Gladiator Research and Security

GSA Reference Number: AD091124-01

Simply Put: Microsoft Internet Explorer (IE) 6 and 7 are vulnerable to a remote code execution vulnerability.  This vulnerability was released to the public earlier this week.  Currently, this exploit is not deemed reliable, meaning that it is difficult to exploit consistently.  However, there will most likely be a reliable version released in the near future.  This exploit also could be triggered by an HTML email message if using Microsoft Outlook, Outlook Express, or Microsoft Mail, as these products use IE to display these messages.

Over the past year, security researchers found many new Web attacks indicating that the “bad guys” have come up with some rather advanced methods to accomplish their dirty deeds.  In the past few months alone, two particular banking attacks have been detected that demonstrate the sophisticated methods being used to steal money from online banking users.  In the first attack method, dubbed “Chat-in-the-Middle,” the fraudster creates a fake support chat session with his victim by claiming to be from the bank’s fraud department.  The fraudster then uses social engineering techniques to attempt to gather further information from the unsuspecting victim.  The second attack, a Trojan known as URLZone, involves editing a user’s banking website to hide money transfer transactions started by the attackers.  This technique gives attackers ample time to transfer the funds through “money mules” and, eventually, into their own accounts, well before the attack is ever spotted by the victim.

GSA Reference Number: AD091112-01

Simply Put: A fraudulent email is currently circulating that appears to be from NACHA, the Electronics Payment Association.  The email includes a link that will forward users to a fake website that instructs the user to download a report about a failed ACH transaction.  This report is actually malicious software (Zeus/Jabber).  We have already detected infections at several financial institutions as a result of this scam.

Microsoft has announced six new patches for its monthly patch release cycle.  These patches are for Microsoft Windows and Microsoft Office.  Three patches are rated Critical and affect Microsoft Windows, allowing for remote code execution on vulnerable systems.  Gladiator recommends that users immediately apply all Critical patches to their systems. Detailed information for the patches can be found in Microsoft’s November Security Bulletin.