查看完整版本 : 最新電腦惡意程式及保安警告

geck789 2007-3-27 08:08 AM

最新電腦惡意程式及保安警告

大家可以於本主題發表有關最新電腦惡意程式及保安警告的帖子.

1. 帖子內容必須是[b]新聞媒體或電腦保安公司[/b]已發放之新聞或訊息,其他如非官方博客或論壇發放的資料均不接受.

2. 發帖時請列明來源.

3. 本主題只允許有關最新電腦病毒及保安警告的帖子,其他回覆一律被禁止.

4. 不得發佈過時新聞或訊息. "過時"即指新聞或訊息發佈後 3 日.

5. 會員於每天只可以發表最多 5 篇帖子,內容可以包含多項新聞或訊息.

([b]評分將按內容及重要性決定[/b])

[[i] 本帖最後由 geck789 於 2016-3-17 10:23 PM 編輯 [/i]]

cncjoy 2007-4-3 12:54 PM

【04-01】微软系统出现新漏洞

Microsoft Windows在处理畸形的动画图标文件 (.ani) 时存在缓冲区溢出漏洞, 远程攻击者可能利用此漏洞控制用户机器。 Microsoft Windows在处理畸形文件(.ani) 时没有正确地验证ANI头中所指定的大小,导致栈溢出漏洞。如果用户受骗使用IE访问了恶意站点或打开了恶意的邮件消息的话,就会触发这个溢出,导致执行任意代码。请注意Windows资源管理器也会处理一些文件扩展名的ANI文件, 如.ani、.cur、.ico等。 受影响的系统包括:Microsoft Windows Vista 所有版本; Microsoft Windows XP 所有版本; MicrosoftWindows Server 2003 SP1; Microsoft Windows Server 2003; MicrosoftWindows 2000 所有版本。

目前国内外的很多网站都开始利用该漏洞传播恶意软件及盗号木马、蠕虫病毒, 该漏洞的利用程序通常伪装成一个图片, 只要点击了带有恶意代码图片的网站或邮件就会被感染上恶意程序, 并且无论是IE6或IE7, 或者是FireFoxOpera等非IE浏览器。

无论是[color=Red]Windows NT2000/XP/2003/Vista[/color]操作系统,都有被感染的可能, 其他网络应用软件如QQ、MSN、各种邮件软件、[color=Black][url=http://digi.it.sohu.com/s2005/rss.shtml]RSS[/url][/color]软件等也可能受到该漏洞的影响。 由于该漏洞的多个版本的利用程序使用了很多技巧, 因此会绕过绝大多数杀毒软件、防漏洞软件以及主动防御软件,使其失效。 这样对用户机器产生极大危害, 一旦没有补丁的机器打开了包含恶意代码的网站或邮件, 病毒或恶意程序就会立即悄悄在后台运行,在没有任何反应的情况下使用户的机器中上盗号木马、恶意广告软件、蠕虫病毒等等。

[size=6][color=Red]补丁已出,看4#信息[/color][/size]

[[i] 本帖最後由 cncjoy 於 2007-4-4 12:20 PM 編輯 [/i]]

goodpatrick 2007-4-4 11:51 AM

MSN再爆病毒流行! photo album.zip檔案不要接收與開啟

Get-messenger透過MSN傳送木馬網站讓大家餘悸猶存,MSN又傳出病毒騷擾,這次是透過名單中的朋友,自動傳送一個photo album.zip檔案,這是一個ircbot,根據卡巴斯基防毒軟體檢測,為Backdoor.Win32.IRCBot.aaq,因此朋友傳送資料,一定要反覆確認。


首先,名單中的朋友會發出類似「Hey accept my photo album, Nice new pics of me and my friends and stuff and when i was young lol...」文字訊息,之後又會自動傳出一個約21kb大小名為photo album的zip檔案,而zip檔案解開則是photo album2007.pif,執行之後,除了將photo album.zip複製到windows之下的檔案夾之外,另外創造出一個rdshost.dll,放在System32檔案夾中,隨瀏覽器一起啟動,同時會修改登錄(registry)。


根據大陸網站C.I.S.R.T討論區提供的解決方案,首先在「開始」的「執行」中輸入regedit,打開登錄檔,刪除


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"rdshost"="{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}"


[HKEY_CLASSES_ROOT\CLSID\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}\InProcServer32]

@="rdshost.dll"


其中,{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}為一串CLSID,病毒產生的這段CLSID不固定,例如:{3CBAEB1E-422A-495D-A45F-5D9E10AACD4B}。


之後重新啟動電腦,刪除C:\Windows\photo album.zip與C:\Windows\System32\rdshost.dll


但是,根據台灣微軟方面表示,目前並未收到用戶回報,可能不是大規模流行。







[url]http://news.yam.com/ettoday/computer/200704/20070404098952.html[/url]

cncjoy 2007-4-4 11:53 AM

【04-04】微软官方补丁已发布[请更新]

