'Twas the night before Christmas, when all through the house Not a creature was stirring, not even a mouse.
Maybe no mice, but if the internet is on, plenty of things are flowing.
First, reports of a few million break and enter in
On a packet note:
Cheat Trojan
Robert reported that a friend downloaded a Battlefield cheat which proceeded to infect his system. We'll be having a look at that one.
Webmin
Gordon has reported that he is seeing some packets with flags (CWR ECE) set, going towards webmin ports. There was a new release back on the 28th of November, but currently no reported vulnerabilities.
Port 855/2967
Port 8555 and 2967 activity has tapered off (for the moment). This specific instance we were looking at looks like a variation of the SAV activity of recent weeks. If your corporate AV is not yet up to date (that is software, not just patterns) then you may still be vulnerable. The timing of this was exquisite, just the few days of the year on which corporate types would be on the net and checking emails, finishing off that last report etc.
Spam in AU has tapered off a little as well over the last day or two. One or two readers have reported similar results in their region. Everybody probably has already bought their, medicine, extensions, reductions, software and penny stock for the year. Maybe with the January sales it will start ramping up again.
Careful with the seasonal attachments!
- Christmas.exe
- Christmas+Blessing-4.ppt
- Christmas_Puzzle.exe
- ...
| Vendor | Version | Result |
|---|---|---|
| AntiVir | 7.3.0.21 12.23.2006 | EXP/PPT.Dropper.Gen |
| Authentium | 4.93.8 12.22.2006 | no virus found |
| Avast | 4.7.892.0 12.21.2006 | no virus found |
| AVG 386 | 12.23.2006 | no virus found |
| BitDefender | 7.2 12.23.2006 | no virus found |
| CAT-QuickHeal | 8.00 12.23.2006 | no virus found |
| ClamAV | devel-20060426 12.23.2006 | no virus found |
| DrWeb | 4.33 12.23.2006 | no virus found |
| eSafe | 7.0.14.0 12.23.2006 | no virus found |
| eTrust-InoculateIT | 23.73.97 12.23.2006 | no virus found |
| eTrust-Vet | 30.3.3271 12.23.2006 | PP97M/MS06-012!exploit |
| Ewido | 4.0 12.23.2006 | no virus found |
| Fortinet | 2.82.0.0 12.23.2006 | no virus found |
| F-Prot | 3.16f 12.22.2006 | no virus found |
| F-Prot4 | 4.2.1.29 12.22.2006 | no virus found |
| Ikarus | T3.1.0.27 12.23.2006 | no virus found |
| Kaspersky | 4.0.2.24 12.23.2006 | no virus found |
| McAfee | 4925 12.22.2006 | no virus found |
| Microsoft | 1.1904 12.23.2006 | no virus found |
| NOD32v2 | 1936 12.23.2006 | no virus found |
| Norman | 5.80.02 12.22.2006 | no virus found |
| Panda | 9.0.0.4 12.23.2006 | no virus found |
| Prevx1 | V2 12.23.2006 | no virus found |
| Sophos | 4.12.0 12.22.2006 | no virus found |
| Sunbelt | 2.2.907.0 12.18.2006 | no virus found |
| TheHacker | 6.0.3.135 12.20.2006 | no virus found |
| UNA | 1.83 12.22.2006 | no virus found |
| VBA32 | 3.11.1 12.23.2006 | no virus found |
With thanks to Michael for sending in the powerpoint sample.
The abuse of the season greeting habit by the bad guys isn't somthing new. We warned about it last year (Dec 2005) already. It's still just as a valid as it was then.
--
Swa Frantzen -- Section 66
phpBB 2.0.22 - upgrade time
- Check for the avatar upload directory reinforced
- Changes to the criteria for "bad" redirection targets
- Fixed a non-persistent XSS issue in private messaging
- Fixing possible negative start parameter
- Added session checks to various forms
Don't forget to upgrade both the files and run the script as well as applying the patch to the subSilver template in any derived template you might have.
--
Swa Frantzen -- Section 66
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago