Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Skype exploit-in-the-wild...


  • Please log in to reply
No replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 16 June 2010 - 05:48 AM

FYI...

Skype 'Extras Manager' vuln found In The Wild...
- http://www.m86securi...trace.1347~.asp
June 16, 2010 - "On October 12th, 2009, Skype released an updated version (4.1.0.179) of their popular VoIP client, which fixed an unspecified vulnerability in their plug-in component for Skype called EasyBits Extras Manager. The EasyBits software is intended to protect commercial software, such as plug-ins, from illegal redistribution or unlicensed use... Vulnerability disclosures are one of the most common ways cybercriminals craft their exploits, including those seen in the exploit kits themselves. In this scenario, our Security Labs team has identified a working exploit in the wild that targets this vulnerability... the malicious code exploits a Skype ActiveX vulnerability using primitive obfuscation techniques in order to bypass Antivirus security solutions. We can confirm this exploit code works successfully against vulnerable Skype installations. Testing this exploit page with VirusTotal, illustrates the dismal results (1/41 - 2.44%)... It is interesting to note that within Skype's own release notes for the security vulnerability, they provide a recommendation to their users to "use virus protection services in case of any problems." Unfortunately for those users, the virus protection would have failed. However, the core issue here is not the antivirus solution's ability to mitigate this threat, but the fact that the update process remains problematic for many companies. Many users continue to run outdated applications for months, even years, and these old versions continue to be exploited by cybercriminals. Even with the disclosure and security fixes provided by application developers, cybercriminals know that most users rarely update, making it not only easy but beneficial to monitor sites that post disclosures and proof of concept code. Ask yourself: Do you know what version of Skype you're running?"

- http://secunia.com/v...ine/?task=start

:ph34r: :ph34r:

Edited by AplusWebMaster, 16 June 2010 - 06:12 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users