DP's Security Bits

The PayPal division of eBay, which operates the Web's most respected online payment voucher system, is beginning beta trials of a next-generation online payment system, in cooperation with MasterCard. Using what's described as a virtual debit card, a customer will be able to make a PayPal-authorized purchase using a one-time number good only for that transaction.

BetaNews 

1) Fake Lottery Scam
2) Phishing-Vishing Scams
3) Phony Job Scam
4) Negative Option Scams
5) Nigerian 419 Scams
6) Pump and Dump Scam
7) Bogus Fuel Saving Devices
8) Grandparents Scam
9) Oprah Ticket Scam
10) craigslist Scam

http://www.consumeraffairs.com/news04/2006/12/top_ten_scams.html

Issued: December 27, 2006

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

  * MS06-078
  * MS06-012

Bulletin Information:

* MS06-078

   - Reason for Revision: Bulletin updated to provide additional
    clarity around file versions in the " I've installed the
    Windows Media Format Runtime security update. What version of
    Windows Media Format Runtime should I have installed?" in the
    " Frequently Asked Questions (FAQ) Related to this Security
    Update" section.  
  - Originally posted: December 12, 2006
  - Updated: December 27, 2006
  - Bulletin Severity Rating: Critical
  - Version: 2.1
    
* MS06-012

   - Reason for Revision: Bulletin Updated to provide additional
    clarity for " What updates does this release replace?" for
    Microsoft Outlook in the " Frequently asked questions (FAQ)
    related to this security update" section.  
  - Originally posted: March 14, 2006
  - Updated: December 27, 2006
  - Bulletin Severity Rating: Critical
  - Version: 1.5
        
Support:

Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131

From the labs of F-Secure:

A new Warezov spam run is underway, using a "Happy New Year" postcard as its disguise.

The attachment is named postcard.zip and the text of the message reads:

   Hi, you’ve just received a postcard.
   
   For: (your e-mail address)
   
   From: ---
   
   Text: Happy New Year!
   
   Postcard:
   Click on attachment to view a postcard.

When run, the malware connects to www6.easeruikingandefunjs.com and downloads a Warezov variant.

We detect this now as Trojan-Downloader.Win32.Small.edn.

Remote exploitation of a buffer overflow vulnerability in Novell Inc.'s NetMail IMAP daemon allows authenticated attackers to execute arbitrary code with the privileges of the underlying user.

Once logged in, attackers can execute the "subscribe" command with an overly long argument string to overflow a stack based buffer.

iDefense Labs 

They are "clearly getting more devious," he said, but law enforcement cooperation across borders is also getting more efficient.

Computerworld 

Symantec said Friday that it had detected another surge in scans for a port associated with a worm that's been sniffing for vulnerable software made by the Cupertino, Calif., security company, and warned users to patch immediately in case the malicious code morphs into something more dangerous. Sensors monitored by Symantec's DeepSight threat management service have reported a significant spike in traffic related to TCP port 2967, which Symantec has traced to scans generated by the "Sagevo" worm, recently-released malware looking for systems running some of the company's enterprise anti-virus software.

Story at techweb.com 

Anti-spam blacklist service, The Open Relay Database (ORDB), has pulled the plug after five and a half years because of spammers' growing sophistication.

ORDB was designed to deal with a technique in which spammers used SMTP proxy servers to flood the internet with junk email. The project distributed a blacklist of mail servers that allowed third-party relay -- "open relays" -- and were thus liable to be used by spammers.

But the list had levelled off at around 225,000 over the past year and updates have slowed to a crawl, the volunteer-run project acknowledged. "It's been a case of a long goodbye as very little work has gone into maintaining ORDB for a while," organizers said in a message this week on the project's website. "The general consensus within the team is that open relay RBLs (Real-time Blackhole Lists) are no longer the most effective way of preventing spam from entering your network."

Computerworld 

The Mozilla Foundation has issued "critical" security updates to vulnerabilities discovered in the Firefox browser, Thunderbird e-mail client and SeaMonkey application suite.

