Hardhead's Blog

My Photo
Location: Blue Ridge, Va., United States

Tuesday, April 29, 2008

Microsoft Delays Windows XP Service Pack 3

Microsoft is delaying the release of Service Pack 3 for Windows XP users due to a "compatibility issue" with the bundle of updates and a supply-chain solution the company markets to small- and medium-sized businesses. The software giant had previously said SP3 would be released to XP customers today via Windows Update and its software download center.

In a written statement, Microsoft said:

"In order to make sure customers have the best possible experience we have decided to delay releasing Windows XP SP3 to Windows Update and Microsoft Download Center.


Thursday, April 24, 2008

Mass SQL injection

There's another round of mass SQL injections going on which has infected hundreds of thousands of websites.
Performing a Google search results in over 510,000 modified pages.

What happens as a result?

It finds all text fields in the database and adds a link to malicious javascript to each and every one of them which will make your website display them automatically. So essentially what happened was that the attackers looked for ASP or ASPX pages containing any type of querystring (a dynamic value such as an article ID, product ID, et cetera) parameter and tried to use that to upload their SQL injection code.

So far three different domains have been used to host the malicious content — nmidahena.com, aspder.com and nihaorr1.com. There's a set of files that gets loaded from these sites that attempts to use different exploits to install an online gaming trojan. Right now the initial exploit page on all domains are unaccessible but that could change. So if you're a firewall administrator we recommend you to block access to them.

So what should you do?

First of all, search your website logs for the code above and see if you've been hit. If so, clean up your database to prevent your website visitors from becoming infected. Second, make sure that all the data you pass to your database is sanitized and that no code elements can be stored there. Third, block access to the sites above. Fourth, make sure the software you use is patched, F-Secure Health Check is an easy way to do this. Fifth, keep your antivirus solution up-to-date.


Wednesday, April 02, 2008

Malwarebytes' Anti-Malware 1.10

Version 1.10 (April 1st, 2008)

1. (FIXED) Installer missing Romanian translation.
2. (FIXED) Minor problem during memory scan.
3. (FIXED) Improved service scanning techniques.
4. (FIXED) Problems removing certain registry values.
5. (FIXED) Dramatically improved Protection Module speed.
6. (FIXED) Scheduler problems with Protection Module.
7. (ADDED) Advanced file scanning methods.
8. (ADDED) DNS checking and fixing.

Product Details: Malwarebytes' Anti-Malware