ISSSource White Papers

Posts Tagged ‘Bing’

Tuesday, April 17, 2012 @ 05:04 PM gHale

A persistent script code inject vulnerability is hampering the Microsoft Partner Network Cloud service.

The hole ended up discovered by researchers from Vulnerability Lab who are helping Microsoft patch up some serious vulnerabilities that affected two of their services.

Cloud Coverage by Invensys
Cloudy Days Ahead
Azure Cloud Suffers Outage
FBI Pushes Cloud Security Rules
Enhanced Security for Cloud Computing

To demonstrate their findings, the researchers made a video proof-of-concept in which the Lab’s Chief Executive, Benjamin Kunz Mejri, shows how easy it is for an attacker to leverage the persistent script code injection flaws on a Microsoft Cloud aspx service to execute his own malicious code.

“The vulnerability allows a remote attacker or local low privileged user account to inject/implement malicious persistent script code (Application-Side). Successful exploitation with low required user inter action can result in session hijacking against admin, moderator and customer sessions or allows an attacker to manipulate requests via persistent script code inject,” the experts said.

After collaborating with the Microsoft Security Response Center (MSRC) team and after ensuring they addressed the issues, Vulnerability Lab made available the video and a proof-of-concept in text format that can offer some details.

The Microsoft Partner Network Cloud service wasn’t the only one found to have flaws. Microsofts Afkar, the site that allows Arabic users worldwide to play with new tools and ideas, contained a cross-site scripting (XSS) weakness that could have allowed a remote attacker to hijack user sessions and manipulate context.

In the past month, the Vulnerability Lab team has been very busy helping high-profile companies fix the bugs that exposed their websites and services to malicious operations.

First, they helped Microsoft address a flash component vulnerability that affected the Bing Service Application. Then, Shadab Siddiqui notified Apple on some dangerous SQL Injection vulnerabilities present in the Education Seminars & Events site.

Oracle’s security team also welcomed the feedback from the experts in handling multiple blind SQL Injection security holes that existed on sites such as,,, and

Wednesday, March 21, 2012 @ 01:03 PM gHale

Ever resourceful, cyber bad guys are trying to take advantage of Google’s name and logo to push malware onto unsuspecting users.

A number of pages offering “Google antivirus” software and threatening to block the users’ access to Google services because of an infection have recently popped up and appear among Google and Bing search results, according to GFI researchers.

Java Attack Installs Malware in Memory
Stress Testing Web 2.0 Apps
Updated DHS Cyber Security Tool
Body Heat Powers Devices

The offered software is actually a rogue AV solution that has nothing to do with the Internet giant, and will try to bilk money from the victims.

It is worth to note that currently very few AV solutions detect the variant in question, so users should be very careful when offered software without having asked for it themselves.

While the page looks like a Google offering, take a look at the URL and see if it has anything to do with the company. In this case, it did not, so that is a giveaway about the malicious nature of the offer.

Monday, March 19, 2012 @ 04:03 PM gHale

There is a critical severity flaw in Bing that has a remotely exploitable Flash component vulnerability that could allow an attacker to implement malicious persistent comments while the user was editing or posting via Flash.

Security researchers Subho Halder, Aditya Gupta and Dev Kar discovered the flaw and reported it to Microsoft February 7; the company responded two days later and by March 14 the software giant patched it.

Patch Tuesday also Exploit Tuesday
Bounty for Patched RDP Exploit
Microsoft Shuts RDP Hole
Mozilla Firefox 11 Ready to Go

If unaddressed, the remotely exploitable Flash component vulnerability may have allowed an attacker to implement malicious persistent comments while the user was editing or posting via Flash.

The vulnerable module was the Comments&Edit – Flash Input/Output when swf files created with Action Script loaded.

With the vulnerability, it is fairly easy for an attacker to remotely exploit the vulnerabilities, without much user interaction required.

Bing’s popularity is on the rise as people use it to perform searches and other tasks.

Vulnerability researchers have been finding weaknesses and helping website administrators and vendors patch products.

Wednesday, September 21, 2011 @ 03:09 PM gHale

Google Alerts members who want to learn about Trojans may get up close and personal with a Trojan.

John Barrett from CleanBytes set up his Google Alerts account to send him updates on Trojans and he received a link that apparently came from WCBI.

Zeus Trojan Lives On
Mitsubishi Heavy Hacked
Seeking Help? Beware
Cutting Through Morto Worm

After clicking on it, he went to a site that resembled a Megaupload site. The page is actually a fake and if you press the download button, a file called 2_setup.exe offers a Trojan anti-virus.

Upon submission to VirusTotal, the results revealed that a ZeroAccess Trojan was the “innocent” looking file.

This latest scam comes on the heels of Bing and Yahoo search engines advertising malware containing websites.

These types of ill-purposed pieces of software are one of the most dangerous as they’re able to hide themselves deep in the operating system, infecting the master boot record if not stopped in time.

In this case it seems the WCBI website suffered a hack and according to Barrett “again we have to deal with another Google search results poisoning.”

Archived Entries