Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    Social networking most commonly translates to connections and even friendships online. Yet recent trends also point users toward system infection – with the ever growing number of subscribers to networking sites also comes a growing number of threats.

    Just a month ago, Facebook’s Secret Crush feature was discovered to be loading adware and spyware. Almost at that same time, MySpace was compromised when it was found to be laced with banner ads that install malicious files and programs.

    Now, a vulnerability in the image uploader used by MySpace and Facebook was recently discovered by security researchers, bringing about issues of the possibility of exploits and malicious users gaining access to affected systems.

    Aurigma’s Image Uploader Control Library was found to have a buffer overflow vulnerability that could be exploited by an unknown user to compromise systems. MySpace and Facebook use the application for their image uploading functions. Researchers are still trying to determine if only a version of the image downloader application had the ActiveX boundary error and if the said social networking sites are using secure versions.

    Trend Micro advises users to stand by for patches that would address this said vulnerability. Meanwhile, setting Internet and Local intranet security zone settings to “High” before running ActiveX controls in these zones will prove to be helpful in making one’s system more secure.

    Additional note by Paul Ferguson (Fergie):

    Also, the SANS Internet Storm Center (ISC) notes today that there have been six (6) highly exploitable ActiveX vulnerabilities announced this week.

    And US-CERT.gov has this advisory.

    Let’s be careful out there.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice