"Luigi Auriemma" has posted an interesting series of SCADA vulnerabilities to the bugtraq security list this morning. From his email "The following are almost all the vulnerabilities I found for a quick experiment some months ago in certain well known server-side SCADA softwares still vulnerable in this moment. In case someone doesn't...
Twitter XSS worm
An XSS worm has hit twitter this morning and appears to have affected hundreds of thousands of users. Sophos has a good technical writeup at http://www.sophos.com/blogs/gc/g/2010/09/21/twitter-onmouseover-security-flaw-widely-exploited/ ARSTechnica has some coverage about Magnus Holm, the author of the worm. http://arstechnica.com/security/news/2010/09/twitter-worms-spread-quickly-thanks-to-blatant-security-flaw.ars I'll update this post once a more accurate count of affected users is...
CGISecurity.com Turns 10!: A short appsec history of the last decade
Ten years ago today I started cgisecurity.com to fill a void in the application security space. At the time no other dedicated site existed, neither OWASP nor WASC had been created, and the www-mobile list was effectively the only place to discuss web related vulns and attacks . When I first started...
Reddit XSS worm spreads
UPDATE: Reddit has posted a blog entry at http://blog.reddit.com/2009/09/we-had-some-bugs-and-it-hurt-us.html addressing this. "Popular social news website Reddit has stopped the spread of a cross-site scripting (XSS) worm that hit the site on Monday. The XSS worm spread via comments on the site, originally from the account of a user called xssfinder. Reddit failed...
FBI CIPAV Spyware Snaring Extortionists and Hackers for Years
"A sophisticated FBI-produced spyware program has played a crucial behind-the-scenes role in federal investigations into extortion plots, terrorist threats and hacker attacks in cases stretching back at least seven years, newly declassified documents show. First reported by Wired.com, the software, called a "computer and internet protocol address verifier," or CIPAV, is designed...
Twitter response to xss worm attack
Twitter has posted an entry on it's xss worm issues this weekend. "On a weekend normally reserved for bunnies, a worm took center stage. A computer worm is a self-replicating computer program sometimes introduced by folks with malicious intent to do some harm to a network. Please note that no passwords, phone...
Two XSS Worms Slam Twitter
UPDATE: F-Secure has posted more detailed information. "Some 24 hours after a worm spread advertising on Twitter, the popular social networking website, a second worm emerged on Sunday. Both worms appear to be created by Mikeyy Mooney, a 17-year-old from Brooklyn, New York. The first worm emerged on Saturday when Twitter profiles...
March Madness-related SEO Poisoning Leads To Rogue AV
"With only a few days left before the tournament starts, if a user searches for popular March Madness-related terms in Google, malicious URLs as high as the first result are returned. Search terms that currently exist within the Top 10 of Google's Hot Trends (the most popular search results) return these malicious...
Malware installing rogue DHCP server
Sans published an entry about a new piece of malware that installs a rogue DHCP server that specifies a rogue DNS server, presumably for phishing and malware deployment. I wouldn't be surprised if this concept is fairly old but it appears to be the first time a common piece of malware is...
MS08-067 Worm on the Loose
Dshield has published a report of a new MS08-067 worm spreading. "It does various things to install and hide itself on the infected computer. It removes any System Restore points that the user has set and disables the Windows Update Service. It looks for ADMIN$ shares on the local network and tries...
Microsoft to offer free Antivirus
"Microsoft on Tuesday said it plans to kill off its Windows Live OneCare subscription security service in favor of a free offering that will feature a core of essential anti-malware tools while excluding peripheral services, such as PC tune up programs, found in OneCare. The move could help the software maker extend...
Good Worms Are a Bad Idea
"Some bad ideas seem to live on forever. One of the big ones in computers is to use hacker tactics to perform white-hat operations on an Internet scale. The classic example of this is the "good worm" idea: a worm that spreads among computers to improve their security. There have been attempts...
Orkut Worm v2.0
"The Scrapkut worm uses active code injection to spread between victims and their friends on Orkut. The malicious code appears on a victim’s scrapbook, containing a link to a supposed YouTube video. People who click on the link are redirected to an external site hosting malware that's disguised as a Flash upgrade....
Mystery web infection grows, but cause remains elusive
"Five days ago, we wrote about the infection of several hundred websites that was unlike anything seasoned researchers had seen before. Mary Landesman, a cyber gumshoe who first brought it to public attention, asked for help from other security pros in figuring out how the unusual new technique worked. And help is...
Orkut XSS worm in the wild
According to ISC orkut has been striken with a persistant XSS worm via the user profiles. Will be updating this as new information breaks so stay tuned! So far no news at the orkut blog UPDATE A few news articles have started to pop up regarding this. "Google's Orkut social networking site...
