شماره: IRCNE2011121342
تاريخ: 22/9/90

يك سخنگوي گوگل اظهار داشت كه اين شركت 22 برنامه را از فروشگاه اندرويد خارج كرده و حساب كاربري توليد كنندگان آنها را نيز مسدود كرده است.
اين برنامه ها وانمود مي­كردند كه نسخه هاي رايگان بازي­ها يا wallpaper هاي معتبر هستند. اما كاري كه در عمل انجام مي­دادند اين بود كه در تلفن­هاي اروپا، سرويس­هاي پولي مرتبط با پيام كوتاه را بر روي تلفن فرد فعال مي­كردند و به اين ترتيب، كاربر به ازاي هر پيام كوتاه، 5 دلار از دست مي­داد. اين برنامه ها از لحاظ فني بدافزار محسوب نمي­شوند، چرا كه بر روي يك آسيب پذيري امنيتي كار نمي­كنند.
گوگل 9 برنامه مشابه را هفته گذشته از فروشگاه اندرويد خارج كرده بود كه مشابه برنامه هاي طالع بيني رايگان بودند، اما توافق­نامه هاي پنهاني داشتند كه هزينه هاي آن را مشخص مي­كرد.
در طي دو روز گذشته نيز 13 برنامه جديد به فروشگاه اندرويد ارسال شدند كه وانمود مي­كردند نسخه هاي رايگان بازي­هاي مشهور هستند. اين برنامه ها مشابه برنامه هاي wallpaper فيلم­هاي مشهور و دانلود كننده هاي بازي­هاي محبوب مانند Angry Birds بودند. اين بدافزارها با نام RuFraud شناسايي مي­شوند. بسياري از پيام­هاي كوتاه مربوط به اين برنامه هاي جعلي از سايت­هاي دانلود روسي ارسال مي­گردند.
اين برنامه ها به دنبال كد يك سيم كارت گشته و در صورتي كه آن سيم كارت متعلق به يكي از كشورهاي اروپايي باشد، آن را هدف قرار مي­دهند و به اين ترتيب، صاحب موبايل با هزينه هاي بالاي پيام كوتاه روبرو خواهد شد.
پنجره اوليه برنامه صرفا يك گزينه براي ادامه دادن در اختيار كاربر قرار مي­دهد كه انتخاب آن، به معناي توافق با توافقنامه آن برنامه و هزينه هاي آن است. اين توافقنامه در زير لايه اي از لينك­ها قرار گرفته است تا كاربر قادر به مشاهده آن نباشد. كشورهاي تحت تاثير اين برنامه ها عبارتند از روسيه، آذربايجان، ارمنستان، گرجستان، جمهوي چك، لهستان، قزاقستان، بلاروس، لتوني، قرقيزستان، تاجيكستان، اوكراين، استوني، بريتانيا، ايتاليا، فلسطين اشغالي، فرانسه و آلمان.
در حاليكه 9 برنامه نخست چنان با سرعت از فروشگاه اندرويد خارج شدند كه صرفا تعداد كمي از كاربران گرفتار آنها شدند، اما تعداد دانلودهاي دسته دوم اين برنامه ها پيش از خروج از فروشگاه، حدود 14 هزار دانلود تخمين زده مي­شود.

شماره: IRCNE2011121341
تاريخ: 22/09/90

مايكروسافت امروز در اصلاحيه خود، آسيب پذيري zero-day در هسته Word را برطرف مي نمايد. اين آسيب پذيري توسط بدافزار Duqu مورد سوء استفاده قرار گرفته بود و اين اصلاحيه يك ماه پس از اولين انتشار اين بدافزار صورت مي گيرد.
با اينكه Duqu با استفاده از نرم افزارهاي امنيتي طيف وسيعي از توليدكنندگان قابل شناسايي بود، اما يك هفته پس از انتشار اين بدافزار، در اوايل نوامبر مايكروسافت درباره اين رخنه راه حلي را منتشر ساخت و در آن برخي المان هاي TrueType را غير فعال ساخت.
تمامي نسخه هاي ويندوز از xp به بعد براي اين رخنه امنيتي نياز به اصلاحيه دارند. در مجموع مايكروسافت در آخرين اصلاحيه سال 2011 خود، 14 به روز رساني براي برطرف نمودن 20 آسيب پذيري را منتشر مي كند.
امروزه آسيب پذيري zero-day در هسته ويندوز بسيار نادر است و استفاده بدافزار Duqu از اين آسيب پذيري نظر خيلي ها را به خود جلب كرده است.

