Malware
Mac
Facebook
Android
Vulnerability
Data loss
Privacy
More...

Search for:

95% say Facebook needs to do more to fight clickjacking worms, poll reveals

Tavis Ormandy - are you pleased with yourself? Website exploits Microsoft zero-day

CVE 2010-1885 exploited in the wild

Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.

Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.

Don't forget you can subscribe to the SophosLabs YouTube channel to find all our latest videos.

Hi there! If you're new here, you might want to subscribe to our RSS feed for updates.

Already using Google+? Find us on Google+ for the latest security news.

On LinkedIn? Join the Naked Security discussion group and connect with your peers in the security industry.

Sorry, something happened and we couldn't sign you up. Please come back later and try again.

Congratulations, you've successfully signed up for our daily news! Check your inbox soon, we've sent you an email.

Sorry, we won't accept that email address. Please try a different address.

We're adding your address to our list...

Join thousands of others, and sign up for Naked Security's newsletter

by Donato Ferrante on June 15, 2010 | Leave a comment

Filed Under: Malware, SophosLabs, Vulnerability

The recent Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) is being exploited in the wild.

Today, we got the first pro-active detection (Sus/HcpExpl-A) on malware that is spreading via a compromised website.

This malware downloads and executes an additional malicious component (Troj/Drop-FS) on the victim's computer, by exploiting this vulnerability.

More details about CVE 2010-1885 can be found in our report here.

We detect this malware family as: Mal/HcpExpl-A.

Share

Email
Tweet
Buffer
Hacker News
App.Net
Pocket

95% say Facebook needs to do more to fight clickjacking worms, poll reveals

Tavis Ormandy - are you pleased with yourself? Website exploits Microsoft zero-day

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Name *

Email *

Website

Username *

Comment

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

Popular
Recent
Related

sc-250

Snapchat images that have "disappeared forever" stay right on your phone...

wifimyths-250

Three wireless security myths - busted! [VIDEO]

AusSHIRT 2013 - the #sophospuzzle instructions in full

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

Want to see who has viewed your Facebook profile? Take care..

Apple iMessage "censors" mention of Obama: international conspiracy...or software bug?

dloadnow-250

Inside the "PlugX" malware with SophosLabs - a fascinating journey into a malware factory...

Revenge-porn website victim files suit against ex and four porn sites

Revenge-porn website victim files suit against ex and four porn sites

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

wifimyths-250

Three wireless security myths - busted! [VIDEO]

sscc109-250

SSCC 109 - Laptop theft, money mules, LulzSec, Microsoft and more [PODCAST]

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

AusSHIRT 2013 - the #sophospuzzle instructions in full

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

dloadnow-250

Inside the "PlugX" malware with SophosLabs - a fascinating journey into a malware factory...

Congress asks Google if and how it's protecting privacy with Glass

Congress asks Google if and how it's protecting privacy with Glass

Monday review

Monday review - the hot 24 stories of the week

Get ready for the next #sophospuzzle - coming soon to a T-shirt near you

Microsoft's new 0 day flaws, upcoming patches and retirements

Microsoft's new 0 day flaws, upcoming patches and retirements

Microsoft readies emergency patch for Shortcut zero-day flaw

Microsoft readies emergency patch for Shortcut zero-day flaw

Image (1) trojan250.jpg for post 3446

Microsoft addresses recent DLL order of operations flaw

Image (1) tuesday250.jpg for post 3509

MS Patch Tuesday, Adobe Vulns and Firefox 3.6.10 - Sept 2010

MSFixIt50792-250

Microsoft announces workaround for the Duqu exploit

Image (1) adobe250.png for post 2842

Microsoft Vs. Adobe security smack-down

Microsoft advisory: Internet Explorer zero day affects most Windows versions

Microsoft advisory: Internet Explorer zero day affects most Windows versions

What the RTF? Mac and Windows users at risk from boobytrapped documents

What the RTF? Mac and Windows users at risk from boobytrapped documents

Patch Tuesday for October 2012

Patch Tuesday April 2012 - Critical updates for Windows, Office and Adobe Reader

Video posts

More videos this way

wifimyths-250

Three wireless security myths - busted! [VIDEO]

Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]

You won't believe how crazy this password infomercial is (and neither did Ellen DeGeneres) [VIDEO]

When is a password not a password? When Excel sees VelvetSweatshop

When is a password not a password? When Excel sees "VelvetSweatshop" [VIDEO]

Sophos CEO suffers from a watery end for Comic Relief

Sophos CEO suffers from a watery end for #ComicRelief

Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]

Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]

About Naked Security
About Sophos
Our Authors
Awards
Got a story for us?

Tags

Adobe Android anonymous Apple Cybercrime data loss DDoS Exploit Facebook Fake anti-virus General Google hacking iPhone IT Malware Microsoft password phishing Privacy Scam scareware Spam Survey Scam Twitter Video vulnerability web web 2.0 WWW

Categories

Adobe (339)
Adobe Flash (181)
Android (410)
BlackBerry (82)
Botnet (197)
Celebrities (333)
Clickjacking (70)
Data loss (1850)
Firefox (168)
Internet Explorer (279)
iOS (318)
Java (255)
Law & order (2461)
Nude Celebrities (70)
Organisations (8)
Ransomware (117)
Security threats (884)
Social networks (1101)
Spam (1599)
Technologies (14)
Twitter (320)
Uncategorized (147)
Video (270)
Vulnerability (1078)

Archives by month

May 2013 (65)
April 2013 (94)
March 2013 (103)
February 2013 (96)
January 2013 (109)
December 2012 (52)
November 2012 (103)
October 2012 (113)
September 2012 (91)
August 2012 (110)
July 2012 (92)
June 2012 (91)
May 2012 (99)
April 2012 (79)

Download some free tools

Free anti-virus for your MacFree antivirus that works simply and beautifully
Free Android protectionFree antivirus for all your Android devices
More free tools...

Take a look at our products

Endpoint
Encryption

Mobile
Network

Email
Web

Try out our free trials and demos

Investigate the threats

Virus and spyware analyses
Threat Center
Inside SophosLabs

© 1997-2013 Sophos Ltd. All rights reserved
Legal
Privacy
Cookies
Disclaimers

Send to Email Address Your Name Your Email Address

Cancel

Post was not sent - check your email addresses!

Email check failed, please try again

Sorry, your blog cannot share posts by email.