Drive-by installations of malicious code

Websense Security Labs is seeing large increases in drive-by installations of malicious code that is hosted on websites that are using the Web Attacker Toolkit. When a user visits one of the nearly 1000 sites that are being used to run code without user intervention, a Trojan Horse is downloaded and run. It can log keystrokes, download additional code, or open backdoors on the user's machine.

The kit is being sold on the Internet for as little as $20 and can be purchased and downloaded from a website hosted in Russia (see http://www.theregister.co.uk/2006/03/27/spyware_diy/). The Web Attacker tool also includes a nice graphical interface and an instructional manual to assist in configuring your server for the exploit. Along with that are details about which anti-virus engines cannot detect it, and how it works.

The kit has the ability to detect the visiting user's browser through the user agent and will serve one of seven different exploits based on the browser settings. It includes exploits for a number of different browsers and browser versions.

What is also interesting is that the websites that are hosting the malicious code also include a statistics page that shows the number of infected clients, percentage of clients that have been infected, and a breakdown by country, Operating System, and browser.

As you can see from the screenshot below, the percentage of successful infections is quite high. On average we are seeing between 3% and 13% overall success rate. It is also interesting to notice the large number of machines that are not patched for older exploits. The statistics also show a column called "zero-day". These exploits are not zero-days anymore, because Microsoft has patched them; however, this remains the largest percentage of infections.

Although we are still collecting statistics, our original research leads us to believe that there are more than 10,000 successful infections of users who have visited one of the malicious sites.

We have translated some of the Russian from the screen below that appears on their site:

Dear Friends! We would like to offer you multi-component exploit Web-Attacker IE604, that realizes vulnerabilities in the internet browsers Internet Explorer and Mozilla Firefox. With the help of this exploit you will be able to install any programs on the local disks of visitors of your web pages. In the foundation of work of the exploit Web-Attacker IE0604, there are 7 already-known vulnerabilities in the internet browsers: Objective of the Exploit: Hidden drop of the executable from the deleted source to the local hard drive of the site visitor.

-Bypasses all security measures

-Is not blocked by Firewalls [Agnitum Outpost, Zone Alarm, Sygate Personal Firewall] -Tri-level protection -Flexible installation -Updates -Detailed Statistics

Screenshots are available within full alert.

For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=472

Violent Video Games, Weak Statistics And Sensationalistic Headlines

This story is from techdirt.com

It seems one of the more controversial areas of study lately surrounds violent video games. It seems like every few months a new study comes out, and the results are always sensationalized, even if the details of the study usually don't add up to very much. Much more telling is the fact that as graphically violent video games have become more popular, incidents of youth violence continue to drop when you would expect it to go the other way. Obviously, this is an area that could use more research -- but so much of it seems to have serious problems. The latest "research" has come out on violent video games, and it's grabbing lots of headlines, claiming that violent video games are linked to "risky behaviors" and increase paranoia. Other headlines point out the "major public health issue" and the "negative impact on youth". Of course, the most sensationalistic claim is that somehow this study suggests violent video games make young males more likely to smoke marijuana. Of course, given that the effects of marijuana are supposed to make people less likely to go out and do stuff, it would seem to go against the view that violent video games lead to actual violence. Either way, it would seem that the press covering this story might want to dig a bit deeper into the facts. The study involves a fairly small sample size (100 young men) to start. Also, the fact that playing such games increases your blood pressure seems sort of obvious. People who are engaged in a video game are likely to have their blood pressure rise. That just means they're really engaged in the game. As for the "leads to pot smoking" claim, this one deserves the most investigation -- and one person who claims to have seen the study (if anyone has a copy, we'd love to check it out) says that what the study actually showed was that both the violent video gaming group and the control group said that marijuana was bad for your health on a six point scale. It's just that the violent video game play group found it slightly less bad. To suggest that this means violent video gamers are more likely to actually engage in such things seems like a huge stretch -- but it sure makes for good headlines.

Apple launches software to help load Windows XP

April 6, 2006

Associated Press

"it will feature Boot Camp in the upcoming Mac OS X version 10.5, code-named "Leopard." Apple said it will preview Leopard in August, but it hasn't yet disclosed a release date or price for the upgrade.

