Secure List feed for B2B
One of the systems I have been running collects all our web malware detections for .ES domains. I usually check it out every morning, just in case I see something especially interesting or relevant. And when I find something, I like to create some statistics to have a global overview.
There are some things that I find every time I check my stats, like URLs that have been infected for more than 200 days, even being notified. That speaks of the lack of security awareness on some companies, and how some websites just get abandoned and become a hive of malware.
However one of the things that drew my attention was the detection of many PHP Backdoors with not-so-common extensions, such as JPG or MP3. Maybe a false positive? Worth taking a look!
With the Xbox One having landed in many countries, it's time to have a closer look at the new console generation. The Xbox One is equipped with two virtualized operating systems, both running on a hypervisor: the core system for gaming and a slimmed down version of Windows 8 for the app landscape. It is also planned to make it compatible with apps originally made for Windows Phone. It will also be interesting to see the level of platform sharing with Windows 8 and therefore the compatibility for malware targeting existing Windows systems. This, however, is still something yet to be explored.
There have already been malware attacks on games consoles in the past. Like Trojans for the Nintendo DS and Sony PSP as well as proof of concept attacks against the Nintendo Wii, in which the console was used as a door opener to breach corporate networks, as shown at BlackHat in 2010. The malware, however, was seldom seen in the wild and needed a -homebrew- firmware first, in order to be able to execute pirated games v this is the way the malware was disguised and it was then spread via torrents and other file sharing networks. This meant high barriers for malware authors and the reason for the low infection rates. however, the high interconnectivity of modern consoles, like apps for Twitter, Facebook, Youtube, chat tools and video conferencing like Skype. opens doors and makes them more vulnerable to attacks.
Eight Microsoft Security Bulletins are being pushed out this month, MS13-096 through MS13-106. Five of them are rated "Critical" and another six are rated "Important". The top priorities to roll out this month are the critical GDI+ (MS13-096), Internet Explorer (MS13-097), and Scripting Runtime (MS13-099) updates.
Several of the vulnerabilities have been actively exploited as a part of targeted attacks around the world, and one of them is known to be ItW for at least six months or so.
The GDI+ update patches memory corruption vulnerability CVE-2013-3906, which we have been detecting as Exploit.Win32.CVE-2013-3906.a http://www.securelist.com/en/blog/8139/CVE_2013_3906_another_0_day_for_Microsoft_Office . We have seen a low number of ITW variations on exploitation of this vulnerability as a malformed TIFF file, all dropping backdoors like Citadel, the BlackEnergy bot, PlugX, Taidoor, Janicab, Solar, and Hannover. The target profile and toolset distribution related to these exploit attempts suggest a broad array of likely threat actors that got their hands on it since this July, and a wide reaching distribution chain that provided the exploit around the world. Considering the variety of uses and sources, this one may replace cve-2012-0158 as a part of targeted attacks in terms of overall volume.
The Internet Explorer Bulletin fixes seven different elevation of privilege and memory corruption vulnerabilities, any one of which effects Internet Explorer 6 on Windows XP SP 3 through Internet Explorer 11 on Windows Server 2012 R2 and Windows RT 8.1.