Security

Progress was made Monday in mitigating thousands of SQL-based Web sites injected with malicious Javascript code. However, one security expert says we can expect more such attacks in the near future.

A traditional SQL injection attack allows malicious attackers to execute commands on an application's database by injecting executable code. "What's different about this latest attack is the size and the level of sophistication," said Jeremiah Grossman, CTO of WhiteHat Security.

In the past, attackers have gone after a small niche of the Internet--say travel sites or sports sites--but with this latest attack, attackers have a … Read more

A new contest to be held at this year's DefCon in Las Vegas in August hopes to prove that signature-based antivirus is dead, a move that one leading antivirus researcher says is "not a good idea."

The goal of the Race to Zero is simple: obfuscate a malicious code so that it evades well-known antivirus engines.

Contestants will be given a sample set of viruses and malicious code that they must modify and then upload through the contest portal. Once accepted, the sample will be sent through a number of leading antivirus engines (perhaps using VirusTotal.com … Read more

Users of Microsoft Windows Live OneCare may have found their antivirus protection a little too proactive. Over the weekend, OneCare informed some Skype users that the popular voice-over-IP application was infected with the Trojan Win32/Vundo.gen!D.

Not true, says Skype, which noted that Microsoft has since repaired its overzealous signature file.

On Friday, OneCare subscribers started seeing their access to Skype blocked. Microsoft says it was trying to block a multiple-component family of programs that deliver "out of context" pop-up advertisements, and mistakenly included Skype.

On Tuesday, four days later, it sent out a revised signature … Read more

Once again, criminal hackers are targeting a worldwide event to deposit their malicious software on victims' PCs, according to one security vendor.

Within the last six months, MessageLabs has found at least 13 new Trojan horse programs associated with e-mails bearing subjects such as "The Beijing 2008 Torch Relay" and "National Olympic Committee and Ticket Sales Agents."

The problem is, according to a MessageLabs representative, that the hackers' e-mail messages employ an embedded Microsoft Office database file within the zipped attachment. Microsoft said in a recent security advisory that customers not running Windows Vista or Windows … Read more

Two toolkits designed to help ordinary people participate in denial-of-service attacks against Western media have surfaced on the Internet, according to one researcher.

In a blog Tuesday, Jose Nazario of Arbor Networks says one of the toolkits is easier to use than the other though both are designed for "the masses." This isn't new, and toolkits such as these have been created for other political protests in the past.

AntiCNN.exe was the first of the two tools found on the Internet. Nazario reports that it opens a flood of HTTP connections and attempts to hurt the … Read more

Safari users may be subject to crashes or interactions with an attacker's malicious site, according to a warning posted on Tuesday on BugTraq .

Researcher Juan Pablo Lopez Yacubian is credited with finding multiple vulnerabilities in Apple Safari 3.1.1 for Windows. Other versions of Safari may also be affected.

Among the vulnerabilities cited are a denial-of-service (crash) vulnerability caused by a write-access violation, a denial-of-service (crash) vulnerability caused by a read-access violation, and a third vulnerability that allows attackers to spoof the content contained in the address bar. A full write up can be found here .

In a … Read more

Comparisons between two mass Javascript injection attacks suggest they may be related, according to a security company. The latest attack has compromised various sites including one United Nations and several UK government sites with links to malicious servers.

On Tuesday Websense reported seeing distinct similarities between attacks staged earlier this month and over the weekend. Specifically, they cite the use of the same tool to execute the attack being resident on the malicious server. Last summer various groups used the MPACK toolkit to propagate a similar series of Javascript injections.

Javascript injections are browser attacks and require no more effort … Read more

Although CNN escaped a distributed denial-of-service (DDoS) attack planned for Saturday, the site has experienced either random outages or inflated response times over the last 72 hours, according to one Internet research company.

Netcraft reported Tuesday that during a three-hour period on Sunday morning, the CNN.com site was unavailable from its listening post in Pennsylvania. And on Monday, the site experienced inflated response times. CNN.com did suffer a minor DDoS last Thursday, but recovered by limiting access from certain geographic areas, mainly Asia.

Also on Tuesday, The Dark Visitor, a site that tracks Chinese hackers, said a downloadable … Read more

On Monday, Microsoft released to manufacturers (RTM) the final code for Windows XP SP3. The upgrade provides support for WPA2 and the Peer Name Resolution Protocol (PNRP) used in Windows Vista, among other things. The public version will be available for download via the Web on April 29. Based on our initial installation, the upgrade will be effortless for most Windows XP users.

The last Service Pack for Windows XP, SP2, was released in August 2004. The initial release took some users all night to download and install. The company pushed back the initial public release from June 2004 originally. … Read more