Justin.MadIrish.net

Security Focus is reporting a new, as of yet patched, exploit that targets Adobe Flash, are circulating. Apparently a Chinese malware package (MPack exploit kit) now includes attacks against Flash. The trouble thing about the report is that there are few details, and the software in question cannot be patched to prevent exploit (a so-called zero day, or 0day).

While reading the F-Secure blog today I came across an interesting service that I hadn't know about before. PhishTank (http://www.phishtank.com/) is a service that allows you to submit suspected phishing sites and tracks their status. With an open API, PhishTank even lets you write tools to query their data.

This is a really neat development. It's about time that phishing sites faced the same sort of scrutiny that e-mail has in the past with sites like Spamhaus (http://www.spamhaus.org/sbl/). Unfortunately that sort of scrutiny led spammers to utilize infected end users systems rather than open e-mail relays or compromised servers. With botnets providing much of the SMTP service these days it isn't feasible any more to block specific sender IP addresses (with hundreds of thousands of bots, the herders just promote one after another to be an SMTP server until it's blocked, with a nearly inexhaustible pool).

Remember the good old days when you traded C-64 games with your friends by carrying your floppy drive over to his or her house to copy disks? Back in those days very few people had the two drives you needed to copy a disk so the entire process was a bit clunky. The first sneakernet. Remember how, even in those days, people would warn you about virus infected disks? Yeah, the good old days. Well, those days may be back thanks to those handy USB keys that we all carry around.

I've been reading about botHunter, which is a recently announced free bot net detection utility. botHunter is a new system designed by researchers at the Georgia Institute of Technology and the Computer Science Laboratory of SRI International. It is an interesting approach to detecting bot infection in local networks. Desinged to be deployed at the perimeter of a network, botHunter looks for patterns in dialogues between computers in search of well known sequences that indicate bot activity. Whereas typical bot detection is carried out by virus/worm detection tools like host based virus scanners and network intrusion detection tools using signature analysis, botHunter uses an analysis distributed over time rather than packets or files. The main advantage of botHunter, as I see it, is that it can extremely accurately identify hosts that conform to it's predefined behavior patterns.

In case "You've received an ecard from a family member" recently you should be aware that this is a fairly insideous piece of virus/malware now making the rounds. A full write up can be found at the Internet Storm Center (http://isc.sans.org/diary.html?storyid=3063), but in a nutshell the links in the email will point you towards malware sites. These websites will attempt to exploit three separate vulnerabilities via JavaScript (a Quicktime vulnerability, a WinZip one and a WebViewFolderIcon vulnerability). Just goes to show you that you need to keep your software up to date!