Skip to navigation
   
Davey Winder's Blog
RSS

201 new security vulnerabilities

By Davey Winder in Editorial

Posted in Blog, Security on June 30, 2010 at 6:17 pm

Permalink | Author Profile

The sun may well be shining but, as far as IT security is concerned, the summer has got off to a pretty poor start. According to the Fortinet Threat Landscape report for June, which has just been published, the FortiGuard Labs covered 201 new vulnerabilities this period. I’ll repeat that, more than 200 NEW vulnerabilities in the space of a month and that’s nearly double the number from last month. Of these, some 71 (or 35% if your prefer) were being actively exploited by the bad guys before the month was out.

Some so-called security trend reports are little more than crystal ball gazing, to be honest, but I tend to take the FortiGuard Labs one more seriously as it is compiled using threat statistics and trends based on data collected from FortiGate network security appliances and intelligence systems out there in production worldwide.

This reveals that in the space of one month there have been four Flash and Excel vulnerabilities (all disclosed and patched in the same period), a hit-and-run attack for the Internet Explorer HTML Object Memory Corruption Vulnerability (CVE-2010-0249) which first surfaced in January 2010 and was used in the Aurora attacks, as well as some nefarious activity by the Sasfis botnet.

“We observed Sasfis loading a spambot component, which was heavily used to send out binary copies of itself in an aggressive seeding campaign” said Derek Manky, project manager, cyber security and threat research, Fortinet. “The Sasfis socially-engineered emails typically had two themes; one looked like a fake UPS Invoice attachment, and the other was disguised as a fees statement. Much like the Pushdo and Bredolab botnets, Sasfis is a loader - the spambot agent is just one of multiple components downloaded.”

Then there has been the malicious JavaScript code which, in terms of malware, was the only detection that topped those botnet binaries. Obfuscated JavaScript code identified as JS/Redir.BK showed a surge of activity on June 12th and 13th, redirecting unsuspecting users to various legitimate but compromised domains. These hosted an injected HTML page named z.htm and circulated through an HTML attachment in spam emails.

“There is no doubt that JavaScript is one of the most popular languages used today for attacks” Manky warns “it is used in a growing number of poisoned document attacks (PDF), particularly with heap-spray based techniques. It’s also used to launch exploits, and it is popular as a browser redirector to malicious sites, since the JavaScript code can be obfuscated and appear to be more complex than traditional IFrame based attacks from the past.”

12345
Not yet rated
Loading ... Loading ...

Previous Post

 
 
Comments

Comment by chi hair straightener - August 3, 2010 on 12:53 am

nice post

Comment by wholesale baseball hats - March 25, 2011 on 6:48 am

I’m sure you had fun writing this article. Comfortably, the article is really the sweetest on this precious topic.

Comment by pandora bracelets - April 23, 2011 on 7:35 am

pandora bracelets is very beautiful. I like pandora charms very much. Everyone may want to buy pandora jewellery. pandora beads sells very well. pandora bracelets sale also very well. pandora charms sale very well. These glass pendants are trendy pandora jewellery uk articles and may also make excellent presents on all occasions. pandora is a kind of jewellry. pandora sale very good. pandora uk is very famous. pandora charms sale uk The demand in tiffany jewellery is increasing rapidly. It is recommended employed to have prior knowledge of the important aspects of the cheap tiffany uk to assist you avoid such situations. In many respects mens silver tiffany jewellery uk is the superb binary edged sword of xmas or wedding gifts. tiffany and co gives a number of bracelets, earrings, necklaces to its customers. I hope everyone would like tiffany co jewellery. thomas sabo is a good band in jewellry. The thomas sabo uk brand isn’t only cool with regards to its style and look, but it also has utility and functional value. thomas sabo charms sale well. thomas sabo bracelets are very beautiful. Everyone want to buy thomas sabo jewellry. thomas sabo sale very well.

Comment by dennis - August 22, 2011 on 3:42 am

www.buyravensjersey.com looks so cool, get your jersey there !!

Trackback by Nick Tito - February 9, 2012 on 5:43 am

greenpeace international facebook…

[…]all possibilities set before him before he handed down his dying sentence to […]…

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

data e lawsuit Recall malware global Voice Apple PS3 Mars adware Gadget NASA iPhone storage gadgets Dell information ISP EU meme ASUS Browsers outsourcing Microsoft books management open source Experiment iPod Windows Phone 7 Series cloud App HPC sick Digital Footprint earth hour AMD President Browser hoax prison network Employment Kill Switch linkedin Spotify Digg tech development Guardian printing Conference Harry Potter Internet Explorer computer Yahoo MSN payments IT Death Jesus Phone archiving acquisition McKinnon App Store Business CAPTCHA Parenting disclosure spending worm wifi iPhone 3GS stupid desktop report Psychic economy Big Brother Tesco support Cisco workplace ecommerce recession universe eBook Enterprise Advertising Meh Nintendo surveys Linux Marketing spam Press Project Battery Madness web 2.0 InfoSec GSM Palm Pre VPN service Deal botnet worker xmas social networking rootkits family money productivity Rant Space Health Netbook BOFH Analysis remote working black hat FBI staffing mail Supercomputer office Palm privacy poll Zango Energy home Michael Jackson Google graphics second life Research Opinion Windows Performance computing crime ROFL Porn banking Developers e-commerce iPad The Federation admin computers RAM Notebooks DNS students Video Blog Children Android Flash banks Ballmer terrorism Study fun encryption code SMS web Military symantec hacker OS Eee PC Addiction holidays statistics theft Sony museum stupidity Rumour transactional security man-in-the-middle Europe Education Geeks Gateway Russia MSNBC Government copyright Hack fraud Finjan Music Google Earth IBM Psion standards digitise teleworking dumb Mafia mobile Review search payment server virus gaming YouTube Eee virtualisation Bill Gates Texas Instruments Acer email shopping work betting policy Jobs ISPA snooping Funny Microchip MessageLabs nightmare Windows 7 hacking Twitter innovation Sex Web Development Kaspersky Amazon Silverlight Army Pirate fool console Programming Retail avatar survey OCR IDC Top 500 VM SSL Gartner hubdub Trojan smartphone Noro green patent campaign biometrics size politics broadband Texting Kin RATM fake scareware memory MiniBook Mobile Phone Election Steve Jobs Scotland ID Theft Game games Top 10 economics services Networks Internet Steve Ballmer technology Paris Hilton football GMail Beta tax Patents migration exploit credit crunch Kindle debian Architecture phishing Banned Obama virtual world Trousers Firefox trust Backlash USA VeriSign Mobile Phones NBC chips virtual machine security scam compromise patch management credit card fraud computing hardware Media parental control Lotus carbon copy science Data Centre Adobe Licensing Apps Nexus BSI XP millions School help law Olympics Software HP remote documentation world of warcraft Intel library Facebook Blogging environment christmas news China IP Johnny Depp Vista Application data protection scan iPhone 3G monetisation hypervisor
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement