Latest Virus Alerts: Articles and Statistics

Yesterday the Spanish security researcher, Ruben Santamarta, posted Proof-of-Concept exploit code for a vulnerability in Apple's QuickTime Player.

He demonstrated how a nine year old unused parameter in QuickTime Player, known as _Marshaled_pUnk, could be used to take full control over Windows-based system with Live Messenger installed, and execute program code remotely.

Analysts agree that this is not a standard vulnerability in the
sense of non-secure programming, but rather an oversight as program
code used during development was left in the released program version
(and still is there nine years after).

Only minutes before this advisory was written, exploit code was added to the open source Metasploit project, which is popular among security researchers as well as more dubious elements. 

As of this writing there are no available security updates for QuickTime Player.

This security advisory will be updated when more information is availbale.

Symantec has observed a new spam tactic being used in which fake
surveys are seeking users' opinions or views on features provided by
their social networking site. The sample shown below is one such spam
email targeting Facebook:

Various “Subject” lines of this spam are as follows:

Subject: Take our online survey and receive a new gaming unit!
Subject: Take our social networking survey and get a gift card!
Subject: Give your opinion on social networks and choose your prize!
Subject: Receive a hot new MP#3 player for your opinions!

Upon clicking the link provided in the message, the user is
redirected to a fake survey page where the user has to answer questions
related to features provided by social networking site. Upon completion
of survey, the users are promised exciting gifts.

Spammers are trying to demonstrate the legitimacy of the scam by
notifying users of a few required terms and conditions, such as:

1) Participants must be a U.S. resident at least 18 years of age or older.
2) Users must register with valid information.

The sample shown below is a screenshot of one such fake survey:

Study reveals that 81 percent of a large social network’s users
would accept the friendship request of and confide in a test profile
created for the study without taking many precautions

BitDefender®, an award-winning provider of innovative internet security
solutions, today warned social networking devotees to be careful when
accepting friend requests and to be conscious of the data they share.

According to a new study conducted by BitDefender over a two week
period, social network users do not appear to be preoccupied with the
real identity of the people they meet online or about the details they
disclose while chatting with total strangers. The study revealed that
94 percent of those asked to “friend” the test profile, an unknown,
attractive young woman, accepted the request without knowing who the
requester really was.

A spammed message supposedly from Newegg, a popular online
computer hardware/software seller has been found in the wild. It
informs users that their online purchase has been charged to their Visa
card. It also contains two clickable links that point to the same
malicious page, an example of which is http://{BLOCKED}nthenet.net/1.html. Clicking the link leads to a series of redirections that ultimately land users on a FAKEAV-hosting site where TROJ_FAKEAV.FNZ may be downloaded.

During the latest days several security
resources on the Internet have published information about a
vulnerability in Windows applications, which when exploited, might
allow remote execution of program code in certain circumstances. Note
that this may affect third-party Windows applications, as well as
(potentially) applications developed by Microsoft.

Microsoft has issued Security Advisory (2269637), which describes the vulnerability, its implications, mitigating factors and recommended actions.
According to Microsoft the vulnerability exists in programs
(potentially from Microsoft and third party vendors), which do not load
external libraries in a secure manner.

Apple's iTunes 9 is confirmed to have been vulnerable to this issue, and Apple has recently published an updated version.  See this web article from Apple for more information.

See the following web resources for more information:

Strange stories of celebrities have suddenly erupted in the spam
ring, which describe their deaths in  plane crashes or car accidents.
The intention of distributing such false news is to spread viruses
using HTML or zipped attachments. This is one more in a series of
recent virus attacks seen in the last few weeks. We had written on one
of the attacks in a recent security response blog post. This is an old trick of using celebrity names to lure recipients into opening malicious URL or attachments.

In one of the campaigns seen, spammers are using subject lines showing that a celebrity has died. Examples include: