Security, Malware, and Scans, Oh My!

Interesting news from the week: an assorted bouquet.

Brian Krebs at the Washington Post blogged about Microsot security updates and an interesting development in ads posted on a child-oriented gaming site. Krebs noted on Tuesday that Microsoft released “four updates to fix at least a dozen security vulnerabilities in its Office software products. All of the updates earned Microsoft’s ‘critical’ label, meaning attackers could exploit the flaws to break into Windows systems with little or no help from users.” At the date of his writing several of these weaknesses were already being exploited.

The vulnerabilities occur in Microsoft’s stand alone and suite offerings in both Office 2007 and 2000 with updates available for both. Note: this also affects Mac users (sad but true!) so I am going to update now!

Secondly, Krebs noted that naughty banner advertisements were showing up at Neopets.com, a gaming site targeting minors. There has been a bit of finger pointing as the site owner, media conglomerate Viacom, defered responsibility to their ad company, Zango which has been noted for malevolent advertising practices.
Steve Stratz, spokesperson for Zango, communicated the following: “We are aware of an issue involving banner ads – not just Zango ads, but banner ads from a number of prominent online advertisers –- being inserted unexpectedly on inappropriate Web sites, including those focused primarily on visitors under the age of 18.”

Krebs and fellow security professionals maintain a level of skepticism about this explanation, with Eric Sites of Sunbelt noting this as a problem derived from leasing ad space to third parties. For more information on malicious ads, Spyware Sucks is an excellent resource, which has recently noted that a group of malware sources has recently relocated en masse.

“We are seeing new domain names and we are also seeing old names that are moving on to new hosts and service providers. Therefore, I think it is also worthwhile checking out some more traditional names to see what they are up to,” Sandi writes. She traces the movement of known malware, like macsweeper and cleanator, as well as hosts that have traditionally been sources for malware through naming permutations and location changes. She will be updating her blog with more information as she uncovers additional pseudonyms.

And to complete the topical triad: Bruce Schneier wrote about a tool released by Cult of the Dead Cow that uses Google to scan for vulnerabilities. The scanner, Goolag comes with around 1500 custom Google searches embedded in the code. The open-source program can track down personal information set loose on the internet, but questions of legality, in the UK specifically, should be considered. The Police and Justice Act of 2006 makes it illegal to gain “unauthorized access” to information, even if it is on the internet.

Mike Barwise writes, “If exclusively restricted to scanning a user’s own domain, use of the tool would be implicitly authorised. Otherwise it probably implies intent to obtain unauthorised access, as its sole purpose is to return lists of links that would normally be difficult to find, and about the existence of which the tool user necessarily had no prior knowledge.” The legal gray area surrounding dual-use tools like this has made it illegal to distrubute or use the tool with bad intentions

Concluding, Barwise notes: “It has become an offence under CMA to create, supply or obtain such a tool ‘intending it to be used’, ‘believing that it is likely to be used’, or ‘with a view to its being supplied for use’ to commit unauthorised access.”

So, watch out for security holes in old software, raunchy advertisements targeting youths, and always use internet tools while thinking positive, non-malicious thoughts.