[b]最近网上很多网站都被黑客挂上了利用微软最新鼠标漏洞下载的盗号木马,为了大家各种网银,网游,论坛和聊天程序帐号安全,剑盟论坛特别提醒您安装以下的微软官方补丁,以保安全。[/b] [color=#ff0000]注意:如果您之前曾经安装了论坛发的eEye第三方补丁程序,请先到控制面板,添加删除程序里卸载[/color][color=#0000ff][b]eEye Digital Security Ani Zero day patch[/b][/color]
[url=http://download.microsoft.com/download/5/8/3/58324bce-00c5-42b7-bd05-1353c0604dab/WindowsXP-KB925902-x86-CHS.exe][color=#2f5fa1]点击下载XP 32位中文系统专用微软鼠标光标漏洞补丁[/color][/url]
[url=http://download.microsoft.com/download/d/4/d/d4d5b707-58a9-4fbc-ab58-e20cc86db7bb/Windows2000-KB925902-x86-CHS.EXE][color=#2f5fa1]点击下载2000 SP4中文系统专用微软鼠标光标漏洞补丁[/color][/url]
[url=http://download.microsoft.com/download/0/4/7/0472557e-05f2-471e-a018-3286d63c51c3/Windows6.0-KB925902-x86.msu][color=#2f5fa1]点击下载VISTA中文系统专用微软鼠标光标漏洞补丁[/color][/url][b][color=red]
安装补丁后请重启系统。养成定时升级反病毒软件病毒库,及时升级系统补丁的好习惯能减少上网中毒的机会。


[/color][/b]‧ Microsoft Windows 2000 Service Pack 4 — [url=http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=92f20599-3e7b-4217-91e6-fdcfb4c56856&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2fd%2f4%2fd%2fd4d5b707-58a9-4fbc-ab58-e20cc86db7bb%2fWindows2000-KB925902-x86-CHS.EXE]Download the update[/url]

‧ Microsoft Windows XP Service Pack 2 — [url=http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=f82ea184-945f-4b78-9463-10ac20a75020&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f5%2f8%2f3%2f58324bce-00c5-42b7-bd05-1353c0604dab%2fWindowsXP-KB925902-x86-CHS.exe]Download the update[/url]

‧ Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2 — [url=http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=ea5e1b87-4db5-4b1a-891e-29c6bd6c0184&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2fc%2f9%2f8%2fc9801bd3-60f1-4d7f-9059-57786b2e0fb6%2fWindowsServer2003.WindowsXP-KB925902-x64-CHS.exe]Download the update[/url]

‧Microsoft Windows Server 2003, Microsoft Windows Server 2003 ServicePack 1, and Microsoft Windows Server 2003 Service Pack 2 — [url=http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=9f73a782-deaf-46e0-b3e0-79042ff39979&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2fd%2f8%2ff%2fd8fc1f92-a8a3-490a-b8c1-70258436e37f%2fWindowsServer2003-KB925902-x86-CHS.exe]Download the update[/url]

‧Microsoft Windows Server 2003 for Itanium-basedSystems,MicrosoftWindows Server 2003 with SP1 for Itanium-basedSystems, andMicrosoftWindows Server 2003 with SP2 for Itanium-basedSystems — [url=http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=9f73a782-deaf-46e0-b3e0-79042ff39979&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2fd%2f8%2ff%2fd8fc1f92-a8a3-490a-b8c1-70258436e37f%2fWindowsServer2003-KB925902-x86-CHS.exe]Download the update[/url]

‧ Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2 —[url=http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=3276dd11-4e2f-4183-a542-82ac3c6d9754&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f3%2fe%2ff%2f3ef26e17-4a40-4a26-afe9-806fc06c4135%2fWindowsServer2003.WindowsXP-KB925902-x64-CHS.exe]Download the update[/url]

‧ Windows Vista — [url=http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=d8b0e65c-5b41-46eb-92df-0b062cfcdeec&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f0%2f4%2f7%2f0472557e-05f2-471e-a018-3286d63c51c3%2fWindows6.0-KB925902-x86.msu]Download the update[/url]

‧ Windows Vista x64 Edition — [url=http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=fb0ff2b5-05fe-4158-b4b7-da0d7f82c04b&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2fe%2fc%2f6%2fec655640-a995-436a-895a-5997bd3a7552%2fWindows6.0-KB925902-x64.msu]Download the update[/url]


微软官方公告[url=http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx]http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx[/url]

相关知识文库[url=http://support.microsoft.com/kb/KB925902]http://support.microsoft.com/kb/KB925902[/url]

[[i] 本帖最後由 cncjoy 於 2007-4-5 08:43 AM 編輯 [/i]]

