Thursday, 23 July 2009

Adobe Flash Zero Day

July seems to be a very busy month for Security folks and malware authors , we have already seen three zero day exploits Microsoft Activex Control , MS Office web components and Firefox3.5 . As an addition to this list we are seeing a new zero day vulnerability exploiting the Adobe flash.

This is an unpatched Adobe flash player vulnerability being exploited in the wild.
According to this report Adobe pdf reader's ability to support SWF component is misused to spread this exploit by fooling the users to open a pdf with an embedded malicious swf file(flash).

According to this analysis. A sample of the pdf malware with exploit crashes when run and drops a executable(Suchost.exe) embedded inside the pdf. It also tries to connect to a remote server by doing a dynamic ip lookup.
The dropped exe adds itself to the startup list ( programs which run on starting your computer) and further drops a malicious sys and dll file.
Unfortunately major AV vendors have a poor detection. So dear readers please don't open any untrusted pdf's or flash files.

Wednesday, 22 July 2009

Mystical Cloud

I'm talking about Cloud computing , SAAS (software as a service) , hybrid cloud etc. I was reading an article about Cloud computing. Cloud or SAAS is a software service offered over the web or public network. Best example for Cloud at the moment is Google Apps (like Google Docs).

From the security perspective Cloud Security and DLP (Data Loss/Leakage Prevention) are the latest buzz in the industry. All the vendors are investing and trying to conquer, by coming up with new products in these market. DLP by itself like cloud is very wide topic which involves cryptography.


There are lots of benefits in Cloud computing , users just need to have broadband rest is handled by cloud service provider. Users don't have to worry about installing different applications or maintaining it. (I would expect a day in the future where users only have a browser on their machine and rest all the services including most of the Operating system functionalities are moved to the cloud or core functionalities embedded within the browser ).

Concerns ?

Security would be the major concern because you will be fully trusting an unknown (or known but not guaranteed) service provider. You will be storing all your documents and company information trusting the infrastructure and security of the service provider. The service provider at some point may sell your data to a third party without consent or their may be a breach in their security .

Computer Security in Cloud is also a major concern, as present Malware which are in the form of Trojans , Viruses or Worms may evolve and target more browsers or use exploits in mass volume rather than targeting individual users and there could also be a botnet operating in the clouds!! .

Like every technology there are pros and cons for Cloud computing security industry should work together and plan properly to thwart any security loop holes before embracing this in both hands.

Wednesday, 8 July 2009

New MyDoom Variant

Don't be scared its not confirmed yet. Those of you who don't know what MyDoom is, there was a nasty mass mailing worm MyDoom back in 2004 . According this post they reckon that its the new variant of the MyDoom worm.
This worm is said to have caused large DDOS(distributed denial of service) attack on US and Korean websites.