Hackin9

InfoSec News

We received another piece of spam (thanks Curtis) pretending to be from the Better Business Bureau. Analysis of the file transferred (W6w8sCyj.exe) from prog.it appears to be a piece of malware (Win32/Cridex.Q) use to communicates via SSL with a CC server.



List of domains/IP to watch for and block:
ajaxworkspace.com

prog.it

la-liga.ro

ejbsa.com.ar

technerds.ca

108.178.59.12
The email looks like this:
Better Business Bureau

Start With Trust

Sat, 08 Sep 2012 01:54:02 +0700
RE: Case # 78321602 http[:]//prog.it/EH564Bf/index.html
Dear Sirs,
The Better Business Bureau has got the above mentioned complaint from one of your customers concerning their business relations with you. The details of the consumer's concern are contained in attached document. Please give attention to this case and advise us of your opinion as soon as possible. We encourage you to open the COMPLAINT REPORT to answer on this complaint.
We look forward to your prompt response.
Faithfully yours,

Ann Hegley

Dispute Counselor

Better Business Bureau
________________________________


[1] http://anubis.iseclab.org/?action=resulttask_id=15e0c40724f468154b9b07dba8a34bfa4format=html

[2] http://wepawet.iseclab.org/view.php?hash=b4817d858b4e1862c8a828c85be365b1t=1347109082type=js

[3] http://wepawet.iseclab.org/view.php?hash=06ea2fd5b8931844981d7c718ea89060t=1347109182type=js

[4] http://wepawet.iseclab.org/view.php?hash=7d629a7fea394ce0be5782de592d8f68t=1347109422type=js

[5] https://www.virustotal.com/file/126ea9ed6828a1eaa37250aa015a9f8518fdb54c8175ce87559a68eac47b9187/analysis/

[6] http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fCridex
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
If you are using Webmin within your network to administer Unix services, you should consider upgrading to the latest version 1.594 because an input validation vulnerabilities has been reported in version prior to and including 1.580. The latest version can be downloaded here or the update can be done directly in Webmin (Via menu Webmin, Webmin Configuration and Upgrade Webmin).
CVE-2012-2981 - Improper Input Validation

CVE-2012-2982 - Improper Neutralization of Special Elements used in a Command

CVE-2012-2983 - Improper Limitation of a Pathname to a Restricted Directory
[1] http://www.kb.cert.org/vuls/id/788478

[2] http://www.webmin.com/download.html

[3] http://download.webmin.com/devel/tarballs/
Note: Updated link to the latest tarball.
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft's Windows 8 is vulnerable to attack by exploits that hackers have been aiming at PCs for several weeks, Adobe confirmed Friday.
 
In the week ending 8 September - Linux Mint's Nautilus fork, NVIDIA's Linux driver plans, iPhone UDID leaks and still-vulnerable Java 7. Also, Diaspora's lessons and what's coming in Linux 3.6's networking


 
The PC industry got another does of sour news Friday when Intel announced it's cutting its third-quarter revenue outlook.
 
Images are suddenly trumping words on social sites, and the trend is going to transform consumer electronics, writes columnist Mike Elgan.
 
Internet Storm Center Infocon Status