Comments for PhishLabs Blog - News on Fraud, Phishing, Malware and Cybercrime http://www.phishlabs.com/blog Sat, 24 Oct 2009 22:30:54 +0000 http://wordpress.org/?v=2.8.4 hourly 1 Comment on Open formmailers won’t die by Robert http://www.phishlabs.com/blog/archives/150/comment-page-1#comment-2580 Robert Sat, 24 Oct 2009 22:30:54 +0000 http://www.phishlabs.com/blog/?p=150#comment-2580 Hi, I have just come across this article and I am somewhat confused. Although you seem to be totally against formmailers, you supply a link to Matt Wright’s site and you use formmail yourself. This is a formmail I am filling in, isn’t it? I have just put up some formmailers with Matt Wright’s script on my sites, but I neither want to facilitate phishing nor spamming. Can you tell me if there are save scripts to use, and if so which ones? Thank you Robert Hi,

I have just come across this article and I am somewhat confused.

Although you seem to be totally against formmailers, you supply a link to Matt Wright’s site and you use formmail yourself. This is a formmail I am filling in, isn’t it?

I have just put up some formmailers with Matt Wright’s script on my sites, but I neither want to facilitate phishing nor spamming.

Can you tell me if there are save scripts to use, and if so which ones?

Thank you

Robert

]]> Comment on Acrobat 0-day used in targeted attacks by Mitigating Vulnerabilities in Adobe Reader and Acrobat http://www.phishlabs.com/blog/archives/122/comment-page-1#comment-141 Mitigating Vulnerabilities in Adobe Reader and Acrobat Tue, 17 Mar 2009 14:07:48 +0000 http://www.phishlabs.com/blog/?p=122#comment-141 [...] you need to implement this change across a large number of machines, PhishLabs have posted some information which will make your life [...] [...] you need to implement this change across a large number of machines, PhishLabs have posted some information which will make your life [...]

]]> Comment on Acrobat 0-day used in targeted attacks by Adobe Vulnerability on the Loose? | Complete Source http://www.phishlabs.com/blog/archives/122/comment-page-1#comment-113 Adobe Vulnerability on the Loose? | Complete Source Tue, 10 Mar 2009 12:58:22 +0000 http://www.phishlabs.com/blog/?p=122#comment-113 [...] Phishlabs has written a bat file that can automatically handle the registry edit. You can download the necessary files here: http://www.phishlabs.com/blog/archives/122 [...] [...] Phishlabs has written a bat file that can automatically handle the registry edit. You can download the necessary files here: http://www.phishlabs.com/blog/archives/122 [...]

]]> Comment on Acrobat 0-day used in targeted attacks by Tecnologia e Informação » Como se manter seguro usando Adobe Flash e Reader http://www.phishlabs.com/blog/archives/122/comment-page-1#comment-81 Tecnologia e Informação » Como se manter seguro usando Adobe Flash e Reader Wed, 04 Mar 2009 10:21:16 +0000 http://www.phishlabs.com/blog/?p=122#comment-81 [...] explorações através de arquivos PDF maliciosos estão acontecendo). Por enquanto, sobreviva de workarounds. Outra opção é instalar um patch não oficial que um consultor da SourceFire [...] [...] explorações através de arquivos PDF maliciosos estão acontecendo). Por enquanto, sobreviva de workarounds. Outra opção é instalar um patch não oficial que um consultor da SourceFire [...]

]]> Comment on Acrobat 0-day used in targeted attacks by Vlad http://www.phishlabs.com/blog/archives/122/comment-page-1#comment-67 Vlad Sat, 28 Feb 2009 04:01:41 +0000 http://www.phishlabs.com/blog/?p=122#comment-67 Yeah - how do you disable the pop-up warning about enabling the java (fricking annoying)? Yeah – how do you disable the pop-up warning about enabling the java (fricking annoying)?

]]> Comment on How AV software can stop phishing sites by Light Blue Touchpaper » Blog Archive » Evil Searching http://www.phishlabs.com/blog/archives/35/comment-page-1#comment-60 Light Blue Touchpaper » Blog Archive » Evil Searching Wed, 25 Feb 2009 17:19:46 +0000 http://www.phishlabs.com/blog/?p=35#comment-60 [...] phishing websites (”if you can break in, then so can I”); or they were seeking the PHP “shells” that phishing attackers often install to help them upload files onto the website (”if you [...] [...] phishing websites (”if you can break in, then so can I”); or they were seeking the PHP “shells” that phishing attackers often install to help them upload files onto the website (”if you [...]

]]> Comment on Acrobat 0-day used in targeted attacks by max http://www.phishlabs.com/blog/archives/122/comment-page-1#comment-58 max Wed, 25 Feb 2009 12:53:42 +0000 http://www.phishlabs.com/blog/?p=122#comment-58 how do you disable the pop-up warning about enabling the java ?? how do you disable the pop-up warning about enabling the java ??

]]> Comment on Acrobat 0-day used in targeted attacks by 山寨PDF补丁比Adobe官方提前两周发布 | 紧跟IT潮流 http://www.phishlabs.com/blog/archives/122/comment-page-1#comment-57 山寨PDF补丁比Adobe官方提前两周发布 | 紧跟IT潮流 Wed, 25 Feb 2009 06:27:12 +0000 http://www.phishlabs.com/blog/?p=122#comment-57 [...] 此外安全公司PhishLabs也发布了补丁去重置一个Windows注册表项,禁用Adobe Reader 9.0的JavaScript,从而切断黑客入侵之路。 Grenier的补丁下载。 [...] [...] 此外安全公司PhishLabs也发布了补丁去重置一个Windows注册表项,禁用Adobe Reader 9.0的JavaScript,从而切断黑客入侵之路。 Grenier的补丁下载。 [...]

