http://www.m86security.com 120 http://www.m86security.com/images/logos/m86_logo_120x38.jpg 38 http://www.m86security.com/labs/ News and commentary about Internet-borne security threats from M86 Security. 1440 en-us Sat, 04 Feb 2012 06:31:52 GMT Copyright 2012 M86 Security. All Rights Reserved. webmaster@m86security.com (M86 Security Webmaster) http://www.m86security.com/rss/trace.asp http://labs.m86security.com/2012/01/midi-files-mid-way-to-infection/ http://labs.m86security.com/?p=4335 Microsoft’s January patch MS12-004 addressed a few vulnerabilities in Windows Media components. One particular issue, CVE-2012-0003, can be exploited via Windows Media Player ActiveX, as it leverages a heap overflow occurring in ‘midiOutPlayNextPolyEvent’ function within the Windows Multimedia Library, winmm.dll. The bad guys didn’t waste time and this vulnerability is now exploited in the wild as [...] Tue, 31 Jan 2012 08:00:00 GMT http://labs.m86security.com/2012/01/massive-compromise-of-wordpress-based-sites-but-%e2%80%98everything-will-be-fine%e2%80%99/ http://labs.m86security.com/?p=4299 A few days ago, hundreds of websites, based on WordPress 3.2.1, were compromised. The attacker uploaded an HTML page to the standard Uploads folder and that page redirects the user to the Phoenix Exploit Kit. Its logs show that users from at least four hundred compromised sites were redirected to Phoenix exploit pages.  Here is [...] Mon, 30 Jan 2012 08:00:00 GMT http://labs.m86security.com/2012/01/zbot-trojan-spreads-through-fake-conedison-billing-notification-email/ http://labs.m86security.com/?p=4276 Today we came across a new malicious spam campaign that is actively sent out by the Cutwail spam botnet. The suspicious email claims to be a bill summary from the New York-based energy company Con Edison, Inc. It may use the subject line “ConEdison Billing Summary as of <DATE>” and the attachment uses the filename format [...] Fri, 13 Jan 2012 08:00:00 GMT http://labs.m86security.com/2012/01/web-hijacks-with-ajax/ http://labs.m86security.com/?p=4257 Malware authors always seem to closely monitor trends in Web security development in order to create a variety of browser-based attacks. Just to name a few, techniques such as code obfuscation, plug-in detection and affiliate management are often used. This is why we, at M86 Security, weren’t surprised to see a malicious site which loads [...] Tue, 03 Jan 2012 08:00:00 GMT http://labs.m86security.com/2011/12/prevalent-exploit-kits-updated-with-a-new-java-exploit/ http://labs.m86security.com/?p=4213 Until recently, most of the vulnerabilities exploited by popular exploit kits were found last year or even earlier. Moreover, it would take authors at least a month to update their kits with the new exploits that had been discovered in the wild. However, in the past few weeks, authors released an updated version of their [...] Fri, 16 Dec 2011 08:00:00 GMT http://labs.m86security.com/2011/12/a-new-adobe-0-day-in-the-wild-%e2%80%93-%e2%80%93-but-no-worries-you-are-already-protected-with-our-secure-web-gateway/ http://labs.m86security.com/?p=4205 Yesterday Adobe released an advisory for a vulnerability in the Adobe Reader and Adobe Acrobat products. The vulnerability, titled ‘U3D Memory Corruption Vulnerability’ was part of a targeted attack and discovered by Lockheed Martin’s Computer Incident Response Team. This is not the first time a targeted attack has been aimed at the US defense industry. [...] Wed, 07 Dec 2011 08:00:00 GMT http://labs.m86security.com/2011/12/cutwail-spam-campaigns-lure-users-to-blackhole-exploit-kit/ http://labs.m86security.com/?p=4176 Over the past few days the Cutwail botnet has been sending out malicious spam campaigns with a variety of themes such as airline ticket orders, Automated Clearing House (ACH), Facebook notification, and scanned document. These campaigns do not have malware attachments, instead the payload is delivered via links to malicious code hosted on the web. [...] Thu, 01 Dec 2011 08:00:00 GMT http://labs.m86security.com/2011/11/truetype-but-not-truly-safe-the-new-zero-day-event/ http://labs.m86security.com/?p=4163 A new vulnerability in Windows, CVE -2011-3402, has been recently identified and is already exploited in the wild.  For now, only a handful of targeted attacks have been found. The vulnerability exists in Windows TrueType Font Parsing Engine and affects most Windows versions, including Windows 7. An attack involves a file which has a maliciously [...] Tue, 08 Nov 2011 08:00:00 GMT http://labs.m86security.com/2011/10/steve-jobs-alive-spam-campaign-leads-to-exploit-page/ http://labs.m86security.com/?p=4142 It was a sad day in the technology industry with the recent passing of Apple’s legendary leader, Steve Jobs. Unfortunately, the cyber-criminals see this as an opportunity. Today, we started seeing a Steve Jobs spam campaign, with the subject suggesting that he is still alive. Steve Jobs Alive! Steve Jobs Not Dead! Steve Jobs: Not Dead [...] Fri, 07 Oct 2011 08:00:00 GMT http://labs.m86security.com/2011/10/new-google-adwords-phish-in-the-wild/ http://labs.m86security.com/?p=4108 For those of you who have a Google AdWords account, be wary of a new Google AdWords spam campaign we have seen in-the-wild earlier this week. The spam email may use the following subject lines: Google AdWords: You have a new alert. Google Team: You have a new alert Here is an example of the [...] Tue, 04 Oct 2011 08:00:00 GMT