Malware 2007-4-4 12:20 PM

【轉載】MSN現釣魚網站 套取網民帳號密碼

[b]               [size=3]MSN現釣魚網站 套取網民帳號密碼[/size][/b][size=3]
[i]             (明報)[/i] [i]03月 28日 星期三 05:10AM[/i][/size]


[size=3]【明報專訊】MSN是網民聯絡的主要工具之一,不過目前互聯網及MSN廣泛流傳一個「get-messenger」的網站,要求網友輸入MSN的帳號及密碼,就可以查詢誰把自己從MSN聯絡人清單中封鎖,台灣微軟公司指出,這個網站與微軟完全無關,是一個「釣魚」網站,呼籲網民不要受騙上當。

[b]微軟籲網民勿上當[/b]

使用MSN的網民可能會好奇,為何有些MSN聯絡人總是顯示「不在線上」,是不是對方把自己「封鎖」了?近日一個名為「get-messenger」的網站hxxp://www.get-messenger.com)在互聯網及MSN上流傳,表示只要輸入MSN的帳號、密碼,就可以查出自己被哪位聯絡人封鎖了。

台灣微軟公司MSN行銷經理鍾婉珍表示,get-messenger跟MSN一點關係都沒有,很明顯就是一個「釣魚」網站,目的就是要取得網友的帳號、密碼。鍾婉珍說,目前並沒有任何方法或工具可以查詢哪位聯絡人把自己封鎖了,任何宣稱有此功能的網站或軟體,都是想要藉此詐騙。

鍾婉珍說,若有網友在get-messenger網站上輸入了帳號、密碼,她建議網友立即更改密碼,以免有人竊取帳號、密碼後去做其他的事情。[/size]
[size=3][/size]
[size=2](明報駐台記者彭孝維專電)[/size]

引導者 2007-4-4 04:44 PM

會讓不知情PC用戶變駭客幫手的工具已外流

Web安全公司SPI Dynamics原本不想讓一個可將網路上的PC變成駭客幫手的工具外流,但現在這個工具的原始碼還是流出去了。

「Jikto原始碼已經流出去了,」SPI研究員Billy Hoffman週一在部落格上寫著,「有個叫LogicX的傢伙拿到備份,之後在Shmoocon大會隔天後就直接放到Digg上面去了。」

這位仁兄可以拿到原始碼是因為Hoffman在駭客大會演講時,顯示了Jikto放置的網路位址。

「若當時有人很仔細的觀察,就可看到Jikto原始碼的URL位址。」Hoffman表示。

Jikto是一個利用JavaScript寫成的Web應用漏洞掃瞄工具,它可暗中監控公開的網站,然後將結果傳送給第三方。Jikto也可嵌入駭客網站,或利用跨站腳本漏洞來把該程式灌入正當的網站裡。

Hoffman原本要在ShmooCon上公布Jikto程式碼,但後來公司高層出面攔阻而作罷。原因則是:Jikto可用來當作不肖用途。

安培晴明 2007-4-14 08:19 PM

[size=2][/size]
[size=2][b]Microsoft Windows DNS 伺服器 RPC接口遠端緩衝區溢位弱點[/b][/size]
[size=2][/size]
[size=2][b]Microsoft Security Advisory (935964)[/b][/size]

[size=2]Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution.[/size]


[url=http://www.microsoft.com/technet/security/advisory/935964.mspx]http://www.microsoft.com/technet/security/advisory/935964.mspx[/url]

[[i] 本帖最後由 安培晴明 於 2007-4-14 08:21 PM 編輯 [/i]]

geck789 2007-4-29 11:45 AM

黑客利用 Google 廣告設陷阱盜資料

(星島) 04 月 27 日 星期五 01:48 PM

著名搜尋網站 Google 與商業公司合作,在網上刊登收費廣告,成為 Google 的主要收入來源,但這項服務卻被不法之徒利用。當網民利用 Google 搜尋資料時,可能會被引誘點擊有問題的廣告,黑客便趁機盜這些用戶的個人資料,例如銀行戶口號碼和密碼。至今未知道有多少人受到影響,而 Google 已採取措施堵塞這個漏洞。Google 是於本周接獲通知後,才知道出現問題。電腦保安專家表示,相信這些是個別事件,未有擴散的跡象。黑客主要攻擊的對象,是那些沒有定期更新軟件的「視窗 XP」用戶。一家互聯網保安公司的專家艾尼利說:「這是一宗嚴重事故,會影響客戶和網民的信心。不單只 Google 受到影響,連整個行業都會受到打擊。」  網民現時利用 Google 網站搜尋資料時,除了見到自己想要的資料外,還可能見到相關的廣告。而一些廣告連結可能是黑客佈下的陷阱,網民一不留神點擊入內瀏覽,便會「中招」,進入另一個假網站,這時網民可能會被黑客盜取資料。Google 表示,該公司已經移除懷疑有問題的廣告,並且關閉了問題廣告商的帳戶。

