Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Document shell-code – Favorite Target Of Hackers

Premeditated strikes that exploit flaws in popular text file formats and impact through remote shell code are gradually getting to be a prevalent danger, as per investigators at the Internet Security Systems branch of IBM.

Specialists with the ISS X-Force team alleged that they had observed an upsurge in the amount and range of shell-code implementation strikes targeted at their clients during the past one year (May 2006- April 2007).

The files normally attacked are the most popular kinds of text files circulated in various companies nowadays, comprising Excel, Microsoft Word, PowerPoint formats, and Adobe PDF files.

"There are several causes why these hacks have become so common, but it's largely because from a malware viewpoint it's an appealing technique, with loads of promise for communal technology," asserted Holly Stewart, X-Force Threat Analysis Service's product manager, explains CSO's May 2, 2007 issue.

The Defense Security Service (DSS), which handles admittance of civilian contractors into DoD complex, in Oct. 2006 had cautioned that innumerable workers globally had received contaminated attachments, with a " countless machines" probably endangered by the hack.

Newer strikes detected by ISS within its client base included sophisticated Windows flaws accompanied by the freshly fixed animated cursor (.ANI) fault and the Vector Markup Language (VML) bug. Major flaws in Adobe's Acrobat program were also found to be a hotbed for cyber-terrorists, Stewart alleged.

Integral to the shell-code tapping trouble is the failure of leading software purveyors like Microsoft and Adobe to fix their wares rapidly, asserted director Kris Lamb, of X-Force, which supplies threat intelligence utilized in ISS security goods and facilities, comments CSO on May 2, 2007.

Presently there are three Word flaws that haven't yet been corrected, amid others, that are letting cyber-terrorists to execute their operations effectively, he told.

"Majority of big purveyors have progressed satisfactorily in the past few years, honing their skills to react and cooperating with different suppliers to tackle difficulties quickly. I don't believe the problem is poor motivation," Lamb said. "But, with the swiftness with which these software-level troubles are being tapped, it's obvious that they should discover more methods of enhancing latent period."

» SPAMfighter News - 08-05-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next