Posts Tagged ‘Google Desktop’

Google Desktop Zero Day Exploit

RSnake from ha.ckers.org has posted an example of a zero day exploit using Google Desktop that he says you could use to do almost anything on someone’s computer who has Google Desktop installed. Someone could could use a wireless hotspot to monitor for a user with Google Desktop installed and then use the exploit against them. This is one big reason you should be careful with which internet applications you allow total access to your computer, and I am sure there will be many more examples using other programs from Google and other software vendors.

The demo does not try to hide what it is doing by making the overlay visible, but this is a demonstration of how it works, so you can see each component. In the video, as mentioned, we launch hyperterm.exe, although we could have launched almost anything you can imagine, including programs that connect out to the web, uninstall programs, etc… We stopped once we realized we could do this much damage, but we are certain this could be used for far more nefarious things. Source: Google Desktop 0day

The video demonstration is below.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - June 1, 2007 at 7:14 pm

Categories: Google, Security   Tags:

Powerful Computer Search Tool, Right from Your Desktop

Are you looking for a better search for your desktop? Google Desktop is an excellent search tool for your computers, it comes as part of the Google Pack, you can quickly search your computer for emails, web history, and files, view news, photos and more anywhere on your desktop, you can add Google Gadgets to customize your desktop and Sidebar.

Google Desktop gives you easy access to information on your computer and from the web. It’s a desktop search application that provides full text search over your email, files, music, photos, chats, Gmail, web pages that you’ve viewed, and more. By making your computer searchable, Google Desktop puts your information easily within your reach and frees you from having to manually organize your files, emails and bookmarks. It makes searching your computer as easy as searching the web with Google.

Google Desktop doesn’t just help you search your computer; it also helps you gather new information from the web Sidebar and Google Gadgets, which can be placed anywhere on your desktop to show you new email, weather, stock information, photos, personalized news, RSS/Atom feeds, and more. Sidebar is personalized automatically, without any manual configuration required (though you can certainly make your own customizations if you want to or turn off automatic personalization). Source: Google

Use the powerful Google Search on your desktop, its part of the Google Pack, and you can download just Google Desktop or a bunch of other great software, like Google Earth, Picasa, a Photo Screensaver, the famous Google Toolbar, Adobe Reader, Norton Antivirus, Adaware, Firefox, Google Talk and Video Player, Skype, and more. Download the Google Pack by clicking this link here.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - December 16, 2006 at 6:10 am

Categories: Google, Software   Tags: , , ,

Temporary Fix for the WMF Exploit

Since Microsoft has decided to wait until Tuesday to release it’s patch for the latest Windows exploit, the WMF security flaw, F-Secure has posted on their site about a fix released by the author of Interactive Disassembler and probably one of the best low level Windows experts in the world, Ilfak Guilfanov. The fix is here.

Ilfak Guilfanov has published a temporary fix which does not remove any functionality from the system (all pictures and thumbnails continue to work normally).

The fix works by injecting itself to all processes loading USER32.DLL. It patches the Escape() function in GDI32.DLL, revoking WMF’s SETABORT escape sequence that is the root of the problem.

This flaw has already spawned dozens of attacks from a MSN Messenger worm to spam that tries to get users to click on malicious web sites.

The vulnerability can be easily exploited in Windows XP with Service Pack 1 and 2, as well as Windows Server 2003, security experts said. Older versions of the operating system, including Windows 2000 and Windows ME, are also at risk, though in those cases the flaw is more difficult to exploit, said Mikko Hypponen, chief research officer at F-Secure.

“We have seen dozens of different attacks using this vulnerability since Dec. 27,” Hypponen said. “One exploits image files and tries to get users to click on them; another is an MSN Messenger worm that will send the worm to people on your buddy list, and we have seen several spam attacks.”

He added that some of the spam attacks have been targeted to select groups, such as one that purports to come from the U.S. Department of State. The malicious e-mail tries to lure the user to open a map attachment and will then download a Trojan horse. The exploit will open a backdoor on the user’s system and allow sensitive files to be viewed.

A chief researcher at F-Secure said,

“We are still far away from a massive virus,” he said. “Most people get attacked by this if they (search for something on the Internet) and get a million results. They may click on a link that goes to a malicious Web site or one that has been hacked, and then get infected.”

In an article from News.com posted today, an antivirus specialist stated that over a million pc’s have been compromised,

More than a million PCs have already been compromised, said Andreas Marx, an antivirus software specialist at the University of Magdeburg in Germany. He has found a hidden Web site that shows how many copies of a program that installs malicious software have been delivered to vulnerable PCs.

“I’m sure it’s just a matter of days until the first (self-propagating) WMF worm will appear,” he said. “A patch is urgently needed.”

So, with Microsoft waiting until Tuesday, attackers are going to have about a week with no worries to try to take advantage of this. So far, most of the attacks have involved installing spyware and adware to display pop up advertising on the infected pc’s.

Microsoft has completed a fix for the problem and is currently testing and localizing the update into 23 languages, the software maker said in its advisory, updated on Tuesday. “Microsoft’s goal is to release the update on Tuesday, Jan. 10, 2006, as part of its monthly release of security bulletins,” the company said.

To protect Windows users, Microsoft shouldn’t wait, but release the patch now, several critics said.

“The flaw is actively exploited on multiple sites, and antivirus provides only limited protection,” said Johannes Ullrich, the chief research officer at the SANS Institute. “Active use of an exploit without sufficient mitigating measures should warrant the early release of a patch, even a preliminary, not fully tested patch.”

Once again, we see a large company not really caring about the users and all they are doing is creating even more ill will.

Added: One of the F-Secure researches stated that one of their test machines became infected after downloading an infected file using the Wget command line tool, without even executing it.

It seems that Google Desktop creates an index of the metadata of all images too, and it issues an API call to the vulnerable Windows component SHIMGVW.DLL to extract this info. This is enough to invoke the exploit and infect the machine. This all happens in realtime as Google Desktop contains a file system filter and will index new files in realtime.

2 comments - What do you think?  Posted by Jimmy Daniels - January 4, 2006 at 11:39 am

Categories: Microsoft News, Spyware Info, Tech News, Virus Info   Tags: , , , , , ,