Flaws were found in versions of the open-source software prior to both Firefox 2.0.0.1 and Firefox 1.5.0.9, as well as prior to Thunderbird 1.5.0.9 and SeaMonkey 1.0.7, Mozilla said Tuesday.

The vulnerabilities could potentially be exploited to conduct cross-site scripting attacks, to let malicious attackers launch a remote execution of code on users' computers, and to expose sensitive information, according to an advisory from security company Secunia.

CNet News 

Even low-quality malware, however, is taxing the resources of security companies, since it is being detected in ever-higher numbers.

Over the last six months, the technical creativity of malware has fallen along with the ability to cause massive damage, such as that created by the MyDoom and Sasser worms of years past, wrote Alexander Gostev, senior virus analyst for Kaspersky Lab Ltd., in a recent report.

Story at computerworld.com 

Yesterday Websense Security Labs reported on our blog that there was a potential Worm propagating via Skype (see: http://www.websense.com/securitylabs/blog/blog.php?BlogID=101). After investigation we have discovered that this is not a self propagating worm and is actually a Trojan Horse.

More .. 

In version 9.1 of the Opera Web browser, released Monday, the company introduced a phishing filter that uses information from PhishTank and GeoTrust to help protect users from being duped by phishers.

PhishTank, overseen by open-source group OpenDNS, is a collaborative clearinghouse that allows anyone to submit and track data about phishing sites. GeoTrust provides digital certificates.

Computerworld 

The eEye Research honeypot network has recently detected a new worm that is attacking systems running versions of Symantec AntiVirus and Symantec Client Security. The "Big Yellow" worm leverages a remote, system-level access vulnerability to take control of machines running vulnerable (un-patched) Symantec software. Once infected, machines then download a package from an FTP server and start to seek out other vulnerable systems to attack. At the time of analysis, eEye Research was able to conclude that the FTP server had been accessed 71,513 times within 24 hours, indicating widespread worm infections.

The vulnerability was originally discovered by eEye on May 24, 2006 and patched by Symantec on June 12, 2006. This vulnerability has been publicly exploited as early as November 30, but this is the first widespread worm leveraging this vulnerability for self-propagation. Generally, processes for keeping current on software patches are not in place for non-Microsoft applications such as Symantec AntiVirus/Client Security; therefore, many Symantec users may be at risk for this vulnerability.

Details 

Description:
A vulnerability has been reported in Yahoo! Messenger, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error in an ActiveX control and can be exploited to cause a buffer overflow. No further information is currently available.

The vulnerability is reported in versions obtained prior to Nov 2, 2006.

Solution:
Update to the latest version.
http://messenger.yahoo.com/

Secunia Advisory 

Symantec's Global Services division introduced a set of new professional services on Dec. 13 that promise to help businesses manage their infrastructure and data security operations via outsourcing and on-premises consulting arrangements.

Driven by demand from enterprise customers for new alternatives in mitigating their operational security risks, the Cupertino, Calif.-based company said the initial set of offerings, which cover everything from oversight of anti-virus applications to automated data backup and recovery, represent only the first in a long list of new services it's hatching.

eWeek 

UK incidents of phishing scams have grown 8,000 per cent over the last two years, according to the government's financial watchdog authority. Although losses remain modest compared to other forms of financial fraud, banking security experts speaking before the House of Lords science and technology committee are concerned about the growing prevalence of scams designed to trick consumers into handing over online banking credentials.

The Register 

Symantec has filed a copyright infringement lawsuit that alleges eight businesses and seven individuals reaped an estimated $15 million in profits from pirated copies of its most popular security software.

The lawsuit, filed in a U.S. District Court in Los Angeles, comes after an investigation of more than two years, the company said. The lawsuit names ANYI, SILI, GT Micro, ASP Solutions, Mark Ma, Mike Lee, John Zhang and other affiliates as defendants.

Story continues at news.com.com