Two independent security researchers going by the names Mondo Armando and Mustaschio will start publishing MySpace bugs on April 1 (”Yes, they know. No, it’s serious. No, not really.”), declaring April Month of MySpace Bugs, Yuss (MoMBY).

The MoMBY project seeks to publish “silly XSS/misleading CSS style bugs that MySpace users may actually be able to use for a little while”. It is an irreverent take on the ‘Month-of’ fad started by H D Moore last July with his ‘Month of Browser Bugs’ project, going as far as calling these disclosure projects “whiny, attention-seeking ploys”. While the project strives to present itself as one big pratical joke, it may prove to be informative and relevant to users. On the project’s livejournal blog:

The purpose of the exercise is not so much to expose Myspace as a hive of spam and villainy…but to highlight the monoculture-style danger of extremely popular [W]eb sites populated by users of various levels of sophistication.

MySpace has yet to comment on the MoMBY project.

If you’re updated with the news in the security industry, then you know that there have been a lot of vulnerabilities in MS Office Applications that are being exploited. Because of this, it has been a common advice to use safer document formats like RTF. What didn’t cross my mind is that RTF files can still be embedded with an object, and if this can be done there’s no reason why I malware can’t be embedded to an RTF file as well. With good social engineering, which for most cases is the downfall of good security, a malware infection can start from an RTF file. That may be the case with this RTF file detected by trend as TROJ_DLOADER.MC…
Upon opening of the file, it fools users into thinking that an error has just occurred and that they need to double click the embedded file to load the original document.


Of course, by doing this the user is actually loading the embedded object, which in case of an embedded exe file, the action would cause it to execute. Before MS Word loads the file though, a warning message is given to the user.


Normally the warning would already create a sense of alertness for users, but since the user already believe that this action would load the original document, he’d probably just click yes and be done with it, unknowingly beginning the malware infection for his system. The embedded file (also detected as TROJ_DLOADER.MC) in this case downloads a file which has been given a detection of TSPY_AGENT.PPR. Given this, I would still recommend the use of RTF files, why?

• 1. It is still widely recognized and supported by a lot of Word Processors.
  
• 2. It is still a lot safer than other formats.

Users will just have to be smart about how they deal with embedded objects so they can be on the safe side. Here are a few tips

• Right click the embedded object and check what it is using Object Packager.
  
  
  
  
• This will show the embedded object inside the rtf file. The .EXE extension should at least raise a red flag here. Again, with good social engineering the malware author named the file MICROS~1.EXE, but please don’t be fooled.

Fancy animated icons and cursors? Those cute little elements that often come with desktop themes? Be careful the next time you download and use them, because an .ANI file was recently found to be not cute at all: it downloads a TROJ_SMALL variant. Here’s another reason why it’s not cute: to download the said Trojan, the malicious .ANI file, detected by Trend Micro as TROJ_ANICMOO.AX, exploits an undetermined vulnerability in Windows. A Web threat in its own right, the malicious .ANI file may be downloaded from the Internet, or may arrive embedded in HTML email messages. Trend Micro continues to analyze the malware and the vulnerability.