Kaspersky Lab, a leading developer of secure content management solutions, has discovered the first virus designed to infect iPod portable media players. The virus, which has been named Podloso, is a proof of concept program which does not pose a real threat.
The virus is a file which can be launched and run on an iPod. It should be stressed that in order for the virus to function, Linux has to be installed on the iPod. If the virus is installed on the iPod by the user, the virus then installs itself to the folder which contains program demo versions. Podloso cannot be launched automatically without user involvement.
Once launched, the virus scans the device’s hard disk and infects all executable .elf format files. Any attempt to launch these files will cause the virus to display a message on the screen which says "You are infected with Oslo the first iPodLinux Virus".
Podloso is a typical proof of concept virus, which is created in order to demonstrate that it is possible to infect a specific platform. It does not have a malicious payload and is unable to spread on its own: a user has to save the virus to the iPod for the device to become infected.
Vulnerabilities fixed:
- Kaspersky Antivirus ActiveX Unsage Methods Vulnerability
- Kaspersky Anti-Virus SysInfo ActiveX Control Information Disclosure Vulnerability
- Kaspersky AV Library Remote Heap Overflow
- klif.sys Heap Overflow Vulnerability
- KLIF Local Privilege Escalation Vulnerability
Kaspersky Antivirus ActiveX Unsafe Methods Vulnerability1
This vulnerability allows remote attackers to download and remove any file on vulnerable versions of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability: the user must visit a webpage which takes advantage of this vulnerability. The specific flaw exists within the ActiveX controls in AxKLProd60.dll and AxKLSysInfo.dll
During installation of Maintenance Pack 2, the DLLs will be removed from the system.
Kaspersky Anti Virus SysInfo ActiveX Control Information Disclosure Vulnerability2
The remote exploitation of the information disclosure vulnerability in Kaspersky Anti-Virus 6.0 could allow malicious websites to steal files from end user machine running Kaspersky Anti-Virus.
The SysInfo ActiveX control includes a method called StartUploading which allows malicious web scripts to perform an anonymous FTP transfer of any file the scripts identify on the victim's machine. No dialogs, warnings or user action is required to perform the transfer.
During installation of Maintenance Pack 2, this DLL will be removed from system.
Kaspersky AV Library Remote Heap Overflow1
This vulnerability affected systems which are running the Kaspersky Anti-Virus Engine. User interaction is not required to exploit this vulnerability.
The OnDemand Scanner incorrectly parses specially crafted ARJ archives inside the arj.ppl module. This results in a memory overrun. Most often the product simply crashes. The corruption potentially can be exploited to execute arbitrary code without user interaction. Any products using arj.ppl are vulnerable.klif.sys Heap Overflow Vulnerability2
Locally executed code can write some special values into registry that hangs klif.sys driver, part of the proactive protection. The driver hooks and screens certain system calls, including registry functions. One of the hook functions is vulnerable to an integer overflow that leads to a kernel heap overflow. If a large unsigned value for the data size argument is passed an arithmetic overflow occurs when the amount of memory to allocate is calculated. A copy operation into this buffer causes a corruption of kernel page pool memory.KLIF Local Privilege Escalation Vulnerability
This vulnerability allows locally executed code to receive Ring-0 privileges through klif.sys unsafe code. User interaction is required to execute the code. The vulnerability is local and code should first appear on user's computer.All these vulnerabilities have been fixed in the build 6.0.2. 614.
1 Kaspersky would like to thank an anonymous researcher working with TippingPoint (www.tippingpoint.com) and the Zero Day Initiative (www.zerodayinitiative.com) for reporting this issue.
2Kaspersky would like to thank iDefence (http://labs.idefense.com) for reporting this issue.
Download Here
Labels: antivirus, kaspersky, vulnerability
Firefox 2 is the next generation release of the award-winning Firefox web browser from Mozilla.
download what's new installation instructions known issues frequently asked questions for Firefox 2.
NYT Technology: How to Fight Health ‘Cures’ Online
NASA Image of the Day: Perseverance Rover Mated to...
NYT Technology: Massachusetts Sues Uber and Lyft O...
U.S. crude oil and natural gas production in April...
Air Force says service still needs to be bigger - ...
Facebook reportedly considers ban on political ads...
1 BTC equals 9310.0801 USD
NYT Technology: YouTube’s Factory Workers Are Angry
NASA Image of the Day: Hubble Sees a Star Called H...
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
February 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
April 2008
May 2008
July 2008
August 2008
September 2008
October 2008
November 2008
January 2009
May 2009
June 2009
July 2009
August 2009
September 2009
December 2009
March 2010
June 2010
July 2010
September 2010
October 2010
November 2010
January 2011
March 2011
February 2013
April 2013
September 2013
December 2013
August 2014
September 2014
October 2014
November 2014
January 2015
January 2016
September 2018
October 2018
November 2018
December 2018
January 2019
February 2019
March 2019
April 2019
May 2019
June 2019
July 2019
August 2019
September 2019
October 2019
November 2019
December 2019
January 2020
February 2020
March 2020
April 2020
May 2020
June 2020
July 2020