ID: IRCNE2011121344
Date: 2011-12-13

According to "cnet", Devices running Microsoft's Window Phone are susceptible to a denial-of-service attack that disables their messaging function, a tipster has told WinRumors.com.
A malicious SMS sent to a Windows Phone 7.5 device will force it to reboot and lock down the messaging hub. WinRumors said tests revealed that the flaw affected a variety of devices running different builds of the mobile operating system.
So far, the only solution to the messaging hub bug appears to be a hard reset and wipe of the device.
Researchers also uncovered an SMS implementation flaw that they exploited to temporarily crash Android phones. Apple and Google patched those vulnerabilities. Microsoft representatives did not immediately respond to a request for comment, but WinRumors says it is working with the tipster to privately reveal the flaw to Microsoft.

ID: IRCNE2011121343
Date: 2011-12-13

According to “ComputerWorldUK”, even as Mozilla's Firefox browser has been surrounded by uncertainty in recent weeks, Chrome seems to be having a very good month.
Not only did Google's software officially surpass Firefox to assume the No. 2 position in market share last week, but it was named the most secure of the top three browsers by security firm Accuvant.
"Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art anti-exploitation technologies, but Mozilla Firefox lags behind without JIT hardening," the company explains in a 100-page study.
Chrome's plug-in security and sandboxing architectures, meanwhile, are "implemented in a more thorough and comprehensive manner," making it "the browser that is most secured against attack," Accuvant says.
The study was commissioned by Google, but its results and the tools and data behind it are available online for inspection.
Whereas many browser security comparisons focus on metrics such as vulnerability report counts and URL blacklists, Accuvant put its emphasis instead on anti-exploitation techniques.
On five key characteristics, for example - vulnerability patching, safe browsing API, sandboxing, JIT hardening, and plug-in architecture - Chrome offered a "first-rate implementation," Accuvant found.
Internet Explorer came in second due to deficiencies in its implementation of sandboxing and JIT hardening, while Firefox came in last of the three for failing to implement those two key features altogether.
Chrome was also the most frequently updated of the three browsers, Accuvant found, and it patched vulnerabilities most quickly, with an average patch time of just 53 days compared with Firefox's 158 and Internet Explorer's 214.
Accuvant analyzed the three browsers - which together account for more than 93 percent of the market, it says - while running in a Windows 7 environment.
The results of the study largely echo those from this year's Pwn2Own hack event, from which Chrome emerged unscatched.

ID: IRCNE2011121342
Date: 2011-12-13

According to “CNet”, Google has removed 22 apps from its Android Market and suspended the developer accounts, a Google spokesman confirmed.
The apps were purporting to be free versions of legitimate games or wallpaper. Instead, they appeared designed to do nothing more than charge premium SMS toll rates on European phones. The rates are buried several levels deep within the terms of service, and users may not realize that they will be charged $5 per SMS. Technically, the apps aren't malware because they weren't acting on a security vulnerability.
Google removed nine identical applications last week that appeared as horoscope apps with hidden terms of service indicating charges.
And over the weekend, 13 new apps were posted to the Android Market that purport to be free versions of popular games. They appeared to be wallpaper apps for popular movies, and downloaders for popular games such as Angry Birds. The malware has been lumped together and labeled "RuFraud" for "Russian fraud," because a lot of the SMS toll fraud apps comes from Russian download sites.
The apps look at the country code of a phone's SIM card and if it matches one of the European countries it targets, the mobile phone owner will see the higher SMS charges.
The initial application activity presents the user with a single option to continue, which is presumed to be an agreement to premium charges that are buried within layers of less than clear links. The Premium Short Codes used could affect users in Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia as well as Great Britain, Italy, Israel, France, Great Britain, and Germany.
While the first nine apps were pulled so quickly only a handful of people had downloaded them, the second batch may have reached a broader audience before they were pulled by Google. Nearly 14,000 downloads of these apps is estimated.