Google Wants Your Help to Fight Malware
"Google has created one of the most powerful search tools in the history of Web humanity. One of its goals along the way was to archive all of human knowledge. Another was to not be evil. But the company discovered that at the intersection of archiving all human knowledge and not being...
Yahoo accidentally dishes out trojans via banner ads
"An ad company that Yahoo owns, Right Media, served up some particular advertisements several million times that ended up being loaded with Trojans. These ads, while all over the Internet, were most prominently featured on MySpace and PhotoBucket – not shady warez sites. The issues began last month, and according to ScanSafe...
XSS cross webmail worm
Rosario Valotta writes in to tell us "I realized a PoC of what I define a XWW - Cross webmail worm, based on exploitation of XSS vulnerabilities. Detailed informations and a video can be found at: http://rosario.valotta.googlepages.com/home" Article Link: http://rosario.valotta.googlepages.com/home
MySpace superworm creator sentenced to probation, community service
"The man responsible for unleashing what is believed to be the first self-propagating cross-site scripting worm has pleaded guilty in Los Angeles Superior Court to charges stemming from his most infamous hacking. Samy Kamkar, who was 19 when he unleashed the attack on MySpace.com in October 2005, was sentenced to three years...
Worms Get Smarter
"The recent wave of Web worms on MySpace and other social networking sites represent a new generation of more sophisticated worms -- ones that employ the pervasive cross-site scripting (XSS) flaws found on many Websites. Early worms were more for wreaking havoc and proof-of-concept purposes (think Code Red and Melissa), but the...
Happy Birthday Internet Worms
"The Morris worm or Internet worm was one of the first computer worms distributed via the Internet; it is considered the first worm and was certainly the first to gain significant mainstream media attention. It was written by a student at Cornell University, Robert Tappan Morris, and launched on November 2, 1988...
Malware Search Engine
"The new Malware Search engine provides a Web interface that allows anyone to enter the name of a known virus or Trojan and find Google results for Web sites hosting malicious executables. The release of the search engine was motivated in part by a recent announcement by Websense Security Labs, of San...
JavaScript worm targets Yahoo!
"A JavaScript worm that takes advantage of an unpatched vulnerability in Yahoo!'s webmail service has been discovered on the net. The JS-Yamanner worm spreads when a Windows user accesses Yahoo! Mail to open an email sent by the worm. The attack works because of a vulnerability in Yahoo! Mail that enables scripts...
Good worms back on the agenda
"A researcher has reopened the subject of beneficial worms, arguing that the capabilities of self-spreading code could perform better penetration testing inside networks, turning vulnerable systems into distributed scanners. The worms, dubbed nematodes after the parasitic worm used to kill pests in gardens, could give security administrators the ability to scan machines...
Misunderstanding Javascript injection: A paper on web application abuse via Javascript injection
UPDATED: 1/30/06 Response from Author "Just to inform you that the malicious code mentioned to you was actually partly research for the paper. If you take a look at the latest version (with lynx if you like), I now refer to the clipboard issue in issue 3 (this was introduced in 1.2.0...
RSS malware plague predicted for 2006
"The fast growing popularity of RSS (really simple syndication) means that the technology will pose increasingly significant problems for IT security professionals this year, new research has warned. ScanSafe's latest web security report notes an explosive growth in the use of RSS feeds to pull updated content via HTTP and XML rather...
Malware Future Trends
Dancho Danchev has written an article outlining a few malware trend predictions that is worth checking out. If you're into that sort of thing I wrote an article on web Application Worms that you may also wish to check out. Article Link: http://www.astalavista.com/media/archive1/files/malwaretrends.pdf
Trojan Horse Program Targetting Adsense
Apparently people are uploading malware to users computers in order to modify ads displayed on websites they visit with their own ad. "Techshout.com reports that a new, deceptive Trojan Horse program has surfaced. The program is engineered to produce fake Google ads that are formatted to look like legitimate ones. The ads...
PHP Worm in the Wild
"Virus writers have created a Linux worm which uses a recently discovered vulnerability in XML-RPC for PHP, a popular open source component used in many applications, to attack vulnerable systems." - The Register Article Link http://www.theregister.co.uk/2005/11/07/linux_worm/
Code Red Part 3: Backdooring your IIS machine
Yet another variant of Code Red worm has come out that not only exploits you but backdoors your webserver. It creates a file called root.exe which is really a copy of your cmd.exe file. This will allow a attacker to execute commands on your machine with complete control. This can also allow...
The Worm that won't die
Well as everyone knows Code Red Worm is one busy worm. It seems to be so busy in fact that it managed to this site over 40 times in less then 2 days. Originally we got hit roughly 30 times. Proof enough you need to keep your systems patched and up to...
New worm makes its rounds...
The new internet worm Called "The Red Worm" is exploiting a well known Microsoft hole. It just started hitting my machine today and I figured some people may appreciate logs so they know what to look for. A log is located below w0rm.txt Original advisory on the hole it uses is located...