Monday, January 02, 2006

Zero Day is Upon Us!

The bad guys seem to be busy as the year starts. Here are two alerts from Websense on what they are seeing. Zero Day is here!

"Since mid-December, Websense Security Labs has been tracking a new type of exploit which allows attackers to run malicious code without end-user intervention. Over the last week there have been several reports on our blog, on our alerts page, and on several other sites on the Internet in regards to this attack. This alert is out attempt at plotting the last week activity in a timeline, update the current situation, and provide recommendations to our customers.

The attack is a vulnerability within Windows Operating Systems which currently has no patch available. Because there is no patch from Microsoft available, there is exploit code published on the web, its trivial to create and attack, and there are multiple vectors which allow you to use this attack, we believe that there will continue to be exploits through the Web, Instant Messaging, Email, and other technologies over the next week."

To view the timeline, go to: WMF Attack Update / Timeline.

The only way to avoid these attacks is not to expose yourself. Here are some examples in another Websense alert on how to identify bad sites.

"Websense Security Labs (TM) is actively tracking websites that attempt to infect machines without any end-user intervention by simply visiting a site. Currently there are two types of sites. The first are sites that have been setup by the attackers in order to infect users. In most cases these sites require a lure (such as an email or Instant Message) in order to attract users.

These are mostly registered with fraudulent registration detail.

The second are sites which have been compromised. The below examples screenshots are of sites that appear to have been compromised and that by simply visiting them with a computer running the Windows you can be infected.

As you can see the sites are geographically diverse. We have discovered sites in the United States, Russia, Netherlands, the United Kingdom, China, and Japan.

We have also included a screenshot of the behavior of a Unix machine (running Knoppix) and Firefox."

To view some examples of the bad sites, go to: WMF Infected Site Examples.

The infected sites appear to be showing up all across the world. Hopefully, the good guys at Microsoft are coming up with a patch that works in the near term!

For the short term, there is an unofficial patch as mentioned in the Sunbelt Blog, WMF Vulnerability checker.

There are no guarantees, but a lot of experts are saying it works!


Mars Mosqueda. said...

Hi. I have a site that talks about online fraud

If you want to exchange link, please let me know. I will add your link to my blog is you also add my link to yours.

Have a nice day!

prying1 said...

Thanks again for a great heads up Ted. I sure appreciate your site.