Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43424
  • Total Topics: 16521
  • Online today: 2639
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 2637
Total: 2639









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Samker
« on: 21. May 2007., 22:03:48 »

Cybercrooks are trying to breach PCs through previously unexploited security holes in QuickTime and WinZip, security firm Symantec warned on Thursday.

The attacks involve malicious Web sites rigged with multiple exploits, Symantec said in a security alert. The sites appear to be that of a trusted financial institution, but instead attempt to silently install keystroke-logging software, according to Symantec. Links to the sites are likely advertised in spam, it said.

Symantec discovered the attacks when one of the PCs that it uses as bait was breached earlier this week.

"This compromise was especially interesting, because the site made use of a QuickTime vulnerability discovered in January 2007 and a WinZip vulnerability discovered in November 2006," Symantec said. "Before our analysis, it was not known that these issues were being exploited in the wild."

QuickTime is Apple's widely used media player software, WinZip is a popular tool for compressing and decompressing files.

Now on News.com
From bots to Woz, Maker Faire sizzles
 
Images: Blizzard counts down to 'Starcraft II'
 
MySpace to help AGs track sex offenders
 
Extra: Recreating the feel of water
Video: Dell's cool tech
 In addition to the QuickTime and WinZip flaws, the miscreants tried to breach the Symantec system via a pair of holes in Microsoft software, Symantec said. Fixes for all the vulnerabilities are available. Symantec's compromised machine was not patched, running Windows XP with Service Pack 1.

Online criminals typically use a variety of vulnerabilities in an attempt to break into a computer. There are even toolkits available to help attackers create malicious Web sites with a few mouse clicks.

"This discovery highlights both the importance of having a prompt patching schedule and the fact that attackers are keeping up with the times and constantly updating their attack strategies to help ensure ongoing success," Symantec said.

CNET

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023