[url]http://hk.news.yahoo.com/070427/60/26ehd.html[/url]

G.Assistant 2007-5-11 12:28 AM

微軟髮布補丁軟體 修正數款產品19個漏洞

本週二,微軟髮布本月補丁軟體修正了數款產品中的19個安全漏洞,其中包括IE7、Office2007、Exchange2007。

微軟髮布了7款安全補丁軟體,所有補丁軟體的危險等級都被評為“危急”———微軟的最高等級。危急缺陷使駭客能夠在用戶幾乎毫無察覺的情況下完全控制受影響的系統。要利用本週二修正的大多數缺陷,駭客必須首先誘惑用戶訪問一個惡意網站或打開一個惡意文件。

MS07-027補丁軟體修正了IE中的6個缺陷。三款補丁軟體修正了包括Office2007在內的Office中的缺陷。大多數這些缺陷存在的原因是,應用軟體在處理某些類型的文件方面存在問題,而且可以通過一個惡意的Office文件被駭客利用。

在用戶毫不知情的情況下,Exchange中的缺陷就可能使系統被駭客完全控制。MS07-026補丁軟體修正了包括Exchange2007在內的Exchange中的4個缺陷,最嚴重的一個缺陷與Exchange的電子郵件編碼方式有關。

Qualys缺陷研究實驗室經理阿莫爾說,數個新缺陷影響IE7、Office2007、Exchange2007,使微軟的安全形象受到了影響。微軟一直將安全作為這些新產品的賣點之一。

這些產品出現缺陷表明微軟的安全開發生命週期計劃並非銅墻鐵壁。上個月,微軟修正的一個Windows缺陷也影響Vista。

可能影響大量用戶的另外一個缺陷存在於Capicom中———為應用軟體增添密碼技術的組件,使駭客能夠控制運行該組件的電腦。微軟在MS07-028補丁軟體中修正了該缺陷。

微軟還修正了3個零日缺陷,其中包括Windows域名系統中的缺陷,該缺陷影響Windows2000Server和WindowsServer2003。

微軟上個月就“警告”了這一問題,並表示它正在被用來發動有限的攻擊。微軟說,其他兩個零日缺陷存在於IE和Word中,其中Word中的缺陷一直在被駭客用來興風作浪。

http://big5.ccidnet.com:89/gate/big5/news.ccidnet.com/art/953/20070510/1078537_1.html

G.Assistant 2007-5-16 05:35 AM

Trojan Piggybacks on Windows Updater

[url]http://www.pcmag.com/article2/0[/url],1759,2130125,00.asp?kc=PCRSS05079TX1K0000992

At least one Trojan virus writer is now using an integral part of the Windows operating system—BITS (Background Intelligent Transfer Service)—to download files to already infected systems.

Windows Update uses BITS as an asynchronous download service to fetch patches, updates and other files—and, in this instance, malware.
ADVERTISEMENT

Security researcher Frank Boldewin, along with Symantec's Elia Florio, discovered the technique the week of May 7 after analyzing a recent Trojan distributed via spam e-mail in Germany toward the end of March. According to Florio's May 10 posting on Symantec's site, Boldewin determined that the Trojan—which he detected as "Downloader"—was using BITS to bypass the firewall and download files without firewall inspection. As part of the operating system, BITS is trusted and gets passed through without having to go through the firewall.

According to Florio, more common methods used by malware to bypass firewalls include running a continuous thread that sends "Yes, accept" messages to the firewall window, which warns users about strange network connections; shutting down the firewall or killing its processes; injecting malicious code into Internet Explorer or other processes in the firewall's trusted applications list; and patching network drivers to disable firewall filtering.

geck789 2007-6-15 12:01 PM

Safari瀏覽器三大漏洞遭搶修 發佈不足三天

[url]http://big5.ccidnet.com:89/gate/big5/news.ccidnet.com/art/951/20070615/1113847_1.html[/url]

【賽迪網訊】6月15日消息,本週二蘋果剛剛發佈面向Windows用戶的Safari瀏覽器測試版,發佈聲明墨跡未幹,已發現三個安全漏洞,蘋果緊急發佈緊急升級聲明。

據國外媒體報道,蘋果安裝補丁可從http://www.apple.com/safari/download/下載Safari 3.0.1 Public Beta for Windows,或通過蘋果軟體升級程式,蘋果最新的絕大多數Windows 版QuickTime 或iTunes都安裝了該程式。Mac用戶不會受該漏洞的影響。

蘋果Windows測試版Safari瀏覽器發佈不到三天,有三家獨立安全機構聲明已發現漏洞,而蘋果在發佈產品時還稱“該版本從發佈之日起就是安全的”。

其中一個漏洞是安全研究機構Thor Larholm發現的,一經過篡改的網站能夠在運行Safari瀏覽器的Windows中運行惡意代碼,另兩個漏洞 Aviv Raff and David Maynor存在於rookie 瀏覽器。

