Windows Lnk Exploit Protection Tool

The Recent Microsoft vulnerability in Windows Shell could allow Remote Code Execution such as using shortcut. Many malwares were found exploiting this vulnerability. Sophos had recently released a free protection tool that claims to be able to detect and block this Windows shortcut exploit from running. It will also work with your existing Anti Virus.

The tools can be downloaded from this official website.

Below is the demo video of the tools


Related Report:
- TechNet: Microsoft Security Advisory (2286198)

Disclamer: I do not in any way endorsed this tool nor responsible for any problem or issue cause by it.

Vulnerability found in WPA2

Recently, a vulnerability was found in WPA2 protocol. It is an insider vulnerability where authenticated attacker could launch a "Man in the Middle" attack by decrypting and injecting malicious traffic into the wireless network.

WPA2 is currently the strongest WiFi encryption and authentication protocol available. According to the researcher in AirTight networks, this vulnerability is a design loophole in IEEE 802.11 Standard.

Based on the standard, Group Temporal Key (GTK), which is used to protect broadcast data sent to multiple clients, is using a common shared key. This allows authenticated user to use the common key to encrypt and sends spoofed packets to other clients.

Currently there isn't any patch on this standard.

Related Report:
- NetworkWorld: WPA2 vulnerability found

Email Scam Reloaded

I have not been receiving any scam email for some time. Finally got last week. This one spoofed to be from the director of United Nations Compensation Commission.

- Extracted from the Scam mail -

From: Jeffrey S. Mears
To: brady@pisem.net
Subject: Swift Transafer Notification

Jeffrey S. Mears Director,
United Nations Compensation Commission (UNCC)
3 Vivian Avenue, London SW1Y 4TE
London UK
We need to confirm from you if JP Morgan Chase NA, London UK has credited your
account, with the approved amount of US$18Million dollars as
instructed by United Nations and African Union.
The African Union and UN has instructed for an immediate transfer to all
beneficiaries who has an outstanding payment to collect

We will be obliged to confirm from you if you have received the money from our
corresponding bank the JP Morgan Chase NA London UK,
to enable us close your file and put our record straight.

Thanks for the anticipated cooperation.

Jeffrey S. Mears Director,
United Nations Compensation Commission (UNCC)
3 Vivian Avenue, London SW1Y 4TE
London UK

- End of Email -

The letter may looks genuine to many, but it gives alot of tell-tale sign that it is actually a scam mail.

Firstly, the mail was send "To:" some unknown email instead of your own email address. for this case, "To:" field is to "brady@pisem.net".

Secondly, the sender is suppose to be "Jeffrey S. Mears" of the United Nations Compensation Commission. But the "From:" field is from "wangqm@im.ac.cn", which the domain is not from UN.org.



From the Mail header, the mail seems to be coming from "mail.im.ac.cn" and the message body was not in plain text but encoded.



Checking on the "mail.im.ac.cn", it is actually from the email system of the "Institute of Microbiology, Chinese Academy of Science" in China. Seems that the user "Wangqm" account was being hacked and used by the scammer.