por Corey Nachreiner, CISSP, Analista de seguridad de la red, tecnologías de WatchGuard

[Nota del redactor: Este artículo suple la lista de los ataques demostrados en la parte 2 de la serie video, Análisis de Malware: Botnets. “Análisis de Malware: Botnets, pieza 2 demostraciones del ″ que un subconjunto pequeño de botnet ataca en la acción. Este artículo completa que el subconjunto con más ataca encontrado comúnmente en un arsenal de los herder del BOT. Los suscriptores de LiveSecurity pueden encontrar los videos, gratuitamente, en nuestro Clases particulares video página. –Scott]

Usted oirá a menudo los botnets descritos como cuchillo suizo del ejército “de un hacker.” Apenas mientras que un cuchillo suizo del ejército puede venir con una variedad loca de láminas, de tijera, y de destornilladores, los bots vienen con las hazañas y los comandos numerosos que permiten que los herders del BOT lancen muchos diversos tipos de ataques.

Desde la codificación encima de las tomas tiempo y habilidad de un cliente del BOT, la mayoría de los atacantes compran código del BOT en el subterráneo en línea. Los bots malévolos populares incluyen Phatbot, Agobot, y el que está demostrado en nuestro vídeo, Rxbot. Estos clientes del BOT utilizan código modular, así que si un herder del BOT no ama el arsenal de comandos sus ofertas del BOT, él agrega simplemente nuevos. Por ejemplos, lea encendido.

¿Qué se aparea mejor que zombis y el Spam?

Los herders del BOT leverage comúnmente sus bots como relais enormes del Spam. ¿Cómo enorme? Según un estudio reciente de Commtouch, el 87% de todo el email enviado sobre el Internet durante 2006 eran Spam. Esta e-chatarra generada hasta el Terabyte 1700

Severidad: Alto

9 de octubre de 2007

Resumen:

Hoy, Microsoft lanzó tres boletines de la seguridad que describían las vulnerabilidades que afectan Windows y los componentes que envían con él. Un atacante alejado podía explotar el peor de estos defectos ejecutar código en su PC de Windows, potencialmente ganando el control completo de él. Para una tabla que resume brevemente que las vulnerabilidades afectan que las versiones de Windows, consideran Microsoft Security Bulletin Summary for October and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.

Exposure:

Microsoft’s three security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the vulnerabilities from highest to lowest severity.

MS07-055 : Kodak Image Viewer Remote Code Execution Vulnerability

The Kodak Image Viewer ships with Windows and allows you to view digital images. Unfortunately, the Kodak Image Viewer suffers from an unspecified “code execution vulnerability” involving the way it parses specially crafted images. By enticing one of your users into opening and viewing a malicious image (for example, one from a web site or attached to an email), an attacker could exploit this vulnerability to execute code on your user’s machine, with your user’s privileges. If your user has local administrative

Severity: High

9 October , 2007

Summary:

Today, Microsoft released a security bulletin describing three vulnerabilities in Internet Explorer. By tricking one of your users into visiting a maliciously crafted web page or into opening a maliciously crafted HTML email, an attacker could exploit five of these new vulnerabilities to execute code on your user’s computer, with your user’s privileges. In the worst case, the attacker could gain complete control of the victim computer. If you use Internet Explorer in your network, you should download, test, and deploy the appropriate Internet Explorer patches immediately. The patches fix the newly announced vulnerabilities, in addition to all previous ones.

Exposure:

In a security bulletin released today as part of their monthly patch update, Microsoft describes three vulnerabilities in Internet Explorer (IE) versions 5.01, 6.0, and 7.0.

The worst of these three vulnerabilities has to do with a flaw in the way IE handles a certain error involving file downloads. Triggering this error in a particular way causes memory corruption. By luring one of your users into visiting a malicious web page that forces this error, an attacker can exploit this memory corruption vulnerability to execute code on that user’s computer, with that user’s privileges. Typically, Windows users have local administrative privileges, in which case the attacker could gain complete control of their machines.

The remaining two flaws both involve

Severity: High

9 October, 2007

Summary:

Today, Microsoft released two security bulletins describing vulnerabilities affecting different Microsoft Office packages including Word (for Windows and Mac), Office SharePoint Server 2007, and Windows SharePoint Services 3.0. By enticing one of your users into opening a maliciously formed Office file, an attacker could exploit the worst of these flaws to execute code on your user’s computer, with your user’s privileges, potentially gaining control of that computer. If you use Office, Word, or SharePoint in your network, you should download, test, and deploy the appropriate patches immediately.

Exposure:

Microsoft’s two security bulletins describe vulnerabilities found in Word, Office SharePoint Server 2007, and Windows SharePoint Services 3.0. The summary below lists the vulnerabilities from highest to lowest severity.

MS07-060: Word Memory Corruption Vulnerability

Microsoft Word for Windows and Mac suffers from an unspecified memory corruption vulnerability. By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit this vulnerability to execute code on that user’s computer, with that user’s level of privileges and permissions. If your user has local administrative privilege, the attacker gains full control of the victim machine. Microsoft’s bulletin doesn’t specify exactly what sort of Office document triggers this vulnerability. We assume typical Word documents (.DOC) trigger the flaw, but we also have to assume that other Office documents could potentially trigger it as well.
Microsoft rating: Critical.

About three weeks ago, word of an Adobe security flaw began to do the rounds.  It has taken Adobe three weeks to finally get around to announcing the problem.  The vulnerability allows a hacker to take control of a Windows XP system if it has IE7 installed.  Considering the amount of people that run IE7, it is probably quite a lot of systems.

The vulnerability exists in Adobe Reader 8.1 (and previous versions) Acrobat Standard, Professional and Elements 8.1 (and previous versions) and Acrobat 3D.  It is the reader vulnerability that makes this a particularly serious threat as the number of people using Acrobat is somewhat limited.  What machine doesn’t have a copy of Adobe Reader installed? It is free and PDF is the format of choice for a lot of written material online.

Adobe has released a temporary solution.  It involves making modifications to the Windows Registry, which tends to frighten away all but the power users.  The good news is that a real fix is on the way and should be here before the end of October.  Expect to see more of this type of vulnerability appearing in other programs and be careful where you click.

Hacked GOP Site Infects Visitors with Malware
The now-infamous Storm Trojan horse is using new distribution methods to attack unsuspecting victims. Where it once used e-mail attachments or embedded links in spam, it has now turned to website exploits, recently infecting PC users through a Republican party website in Wisconsin, USA.

Read More

Germany Arrests 10 in Global Internet Scam Raids
After an 18-month probe, German police have arrested 10 people in Russia, Ukraine, and Germany in connection with an international Internet scam that may have cost hundreds of thousands of Euros from victims. The accused used phishing techniques to lure bank customers into answering fake Ebay or Deutsche Telekom e-mails, and then installed a Trojan horse to record their personal data.

Read More

Great Firewall of China More Like Chain-Link Fence
Researchers at the University of California at Davis and the University of New Mexico have proven that banned terms can slip through the government-imposed firewall for Internet surfing in China. Even with the occasional slip in security, most citizens still avoid searching for banned terms and concepts for fear that their Internet activity is being monitored by the Chinese government.

Read More

Financially Motivated Malware Thrives
As malware becomes more and more lucrative, software programs are being released that allow any unskilled hacker to earn a living sending spam. In September, a group of Russian hackers released a malware kit for $200 U.S. with information on how to become a master spammer.

Read More