蘋果能以如此速度提供更新的確讓人意外,不過這也充分說明蘋果對在Windows用戶群在推廣瀏覽器的重視程度。如果你不是安全專家或軟體開發者,在使用Safari瀏覽器測試版前尚需三思而行。

Kim哥 2007-6-24 01:05 PM

[quote]原帖由 [i]cncjoy[/i] 於 2007-4-4 11:53 AM 發表
最近网上很多网站都被黑客挂上了利用微软最新鼠标漏洞下载的盗号木马,为了大家各种网银,网游,论坛和聊天程序帐号安全,剑盟 ... [/quote]
我下了XP那種,我的也是XP
但一執行
就彈這個:
安?程序不能更新你的Windows XP文件,因?安?在?您的系?上的?言和更新的?言不同
點算- -
我果隻也是Win32的,殺之不盡,又常被某網址用這病毒炸我

geck789 2007-7-12 12:55 PM

QuickTime 7.2 for Windows

About QuickTime 7.2 for Windows

QuickTime 7.2 addresses critical security issues and delivers:

- Support for full screen viewing in QuickTime Player
- Updates to the H.264 codec
- Numerous bug fixes

[url]http://www.apple.com/support/downloads/quicktime72forwindows.html[/url]

Aikokwok 2007-7-16 06:24 PM

蘋果 QuickTime 多個漏洞

內容

在蘋果 QuickTime 發現多個漏洞,可被遠端攻擊者利用漏洞獲得敏感資料或完全控制受影響系統。

1. 當處理異常格式的 H.264 電影檔時,會產生記憶體損毀錯誤。攻擊者可利用此漏洞引誘使用者開啟惡意的電影檔來執行任意程式碼。

2. 當處理異常格式的電影檔時,會產生記憶體損毀錯誤。攻擊者可利用此漏洞引誘使用者開啟惡意的檔案來執行任意程式碼。

3. 當處理異常格式的 m4v 檔案時,會產生「整數」滿溢錯誤。攻擊者可利用此漏洞引誘使用者開啟惡意的檔案來執行任意程式碼。

4. 當開理異常格式的 SMIL 檔案時,會產生「整數」滿溢錯誤。攻擊者可利用此漏洞引誘使用者開啟惡意的檔案來執行任意程式碼。

5. 由於 QuickTime for Java 存在一個設計錯誤,攻擊者可引誘使用者訪問惡意網頁,利用此漏洞繞過保安檢查及執行任意程式碼。

6. 由於 QuickTime for Java 存在一個設計錯誤,攻擊者可以利用惡意的 Java applets 程式繞過保安檢查,寫入及讀取程序記憶體,從而執行任意程式碼。

7. 由於 QuickTime for Java 存在一個設計錯誤,因某些介面 (interfaces) 被 JDirect 暴露。攻擊者可以負載任意函式庫及釋放任意記憶體,從而執行任意程式碼。

8. 由於 QuickTime 存在一個設計錯誤,攻擊者可引誘使用者訪問特製網頁,從而攝取使用者當時在螢幕上顯示的資料。

影響
遠端執行程式碼
阻斷服務
洩露敏感資料
受影響系統

Apple QuickTime 7.2 及之前的版本

解決方案

在安裝軟體之前,請先瀏覽軟體供應商之網站,以獲得更多詳細資料。

更新至 Apple QuickTime 7.2 版本(Mac):
[url=http://www.apple.com/support/downloads/quicktime72formac.html]http://www.apple.com/support/downloads/quicktime72formac.html[/url]
更新至 Apple QuickTime 7.2 版本(Windows):
[url=http://www.apple.com/support/downloads/quicktime72forwindows.html]http://www.apple.com/support/downloads/quicktime72forwindows.html[/url]
相關連結

[url=http://www.frsirt.com/english/advisories/2007/2510]http://www.frsirt.com/english/advisories/2007/2510[/url]
[url=http://secunia.com/advisories/26034/]http://secunia.com/advisories/26034/[/url]
[url=http://docs.info.apple.com/article.html?artnum=305947]http://docs.info.apple.com/article.html?artnum=305947[/url]
資料來源

FrSIRT
Secunia
Apple
漏洞識別碼

CVE-2007-2295
CVE-2007-2296
CVE-2007-2392
CVE-2007-2393
CVE-2007-2394
CVE-2007-2396
CVE-2007-2397
CVE-2007-2402
Back

編寫於 2007年7月13日
譯於 2007年7月13日

G.Assistant 2007-7-17 06:18 AM

Sun Releases Alert for Java Vulnerability

A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang.

