spyware and adware

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Blue Pill Project extends VM rootkit cat-and-mouse tussle

LAS VEGAS - The intellectual cat-and-mouse tussle over hiding and finding virtual machine rootkits has hit a new gear with a team of researchers dismissing the notion of "100 percent undetectable" malware and the release of source code for a new "Blue Pill" rootkit.As previously reported, Thomas Ptacek, co-founder of...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Microsoft, Metasploit, Hackers, Exploit code, Data theft, Browsers, Botnets, Black Hat

Blog posts 2007-08-02

Apple monster update fixes iPhone, Safari, Mac OS X flaws

LAS VEGAS -- Apple has issued a monster update with patches for about 50 security vulnerabilities affecting iPhone, Safari and Mac OS X users.In a race against the clock, the company rushed out iPhone v1.0 with fixes for four different vulnerabilities that could allow hackers to take full control of...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Responsible disclosure, Pen testing, Patch Watch, Open source, Mozilla, Metasploit, McAfee, Hackers, Google, Digital rights management, Data theft, Browsers, Botnets, Black Hat, Apple

Blog posts 2007-07-31

Mozilla fixes its end of URL protocol handling saga

Mozilla has fixed its end of the controversial URL protocol handling vulnerability that puts Windows users at risk of PC takeover attacks.Exactly a week after admitting that Firefox was just as guilty as Internet Explorer when it comes to passing dangerous data to third party applications, the open-source group shipped...

Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Spyware and Adware, Responsible disclosure, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Data theft, Apple

Blog posts 2007-07-31

Google hires browser hacking guru

Google has snapped up one of the sharpest minds in the hacker community, luring Michal Zalewski to help lock down its long list of Internet facing products.Zalewski, a 26-year-old computer security whiz from Poland, joined the search engine giant about a week ago to work as an Information Security Engineer.He...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Responsible disclosure, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Black Hat

Blog posts 2007-07-30

Can Trend Micro's botnet identification service make a difference?

Trend Micro today rolled out its SecureCloud software-as-a-service platform with a new Botnet Identification Service BIS to help find botnet command-and-control servers and block communications between them and the zombie PCs they control.Geared towards ISPs and enterprise customers, the botnet ID service can be used to block communication to/from command-and-control...

Tags: Vulnerability research, Viruses and Worms, Symantec, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Microsoft, Passwords, Metasploit, McAfee, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets

Blog posts 2007-07-30

Code execution hole in Yahoo Widgets

A serious security flaw in an ActiveX control that ships with the Yahoo Widgets could put users at risk of PC takeover attacks.The vulnerability, rated "highly critical" by Secunia, is caused due to a boundary error within the YDPCTL.YDPControl.1 (YDPCTL.dll) ActiveX control when handling the "GetComponentVersion" method. This can be...

Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Symantec, Spyware and Adware, Spam and Phishing, Responsible disclosure, Pen testing, Patch Watch, Passwords, Open source, Microsoft, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets

Blog posts 2007-07-27

Protocol abuse adds to Firefox, Windows security woes

Security researchers have discovered a new set of protocol abuse problems with Mozilla Firefox, warning that the popular open-source browser is a sitting duck for code execution exploits.Billy BK Rios, a hacker who has warned repeated about risky and unnecessary URIs registered on Windows, has released proof-of-concept exploits that shows...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Passwords, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Apple, Spam and Phishing, Hackers

Blog posts 2007-07-26

Some great security apps are still free

Last week, I wrote dismissively about Symantec adding a $29.99 a year price tag on its new Norton AntiBot technology, calling it a bit of a con job to sell all these different security tools to protect users against malware.Well, it turns out that there are some great FREE security...

Tags: Data theft, Browsers, Botnets, Apple, Digital rights management, Exploit code, Firefox, Hackers, McAfee, Metasploit, Mozilla, Open source, Passwords, Patch Watch, Pen testing, Privacy, Rootkits, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Wi-Fi security, Zero-day attacks

Blog posts 2007-07-25

Critical ActiveX flaw haunts LinkedIn toolbar

The flaw, which is not yet patched, was discovered by researchers at VDA Labs. A proof-of-concept demo has been released to show how a PC can be hijacked if a LinkedIn toolbar user is lured to a booby-trapped Web site.The toolbar is marketed by the social network site to...

Tags: Botnets, Browsers, Data theft, Exploit code, Firefox, Hackers, Microsoft, Mozilla, Passwords, Patch Watch, Responsible disclosure, Spyware and Adware, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks

Blog posts 2007-07-24

Free utility looks for missing security patches

Secunia has shipped a downloadable version of a free utility that scans Windows machines to find missing software patches.The tool, an enhancement to the Secunia Software inspector (a Web-based scanner I've covered before), can be used to inspect and monitor more than 4,200 different PC applications to flag dangerous vulnerabilities.This...

