Adobe has confirmed a new zero-day vulnerability affecting to Windows, Mac and Unix versions of Adobe Acrobat and Adobe Reader. The exploit seen in targeted attacks was made for Adobe Acrobat 9.1.3 for Windows.
However, the vendor is developing a patch for older 8.x and 7.x versions as well.
The issue has been widely covered in this Finnish language article.
According to Trend Micro the length of malicious PDF files is 117,049 bytes.
PakBugs.com is online after the offline period of several days.
Some of the forum's articles generate 500 Internal Server Errors or typical 404 errors at time of writing.
The underground forum is known about hacking tools, selling CVV codes etc. The forum has more than 12 000 registered members.
Update: The forum is gone - again.
New Office vulnerability used in targeted attacks is in the wild.
Microsoft has confirmed the existence by releasing a Security Advisory #969136.
The CVE entry for this vulnerability is CVE-2009-0556.
The affected Office versions are Microsoft Office PowerPoint 2003 SP3, 2002 SP3, 2000 SP3, and Office 2004 for Mac.
Microsoft uses name Exploit:Win32/Apptom.gen for .PPT documents exploiting the 0-day issue.
The update for critical JBIG2 code execution vulnerability affecting Adobe Acrobat and Reader products has been released recently. The advisory is located here and as expected there is no patch for older 8.x versions yet.
The newest version knows the version number Acrobat 9.1.
If you are using Adobe Reader visit the address get.adobe.com/reader ASAP.
Additionally, OS X's Preview and several Linux PDF viewers are waiting for the patch still.
Microsoft has released a document describing how the Secure Development Lifecycle (SDL) model maps to so-called CWE/SANS Top25 List, i.e. "25 Most Dangerous Programming Error" list released earlier in January.
Item-by-item type analysis as a Word document has been released too. The link is being included to this MSDN blog entry.
Microsoft has confirmed a code execution type vulnerability in Microsoft SQL Server affecting to following versions:
-Microsoft SQL Server 2000 SP4
-SQL Server 2005 SP2
-SQL Server 2000 Desktop Engine (MSDE 2000) SP4
-SQL Server 2000 Desktop Engine (WMSDE), and
-Windows Internal Database (WYukon) SP2.
MS Security Advisory #961040 is located here.
According to FBI report
Covered at Wired's Threat Level Blog too.
Here in Finland
Lieutenant-Commander Janne Muurinen considers this a security threat.
It really is a serious threat. There is no information about this kind of attempts during the past years.
According to news sources the police laboratory is investigating these invitation cards and fingerprints have been taken from the person reporting about the invitation.
This weblog had a birthday in October. Exactly on 6th October, three years ago (huh!) the blog was opened.
It's time to say a big Thank You, readers!
The total number of the entries is 2731 today.
I have started a new job in Finnish security company in October too. My position is Security Consultant.
The worm-type exploitation has started. More information has been released at
The worm component has reportedly detection name Exploit.Win32.MS08-067.g and the kernel component Rootkit.Win32.KernelBot.dg, in turn.
Kaspersky detect the new malware wave as Exploit.Win32.MS08-067.g
and Microsoft as Exploit:Win32/MS08067.gen!A.
Sophos uses name Mal/Generic-A, in turn.
The FAQ document includes the following new information (from Revision History):
1.2 26-10-2008 Major updates to Trojan section, added credits, information of non-affected dll versions and Snort rule reference
1.3 27-10-2008 Added information about the various file names and sizes, a separate Arpoc section and Nessus plugin reference
There is a FAQ type section included too.
The shooting at a school in Kauhajoki comes less than a year after the Scandinavian country was shocked by the murder of eight people at a school by a gun-weilding teenager.
Pekka-Eric Auvinen, 18, killed seven fellow pupils and the headmistress at Jokela High School in Tuusula, 30 miles north of the capital Helsinki and around 200 miles from Kauhajoki where the most recent shootings took place. Auvinen turned the gun on himself while surrounded by heavily armed police in November last year and died later in hospital.
He carried out the killings after uploading a film titled Jokela High School Massacre to YouTube, the video-sharing website.
YouTube profile (suspended) of Matti Juhani Saari, 22:
Updated: Found mirrored here.
Update #2: Nickname (deleted) from IRC-Galleria.
Update #3: Wumpscut86 mirror page
Videos from Iltalehti.fi's Netti-TV:
It appears that YouTube videos entitled 'massacre in kauhajoki' have been deleted from YouTube.
Really, really bad UK news this week:
A police force said it was investigating the loss of a computer memory stick.
West Midlands Police said it could not comment on the contents of the device, but local media reports suggested it held "top-secret information on terror suspects".
A force spokeswoman said: "We can confirm West Midlands Police is investigating the loss of a data memory stick.
We are conducting searches in an attempt to recover the lost item.
We will not comment in relation to the contents of that memory stick.