Following the discovery of a remotely exploitable flaw within Zeus in June -- a flaw affecting Pinch leaked out two months later -- allowing cyberciminals to inject their own credentials and hijack the botnet of other cybercriminals, this modified version claims to have fixed three vulnerabilities within the original Zeus release, namely, a remote file inclusion flaw and two SQL injections within the administration panel. Here's the new CHANGELOG :
"- code improvements and optimizations
- internal data checkings added
- exit() function instead of die()
- echo() function instead of print()
- mysql_affected_rows () changed to mysql_num_rows () everywhere
- all queries are fixed in system or mod .php files
- no text password in the database and clear text password in $_SESSION, cookies authentication is gone and md5 hashes are everywhere
- Geo IP support has been added
- umask () bug fixed, the file has been created (chmoded) with different permissions
- language improvements and pre-installation checks
- checking for php version/safe_mod/open_basedir as you're required to run php 5.1.0 or higher to run it successfully
- fixed sql injection in credentials checking
- GetUserData () function has been rewritten - possible sql injection fixed
- possible remote file inclusion fixed
- socket error definition changed
- gcnt () function has been rewritten so you can use geolication - GeoIP which is free and GeoIPCity which is paid
- ip address checking improved through validIP() function improvement
- all queries are now fixed, input data has been sanitized
- fs () function has been fixed in order to improve the quality of the log names
- formatFilePath () function has been added for file upload purposes
- arbitrary file upload bug has been fixed so that you can now upload only images with original names
- the Log2SQL () function has been changed and stricter data checking/sanitizing is added
- internal file sorting mechanism is improved so that files/dirs are sorted by file modification time"
As it's becoming increasingly clear that what once used to be a proprietary crimeware kits whose business model got undermined by their open source nature and the fact that they've started leaking for average cybercriminals and script kiddies to take advantage of, are today's "open source projects" - and therefore maintaining static lists of exploits and features included within a particular kit is getting even more irrelevant these days. In the long term, the quality assurance processes applied within crimeware kits courtesy of third party cybercriminals, is prone to shift from performance to improving the infection rates.
22:03 Security World: War driving in Santiago ChileBetween 6th and 11th October, we went war-driving in Santiago, the capital of Chile, with the aim of collecting data on the citys wifi networks. Why did we choose Chile? Simple as the diagram below... >>>
A trader suspected of losing his employer as much as 751m ($940m) in ill-judged derivatives trades has been placed under investigation. The case has sparked a fresh assessment of the adequacies of compliance systems and how they might be improved and stirred up a few unhappy memories.
20:43 Conference: ClubHack2008The main aim of this conference is to enable the dissemination, discussion and sharing of deep knowledge in the field of information security and cyber crime investigation. >>>
17:55 Conference: CSI 2008Attend the leading security conference that goes beyond the status quo. Over 70 sessions will focus on the latest security challenges, current areas of debate, and key issues to be solved in the month... >>>
16:21 Article: Q&A: Software PiracyJan Samzelius is the CEO and one of the founders of ByteShield, a company whose mission is protecting PC software applications and games against illegal copying.
Let's take a look at software pirac... >>>
Malware and unwanted software made strides in the first half of 2008, according to the latest security intelligence report from Microsoft, which tallied a 43 percent increase in the number of programs exorcised by the the company's malicious software removal tool.
The Microsoft Malware Protection Center has published volume five of the Microsoft Security Intelligence Report. If you have not taken a look at this report before, I urge you to go download it from http://www.microsoft.com/sir. It provides a thorough view of the current threat landscape and is filled with a number of great data points. In my first scanning of the document, the following items immediately jumped out at me:
Microsoft vulnerabilities accounted for 42% of the total vulnerabilities on Windows XP for browser based attacks; however, on Windows Vista-based machines the proportion of vulnerabilities attacked in Microsoft software dropped to just 6% of the total. This highlights our not only our continued security investments in the browser but also that attackers are focusing more and more on the applications that run in the browser.
The infection rate for Windows Vista is significantly lower than Windows XP, regardless of service pack levels. In addition, 64-bit versions of XP and Vista have lower infection rates than their 32-bit counterparts.
The higher the level of service pack a machine runs, the lower the rate of infection. This is consistent across client and server platforms, across all versions. Clearly, keeping up to date with the latest service pack levels and security patches is beneficial from a security perspective. While we have always thought this to be true, having a data point to prove it is great.
This is just a taste of some of the findings in this latest report. Ill be scouring this report in detail and come back in the next week or so with a comprehensive look at how Windows Vista has fared from a security perspective since its release!
Posting is provided "AS IS" with no warranties, and confers no rights.
I am in Barcelona getting set up for some sessions at TechEd-EMEA in Barcelona. The weather was a bit dicey for parts of yesterday but today is clear and beautiful. I've got two full sessions and a bit part in a third where I will be talking about Windows 7 security features. If you are in Barcelona and have a passion for security, come to one of my sessions or find me on the exhibition hall floor, I would love to chat.
Posting is provided "AS IS" with no warranties, and confers no rights.
09:00 Wardriving in Santiago, ChileBetween 6th and 11th October, we went wardriving in Santiago, the capital of Chile, with the aim of collecting data on the city’s wifi networks. >>>
09:00 War driving in Santiago, ChileBetween 6th and 11th October, we went war-driving in Santiago, the capital of Chile, with the aim of collecting data on the city’s wifi networks. >>>
04:57 Black market for zero day vulnerabilities still thrivingOne would assume that popular sources for zero day vulnerabilities+Poc’s such as Full-Disclosure, Bugtraq or Milw0rm are the primary sources for obtaining responsibly or irresponsibly released flaws. They’d be wrong. The black market for zero day vulnerabilities and the concept of over-the-counter (OTC) trade of zero day flaws, has been gradually developing itself through the [...] >>>