[url=http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102934-1]http://sunsolve.sun.com/search/p ... etkey=1-26-102934-1[/url]

Download:

[url=http://java.sun.com/javase/downloads/index.jsp]http://java.sun.com/javase/downloads/index.jsp[/url]

[[i] 本帖最後由 G.Assistant 於 2007-7-16 05:23 PM 編輯 [/i]]

G.Assistant 2007-7-17 06:21 AM

Flash Player update available to address security vulnerabilities

Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.

[url=http://www.adobe.com/support/security/bulletins/apsb07-12.html]http://www.adobe.com/support/security/bulletins/apsb07-12.html[/url]

Download:

[url=http://www.adobe.com/go/getflashplayer/]http://www.adobe.com/go/getflashplayer/[/url]

[[i] 本帖最後由 G.Assistant 於 2007-7-16 05:24 PM 編輯 [/i]]

Aikokwok 2007-7-17 06:05 PM

Adobe Flash Player 多個漏洞

Adobe Flash Player 多個漏洞
內容

    在 Adobe Flash Player 發現漏洞,可被遠端攻擊者利用漏洞控制受影響系統。

    1. 一個非指定輸入驗證錯誤,遠端攻擊者可透過引誘使用者訪問特製網頁,利用漏洞執行任意程式碼。

    2. 當處理 HTTP Referer 標頭時存在輸入驗證錯誤,可透過漏洞進行跨網站請求偽造攻擊 (CSRF)。

    3. 當錯誤影響到瀏覽器時,攻擊者可利用漏洞在未經授權下獲取敏感資料。

影響

    * 遠端執行程式碼
    * 阻斷服務
    * 盜取身份資料

受影響系統

    * Flash Player 9.0.45.0
    * Flash Player 9.0.45.0 及之前的網絡發佈版本
    * Flash Basic
    * Flash CS3 Professional
    * Flash Professional 8, Flash Basic
    * Flex 2.0
    * Flash Player 7.070.0 在 Linux 及 Solaris

解決方案

    在安裝軟體之前,請先瀏覽軟體供應商之網站,以獲得更多詳細資料。

    請在這裡下載修補程式

    * Flash Player 9.0.45.0及之前的版本 (更新至 9.0.47.0 版本):
     [url=http://www.adobe.com/go/getflash]http://www.adobe.com/go/getflash[/url]

    * Flash Player 9.0.45.0及之前的網絡發佈版本 (更新至 9.0.47.0 版本):
     [url=http://www.adobe.com/licensing/distribution]http://www.adobe.com/licensing/distribution[/url]

    * Flash CS3 Professional (更新至 9.0.47.0 版本):
     [url=http://www.adobe.com/support/flashplayer/downloads.html]http://www.adobe.com/support/flashplayer/downloads.html[/url]

    * Flash Professional 8, Flash Basic (更新至 8.0.35.0 版本):
     [url=http://www.adobe.com/support/flashplayer/downloads.html]http://www.adobe.com/support/flashplayer/downloads.html[/url]

    * Flex 2.0 (更新至 9.0.47.0 版本):
     [url=http://www.stage.adobe.com/support/flashplayer/downloads.html]http://www.stage.adobe.com/support/flashplayer/downloads.html[/url]#fp9

相關連結

    *[url=http://www.frsirt.com/english/advisories/2007/2497]http://www.frsirt.com/english/advisories/2007/2497[/url]
    *[url=http://secunia.com/advisories/26027/]http://secunia.com/advisories/26027/[/url]
    *[url=http://www.us-cert.gov/cas/techalerts/TA07-192A.html]http://www.us-cert.gov/cas/techalerts/TA07-192A.html[/url]

資料來源

    * FrSIRT
    * Secunia
    * US-CERT

漏洞識別碼

    * CVE-2007-2022
    * CVE-2007-3456
    * CVE-2007-3457

geck789 2007-8-2 10:27 AM

Mozilla Firefox Vulnerabilities

Fixed in Firefox 2.0.0.6

MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows

[url]http://developer.mozilla.org/devnews/index.php/2007/07/30/firefox-2006-security-update/[/url]

geck789 2007-8-2 10:30 AM

Safari 3 Beta Update 3.0.3

Safari 3 Beta Update 3.0.3

Safari

CVE-ID: CVE-2007-3743

Available for: Windows XP or Vista

Impact: Adding bookmarks may lead to an unexpected application termination or arbitrary code execution

Description: A stack buffer overflow vulnerability exists in Safari's bookmark handling. By enticing a user to add a bookmark with an overlong title, an attacker may trigger the issue which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing proper bounds checking. This issue does not affect Mac OS X systems.

WebKit

CVE-ID: CVE-2007-2408

Available for: Mac OS X v10.4.9 or later, Windows XP or Vista

Impact: Visiting a malicious website may allow Java applets to load and run even when Java is disabled

Description: Safari provides an "Enable Java" preference, which when unchecked should prevent the loading of Java applets. By default, Java applets are allowed to be loaded. Navigating to a maliciously crafted web page may allow a Java applet to be loaded without checking the preference. This update addresses the issue through a stricter check of the "Enable Java" preference. Credit to Scott Wilde for reporting this issue.

