CA Security Advisor Research Blog

Browse by Tags

• advertising
• Anti-Spyware
• Anti-Virus
• attack
• CA
• codec
• fake codec
• fake updates
• internet
• jsp
• paypal
• phishing
• rogue security software
• Rossano Ferraris
• security
• spyware
• user permission
• video codec
• vulnerability

• Compromised websites: a real danger for Internet users

  It seems Internet users do not have any peace anymore. We have witnessed a lot of security issues on the Internet to date but never like this latest period, which can be named -to my personal perspective- as “the age of compromised websites”. The Anti... Posted May 28 2008, 12:23 PM by Rossano Ferraris with | with 2 comment(s) Tags: Anti-Spyware, Vulnerabilities, spyware, attack, security, CA, internet, Rossano Ferraris, vulnerability

• PayPal Closes a Phishing Vulnerability

  Take a close look at this image. You can click to enlarge it. It looks like the PayPal login page, but some things are off. For one, the title is "Login - PayPal Phishing Proof of Concept". That is because this isn't the PayPal login page... Posted Feb 17 2008, 10:44 AM by Stefan Berteau with | with 3 comment(s) Tags: Vulnerabilities, jsp, vulnerability, phishing, paypal

• Internet searches under attack: next in series

  by Rossano Ferraris Another interesting case I would like to bring to your attention is the effect of the so-called “fake-codec” trojans. Here is what I figured out after searching the phrase “daily dawn” on the Google search engine. The screenshot reflects... Posted Jan 15 2008, 11:40 AM by Rossano Ferraris with | with 3 comment(s) Tags: Anti-Spyware, Vulnerabilities, spyware, attack, fake updates, advertising, user permission, CA, rogue security software, Rossano Ferraris, codec, fake codec, video codec

• Be aware of fake Microsoft Updates

  by Rossano Ferraris The other day spammers spread two interesting emails to users throughout the Internet and attempted to make users believe these emails originated from Microsoft. The emails contained an alert that advised users of an undiscovered vulnerability... Posted Nov 27 2007, 08:25 AM by Rossano Ferraris with | with 1 comment(s) Tags: Anti-Spyware, Vulnerabilities, spyware, fake updates

• Ghosts and Ghouls

  A famous quotation from the The Art of War is "If you know both yourself and your enemy, you will come out of one hundred battles with one hundred victories." A malware author following the principles of Sun Tzu might say "If you know both... Posted Oct 31 2007, 04:57 PM by Alain Zidouemba with | with no comments Tags: Anti-Spyware, Anti-Virus, Vulnerabilities

• The Culprit Isn’t Always a Trojan

  The day after I got back from a 16 day trip to Europe, I opened a letter from an unknown company who informed me that information about my bank account had been removed by one of their employees. The employee sold the information to a data broker who... Posted Aug 10 2007, 03:15 PM by Nancy Strutt with | with no comments Tags: Anti-Spyware, Anti-Virus, Vulnerabilities

• Robbery, is your data prepared?

  A chill ran up my spine when I came to my front door and it was already open. A USB cable lay strewn across the doorway. I could hear a stereo speaker eerily buzzing inside. I pushed the swinging door aside and confirmed my fear. I was robbed! After a... Posted Jul 15 2007, 11:00 PM by Benjamin Googins with | with no comments Tags: Anti-Spyware, Anti-Virus, Vulnerabilities

• The Security Risk of WiFi Networks

  After trials, US operator T-Mobile USA has released two new handsets that enable users to communicate either over its cellular infrastructure or over WiFi. The technology behind this new service called HotSpot@Home is Generic Access Network (GAN), formerly... Posted Jun 29 2007, 03:26 PM by Alain Zidouemba with | with no comments Tags: Vulnerabilities

• PocketPCMag Promotes Online Gaming...Just Not The Way You'd Think

  It appears that the website pocketpcmag.com has been hijacked. At the time this article is written, webpages for articles dated June 2006 and May 2005 contain JavaScript code that lead to another page and script. The script uses an iFrame to redirect... Posted Apr 11 2007, 12:14 PM by Alain Zidouemba with Tags: Anti-Spyware, Vulnerabilities

• Super Bowl XLI Password Stealer

  A few days shy of one of the most important days of the year for sports fans across America, the website for the venue of Super Bowl XLI had a little surprise for its visitors. Earlier today, dolphinstadium.com, dolphinsstadium.com and proplayerstadium... Posted Feb 02 2007, 08:03 PM by Alain Zidouemba with Tags: Anti-Spyware, Vulnerabilities

• Microsoft December Bulletin Release

  The last monthly Microsoft security bulletin release for 2006 is out today, bringing the total number of bulletins for 2006 to 78. Microsoft published 45 bulletins in 2004, and 58 in 2005, so the upward trend is clear. Open issues Two recently reported... Posted Dec 12 2006, 05:27 PM by Kevin Kotas with | with no comments Tags: Vulnerabilities

• Microsoft November Bulletin Release

  For this month's release, Microsoft has issued 6 bulletins addressing 13 vulnerabilities. Five of the six bulletins have a cumulative rating of Critical and one has a rating of Important. 11 days vs 2 months Patches for the XMLHTTP 4.0 ActiveX Control... Posted Nov 14 2006, 11:47 AM by Kevin Kotas with | with no comments Tags: Vulnerabilities

• Oracle October Quarterly Patch Release

  For their quarterly October release, Oracle issued patches for a large number of vulnerabilities affecting a wide range of Oracle products. Oracle Database, Oracle Application Express, and Oracle Application Server are a few of the products being patched... Posted Oct 18 2006, 01:26 PM by Kevin Kotas with | with no comments Tags: Vulnerabilities

• Microsoft October Bulletin Release

  On Tuesday, October 10, 2006 Microsoft released 10 bulletins addressing 26 vulnerabilities in Microsoft Windows, Office technologies, XML Core Services, and ASP.NET. Six bulletins are rated as critical, one important, two moderate, and one low. Office... Posted Oct 10 2006, 03:24 PM by Kevin Kotas with | with no comments Tags: Vulnerabilities

• WebViewFolderIcon SetSlice Exploited!

  A recent vulnerability within the Windows shell is being exploited in the wild. The vulnerability is made accessible to attackers via ActiveX controls in Microsoft Internet Explorer and allows the arbitrary execution of code. Reports have surfaced that... Posted Oct 01 2006, 02:42 PM by Alain Zidouemba with Tags: Anti-Spyware, Anti-Virus, Vulnerabilities