In Today’s News (10/04/2011)

By | October 4, 2011

Source: Internet Security Alliance Daily Brief

Crazy square barcodes can point your phone to malware. October 3, The Register – Russian VXers have begun using QR codes as a launchpad for mobile malware. A recently identified malicious Quick Response code on a Russian Web site links through a series of redirections to a site punting a trojan version of the Jimm mobile ICQ client. Android users who follow the links and install the application will be infected with malware that sends text messages to premium-rate SMS numbers, net security firm Kaspersky warned. Source:

Symantec IM Manager multiple vulnerabilities. October 3, Help Net Security – Multiple vulnerabilities have been reported in Symantec IM Manager, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks, according to Secunia. Input passed to the “refreshRateSetting” parameter in IMManager/Admin/IMAdminSystemDashboard.asp, “nav” and “menuitem” parameters in IMManager/Admin/IMAdminTOC_simple.asp, and “action” parameter in IMManager/Admin/IMAdminEdituser.asp is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a browser session in context of an affected site. Also, an input validation error exists within the Administrator Console. Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerabilities are reported in version 8.4.17 and prior. Source:

iPhone 5 spam emails lead to malware. October 3, Help Net Security – Apple expects to unveil the next iteration of its popular iPhone during a press event scheduled for October 4. As the excitement regarding the release of the new iPhone slowly reaches its peak, malware peddlers are taking advantage of the hype. E-mails containing an offer to preview the new device were hitting inboxes October 3, and were luring users into clicking on the link, which takes them to a Windows executable. The file — iphone5(dot)gif(dot)exe — is hosted on a compromised server. Once downloaded and executed, the file shows to the user a bogus “iPhone5” image while installing an IRC bot in the background, which connect to a remote server. “Infected machines can be centrally controlled via this server and are exposed to things such as credit card theft,” according to F-Secure. Source:

Chrome updates to repair Microsoft false alarm damage. October 2, H Security – A new version of Google Chrome is now available; the latest stable release has the version number 14.0.835.187 and the latest beta version, 15.0.874.58. The update stops Microsoft Security Essentials (MSE) virus scanner from incorrectly classifying the browser as part of the banking trojan PWS:Win32/Zbot (Zeus). A bad patch for Microsoft Security Essentials, Microsoft Forefront, and Microsoft Defender meant the scanners were identifying chrome.exe as malware and proposing to delete the browser. Microsoft released an unscheduled signature update September 30 to halt the false detection. The Chrome update should assist those who have been affected by MSE’s incorrect detection and deletion by repairing the installed versions of Chrome. Source:

Mobile malware masqueraded as Opera Mini. October 1, Softpedia – Cybercriminals are taking advantage of the fact that Opera Mini is one of the most popular mobile browsers and creating a fake Web site which stores a piece of malware that looks like a genuine installation file. Trend Micro discovered the site that resembles the official Opera page and that was specially made to be accessed from mobile devices. The content of the page is in Russian so that is the most likely origin of the hackers. The visitor is immediately alerted that “Your version of Opera Mini browser is out of date, further work may not be correct and lead to enexpected errors and crashes! You need to urgently upgrade Opera Mini to version 6.1!” The java file that is downloaded was detected as being J2ME_FAKEBROWS.A. Upon execution, the virus checks if the mobile device uses specific message service centers and if a match is found, it starts sending simple text messages to a phone number encoded in the data.res file. The string “424626 357 OX” is sent to specified premium numbers using the SMS service of the machine. Devices that support MIDlets are the ones vulnerable in front of this piece of malware. Source:

Leave a Reply