Blog

Archive for November, 2013

‘Operation Hangover’ hackers exploit latest Windows zero-day – Computerworld

‘Operation Hangover’ hackers exploit latest Windows zero-day

Indian gang ups its game with targeted attacks that rely on malicious Word docs

By Gregg Keizer

November 7, 2013 10:47 AM ET

1 CommentinShare4

Computerworld – The unpatched vulnerability in Windows that Microsoft acknowledged on Tuesday has been used by a known Indian hacker group responsible for earlier "Operation Hangover" attacks, security company Symantec said yesterday.

The gang behind Operation Hangover is believed to be based in India, and the bulk of the first round of cyber-espionage attacks, which were discovered in May, were aimed at its neighbor and long-time adversary Pakistan.

"After analyzing the payloads being used in this attack, we have identified that the targeted emails are part of an attack campaign known as Operation Hangover," Symantec said in a blog, referring to the newest campaign that relies on the Microsoft zero-day vulnerability to hijack and infect Windows PCs.

Microsoft issued a security alert Tuesday, saying that a vulnerability in the TIFF image-format parsing component of Windows was being exploited in attacks aimed at targets in the Middle East and South Asia, the latter region representing countries like India and Pakistan.

The attacks Symantec captured used malicious Word documents attached to emails with subject headings such as "Illegal Authorization for Funds Transfer" and "Problem with Credit September 26th 2013."

It was the first time that the Hangover group has used a zero-day vulnerability in its attacks, Symantec said.

Researcher Haifei Li of security company McAfee was the first to find and report the unpatched bug to Microsoft. The Redmond, Wash., company’s security team was alerted of the vulnerability Oct. 31.

According to Li, the exploit uses multiple XML objects to "spray the heap memory," a technique more than a decade old, to uncover sections of memory suitable for use by the actual attack code.

"It is worth [noting] that this heap-spraying in Office via ActiveX objects is a new exploitation trick which we [haven’t] seen before," Li wrote earlier this week.

Microsoft’s own researchers confirmed the ActiveX-based head-spray tactic in a detailed description published on its Security Research & Defense blog Tuesday.

This article, ‘Operation Hangover’ hackers exploit latest Windows zero-day, was originally published at Computerworld.com.

via 'Operation Hangover' hackers exploit latest Windows zero-day – Computerworld.

Posted in: Latest Computer News

Leave a Comment (0) →

How to Diagnose a Computer Problem: 10 Quick Steps

computer diagnosis

How to Diagnose a Computer Problem
Edited by Cameron, Brandywine, R1zen187, Username152 and 11 others

Many people are faced with everyday computer problems that are easy to fix, but are unable to diagnose the actual problem. While there are many problems a computer will be faced with, this article will tell you where to look for common problems.

EditSteps
1Check the POST. POST stands for Power On Self Test. This is generally the first or second thing that appears on a computer after turning on the power. This appears before the operating system begins to load. The POST will display any problems found with hardware that makes the computer unable to boot, POST may also display problems with hardware that allow the computer to boot, but not operate at its full capacity during operation.

2Notice the load time of the OS (operating system). A longer than usual load time may indicate seek errors (or other errors) in the hard drive.
3Notice any graphics problems once the OS has loaded. Reduced graphics may indicate driver failures or hardware failures with graphic cards.
4Perform an auditory test. An auditory test is an unorthodox, but still effective way of judging how hard a computer is working. With the computer on and running, play any decent length audio file (usually above 30 secs). If the audio is choppy or slow, it usually means that the processor is working at an elevated level, or there is not enough RAM to run all programs loading. Changing the startup sound is a great way to apply this test. Another issue associated with choppy sounds is PIO (Programmed Input/Output) Mode. This affects how the hard drive reads and writes data from a drive. Switching to DMA allows for faster reads and writes, and can sometimes repair choppy audio.
5Check any newly installed hardware. Many operating systems, especially Windows, can conflict with new drivers. The driver may be badly written, or it may conflict with another process. Windows will usually notify you about devices that are causing a problem, or have a problem. To check this use the Device Manager, this can be accessed by entering the Control Panel, clicking the System icon, clicking the Hardware tab, and clicking on Device Manager. Use this to check and arrange the properties of hardware.
6Check any newly installed software. Software may require more resources than the system can provide. Chances are that if a problem begins after software starts, the software is causing it. If the problem appears directly upon startup, it may be caused by software that starts automatically on boot.
7Check RAM and CPU consumption. A common problem is a choppy or sluggish system. If a system is choppy it is good practice to see if a program is consuming more resources than the computer can provide. An easy way to check this is to use the Task Manager, right click on the taskbar select Task Manager, and click the Processes tab. The CPU column contains a number that indicates the percentage of CPU the process is consuming. The Mem Usage column indicates how much memory a process is consuming.
8Listen to the computer, if the hard drive is scratching or making loud noises, shut off the computer and have a professional diagnose the hard drive. Listen to the CPU fan, this comes on a high speed when the CPU is working hard, and can tell you when the computer is working beyond its capacity.
9Run a virus and malware scan. Performance problems can be caused by malware on the computer. Running a virus scan can unearth any problems. Use a commonly updated virus scanner (such as Norton Antivirus or Avast! Antivirus) and a commonly updated malware scanner (such as Spybot Search & Destroy).
10Check for the problem in safe mode. As a last ditch effort, check the problem in safe mode. To enter safe mode, tap F8 repeatedly during POST (this works on most systems). If the problem persists in safe mode, it is a fair bet that the operating system itself is to blame.

This article was taken from the following site: http://www.wikihow.com/Diagnose-a-Computer-Problem

Posted in: Latest Computer News

Leave a Comment (0) →