Morbid SPAM
June 26th, 2009
Well it was only a few hours after the death of Michael Jackson and we started seeing the first SPAM taking advantage of the subject. Be aware of any unsolicited e-mail messages that claim to have pictures or information relating to the recent deaths of Michael Jackson, Farrah Fawcett, or even Ed McMahon.
Adobe Acrobat 0-Day Exploit in the Wild
February 20th, 2009
The Shadowserver Foundation is reporting a new 0-day exploit in Adobe Acrobat Reader is in the wild.
The Shadowserver Foundation has recently become aware of a very severe vulnerability in Adobe Acrobat affecting versions 8.x and 9 that is currently on the loose in the wild and being actively exploited. We are aware of several different variations of this attack, however, we were provided with a sample last week in which we were permitted to analyze and detail in this post. We want to make it clear that we did not discover this vulnerability and are only posting this information to make sure others are aware and can adequately protect themselves. All of our testing was done on Adobe Acrobat Reader 8.1.0, 8.1.1, 8.1.2, 8.1.3 (latest release of 8), and 9.0.0 (latest release of 9).
The defense to this exploit is the disabling of javascript within your Adobe Acrobat products.
I suggest you review their write up for more information.
UPDATE: Adobe has confirmed the vulnerability in Adobe Reader and Acrobat Version 9 and earlier. However a patch will not be released until March 11. Read Adobe’s advisory here.
Botnet Recruitment Methods
February 19th, 2009
Botnets are continuing to increase in number, even after the takedown of McColo late last year.
Tom Olzak has a interesting article on ZDnet about how bot herders continue to recruit new additions to their botnets.
What I found interesting was the statistics that he quoted from an article by Richard Adhikari on Internet.com
Spam and pharming for bots feed each other. Bots send spam and many spam messages help recruit. And spam is on the rise as a percentage of the global message total.
According to Adhikari’s article, the percentage of e-mail messages identified as spam has grown from 72 percent in the fourth quarter of 2008 to 85 percent in January (about 150 billion messages), with no signs of slowing.
So much of this spam is intended to increase the size of botnets, which increases the amount of spam, which increases the size of botnets, ad infinitum.
These numbers alone should be a wake-up call for organizations that refuse to implement even the most commonsense defensive measures, such as blocking spam, security awareness education, and egress filtering on the firewall. These measure should be implemented along with those mentioned in the article.
Preventive measures are well known but often not implemented, including:
* DO NOT allow users to log in as local administrators. At the very least, limit their system access when accessing the Internet. (See Use DropMyRights to protect systems from admin users.)
* Filter Web site access. If you don’t have the budget to pay for this, OpenDNS is a great way to provide this function.
* Ensure your DNS services are patched and security configured. If you don’t host your own service, check for vulnerabilities with free services like the DNS Nameserver Spoofability Test. If vulnerabilities exist, work with your vendor to fix them. If necessary, switch to a service more attentive to your network’s security.
I suggest everyone read the full article here.