SCF Advanced Search

  • Total Posts: 40153
  • Total Topics: 14262
  • Online Today: 834
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Cybercrooks add QuickTime, WinZip flaws to arsenal  (Read 3449 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
Cybercrooks add QuickTime, WinZip flaws to arsenal
« on: 21. May 2007., 22:03:48 »
Cybercrooks are trying to breach PCs through previously unexploited security holes in QuickTime and WinZip, security firm Symantec warned on Thursday.

The attacks involve malicious Web sites rigged with multiple exploits, Symantec said in a security alert. The sites appear to be that of a trusted financial institution, but instead attempt to silently install keystroke-logging software, according to Symantec. Links to the sites are likely advertised in spam, it said.

Symantec discovered the attacks when one of the PCs that it uses as bait was breached earlier this week.

"This compromise was especially interesting, because the site made use of a QuickTime vulnerability discovered in January 2007 and a WinZip vulnerability discovered in November 2006," Symantec said. "Before our analysis, it was not known that these issues were being exploited in the wild."

QuickTime is Apple's widely used media player software, WinZip is a popular tool for compressing and decompressing files.

Now on
From bots to Woz, Maker Faire sizzles
Images: Blizzard counts down to 'Starcraft II'
MySpace to help AGs track sex offenders
Extra: Recreating the feel of water
Video: Dell's cool tech
 In addition to the QuickTime and WinZip flaws, the miscreants tried to breach the Symantec system via a pair of holes in Microsoft software, Symantec said. Fixes for all the vulnerabilities are available. Symantec's compromised machine was not patched, running Windows XP with Service Pack 1.

Online criminals typically use a variety of vulnerabilities in an attempt to break into a computer. There are even toolkits available to help attackers create malicious Web sites with a few mouse clicks.

"This discovery highlights both the importance of having a prompt patching schedule and the fact that attackers are keeping up with the times and constantly updating their attack strategies to help ensure ongoing success," Symantec said.


Samker's Computer Forum -

Cybercrooks add QuickTime, WinZip flaws to arsenal
« on: 21. May 2007., 22:03:48 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising