On Tue, 10 Oct 2006 10:33:07 +0100, Roy Schestowitz wrote:
> Software vulnerabilities higher than last year already
>
> ,----[ Quote ]
> | The number of new software security vulnerabilities identified by
> | security experts, hackers and others during the first eight months of
> | this year has already exceeded the total recorded for all of 2005,
> | according to Internet Security Systems.
> `----
>
> http://www.linuxworld.com.au/index.php?id=116770232&rid=-50
>
> From the article...
>
> A calendar of the most vulnerable application vendors each month through
> August is as follows:
>
> January: Oracle (89); Microsoft (12); BEA Systems (12); IBM Lotus (11);
> ...
>
> February: Microsoft (29); Linux kernel (14); Mozilla (12); IBM (11); myBB
> (9)
>
> March: Microsoft (18); Linux kernel (14); Mac OS X (14); Mantis (6) ...
>
> April: Oracle (36); Ethereal (27); Mozilla (26); Microsoft (20); Apple
> (9)
>
> May: Apple (32); Microsoft (13); BEA (11); Linux kernel (10); IBM (9)
>
> June: Microsoft (27); Mozilla (13); Cisco (10); Particle Soft (9); ...
>
> July: Oracle (65); Microsoft (55); Mozilla (14); Cisco (9); OpenCMS
> (9)
>
> August: Microsoft (32); Informix (16); Mac OS (16); IBM (8); JetBox CMS
> (8)
The BBC has published the second part of their honeypot findings on their
website today (Tuesday). Interesting reading what some malware did to
Internet Exploder, which is used by most windows users through sheer
ignorance (just as they use Outhosed Excess). This is NOT because "it's a
large target" as windows apologists would have you believe, but because
it's (as has been stated by others elswhere) it's sloppy coding.
"The software was so sneaky that it tried to stop this traffic being seen
by injecting it into the processes usually used by the Internet Explorer.
We knew this was the case because IE's homepage had been set to be blank -
ie when it was running there would be no net traffic. The result of the
installation was new toolbars on the IE browser, a whole list of new
unwanted favourites, all web searches were hijacked and redirected plus
pop-up adverts populated the desktop. The machine was becoming unusable
because it was so busy so we were forced to cut the net connection.
The bogus download went into overdrive trying to get back online. The
meter clocking processor usage zoomed to 100% as it desperately tried to
drag more stuff into the PC.
The machine became hard to shut down and we could only shut it off by
pulling the virtual plug.
The end result of that single download was a PC that was unusable as it
was so clogged with adware and spyware. A quick scan of the machine
revealed that seven viruses, mostly trojans, had been installed during
the orgy of downloading.
We reverted back to the original configuration of the honeypot machine to
get rid of the problems but this particular chunk of spyware was not done
yet.On the honeypot a USB drive was being used to take backups of the attack
logs. This had been plugged in to the machine while the fake security
program installed itself.
The USB drive had gained a new passenger - the core program of the fake
spyware. If we had let this continue, doubtless it would have fired off
next time the drive was plugged in to any other machine. It was a close
escape.
Cleaning up the PC proved impossible.
++ Note this! ++
If the honeypot had been a home PC almost everything stored on it,
pictures, e-mails, might have been lost.
http://news.bbc.co.uk/1/hi/technology/6035455.stm
Now IMHO, that kind of crapware is virtually criminal negligence on
behalf of M$ for allowing applications like that to have got past their QA
& out of Redmond in the first place.
|
|
