Category: Finjan
-
Malicious space on MySpace
Last Wednesday (June 13th), SecureBrowsing has alerted us on a “cute†MySpace profile being used as a malicious code attack vector. This is not the first catch by SecureBrowsing, but to see one on MySpace this late into 2007 was a bit of a surprise. We have been talking about the risks of Web2.0 in…
-
Have something to hide? make a lot of noise about it!
There has been a lot of noise on the web over the past few days in regard to the MPack toolkit being used in the Italy region. Everyone has been talking about it vigorously: From the washington post, WebSense, TrendMicro, so eventually even Slashdot picked up on it. The interesting thing is, no one is…
-
Malicious code, exploit vectors or top-programmer job?
What would you say if you saw one of these code snippets in a website you browse to: dim tass Set tass = CreateObject(“CnsHelper.CH”) If IsObject(tass) then HasCns = true else HasCns = false end if or: function winIE5upPlyrDetect(){ var playerAxObj; var iectlAxObj; try{ iectlAxObj = new ActiveXObject(“Shell.Explorer”); } catch(e){ } try{ or: var fs…
-
Google’s “Ghost in a Browser”, WebSense, and more…
First things first – big Kudos to Google for their research paper. We at MCRC have found it to be very reassuring for us – now we know we are not the only nuts out there running around in the security arena and wondering how come nobody sees the imminent threats described in the paper.…
-
Tying it all up – explosive exploits…
The funniest thing happened yesterday – at a watercooler conversation our CTO informs us of a site that uses techniques from almost all of our trend reports (which means we are right as usual…). The interesting part was that it was one of those “iframe” sites that give you a small iframe html code to…