba200.com

ns2.safetypayments.net

ns2.save-secure.com

ns2.scan-secure.com

ns2.scan-virus.net

ns2.search-out.net

ns2.search-scansystem.com

ns2.security-field.com

ns2.system-guard.net

ns2.systemguard-zone.com

ns2.systemonlinepayment.com

ns2.systemprotected.net

ns2.systemscan-secure.net

ns2.townjourney.com

ns2.trustsystem-protection.com

ns2.windowsguard-pro.com

ns2.windowspc-defender.com

ns2.windowsprotection-suite.net

ns2.winprotectionsuite.com

ns2.winsecuritysuite-pro.com

94.228.209.222

update2.additionalguard.net

64.213.140.69

abicoym.cn

adaryje.cn

ajyiqop.cn

fastsystem-guard.com

mail.windowssystemsuite.com

shieldsystem.net

update1.smartmechanic.net

update2.mysecurity-suite.com

update2.ultimaguard.com

update2.windows-protectionsuite.net

update2.windowspcdefender.net

update2.windowssystemsuite.com

windowsguardsuite.com

www.virussweeper-scan.net

www.windowssystemsuite.com

zydfaqe.cn

64.86.16.18

ns1.101name.net

ns1.alphabet10.com

ns1.casabl10.net

ns1.cosmoset.net

ns1.entertainticket.com

ns1.fast-scanandprotect.net

ns1.fast-searchprotection.net

ns1.fastscan-search.com

ns1.fastscanandprotect.com

ns1.fastsystem-guard.com

ns1.gavaring1.net

ns1.go-scansystem.net

ns1.gosearchguard.net

ns1.graves111.com

ns1.itgosearch.net

ns1.lending10.com

ns1.mmdmm.net

ns1.my-newprotection.net

ns1.my-protectedsystem.com

ns1.my-securityzone.com

ns1.myprotected-zone.net

ns1.mysystemprotection.com

ns1.mysystemshield.net

ns1.myvirusscanner.net

ns1.onlineguardgo.com

ns1.onlinesystemscan.com

ns1.ptotectmy-system.net

ns1.safetysystem-guard.net

ns1.safetysystem-shield.net

ns1.scan-secure.com

ns1.scansystem-online.net

ns1.search-scansystem.net

ns1.security-field.com

ns1.trust-systemprotection.com

ns1.windows-protectonline.com

ns1.windowspcdefender.net

93.174.92.215

ns2.10gala.com

ns2.abc10.net

ns2.bestpc-defender.net

ns2.champions100.net

ns2.dofastscannow.net

ns2.fast-systemguard.net

ns2.fast-zonescannow.net

ns2.fastprotection.net

ns2.fastscan-protection.net

ns2.fastscan-search.com

ns2.furtydwq.net

ns2.guardmyzone.com

ns2.guardzone-sys.com

ns2.hot2009.net

ns2.itgosearch.net

ns2.iwill-checkit.net

ns2.mustscan-zonenow.net

ns2.my-protectedzone.net

ns2.my-securityzone.com

ns2.myprotected-system.net

ns2.mysecurityland.com

ns2.new-pc-protection.com

ns2.newsystemdefender.com

ns2.online-pcscanner.net

ns2.onlineguardgo.com

ns2.payment-safety.net

ns2.protect-zone.com

ns2.protectsys-zone.net

ns2.scanonline-protect.com

ns2.scansystem-online.com

ns2.seaharbor.net

ns2.search-systemprotect.com

ns2.searchdefender.net

ns2.secure-pcprotection.com

ns2.secure-systemguard.net

ns2.supertrips.net

ns2.system-guard.com

ns2.to-scanyourpcnow.com

ns2.ultimaguard.com

ns2.useguard.com

ns2.webssearch.net

ns2.windows-protectonline.com

ns2.windowsenterprisesuite.com

publicpub.net

210.56.53.125

seaharbor.net

Others:

pro-scanner.com

Tuesday, June 8, 2010

Adobe Zero-Day Exploit Flash/Acrobat CVE-2010-1297

Adobe announced a new 0-day vulnerability in Flash, Adobe Reader and Adobe Acrobat over the weekend. The vulnerability lies in how Flash and Adobe Reader/Acrobat handles a specially formatted SWF file and the attacker can use this to automatically execute malware on the machine when the user just visits a website or opens up a PDF file.

Affected Software versions

Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris

Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX

Temporarily Solution

Adobe Reader and Acrobat - Windows

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader 9.x and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader 9.x and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

Reference:http://community.websense.com/blogs/securitylabs/archive/2010/06/07/adobe-0-day-vulnerability-in-flash-adobe-reader-and-acrobat-cve-2010-1297.aspx

Exploit Sample:

http://www.mediafire.com/?qmkzymoooyw

http://jsunpack.jeek.org/dec/go?report=7fca0277b807433a437553113bf702160ccb365e

Thursday, June 3, 2010

MonkeyWrench Tool Introduced at Caro 2010

Caro 2010 held at Helsinki just over for few days, lots of the good presenter and slides were shared in public and some don't.

One of the web tool that wanna shared here is Armin Büscher (Presenter) from G Data introduced very interesting free web service called MonkeyWrench.

MonkeyWrench is a free web tool that capable to analysis malicious web attacks automatically. It actually is a hybrid honeypot that combined with low-interaction and high-interaction features. At moment, MonkeyWrench Beta version have ability to detect

- Vulnerability modules

- Shellcode

- Heapspray/NOP-Sleds

- AV signatures

Others few future features will be add to the system soon.

- PDF analysis

- Shellcode sandbox

- Flash module

Presentation Slide: PDF

MonkeyWrench Website: http://monkeywrench.de/

Pages