Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability

Published: 2010-05-23
Last Updated: 2010-05-23 20:51:37 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
1 comment(s)

SecurityFocus has published Bugtraq ID 39077 vulnerability for Java SE and Java for Business , which allows attackers to remote execute code context of the user running the affected application.

Read the publication here: http://www.securityfocus.com/bid/39077

There is a great blog explaning the technical details. Read it here (by Peter Vreugdenhil): http://bit.ly/aM1J01

The solution is to update java to a non-vulnerable version. Please read http://www.securityfocus.com/bid/39077/info at bottom of the page.

-- Manuel Humberto Santander Peláez  |  http://twitter.com/manuelsantander  |  http://manuel.santander.name

1 comment(s)

e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.

Published: 2010-05-23
Last Updated: 2010-05-23 19:53:08 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
0 comment(s)

There are two public broadcast TV stations at Colombia. We received a report that a e-mail is out there claiming to be from one of the stations and announcing they have the video of Fidel Castro's funeral:

 

The URL points to a UK server and downloads a nasty little malware done in Visual Basic that changes Windows parameters and recolects info from your computer. The trojan used to upload the malware is located on the same directory:

Netshell Screenshot

We encourage Web server admins to keep updated security patch and avoid default configurations on web servers that could allow attackers to upload these kind of files to your webserver. This backdoor is pure php and, as you can see, has a lot of useful options.

Please keep in mind also that clicking URL links inside e-mail is dangerous. Always go to the web server typing yourself the URL.

-- Manuel Humberto Santander Peláez  |  http://twitter.com/manuelsantander  |  http://manuel.santander.name

 

0 comment(s)
Diary Archives