]]> Comment on Acrobat 0-day used in targeted attacks by jcg http://www.phishlabs.com/blog/archives/122/comment-page-1#comment-55 jcg Tue, 24 Feb 2009 17:55:37 +0000 http://www.phishlabs.com/blog/?p=122#comment-55 acrobat 6 pro: HKCU\Software\Adobe\Adobe Acrobat\6.0\JSPrefs\bEnableJS reader 7: HKCU\Software\Adobe\Acrobat Reader\7.0\JSPrefs\bEnableJS acrobat 6 pro:
HKCU\Software\Adobe\Adobe Acrobat\6.0\JSPrefs\bEnableJS

reader 7:
HKCU\Software\Adobe\Acrobat Reader\7.0\JSPrefs\bEnableJS

]]> Comment on Acrobat 0-day used in targeted attacks by Dave Howe http://www.phishlabs.com/blog/archives/122/comment-page-1#comment-53 Dave Howe Tue, 24 Feb 2009 13:06:08 +0000 http://www.phishlabs.com/blog/?p=122#comment-53 Note that for acrobat reader v8, that key becomes HKCU\Software\Adobe\Acrobat Reader\8.0\JSPrefs\bEnableJS I would imagine that there may be other versions also, although localizations tend to use the same keys. Note that for acrobat reader v8, that key becomes

HKCU\Software\Adobe\Acrobat Reader\8.0\JSPrefs\bEnableJS

I would imagine that there may be other versions also, although localizations tend to use the same keys.

]]> Comment on Acrobat 0-day used in targeted attacks by .blog » Blog Archive » Adobe flaw work arounds http://www.phishlabs.com/blog/archives/122/comment-page-1#comment-51 .blog » Blog Archive » Adobe flaw work arounds Tue, 24 Feb 2009 03:24:34 +0000 http://www.phishlabs.com/blog/?p=122#comment-51 [...] the security for several computers you may wish to disable JavaScript via the registry. The guys at PhishLabs have pointed out how to do this. according to their blog you can disable JavaScript in Adobe Reader [...] [...] the security for several computers you may wish to disable JavaScript via the registry. The guys at PhishLabs have pointed out how to do this. according to their blog you can disable JavaScript in Adobe Reader [...]

]]> Comment on Acrobat 0-day used in targeted attacks by More Acrobatics | ThreatBlog http://www.phishlabs.com/blog/archives/122/comment-page-1#comment-46 More Acrobatics | ThreatBlog Sat, 21 Feb 2009 19:27:49 +0000 http://www.phishlabs.com/blog/?p=122#comment-46 [...] batch-file for turning off JavaScript in Adobe Reader by altering Registry settings at http://www.phishlabs.com/blog/archives/122 (I haven’t tested it!). Assuming that it works as advertised, there’s no advantage [...] [...] batch-file for turning off JavaScript in Adobe Reader by altering Registry settings at http://www.phishlabs.com/blog/archives/122 (I haven’t tested it!). Assuming that it works as advertised, there’s no advantage [...]

]]> Comment on How AV software can stop phishing sites by jal http://www.phishlabs.com/blog/archives/35/comment-page-1#comment-5 jal Wed, 26 Nov 2008 23:31:01 +0000 http://www.phishlabs.com/blog/?p=35#comment-5 @Jarek Trend Micro and 29 other vendors were tested. The published results only include the top 10 performing vendors. The point of the test was not to shame the underperforming vendors, but rather to call attention to the need to detect these files in general since all vendors performed relatively poor compared to, for example, the typical Win32 trojan. Soon, the same samples will be tested again to see which vendors have responded and which have not. Stay tuned. @Jarek

Trend Micro and 29 other vendors were tested. The published results only include the top 10 performing vendors. The point of the test was not to shame the underperforming vendors, but rather to call attention to the need to detect these files in general since all vendors performed relatively poor compared to, for example, the typical Win32 trojan. Soon, the same samples will be tested again to see which vendors have responded and which have not. Stay tuned.

]]> Comment on How AV software can stop phishing sites by Jarek Bechemot http://www.phishlabs.com/blog/archives/35/comment-page-1#comment-4 Jarek Bechemot Wed, 26 Nov 2008 17:13:27 +0000 http://www.phishlabs.com/blog/?p=35#comment-4 Dear All, I wonder why there was no TrendMicro in this test ? TM has av scan engine for Linux (unix) system - eg.: http://emea.trendmicro.com/emea/products/enterprise/serverprotect-for-linux/index.html and detects PHP shells, backdoors, etc. This is because neither av-test.org nor VirusTotal has it in its scan engine pool ? Any answer will be appreciated. Regards, Dear All,
I wonder why there was no TrendMicro in this test ? TM has av scan engine for Linux (unix) system – eg.: http://emea.trendmicro.com/emea/products/enterprise/serverprotect-for-linux/index.html and detects PHP shells, backdoors, etc.
This is because neither av-test.org nor VirusTotal has it in its scan engine pool ?
Any answer will be appreciated. Regards,

]]>