16. July 2009 by admin.

Attacks Against Unpatched Microsoft Bugs Multiply
Gregg Keizer, Computerworld

Jul 14, 2009 6:31 pm

http://www.pcworld.com/article/168424/attacks_against_unpatched_microsoft_bugs_multiply.html?tk=nl_dnx_h_crawl

Attacks exploiting the latest Microsoft vulnerability are quickly ramping up in quantity and intensity, several security companies warned today as they rang alarms about the developing threat.

Symantec, Sunbelt Software and SANS’ Internet Storm Center (ISC) bumped up their warnings yesterday after Microsoft announced that attackers were exploiting a bug in an ActiveX control used by Internet Explorer (IE) to display Excel spreadsheets. There is no patch for the vulnerability, nor will Microsoft release one later today when it issues its July batch of patches.

A temporary fix that sets the “kill bits” of the ActiveX control is available, but experts believe it’s likely most users won’t take advantage of the protection.

(more at the link above…)

* If there’s a fix for something like this that is getting increased exploitation … it’s a good idea to get whatever fix they have. When they are calling it “Zero Day” exploit - then it’s time to do something. In other words as cutesy as it seems it might be time to get “Mr. Fixit” from Microsoft here:

http://support.microsoft.com/default.aspx/kb/973472

—

Alan Spicer

http://www.marinetelecom.net

Posted in Main | No Comments »

16. July 2009 by admin.

Investigation Into Cyberattacks Stretches Around the Globe

Jeremy Kirk, IDG News Service

Jul 14, 2009 6:04 pm

http://www.pcworld.com/article/168415/investigation_into_cyberattacks_stretches_around_the_globe.html?tk=nl_dnx_h_crawl

British authorities have launched an investigation into the recent cyberattacks that crippled Web sites in the U.S. and South Korea, as the trail to find the perpetrators stretches around the world.

On Tuesday, the Vietnamese security vendor Bach Khoa Internetwork Security (Bkis) said it had identified a master command-and-control server used to coordinate the denial-of-service attacks, which took down major U.S. and South Korean government Web sites.

A command-and-control server is used to distribute instructions to zombie PCs, which form a botnet that can be used to bombard Web sites with traffic, rendering the sites useless. The server was on an IP (Internet Protocol) address used by Global Digital Broadcast, an IP TV technology company based in Brighton, England, according to Bkis.

That master server distributed instructions to eight other command-and-control servers used in the attacks. Bkis, which managed to gain control of two of the eight servers, said that 166,908 hacked computers in 74 countries were used in the attacks and were programmed to get new instructions every three minutes.

But the master server isn’t in the U.K.; it’s in Miami, according to Tim Wray, one of the owners of Digital Global Broadcast, who spoke to IDG News Service on Tuesday evening, London time.

(more at the link above …)

* Alan Spicers Note: What’s scary about this is that 166 thousand computers (PC’s) have been compromised and made into Zombies for this purpose. So if your computer is not feeling well or is acting strange? Get it checked out.

—

Alan Spicer

http://www.marinetelecom.net

Posted in Main | No Comments »