WebKit

CVE-ID: CVE-2007-3742

Available for: Mac OS X v10.4.9 or later, Windows XP or Vista

Impact: Look-alike characters in a URL could be used to masquerade a website

Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.

WebKit

CVE-ID: CVE-2007-3944

Available for: Mac OS X v10.4.9 or later, Windows XP or Vista

Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution

Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

[url]http://docs.info.apple.com/article.html?artnum=306174[/url]

geck789 2007-8-16 10:20 AM

2007 年 8 月份 Microsoft 安全性更新

[url]http://www.microsoft.com/taiwan/athome/security/update/bulletins/200708.mspx[/url]

SamR 2007-10-18 04:47 PM

Virut Virus (w32.virut)

[quote]A lot of users are infected with the [b][u]Virut Virus (w32.virut) [/u][/b]nowadays. This is a file infector which infects every .exe and .scr file
More info here:
[url=http://www.symantec.com/security_response/...-99&tabid=2]http://www.symantec.com/security_response/...-99&tabid=2[/url]
[url=http://vil.nai.com/vil/content/v_141751.htm]http://vil.nai.com/vil/content/v_141751.htm[/url]
[url=http://free.grisoft.com/doc/virbase/us/frt...m=Win32%2FVirut]http://free.grisoft.com/doc/virbase/us/frt...m=Win32%2FVirut[/url]

This infection is mainly getting installed via [b]cracksites[/b][color=Red]  [/color]and [b]keygensites[/b].[/quote]

感染 .exe 及 .scr 檔案。
程式碼本身有缺陷,感染不完全,造成目標檔案損毀。
目前沒救......re-install windows.

geck789 2007-10-19 01:15 AM

Changelog for Opera 9.24 for Windows

Opera 9.24 for Windows is available for download.
Release Notes

This release is a recommended security upgrade. See the Security section for additional information.
Changes Since Opera 9.23
Security
Fixed an issue where external news readers and e-mail clients could be used to execute arbitrary code, as reported by Michael A. Puls II. See our advisory.
Fixed an issue where scripts could overwrite functions on pages from other domains. See the advisory. Issue reported to Opera by David Bloom.

[url]http://www.opera.com/docs/changelogs/windows/924/[/url]

SamR 2007-10-20 01:02 PM

RealPlayer Zero Day Exploit Hits the Web

[url=http://www.avertlabs.com/research/blog/index.php/2007/10/19/realplayer-zero-day-exploit-hits-the-web/]http://www.avertlabs.com/research/blog/index.php/2007/10/19/realplayer-zero-day-exploit-hits-the-web/[/url]


[quote]Last night we obtained a sample of a RealPlayer zero day exploit. RealPlayer 11 Beta, 10.5, and older versions are affected.  Today’s DATrelease, version 5145, contains detection under the name [url=http://vil.nai.com/vil/content/v_143459.htm]Exploit-RealPlay.a[/url]. At this point, exposure appears to be limited, but we can expect publicexploit code to surface before too long.  At that point exploitation islikely to follow the path of many other drive-by exploits and becomefairly well distributed.[/quote]


[quote]
At the time of this posting, no patch for the problem was available. Ifyou use RealPlayer, [b]consider removing the RealPlayer ActiveX add-onfrom Internet Explorer or even uninstall RealPlayer entirely[/b].[/quote]

SamR 2007-10-21 10:14 AM

RealPlayer issues security patch

[quote]原帖由 [i]SamR[/i] 於 2007-10-20 01:02 PM 發表
[url=http://www.avertlabs.com/research/blog/index.php/2007/10/19/realplayer-zero-day-exploit-hits-the-web/]http://www.avertlabs.com/researc ... ploit-hits-the-web/[/url]





[/quote]

[b]RealPlayer issues security patch[/b]

[url=http://service.real.com/realplayer/security/191007_player/en/]http://service.real.com/realplayer/security/191007_player/en/[/url]

[[i] 本帖最後由 SamR 於 2007-10-21 10:15 AM 編輯 [/i]]

uhthn2002 2007-10-28 08:29 AM

Storm worm strikes back

The Storm worm is fighting back against security researchers that seek to destroy it.The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says Josh Korman, host-protection architect for IBM/ISS, who led a session on network threats.A recently discovered capability of Storm is its ability to interrupt applications as they boot up and either shut them down or allow them to appear to boot, but disable them.

