DP's Security Bits

The Federal Bureau of Investigation announced on Thursday that its ongoing crackdown on botnets, known as Operation Bot Roast, has nabbed another eight suspected bot masters in the past five months.

Calling the collection of indictments and arrests "Operation Bot Roast II," law enforcement officials boasted that the ongoing operation has uncovered more than $20 million in economic losses and discovered botnets accounting for more than 1 millions infected computer systems. The cases have been pursued by local FBI offices, the U.S. Secret Service, and -- in some cases -- international law enforcement.

http://www.securityfocus.com/brief/635

Google Inc. has purged its index of the thousands of malware sites that wormed their way into results lists for hundreds of legitimate search phrases, researchers confirmed today.

"They look gone to us," said Alex Eckelberry, the CEO of Sunbelt Software, the company that broke the news Monday of a massive, coordinated campaign by attackers to spread malware through search results on Google, Yahoo, Microsoft Live Search and other sites.

"Google did confirm yesterday with us that they were working the case, and they are good about nailing this stuff," Eckelberry added in an e-mail late Wednesday afternoon. Sunbelt had notified Google of its findings on Monday.

Full Story at computerworld.com 

Mozilla has released Firefox 2.0.0.10, an update that address three security flaws.

The update issued Monday fixes a Java Archive handling vulnerability found in February that allows an attacker to hide exploit code in a Java Archive (.jar) file. It also fixes a memory corruption bug and a flaw that allowed an attacker to generate a fake HTTP Referer header for conducting a Cross-site Request Forgery (CSRF) attack.

Each of the three vulnerabilities is rated "high" by Mozilla, meaning the flaws could be used "to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions."

Full Story at informationweek.com 

Criminals infecting PCs with malware that is only triggered when they access their bank accounts are the latest threat to online banking, according to security software supplier F-Secure.

Perpetrators act as a 'man in the browser' by intercepting HTML code in the Web browser. As bank security measures curb more traditional threats such as keystroke logging, phishing and pharming, F-Secure warned, the 'man in the browser' attack will increase.

Full Story at computerworld.com 

Security researchers are warning that exploit code has been published that can take advantage of an extremely critical security flaw in a protocol supported by Apple QuickTime.

Apple QuickTime versions 7.2 and 7.3 on Windows Vista and Windows XP Pro SP2 are both affected, according to an advisory originally posted on Milw0rm.com.

And because Apple's iTunes contains a component of QuickTime, installations of iTunes are also at risk, according to a security advisory by the United States Computer Emergency Readiness Team (US-Cert).

Story continues at news.com 

The U.S. Department of Veterans Affairs is investigating yet another potential data breach — this one stemming from the theft of three PCs containing the Social Security numbers and other personal data of as many as 12,000 medical patients.

Rep. Steve Buyer (R-Ind.) disclosed that two desktop systems and one laptop had been stolen from a VA medical center in Indianapolis — ironically enough, on Veterans Day.

Full Story at computerworld.com 

Even as Firefox 3 moves into beta, Firefox 2 is getting a security makeover.

The Mozilla Quality Assurance Community has called for volunteers to help test Release Candidate Builds of Firefox 2.0.0.10, which is expected to be released next week, following the Thanksgiving holiday.

Firefox 2.0.0.10 addresses a Java Archive handling bug that was first reported back in February. The vulnerability allows a malicious attacker to conduct a cross-site scripting attack by hiding exploit code in a Java Archive (.jar) file. This is because the .jar protocol is not restricted to .jar files and will open .zip files, which can be malicious.

Full Story at informationweek.com 

Summary

The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.

  * MS07-061 - Critical


Bulletin Information:

* MS07-061 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms07-061.mspx
  - Reason for Revision: Bulletin updated to clarify that this
    bulletin only replaces MS06-045 and does not replace MS07-006. 
  - Originally posted: November 13, 2007
  - Updated: November 21, 2007
  - Bulletin Severity Rating: Critical
  - Version: 1.1

A security flaw in Apple Mail that was fixed last year has returned from the grave to haunt those using the e-mail app in conjunction with the latest version of Apple's operating system, Mac OS X 10.5, otherwise known as "Leopard."

An attacker exploiting the security flaw could create an e-mail attachment that appears to be, for example, a JPEG image file, but executes malicious code when clicked on, without the warning dialogue that should be present.

