An IBM X-Force security researcher has promised to exploit massive holes in Windows Vista's defences at the upcoming Black Hat security conference in Las Vegas.

Operating system defences used by Windows Vista — such as Address Space Layout Randomisation (ASLR), Data Execution Prevention (DEP) and Structured Exception Handling (SHE) — have changed the game for hackers, according to IBM X-Force security researcher Mark Dowd.

"[Microsoft] has come along way since the previous release and each subsequent release looks further into securing the base operating system in two ways. First by ironing out vulnerabilities, and second, by having security features within the OS that make things a lot more difficult to exploit vulnerabilities — if they exist," Dowd told ZDNet.com.au. "When you find vulnerabilities now, it doesn't mean you can automatically exploit them."

In 2006 Microsoft revealed that Vista would contain a feature called Address Space Layout Randomisation (ASLR), which is used in some form by Linux, OpenBSD and Mac OS X, to make it more difficult to take over a system following a buffer overrun error.

Posted by Annette King at 18:00

Malware authors have created a strain of scareware packages that lifts the name of an infected user from the registry of an infected PC in order to create more convincing scams.

The wife of reader Chris came across the ruse when she used his PC to check on her Hotmail account. Before she could get onto the website she was confronted by a pop-up message saying "Chris [surname], your computer is infected with a Trojan, you should download this spyware removal tool (recommended)" and giving a yes/no option.

"I immediately closed it and am now running a scan to see what is causing this, but what was more concerning, and the reason that I am writing this to you, is that the perp of this malware/spyware/phishing attack has managed to write a program which can check the name that windows is registered to, to make it appear genuine," Chris told El Reg.

Posted by Sean Cannon in Adware, Spyware and Trojans at 16:45

Computer researchers at Johns Hopkins University have discovered a flaw within most recent version of Adobe's Reader and Acrobat software applications that could allow hackers to take control of vulnerable systems.

"Adobe categorizes this as an critical issue and recommends affected users update their installations," Adobe said in an advisory today.

There are reports that the exploit is in the wild, which both Adobe and security firm Secunia appear to be taking seriously.

The problem affects Acrobat and Reader versions 7.0.9 and earlier, as well as versions 8.0 through 8.1.2. Adobe disclosed the vulnerability on Monday in conjunction with the release of a security update for the current version, which is 8.1.2.

Users of version 7.1 are not affected by the vulnerability, and Adobe says Acrobat and Reader 9 which are due out in July are also immune.

According to a security bulletin by SecurityFocus, user input is not sanitized correctly. Essentially, an attacker could launch code remotely, which would in turn allow him to take control of an affected system.

More specifically, the problem is related to an input validation issue with JavaScript usage in either product. Indeed, JavaScript can be embedded in PDF files, so a JavaScript problem need not necessarily be browser-based.

SecurityFocus said the issue could be related to another earlier reported flaw late last month which involved a remote denial-of-service issue. At the time it was not known if code execution would be possible. That flaw affected similar versions of Adobe Reader.

By Ed Oswald, BetaNews

Original Story

Posted by Annette King in Adware, Spyware and Trojans at 13:00

Email communication in the Marshall Islands was paralyzed Tuesday after hackers launched a "zombie" computer attack on the western Pacific nation's only Internet service provider, officials said.

The attack starting early Tuesday, in which hackers used computers taken over by viruses to flood the Internet provider with spam emails, caused a complete shutdown of email traffic into the nation of around 55,000 people.

More than 18 hours after the initial attack Tuesday incoming email service to the monopoly provider had still not been restored.

The government-owned National Telecommunications Authority (NTA) was hit with a sudden four-fold increase in incoming email, which it described as an attack by "zombie computers", said an NTA spokesman.

While NTA customers could send and receive emails to each other through the local system, virtually no non-NTA emails had been received since Monday, impacting local businesses, banks and government offices.

"Some malevolent person unleashed infected computers to flood NTA with mail," said a local information technology expert who asked not to be named.

"The fact that there were so many messages sent shows a degree of sophistication to the attack."

Local officials said the cyber attack was believed to be the first on the country's only Internet service provider.

Posted by Annette King in NOD32 News at 11:50