Tuesday, 24 February 2009

Zero Day Vulnerability in Microsoft Excel

Microsoft have released an advisory about a vulnerability in Microsoft excel. This vulnerability could allow remote code execution.
Malicious excel file could be sent through email (spam) or crafted to be downloaded from a remote server. When the user executes the file there could be a arbitrary (shell code usually) code execution with the same privilege of the user.

Computer users are advised not to open any emails/pdf's (there was a recent vulnerability in adobe pdf) from untrusted sources.

Sunday, 15 February 2009

Twitter and ClickJacking

In an interesting development microblogging websiteTwitter was made to broadcast messages due to clickjacking flaw.
ClickJacking is a vulnerability in adobe product which dupes users from clicking on internet URL's. User may assume that he is clicking the google (or any other benign) link but he's redirected to money transering or Viagra pharmacy webpage.

Thursday, 5 February 2009

Parking Ticket used for Social Engineering

Bad guys are said to have come up with new social engineering trick to lure users in visiting their malicious websites.
Parking tickets with false parking violations is believed to be found on vehicles with the following message

PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to [website-redacted]

People visiting the websites are installed with browser helper objects (BHO) and are forced to use fake-AV softwares