I’ve never thought malware writers also creates redundant systems for business continuity. A couple of days after a Wikipedia entry was found to contains links to TROJ_SMALL.DMR, another site was found – http://h(blocked)v.webhostingoutsourcing.com/ – that contains the exact content, text, links and all, from the malicious Wikipedia entry.

Which entry was posted first doesn’t matter much, what is alarming is the fact that malware writers are using multiple instances of a vector in order to create a more stable infection platform. Indeed, industry best practices can be used by security professionals, to malware writers alike.

Heads up folks!!! There are reports of attack incidents exploiting a vulnerability found in WMIObjectBroker Activex control which is part of Visual Studio 2005.

“The WMIObjectBroker ActiveX component is part of Visual Studio 2005 and associated with the WmiScriptUtils.dll. So you are only vulnerable if you find WmiScriptUtil.dll on your system. Also, by default this ActiveX component is not activated by default. For more details about this vulnerability see http://www.microsoft.com/technet/security/advisory/927709.mspx

Users with vulnerable machines are advised to apply the workaround provided by the software vendor until a security patch is released.

For more information regarding this report, you may visit the following:

• www.microsoft.com
  
• secunia.com
  
• www.kb.cert.org
  
• isc.sans.org
  
• sunbeltblog.blogspot.com
  
• www.cve.mitre.org

Just today, Sunbelt discovered several scam sites. Most notable is qualitycodec.com, which is another one of those Trojan codec sites. This site in particular hosts TROJ_ZLOB.BCN.

Another notable site is iesecurepage.com which contains links to several rogue anti-spyware programs. Two rogue anti-spyware programs are currently available and is detected as ADW_MWAREWIPE.E, ADW_BRAVESEN.D and ADW_BRAVESEN.E

We’ve all seen the Month of Browser Bugs, November has now been declared the Month of Kernel Bugs(MoKB).

Each day for the month of November a bug in the kernel of different OS’s is going to be posted here.

They have shown 8 bugs so far, the bug that needs most attention is the one posted on November 6, since it shows a bug in Windows. We will continue to monitor MoKB for new vulnerabilities.