Tags: Hackers, Metasploit, Spyware and Adware, Botnets, Google, Firefox, Exploit code, Vulnerability research, Patch Watch, Data theft, Browsers, Windows Vista, Pen testing, Apple, Viruses and Worms, Passwords, Open source, Responsible disclosure, Mozilla, Microsoft

Blog posts 2007-07-24

Mozilla caught napping on URL protocol handling flaw

Uh-oh. The latest twist in the URL protocol handling vulnerability saga has left eggs on the faces of the security folks at Mozilla.It turns out that Mozilla's Firefox is just as guilty Microsoft's Internet Explorer when it comes to passing dangerous data to third party applications.Over the last two...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Spyware and Adware, Viruses and Worms, Responsible disclosure, Pen testing, Patch Watch, Open source, Mozilla, Microsoft, Metasploit, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Black Hat

Blog posts 2007-07-23

CEO out in Core Security shake-up

Core Security Technologies, one of a handful of companies hawking penetration testing tools to businesses, is looking for a new CEO to replace Paul Paget.According to an analyst report from The 451 Group, there are red flags about the future of Core after news emerged that Paget and product manager...

Tags: Zero-day attacks, Vulnerability research, Spyware and Adware, Responsible disclosure, Pen testing, Patch Watch, Passwords, Open source, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Digital rights management, Data theft, Browsers, Botnets, Black Hat

Blog posts 2007-07-23

Microsoft: 'Very difficult' to block IE attack vector

A member of Microsoft's Internet Explorer team says it is "very difficult" to put protections in place to block the protocol handlers attack vector exposed by the recent IE-to-Firefox code execution vulnerability.Markellos Diorinos, a product manager on the IE team, insists it is the responsibility of the receiving called application...

Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Mozilla, Microsoft, Metasploit, Google, Firefox, Exploit code, Data theft, Browsers, Botnets

Blog posts 2007-07-20

MPack exploit kit creator speaks

SecurityFocus.com reporter Rob Lemos has a fascinating interview with one of the developers of MPack, the exploit kit used in thousands of drive-by malware attacks.In the interview, presented from multiple IRC conversations and edited/reordered for clarity, Lemos does a nice job of peeking behind the dark curtain of exploit writing...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Passwords, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Black Hat

Blog posts 2007-07-20

Opera plugs nasty code execution hole

You can add Opera to the list of Web browsers singing the security blues.A new version of the cross-platform browser was released today to plug a highly critical code execution bug in the way Opera integrates support for BitTorrent downloads.The skinny from an iDefense alert:When parsing a specially crafted BitTorrent...

Tags: BitTorrent, Botnets, Browsers, Data theft, Exploit code, Firefox, Hackers, Metasploit, Microsoft, Mozilla, Opera Software ASA, Passwords, Patch Watch, Pen testing, Responsible disclosure, Rootkits, Ryan Naraine, Spyware and Adware, Vulnerability research

Blog posts 2007-07-19

Firefox raises barrier to cross-site scripting attacks

Mozilla has quietly fitted a new security feature into the latest Firefox update, adding the ability for the browser to prevent cross-site scripting attacks.The change, which was not officially announced, implements httpOnly cookies in Firefox 2.0.0.5, the most recent refresh of the open-source browser.Web application security experts are welcoming the...

Tags: Zero-day attacks, Windows Vista, Wi-Fi security, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Hackers, Google, Firefox, Exploit code, Digital rights management, Data theft, Browsers, Botnets, Apple

Blog posts 2007-07-19

Mac worm rumors swirl; Dai Zovi ships unofficial Mac OS X patch

Amidst unconfirmed rumors that anonymous hackers have created a worm that exploits an unpatched code execution flaw in Mac OS X Intel, a team of researchers have come up with a way to completely disable a buggy portion of the Mac code base.Led by Mac security guru Dino Dai Zovi...

Tags: Zero-day attacks, Wi-Fi security, Vulnerability research, Spyware and Adware, Spam and Phishing, Rootkits, Punditocracy, Pen testing, Patch Watch, Passwords, Open source, Microsoft, Metasploit, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Apple

Blog posts 2007-07-18

Mozilla patches Firefox; tells users to avoid IE

Mozilla has rolled out Firefox 2.0.0.5 with patches for a total of 9 nine vulnerabilities, including cover for the controversial IE-to-Firefox code execution attack vector.Even after plugging the hole, Mozilla inserted a blunt message into its alert:This patch does not fix the vulnerability in Internet Explorer.The open-source group is also...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Open source, Mozilla, Microsoft, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Apple

Blog posts 2007-07-18

Symantec puts price tag on anti-botnet tool

Symantec's new Norton AntiBot utility is now out of beta, promising to remove zombies from for-profit botnets scourge in exchange for $29.99 a year.The anti-botnet tool see previous coverage here is being marketed as "complementary solution to existing antivirus or security suites," adding yet another application to the list of...

Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Symantec, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Passwords, Open source, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Digital rights management, Data theft, Browsers, Botnets

Blog posts 2007-07-17

Beware the iPhone/Safari dialer

One of the iPhone's most nifty features -- dialing any phone number by simply tapping on a Web page -- can be its most sinister.[ SEE: The iPhone security non-story ]Security researchers at SPI Labs says this features can be exploited by hackers to pull off nefarious stunts like redirecting...

Tags: Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Responsible disclosure, Privacy, Pen testing, Patch Watch, Metasploit, Hackers, Data theft, Exploit code, Browsers, Botnets, Apple

Blog posts 2007-07-17