"Apple has no desire or plan to sell or support Windows, but many customers have expressed their interest to run Windows on Apple's superior hardware now that we use Intel processors," Philip Schiller, senior vice president of worldwide product marketing, said in a statement.

Indeed, for months, independent hackers have been diligently working on programs to let users of Intel-based Macs switch between the two competing operating systems.

Others, like Chris Miller, an information technology worker at Johns Hopkins University, have been looking forward to a so-called dual-boot technology so he could play PC games on his Mac.

Apple turned to Intel chips, the same ones used to power most PCs that run Windows, after saying its previous suppliers, IBM Corp. and Motorola Corp. spinoff Freescale Semiconductor Inc., couldn't meet Apple's needs for faster, more energy-efficient chips.

But the Intel-based Macs continued to run Apple's own proprietary operating system.

Because Windows is much more dominant, Mac users don't have access to many software programs written only for Windows. The switch to Intel chips lets users load Windows onto a Mac, without the need for emulation software that slows performance.

But until Wednesday, the user needed some technical expertise to pull it off.

American Technology Research analyst Shaw Wu described the announcement as a "significant game changer," while Forrester Research analyst Ted Schadler called the move "smart."

"When they opened the iTunes software for Windows, the market for iPods exploded," Schadler said. "And similarly here, they have a great hardware product, but they've been shut off from businesses and consumers who want to run PC programs, and now they have the software that will allow that."

Yet as Apple expands its reach to Windows users, it is at risk of becoming a higher-profile target for hackers, and it potentially opens its machines to viruses that have long plagued Windows users.

The bulk of Apple's revenues still stems from its computers, though its popular portable iPod players grew to account for about a third of Apple's record $13.9 billion in sales in its fiscal year 2005.

Apple may be trying to break down some of the barriers between Windows and Mac systems, but it still does not allow the reverse, keeping its proprietary Mac OS software tethered to its own computers.

Microsoft welcomed the development.

"We're pleased that Apple customers are excited about running (Windows), and that Apple is responding to meet the demand." Kevin Kutz, a director in Microsoft's Windows Client Group, said in an e-mailed statement.

Microsoft declined to comment further.

Apple shares gained $6.04, or 9.9 percent, to close at $67.21 on the Nasdaq Stock Market, while Microsoft shares rose 10 cents to $27.74 and shares of Intel rose 18 cents to $19.48.

Microsoft to 'host' Linux virtually

By Martin LaMonica

Staff Writer, CNET News.com

Published: April 2, 2006, 9:00 PM PD

Microsoft will support customers who chose to run Linux with Microsoft's Virtual Server 2005 R2, software for running multiple operating systems on one machine.

In addition, the company on Monday said that it has now made Virtual Server 2005 R2--which the company had charged either $99 for up to four physical processors or $199 for an unlimited number of processors--a free download. The announcements were made in conjunction with the LinuxWorld conference in Boston this week.

Virtualization, an emerging technology which is garnering growing interest from corporate customers, allows a server to run multiple instances of an operating system. This makes it easier for corporations to consolidate many applications on a single hardware server and provides a level of reliabilty.

Microsoft said that it has developed software to simplify the installation of Linux distributions from Red Hat and Novell SuSE to run on Virtual Server 2005 R2 on Windows. In addition, Microsoft will provide technical support customers running Windows and Linux side by side.

"We’ve made a long-term commitment to make sure that non-Windows operating systems can be run in a supported manner, both on top of Virtual Server and our future virtualization products," said Zane Adam, director of Windows Server product marketing, in a statement.

Microsoft has said that the server edition of Windows Vista will have virtualization built into it. Specifically, it said it is developing so-called hypervisor software, code-named Viridian, to host multiple operating systems on one machine.

Microsoft faces competition in the market from EMC subsidiary VMware and increasingly the Xen project that's being built into forthcoming versions of Suse Linux Enterprise Server and Red Hat Enterprise Linux.

I am sorry

Hello All. I am sorry if you have came here in the past 5 months only to find that I have not put any thing new up. I have been very busy and have not taken the time to post an thing new. I bought a new house and have been putting a lot of time in fixing it up. I also have been spending a lot of time on Myspace.com If you have not been their you should check it out.