Spyware, viruses, & security forum: NEWS - May 16, 2012

Version 7.7.2 of QuickTime for Windows has been released to address a total of 17 security vulnerabilities in the media player. According to Apple, these include integer, stack and buffer overflows, as well as memory corruption issues, all of which could be could exploited by an attacker to crash the application or execute arbitrary code on a victim's system. For an attack to be successful, a user must first open a malicious web site or a specially crafted file.

The company notes that, on Mac OS X, many of the holes have already been fixed in Mac OS X 10.7.3 and 10.7.4 Lion, and Security Updates 2012-001 and 2012-002 for Mac OS X 10.6.8 Snow Leopard systems. A majority of these vulnerabilities were discovered by members of TippingPoint's Zero Day Initiative (ZDI).

Further information about the QuickTime update can be found in Apple's security advisory. QuickTime 7.7.2 for Windows is available for Windows 7, Vista and XP SP2 or later from Apple's Support Downloads site. Alternatively, those who have the Software Update for Windows tool installed can update by selecting "Apple Software Update" from the Start menu.

http://www.h-online.com/security/news/item/QuickTime-for-Windows-update-plugs-security-holes-1576777.html

Also: Apple security update fixes QuickTime vulnerabilities

See Vulnerabilities & Fixes: Apple QuickTime Multiple Vulnerabilities

From F-Secure Antivirus Research Weblog:

The Documentary, a BBC World Service program (or programme) recently aired a 3-part series called Danger In The Download.

It's definitely worth a listen. All of the episodes are now available online. [Screenshot]

Episode 1 — The growing threats in cyberspace from hackers and cyber weapons.
Episode 2 — Is the net's architecture and governance is still fit for purpose?
Episode 3 — What governments can do to protect the Internet.

If you prefer your audio in the form of a podcast, we also recommend PRI's The World: Technology Podcast which is also offering Episode 1 for download.

http://www.f-secure.com/weblog/archives/00002364.html
___________________________________________

Also from F-Secure: Webinar: Making Life Difficult for Malware

Jarno Niemela, a Senior Researcher here at F-Secure Labs, will be taking part in a Black Hat Webcast on Thursday, May 17, 2012.

The subject is "Making Life Difficult for Malware" and will focus on system modifications that can be used to prevent malware from functioning properly in the event that your system is compromised. [Screenshot]

More information can be found from the webinar's registration page.

Over 1,000 people have registered thus far!

http://www.f-secure.com/weblog/archives/00002365.html

.. Credentials

Emails bearing the subject "Protection Notification" have been seen hitting inboxes in the past period, trying to dupe recipients into handing over their email account usernames and passwords.

Hoax Slayer provides a sample email:

Dear Valued Customer,

Norton Anti-Virus detected an unusual activity on your e-mail account. In order to ensure you are not infected by a virus or malware, you will be required to immediately protect your account. Kindly click on the "Protect My Account" link provided below:

Protect My Account

We apologize for any inconveniences caused as your safety is important to us.

Best Regards,

Norton Anti-Virus Group.

This message is intended for designated recipients only. If you have received this message in error, please delete the original and all copies, and notify the sender immediately. Federal law prohibits the disclosure or other use of this information.

If the "Protect My Account" link is clicked, a website is opened, urging the user to input his/her email address and password in order to keep the account active. Allegedly, the process must be completed because of a new virus.

Continued : http://news.softpedia.com/news/Norton-Protection-Authentication-Scam-Targets-Email-Credentials-269953.shtml