Full Story at informationweek.com 

Websense® Security Labs™ has discovered emails that claim to solicit humanitarian support for flood victims in the state of Tabasco, Mexico. If users click an embedded link, they are prompted to download a banker Trojan horse, disguised as an HTML file. The file is displayed with the blue Internet Explorer icon. When a user opens the file, the Trojan horse modifies the hosts file to replace the legitimate Banamex with the IP address of a host controlled by the attacker.

If users attempt to go to the Banamex site, they receive no visual indicators that they are not at a legitimate site. The phishing toolbars that were tested did not detect this fake site as a fraud. Neither the downloaded banker Trojan horse nor the subsequent executable that it drops (win32.exe) are detected as malicious by the 32 anti-virus products tested.

Details 

Bugs or not, Mozilla on Tuesday released Firefox 3 Beta 1, the first public step towards the next significant release of the alternative browser.

The new version of Firefox is running about a quarter behind schedule, and has most recently been a target of criticism over its handling of bugs. While the company maintains that such concerns are overblown, it does appear the most significant issues have been addressed.

Story continues at betanews.com 

Monster.com took a portion of its Web site offline Monday as researchers reported that it had been compromised by an IFrame attack and was being used to infect visitors with a multi-exploit attack kit.

According to Internet records, the Russian Business Network (RBN) hacker network may be involved.

Full Story at computerworld.com 

In what's become a fairly familiar routine for them of late, the U.S. Department of Veterans Affairs is investigating a potential data breach -- the theft of three computers containing personal data on potentially 12,000 individuals.

Two desktop PCs and one laptop containing that data were stolen from a medical facility in Roudebush, Indiana -- ironically enough, on Veterans Day. The records belong to patients who were treated at the hospital and include Social Security numbers and other personally identifiable information.

Full Story at computerworld.com 

TJX may be in a class all by itself in terms of the number of records compromised in a data breach. But the retailer apparently has plenty of company when it comes to wireless security issues of the sort that led to the compromise it disclosed earlier this year.

A survey of over 3,000 retail stores in several major U.S. cities by wireless security vendor AirDefense Inc. reveals that a large number of retailers are failing to take even the most rudimentary steps for protecting customer data from wireless compromises.

Full Story at computerworld.com 

Apple is taking Tiger to 11.

The company released a major update to Mac OS X 10.4 on Wednesday that delivers several improvements, fixes some bugs, and patches several security holes identified in recent months. Mac OS X 10.4.11 is immediately available through Software Update, or it can be downloaded from Apple's Web site.

Full Story at news.com 

Nearly a half million Oracle and Microsoft SQL database servers could be vulnerable to attack because they are not protected by a firewall and the majority do not have the most recent patches, security researcher David Litchfield told reporters this week.

http://www.securityfocus.com/brief/627 

New research from an online security organization backed by the UK government and technology companies finds that despite increased awareness of Internet security issues and wide use of Internet security software, computer users are raising their risk online through their use of social networking sites and wireless Internet connections.

Get Safe Online, with the help of research firm ICM, conducted a survey of 2,013 people age 18 and older in the U.K. and found that "only 80% have anti-virus software and only half of them keep it up-to-date."

Full Story at informationweek.com 

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

  * MS07-049 - Important

Bulletin Information:

* MS07-049 - Important

 - http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx
 - Reason for Revision: V2.0 (November 13, 2007): The security
    update for Microsoft Virtual PC 2004, Microsoft Virtual PC
    2004 Service Pack 1, Microsoft Virtual Server 2005 Standard
    Edition, Microsoft Virtual Server 2005 Enterprise Edition,
    Microsoft Virtual Server 2005 R2 Standard Edition, and
    Microsoft Virtual Server 2005 R2 Enterprise Edition did not
    correctly install in certain cases. Microsoft recommends that
    customers apply the update at the earliest opportunity. No
    action is required on systems where the security update has
    been successfully installed. For details please read the
    "Frequently Asked Questions (FAQ) Related to This Security
    Update" section. 
 - Originally posted: August 14, 2007
 - Updated: November 13, 2007
 - Bulletin Severity Rating: Important
 - Version: 2.0
 

Today Microsoft released the following Security Bulletin(s).

November Bulletin Summary

Critical

MS07-061 - Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)

MS07-062 - Vulnerability in DNS Could Allow Spoofing (941672)

This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
 

This explains why a week after consumer groups asked the Federal Trade Commission to look into youth-oriented marketing at social networking sites, Facebook and MySpace, the two largest social networks, announced plans to give advertisers better tools to reach their predominantly youthful audience.

Full Story at informationweek.com