Security Bytes: Did adware maker help bust botnet? |
 |
By SearchSecurity.com Staff
07 Nov 2005 | SearchSecurity.com |
|
|
180Solutions claims role in busting botnet group
Bellevue, Wash.-based adware maker 180Solutions Inc. says it led investigators to a trio of Dutchmen accused of running a 1.5 million-PC zombie army. Vnunet reported that 180Solutions contacted the FBI after the botnet controllers launched a distributed denial-of-service (DDoS) attack against the company for terminating its distribution contract. 180solutions develops Zango Search Assistant, which offers access to games and premium content. The application is bundled with software that enables pop-up ads, and software distributors are paid a fee for every copy of the software they get installed. This creates an incentive for botnet operators to install the software on hacked systems, the article noted.
But 180solutions has been working to shake its image as a spyware pusher. In August, the company sued seven distributors that installed its software on botnets. After its contract was terminated, one of the Dutchmen allegedly started threatening the vendor and launched a DDoS attack against its Web sites. The attacks allegedly stopped, the article said, after 180solutions agreed to pay a ransom. 180Solutions reported the attack to the FBI and the three men were arrested in October. They are charged with computer hacking, destroying automated networks and installing adware and spyware.
Juniper hires controversial flaw finder
Michael Lynn became a thorn in Cisco Systems Inc.'s side when he demonstrated how to exploit flaws in the San Jose, Calif.-based networking giant's Internetwork Operating System (IOS) at last summer's Black Hat Briefings in Las Vegas. Now he's working for one of the company's competitors. According to the IDG News Service, Sunnyvale, Calif.-based Juniper Networks Inc. has hired Lynn, although the company won't provide details about what he'll be doing or what he'll be paid. Lynn was forced to quit his job with Internet Security Systems (ISS) in order to proceed with his presentation at the conference. He was subsequently sued by both ISS and Cisco. The companies dropped the lawsuit after Lynn agreed not to discuss contents of his presentation.
Flaw in Macromedia Flash Player 7
Attackers could launch malicious code by exploiting a flaw in Macromedia Inc.'s Flash Player 7, the San Francisco-based vendor said in an advisory. Macromedia said the vulnerability is fixed in the current version, Flash Player 8.0.22.0. "Users who have already upgraded to Flash Player 8 are not affected by this issue," the vendor said. "Macromedia recommends all Flash Player 7 and earlier users upgrade to this new version, which can be downloaded from the Macromedia Player Download Center." The advisory describes the flaw as a "problem with bounds validation for indexes of certain arrays in Flash Player 7 and earlier, [which leaves open] the possibility that a third party could inject unauthorized code that would have been executed by Flash Player."
Multiple flaws in Apple QuickTime
Attackers could exploit multiple flaws in Apple Computer Inc.'s QuickTime to corrupt memory or cause a DoS, Danish vulnerability clearinghouse Secunia said in an advisory.
The first problem is an integer overflow error in the handling of a "Pascal" style string when loading a ".mov" video file. Secunia said this "can result in memory overwrite due to a large memory copy, potentially allowing arbitrary code execution via a specially crafted video file."
The second problem is an error in the handling of certain movie attributes when loading a ".mov" video file that "can result in memory overwrite due to a large memory copy, potentially allowing arbitrary code execution via a specially crafted video file," the firm added.
The third problem is "a NULL pointer dereferencing error when handling certain missing movie attributes from a video file." This could be exploited to crash an application that uses QuickTime when a specially crafted video file is loaded.
Secunia said the fourth problem is a boundary error in the QuickTime picture viewer when decompressing PICT data. "This may be exploited to cause a memory overwrite, potentially allowing arbitrary code execution via a specially crafted PICT picture file," the firm said.
The flaws affect QuickTime 6.5.2 and 7.0.1 for Mac OS X and versions 7.x prior to 7.0.3 for Windows. Cupertino, Calif.-based Apple recommends users update to version 7.0.3.
|
|
|
|