[url=http://www.networkworld.com/news/2007/102407-storm-worm-security.html]http://www.networkworld.com/news/2007/102407-storm-worm-security.html[/url]

tbgtbgtbg 2007-11-5 10:19 PM

各位網友大家好
經過Foxy團隊重複測試後
目前確認的原因為7/10-7/16之間AVG防毒軟體的更新系統
將Foxy判別為帶有危險的軟體(Trojan horse SHeur.WEN)
彈出Dialog Box:

無法執行檔案:
C:\Program Files\Foxy\Foxy.exe
Create Process失敗。代碼5。
存取被拒

導致目前有更新AVG的網友們
無法在使用Foxy或是安裝Foxy

經過我們的測試使用
以下方法可以讓大家再繼續使用Foxy與AVG防毒軟體:
1.請大家將Foxy完全移除與刪除
   包含您當初安裝Foxy時用來存放檔案的Download資料夾與Temp資料夾等
   相關於Foxy的所有資料夾與程式。

2.再請大家將AVG防毒軟體也完全移除,
   確認刪除後,
   再請重新至AVG防毒軟體重新下載安裝一個全新的AVG防毒軟體。
   
3.安裝完成AVG後,請至Foxy官網上重新下載Foxy1.9.3版本,
   即可以順利繼續使用。

※這三個步驟的最大重點在於刪除過程,一定要徹底清除
    原有的Foxy資料夾與程式,防毒軟體也必須完全重新安裝,
    以避免AVG 7/10-7/16的更新系統辦別資料還留存。

SamR 2007-11-9 12:32 PM

Mozilla Firefox jar URI cross-site scripting vulnerability

http://www.kb.cert.org/vuls/id/715737

[quote]I. Description
The jar protocol is designed to extract content from compressed files. Mozilla based browsers include support for jar: URIs that are of the form jar:[url]![filename path]

From the[url=http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues]GNUCITIZEN[/url] blog,

[i][b]      jar[/b]: content run within the scope/origin of the secondary URL. Therefore, a URL like this: jar:https:// example.com/test.jar!/t.htm, will render a page which executes within the origin of https://example.com.[/i]

Since the script in the webpage at the second URL runs in the context of the first URL's page, a cross-site scripting vulnerability occurs.

To successfully exploit this vulnerability, an attacker could place or link to a specially crafted archive file on a site and convince the user to open the file with a Mozilla based browser. An attacker could use sites that allow user-submitted content distribute malicious archived files.[/quote]

[quote]SolutionWe are currently unaware of a practical solution to this problem.
[b]Workarounds for network administrators and users[/b]
[list][*]Using proxy servers or application firewalls to block URIs that contain  jar: may mitigate this vulnerability.[*]NoScript version [url=http://noscript.net/getit#devel]1.1.7.8[/url] and later may prevent this vulnerability from being exploited.[/list][/quote]

Note:NoScript 官方版本是 1.1.7.7 ,其他為非官方式版本或Beta版本

Update:NoScript 官方版本已升級為 1.1.7.8  :smile_40:

[[i] 本帖最後由 SamR 於 2007-11-11 07:36 AM 編輯 [/i]]

SamR 2007-11-13 12:23 PM

Chinese Trojan on Maxtor HDDs spooks Taiwan

http://www.channelregister.co.uk/2007/11/12/maxtor_infected_hdd_updated/

[quote]As first reported by [i]El Reg[/i] in September a pre-installedTrojan named [url=http://www.viruslist.com/en/viruses/encyclopedia?virusid=160221]AutoRun-AH[/url] was discovered by [b]Kaspersky Labs[/b] on [b]Maxtor[/b] [b]3200[/b]external hard drives sold in the Netherlands.[/quote]

[quote]But following a subsequent investigation the firm confirmed that an unspecified number of Maxtor Basics Personal Storage 3200 drives [b][u]sold after August 2007[/u][/b] were indeed contaminated by malware during the manufacturing process. It traced the problem to an unnamed sub-contractor in China.[/quote]

SamR 2007-11-27 05:26 PM

New QuickTime bug opens XP, Vista to attack

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=software&articleId=9048678&taxonomyId=18&intsrc=kc_top

[quote]attackers can exploit the flaw by duping users into visiting malicious or compromised Web sites hosting specially-crafted streaming content, or by convincing them to open a rigged QTL file attached to an e-mail message.[/quote]

[quote]A successful exploit would let the attacker install additional malware-- spyware or a spambot, say -- or cull the system for information likepasswords. An attack that failed would likely only crash QuickTime.[/quote]

[quote][b]Apple[/b] did not respond to questions about the QuickTime vulnerability and its plans for patching the program.[/quote]

SamR 2007-12-5 08:30 AM

Merry Christmas and Santa gift

[url]http://www.f-secure.com/weblog/archives/00001327.html[/url]

"A dear friend has sent you an ecard from [website(hxxp://www.xxxxGreetings.com)]. Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print. To view your ecard, click here,"

[b]Zapchast mIRC-based backdoor[/b]
頁: [1] 2 3 4
查看完整版本: 最新電腦惡意程式及保安警告