There have been reports of a new image viewing vulnerability in Sony PSP devices, to be more precise the vulnerabilty is caused by an error in LibTiff and can be exploited to execute arbitrary code when a maliciously crafted TIFF image is viewed in the Photo Viewer.

Apparently a team of people have been busy developing a PoC for this on Sony PSP’s since the release of the new Proof-of-concept TIFF vulnerability. The Hello World Demo which can be downloaded here runs on all PSP devices that are capable of viewing TIFF images. This proves that it is quite possible to run code via this exploit so we’d better keep a look out for this. With the current popularity of the Sony Playstation Portable, it might not take long before someone tries to exploit this vulnerablity. So to all PSP users out there, it would be best not to view images that come from untrusted sources.

In case you guys are interested in a few more writeups we’ve done on Sony in the past few months, Check out these articles:

• Sony Uninstaller prone to exploit
  
• Malware Exploiting Sony’s Rootkit DRM
  
• First PSP Trojan

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!

Just an FYI, a new zero day vulnerability on MS WORD 2000 is currently being exploited by a trojan dropper. Upon opening this trojan on MS WORD, it drops a worm which propagates via network shares and has rootkit capability.

Fortunately the trojan dropper needs to be opened first on MS WORD in order to exploit the unknown vulnerability. With this in mind, Standard Operating Procedures in security and alertness still apply. Don’t open e-mail attachments if your not expecting any, even if it comes from someone you know.

Trend Micro customers need not to worry though, since these malware have already been detected by Trend Micro since September 1.

For more information, Juha-Matti of securiteam created an FAQ for this malware.

The trojan dropper is detected as TROJ_MDROPPER.BR while its dropped file is detected as WORM_MOFEI.AK.

Amidst spammed Trojan downloaders, there are still file-infecting viruses circulating in the wild. Just recently, we’ve received malicious files that are actually infected samples of a new virus. When executed, the virus drops its DLL component file, which it injects into running process in order to achieve memory residency. The virus infects EXE and DLL files in the affected system and as an additional propagation vector, it also may arrive through dropped files in network shares. Furthermore, the virus is capable of downloading 3 malicious programs: 3.EXE, 4AND1.EXE, and AD003.EXE. These downloaded files are detected by Trend Micro as TROJ_AGENT.DWY, TSPY_DELF.CIL, and TSPY_LINEAGE.ATH, respectively. Removal of this malware is difficult as the virus also has rootkit capabilities, which allows it to hide its files and processes from an affected user.

Trend detects this malware threat as PE_VBAC.A. It is detected using pattern 3.717.00

2006- The first two months of Q3 saw most of the malware that take advantage of undetermined vulnerabilities to bring in their partners in crime-another malware. Most of these malware belong to the TROJ_MDROPPER family.

On the third month of Q3, the proliferation of the aforementioned family is unstoppable. Last September 1, another variant named TROJ_MDROPPER.BR was released to drop another malware detected by Trend Micro as WORM_MOFEI.AK on vulnerable machines. As a result, routines of the dropped worm are also exhibited on the affected machines.

The partnershipattack, which was evident in the families of NETSKY, BAGLE, FEEBS, and now MDROPPER, may strike in different ways; Worm+HTML, worm+Trojan, script+worm, Trojan+worm, Trojan+backdoor, etc. However, with or without taking advantage of vulnerability, it is as a whole, a technique rather old as Eric Avena has mentioned, let us not be a victim.