Worm Exploits MS08-067 Bug DOWNAD, also known as the Conficker worm, was first seen in the wild taking advantage of the MS08-067 vulnerability. True to form, it propagated via shared networks. Like its predecesors—the Sasser and Nimda worms—it also raised security concerns with regard to a spike in port 445 activity. A few days after its appearance, reports suggested that the threat had spread. More than 500,000 unique hosts spread across networks in the United States, China, India, the Middle East, Europe, and ...

The month of October in the threat landscape is often associated with scary social engineering tactics in time for Halloween. As in years past, the threats that lurk in and plague the current threat landscape are real. Most of them can cause irreparable damage, often resulting in information, or worse, identity theft as shown in the following blog entries: Weather Report for Halloween: High Chances of a Storm “Halloween Costumes” Bring More Fright Than Expected But just how scary is the Web 2.0 ...

Trend Micro threat analysts were alerted to the discovery of a zero-day exploit that affects Adobe Reader and Acrobat 9.1.3 and earlier versions (CVE-2009-3459). Trend Micro detects this as TROJ_PIDIEF.UO. This .PDF file contains an embedded JavaScript, which Trend Micro detects as JS_AGENTT.DT. This JavaScript is used to execute arbitrary codes in a technique known as heap spraying. In addition, there is a possibility that a future variant may be created that does not use JavaScript to exploit the said ...

Trend Micro researchers recently came across samples that exploited a new zero-day vulnerability in Adobe Reader 9.1.2 and Adobe Flash Player 9 and 10. The exploit arrives as a PDF file embedded with Flash objects and malicious binary files. The Flash object contains a shellcode that allocates heaps of blocks in a system's memory. The exploits uses a technique known as heap spraying. Once a user opens a specially crafted PDF file, two binary executables are dropped and executed on his/her system. ...

Earlier today, Senior Threat Researcher Joseph Reyes spotted several malicious script files that exploited Mozilla Firefox and Microsoft Internet Explorer vulnerabilities: JS_DIREKTSHO.B exploits a vulnerability in Microsoft Video Streaming ActiveX control to download other possibly malicious files. JS_FOXFIR.A accesses a website to download JS_SHELLCODE.BV. In turn JS_SHELLCODE.BV exploits a vulnerability in Firefox 3.5 to download WORM_KILLAV.AKN. JS_SHELLCODE.BU exploits a vulnerability in Microsoft OWC to download JS_SHELLCODE.BV. Initial analysis done by Threat Analyst Jessa De La Torre shows that the scripts above may be ...