The Watch
Last week, Microsoft released a security bulletin reporting vulnerability in the graphics subsystem in Windows and a wide range of Microsoft products. This week, Netcraft, the UK Web monitoring company, is reporting that exploit code for the flaw is available on the Web. In a Sept. 17 article, Netcraft notes that the proof of concept code, listed on GulfTech Researchs Web site, had been downloaded 32,000 times between Thursday and Saturday. The SANS Internet storm center handlers diary reports that the availability of proof of concept code foretells the possibility of malicious use soon. Because of this, we recommend all users update to the MS04-028 patch as soon as possible.
We saw two new phishing examples on Monday that circumvent detection by using a single monolithic bitmap followed by random text. Both phishes were for Citizens Bank, and contained a bitmap with a link to the phishing site. If you viewed source, there were two URLs visible, one the actual Citizens Bank site, and the other masked using hex characters (%32%30%38%2E%31%38%36%2E etc…).
Click here to view the complete story on PCmag.com.