A list of hundreds Windows machines has been released by 0x000000.com. The list entitled RPC Worm Victim List states that the victim machines are mainly Windows XP machines (i.e. MSIE 6.0 or MSIE7.0; Windows NT 5.1 in browser’s user agent).
I made a script yesterday to generate WHOIS queries and the results say that the victim machines are located mainly in Asian area.
There is one machine registered to Microsoft IP too.
The Hacker’s Choice group has managed to clone a chip of RFID-based passport and of course, they used the name, DOB and photo of Elvis Aaron Presley. This is the subject of my SecuriTeam Blogs entry posted recently.
Demonstration video and some technical information can be found here.
It is not known if Sun Microsystems or Nokia Corp. paid €20 000 to get the detailed information about J2ME vulnerabilities affecting to Nokia Series 40, but both of the companies have confirmed the existence of these vulnerabilities.
There are several means how you can detect if there are spying devices etc. installed to workstations in your organization. This topic is the subject of my newest SecuriTeam Blogs entry - follow the link here.
There was two separate malwares spreading in the social networking site Facebook (and MySpace was affected as well). Until the Facebook security team had capable to block the Koobface worm we had a protection via Windows-based anti-virus software.
Russian-based Kaspersky Lab reported about the existence of the worm on 31th July. It took several days until there was coverage malware write-ups available from notable anti-virus vendors.
The following malware names have been assigned by the AV industry (listed in alphabetical order):
McAfee – W32/Koobface.worm
BitDefender – Win32.Worm.KoobFace.A
Kaspersky Lab – Net-Worm.Win32.Koobface.b Panda Security – Boface.A [their technical name is W32/Boface.A.worm]
Sunbelt Software – Net-Worm.Win32.Koobface.b
Sophos – detected proactively as Mal/Heuri-D, Mal/Heuri-E, Mal/Emogen-N and Mal/Packer
Symantec – W32.Koobface.A
The protection exists before the write-up release in many cases, however.
You can read the entire SecuriTeam Blogs entry written on Friday here.
Mr. Sebastian Muniz, Core Security presented the Cisco IOS rootkit last week as promised - and it appears that Cisco guys have this presentation or they were at EuSecWest listening Mr. Muniz. I don't know the answer, but Cisco has updated its response document, see my latest SecuriTeam Blogs entry.
There has been a less active period because my girlfriend takes my time;-) but I'll post to my SecuriTeam blog in the near future, absolutely.
Link to the entry mentioned is here, post #1096 at SecuriTeam Blogs, BTW.