ID: IRCNE2011121341
Date: 2011-12-13

According to "techworld", Microsoft will tomorrow patch the zero-day kernel Word vulnerability exploited by the mysterious Duqu malware, more than a month after its existence was first made public.
Microsoft responded within a week of the flaw becoming public in early November with a potentially inconvenient workaround that disabled some elements of TrueType, although Duqu itself was quickly detectible by security software from a range of vendors.
All versions of Windows from XP onwards will need to be patched for the flaw. In total, Microsoft will use the Christmas 2011 Patch Tuesday to fix 20 vulnerabilities across 14 updates.
Zero-day vulnerabilities with a hook into the Windows kernel are a rarity these days and Duqu’s use of it has attracted considerable comment.

شماره: IRCNE2011121339
تاريخ: 19/09/90

مايكروسافت آخرين سه شنبه اصلاحيه سال 2011 خود را منتشر مي كند. اين اصلاحيه شامل 14 بولتن است كه 20 آسيب پذيري را برطرف مي نمايد. 11 بولتن در رده امنيتي "مهم" و سه بولتن در رده امنيتي " بسيار مهم" قرار دارند.
حفره هاي امنيتي بسيار مهم سيستم عامل هاي ويندوز xp، ويستا و ويندوز 7 را تحت تاثير قرار مي دهند اگرچه تنها يك حفره امنيتي ويندوز 7 را تحت تاثير قرار مي دهد. هر دو ويندوز سرور 2003 و 2008 آسيب پذير هستند اما تنها يك رخنه امنيتي ويندوز سرور 2008 را تحت تاثير قرار مي دهد.
ولفگانگ كاندك، مسئول ارشد تكنولوژي در Qualys اظهار داشت: پنچ بولتن از بولتن هاي "مهم" براي آفيس نسخه هاي 2003، 2007، 2010 و تمامي نسخه هاي آفيس مكينتاش صادر شده است.
يكي از بولتن هاي باقي مانده براي اينترنت اكسپلورر نسخه 6 تا 9 عرضه شده است و بولتن آخر به تمامي نسخه هاي ويندوز اعمال مي شود.
مايكروسافت اين بولتن ها را در 13 دسامبر منتشر خواهد كرد. همراه با اين انتشار، مايكروسافت يك به روز رساني براي برنامه حفاظت فعال مايكروسافت (MAPP) منتشر خواهد كرد كه مي تواند بر روي اطلاعاتي كه با همكاران خود به اشتراك مي گذاريد "شفافيت بيشتري" را فراهم نمايد.

