Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Social networking most commonly translates to connections and even friendships online. Yet recent trends also point users toward system infection – with the ever growing number of subscribers to networking sites also comes a growing number of threats.

    Just a month ago, Facebook’s Secret Crush feature was discovered to be loading adware and spyware. Almost at that same time, MySpace was compromised when it was found to be laced with banner ads that install malicious files and programs.

    Now, a vulnerability in the image uploader used by MySpace and Facebook was recently discovered by security researchers, bringing about issues of the possibility of exploits and malicious users gaining access to affected systems.

    Aurigma’s Image Uploader Control Library was found to have a buffer overflow vulnerability that could be exploited by an unknown user to compromise systems. MySpace and Facebook use the application for their image uploading functions. Researchers are still trying to determine if only a version of the image downloader application had the ActiveX boundary error and if the said social networking sites are using secure versions.

    Trend Micro advises users to stand by for patches that would address this said vulnerability. Meanwhile, setting Internet and Local intranet security zone settings to “High” before running ActiveX controls in these zones will prove to be helpful in making one’s system more secure.

    Additional note by Paul Ferguson (Fergie):

    Also, the SANS Internet Storm Center (ISC) notes today that there have been six (6) highly exploitable ActiveX vulnerabilities announced this week.

    And US-CERT.gov has this advisory.

    Let’s be careful out there.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice