Ryan Naraine

Microsoft on Aug. 24 re-released its MS06-042 bulletin to provide patches for a code execution Internet Explorer flaw that was introduced by the original fix. The reissued browser patch, which is effectively an out-of-band update, brings an end to an embarrassment episode that included a verbal spat between Redmond, Wash., software maker and a private […]

Enterprise anti-virus vendor Sophos on Aug. 23 released a free rootkit detection and removal tool alongside a warning that the stealthy malware threat is a legitimate security concern for businesses. Sophos, of Lynnfield, Mass., said its rootkit cleaner offers an easy-to-use interface to scan all running processes, local hard drives and the Windows registry for […]

Microsoft has temporarily delayed the re-release of a critical Internet Explorer browser patch because of problems with the way its proprietary Systems Management Server handles cabinet (.cab) files, according to sources familiar with the matter. The Redmond, Wash., software giant markets SMS as a business tool for simplifying patch management, but because of a bug […]

On the same day Microsoft is expected to re-release an Internet Explorer security update, a private security research outfit is warning that the original patch actually introduced an exploitable vulnerability. The new warning comes less than a week after Microsoft offered a private hotfix for the browser because of a glitch that caused unexpected crashes. […]

The first wave of malicious attacks against the MS06-040 vulnerability began Aug. 12, with attackers using malware that hijacks unpatched Windows machines for use in IRC-controlled botnets. The attacks use a variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to a remote Internet Relay Chat server and listens […]

A portable hacking device equipped with hundreds of exploits and an automated exploitation system will go on sale in the United States in October. The wireless handheld, called Silica, is the latest product to be developed by Immunity, a Miami-based security company that sells penetration-testing products and services. An early version of Silica, which supports […]

Microsoft is pouring cold water on a warning from anti-virus vendor Trend Micro that a new PowerPoint zero-day attack is under way. The Trend Micro warning, first issued Aug. 19, said that a specially crafted “.ppt” file was being used to exploit an undocumented PowerPoint vulnerability. The Japanese anti-virus company said it received a sample […]

Microsoft Office isnt the only word-processing software at risk of zero-day hacker attacks. According to a warning from anti-virus vendor Symantec, attackers are exploiting a previously undocumented vulnerability in Ichitaro, a word processor produced by Justsystems, a Japanese software company. Ichitaro, which is widely used by central and local governments as well as educational institutions […]

When Joe Stewart spotted a variant of the Mocbot Trojan hijacking unpatched Windows machines for use in IRC-controlled botnets, he immediately went to work trying to pinpoint the motive for the attacks. Stewart, a senior security researcher with LURHQs Threat Intelligence Group, set up a way to silently spy on the botnets command-and-control infrastructure, and […]

Veteran virus-hunter Vincent Vinny Gullotto has joined Microsoft to head its Security Research and Response team, a move that adds instant credibility to the software makers push into the Internet security market. Gullotto, an anti-virus ace who served stints at McAfee and Symantec, will be general manager of the team, which handles all aspects of […]