Last Updated: 2013-02-08 21:59:26 UTC
by Johannes Ullrich (Version: 1)
Looks like next tuesday will be a busy patch tuesday. Expect 11 bulletins fixing 57 vulnerabilities. Most of the bulletins affect Windows, but we also got one for Office, two affecting Internet Explorer and one affecting server software. It is a bit odd to see two bulletins affecting Itnernet Explorere instead of just one "roll up patch". 5 of the bulletins are ratesd critical.
Also note that Microsoft released an update for the Flash Player for Internet Explorer 10 today, in sync with Adobe's update for flash player .
Last Updated: 2013-02-08 13:53:27 UTC
by Kevin Shortt (Version: 1)
Does anyone have a friend that regularly still sends you crap via email that usually includes a link or some pic's? We are all IT security professionals here and know the preacher's drill on this topic. Really, we do not like wasting our time on the junk that is sent to us. Delete, Delete, Delete.
Now. We Need To Know
Did we just infect our system?
We need to know. It is time to act fast. Get to a shell and pull that page down with a text browser ala wget or curl. It is possible for this page to disappear quickly. This sample was sent in by a reader who acted fast. By the time I got around to verifying some things on this sample, the below pasted code was gone.
The Lazy Liston
Below is a snapshot of the jsc run of script.js. I pasted and circled the obfuscated strings and the decoded pieces. Note the url listed matches the browser shot up above.
In summary, my diagnosis of the original email and sample with the clickable link, is it is only a spoofed email and intended to be spam. I humbly encourage all to offer any feedback to counter my assessment or offer any added value to it. Many thanks to Lode V. for sending it in!
ISC Handler on Duty