f-secure
Get flash to fully experience Pearltrees
Mitternachtshacking
Bruce arbeitet für Microsoft und die bisherigen Vorträge von Microsoft-Mitarbeitern (insbesondere auch der von Bruce Dang auf dem 25C3) waren immer sehr durchwachsen. Man konnte gut erkennen, dass die zwar viel wissen aber nichts davon sagen dürfen. Insofern ging ich mit niedrigen Erwartungen in diesen Vortrag. Microsoft hat das erste Sample eines Programmes das die LNK-Lücke ausnutzt von AV-TEST bekommen.
SANS Internet Storm Center; Cooperative Network Security Communi
One of the special features of Stuxnet was the use of a stolen private key to sign drivers. This made it harder to detect the injected files as malicious. Since (and before) Stuxnet, we have seen stolen keys used a few times. Most recently, Kaspersky is reporting about malware which employs a key stolen from Swiss company Conpavi AG [1]. Time to re-visit some of the best practices to secure the private key.When this particular variant is executed, it opens Internet Explorer with a specific page (lex.creativesandboxs.com/locker/lock.php) and prevents the user from doing anything else with the infected system. The webpage that was opened presumably showed some type of extortion message, but it's currently unavailable because the site is offline. The most straightforward way to unlock the system is to simply delete the trojan. This can be a bit tricky since the trojan prevents doing anything with the infected system, luckily the locking itself can be easily disabled first. Well, in the past, mobile malware often offered something such as "free" mobile web services as bait, but then, during installation, the trojan would display some kind of decoy error message.
