Another IE bug hits Microsoft

Filed under: — Aviran Mordo

Microsoft is investigating a security flaw that could let an attacker gain control over a vulnerable Windows computer, the company said Tuesday.

The flaw was reported to the company earlier this month by Jeffrey van der Stad, a 25-year-old Dutch programmer. The problem is related to the way the browser processes so-called HTA files, Microsoft said in an e-mailed statement. HTA files are associated with Web applications.

The vulnerability affects Internet Explorer 6 on Windows 98, Windows XP and Windows 2003 Server, according to van der Stad’s Web site. “With this vulnerability it is possible to run an HTA file without the user’s permission,” he wrote.

This is the second IE flaw within a week that Microsoft has said it is investigating and may issue a patch for. On Monday the company said it was looking into a bug that could cause the browser to crash. Microsoft’s next scheduled Patch Tuesday is on April 11.

Source: News.com

Yahoo launches instant message phone in US

Filed under: — Aviran Mordo

Yahoo Inc. on Tuesday said it is launching a service in the United States that lets people make phone calls through the company’s instant messaging software.

Available in several other countries since December, the service allows people to make calls from their computers for 2 cents a minute or less to the top 30 national phone markets, including the United States.

The “Phone Out” service also allows calls from computers to regular phones at varying rates to a total of 180 countries.

Using instant messaging for phone calls is one of the latest ways that technology companies are finding cheaper ways to allow people to talk all over the world without relying on traditional phone networks.

The move also attempts to undercut rates offered by Skype, a similar service offered by eBay Inc

Source: Yahoo

Trojan Horse? Researchers Warn of Trojan Hearse

Filed under: — Aviran Mordo

Security researchers at Sana Security are warning of a new type of malicious software designed to steal user names and passwords from Web surfers. The malware, dubbed “rootkit.hearse,” uses rootkit cloaking techniques that make it extremely difficult to detect.

Before it can steal information, however, the software must be downloaded onto a user’s system. A bad guy can accomplish this by tricking the user into downloading the malicious code or by infecting a computer with some other form of malware. Once installed, it sends the sensitive information to a server in Russia that appears to have been in operation since March 16, Sana said.

The software has two components: a Trojan horse application that communicates with the Russian server, and rootkit software that cloaks the malicious software from system tools and antivirus programs. Sana has observed the software being downloaded in conjunction with the Win32.Alcra worm.

Rootkit.hearse uses the same kind of cloaking techniques made infamous by Sony BMG Music Entertainment’s XCP (Extended Copy Protection) rootkit software, making it hard to find, according to Sana’s chief technology officer, Vlad Gorelik.

Source: Yahoo

Powered by WordPress