شماره: IRCNE2011121338
تاريخ: 19/9/90

اخيراً يك آسيب پذيري خطرناك در محصولات Adobe Acrobat و Adobe Reader پيدا شده بود كه به مهاجم اجازه مي دهد برنامه را از كار انداخته و كنترل سيستم قرباني را در اختيار بگيرد. با وجود اينكه حملات تنها بر روي سيستم هاي ويندوز مشاهده شده است ولي سيستم هاي مك نيز تحت تأثير اين آسيب پذيري قرار دارند.
اكنون دو آسيب پذيري مشابه نيز بر روي Adobe Flash Player كشف شده است كه مي تواند منجر به اجراي كد دلخواه بر روي رايانه قرباني شود.
بنا بر گزارش Computer World، آسيب پذيري هاي مذكور توسط يك شركت امنيتي روسي شناسايي شده اند و در حال حاضر راهنمايي هاي امنيتي مربوط به آنها بر روي وب سايت US-CERT قرار دارد.
به نظر مي رسد با سوءاستفاده از آسيب پذيري هاي مذكور، مي توان از سد دفاعي ويندوز در برابر نفوذ همچون DEP و ASLR گذشت و به IE sandbox رسيد. اطلاعاتي در مورد شيوه برخورد ديگر مرورگرها با اين آسيب پذيري ها در دسترس نيست.
بر خلاف بدافزارهايي كه مستقيماً بر روي رايانه قربانيان نصب مي شوند و در معرض اسكن شدن توسط آنتي ويروس ها هستند، بدافزارهايي كه از اين آسيب پذيري سوءاستفاده مي كنند، از طريق Flash Player و يا Adobe Reader اجرا مي شوند كه اين امر تشخيص آنها را براي برنامه هاي آنتي ويروس مشكل مي سازد.
لازم است كاربران تا زماني كه Adobe اصلاحيه هاي مناسب را براي آسيب پذيري هاي مذكور منتشر سازد، از ابزارهايي همچون Click2Flash، NoScript و Click2Plugin براي بلوكه كردن اجرا شدن محتويات ناخواسته فلش بر روي سيستم هاي خود استفاده كنند.

مطالب مرتبط:
آسيب پذيري جديد در Adobe PDF Reader

ID: IRCNE2011121339
Date: 2011-12-10

According to "itpro", Microsoft has issued its final Patch Tuesday release of 2011, with 14 bulletins, covering 20 vulnerabilities.
Microsoft has given IT departments an early Christmas present of three critical and 11 important bulletins.
The critical security holes affect Windows XP, Vista, and Windows 7, although only one affects the latter. Both Windows Server 2003 and 2008 are vulnerable, although the latter is only affected by one flaw.
"Five of the 'important' bulletins affect Office 2003, 2007 and 2010 including all Office versions for Macintosh as well," explained Wolfgang Kandek, chief technology officer at Qualys.
"One of the remaining bulletins addresses Internet Explorer 6 through 9 and the remaining bulletins apply to all versions of Windows."
Microsoft will release the bulletins on 13 December. To accompany the release, Microsoft has announced an update to its Microsoft Active Protections Program (MAPP) that should provide "greater transparency" over how partners use the information it shares with them.
The software firm announced this week that a flaw affecting Reader and Acrobat was reportedly being exploited in the wild. Adobe is planning to issue a patch next week.

ID :IRCNE2011121338
Date: 2011-12-10

Recently a vulnerability was found in both Mac and Windows versions of Adobe's Acrobat and Reader products that could allow an attacker to crash the programs and gain control of the system. So far only attacks on Windows machines have been found, but Mac systems could be affected as well.
Now two similar vulnerabilities have been found in Adobe's Flash Player, which likewise could result in arbitrary code being executed on the system.
Computerworld is reporting that the flaws, for which advisories have been issued by US-CERT, were discovered by Intevydis, a Russian vulnerability research company. Apparently the vulnerability bypasses antiexploitation features in Windows such as DEP and ASLR, and can get around the Internet Explorer sandbox (there is no information on how other browsers handle the issue).
While Intevydis has so far shown the exploit on Windows machines, apparently it works in OS X as well.
So far Adobe has only addressed these exploits for version 9.x of its Reader and Acrobat products for Windows; fixes for the other versions are due in about a month's time. Adobe has not yet issued a response to the current findings regarding Flash Player.
Unlike malware that is directly downloaded to a system and scanned, these malware attempts run through the Flash Player or Adobe Reader programs themselves, making it harder for malware scanners to detect them.
The exploits should be addressed by Adobe sooner or later, but until then you might consider a tool like Click2Flash, NoScript, or Click2Plugin for blocking unwanted Flash content from running on your system.

Related Links:
Zero-day vulnerability in Adobe’s PDF Reader