DDoS and Security Reports

I spend a lot of my time looking at malicious code and where it gets loaded, but I don’t get to spend much time digging into big, widespread attacks or specialized exploits. However, here’s a few links from my reading this morning that help keep me informed since I can’t spend all of my time digging too deeply into every event.

• We’ve written and talked about botconomics before, basically how the botnet world has been fueling a large-scale underground economy. Have a look at Spyware authors offer dollars for downloads from vnunet.com, which summarizes a paper from MessageLabs.
• There’s been interest in the Excel Vulnerabilities fixed in MS08-014, and the exploit code has been found being used in the wild. For a good writeup about that attack vector, have a look at More analysis on the MS Jet Exploits camouflaging as Microsoft Word files, posted on the Avert Labs Blog.
• One of the popular drive by download kits, Neosploit, has been updated with new exploits according to Symantec. The big one here is the CA BrightStor ‘AddColumn()’ ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability. We’ve known about this for a while.
• Speaking of client-side attacks, one tool that’s commonly used to analyze them is Capture-HPC. When mixed with a live, vulnerable browser, you get a rich set of information. Version 2.1 has been released, it’s worth adding to your analysis toolkit.

Popularity: 1% [?]

This entry was posted on Thursday, March 27th, 2008 at 11:38 am and is filed under Botnets, Exploit Code, Forensics, Interesting Research, Malware. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.