Q: What is this all about?
A: It's about a site called jailbreakme.com that enables you to Jailbreak your iPhones and iPads just by visiting the site.

Q: So what's the problem?
A: The problem is that the site uses a zero-day vulnerability to execute code on the device.

Q: How does the vulnerability work?

Here's the bad news: several additional malware families are now attempting to exploit Microsoft's LNK vulnerability (2286198).

But here's the good news: so far, the new exploit samples are detected by us, and by many other vendors. Basically we're seeing new payloads using the same basic exploit method, which is being detected generically, and not new versions of the exploit.

Microsoft has updated Security Advisory 2286198 and it now clarifies that:

"The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed."

Displayed is the important keyword. This is good and addresses our earlier concerns.

However, the advisory still reads that:

If you're not following Mikko's Twitter feed, you may have missed yesterday's news that public proof of concept exploit code for the Windows shortcut (.lnk) vulnerability has been released on exploit-db.com.

Microsoft has released Security Advisory 2286198, which provides details on the LNK shortcut (Windows Shell) vulnerability that's currently being exploited by the Stuxnet rootkit.

The news is not good.

Besides USB devices, the Windows Shell vulnerability can also be exploited via Windows file shares and WebDav.

All versions of Windows are affected:

There's a possible new zero day in the wild which is being used in targeted espionage attacks. Belorussian antivirus company, VirusBlokAda, recently published news about two new rootkit samples, and quite interestingly, the infection vector is a USB storage device and Windows shortcut [.LNK] files.

The rootkit uses a LNK file that infects the operating system when viewed by an icon rendering file explorer such as Windows Explorer or Total Commander.

Executive Summary

Gozi is a well known Trojan that has been around for a number of years now.

Evgeny Legerov is wrapping up his month of 0day awareness. We are mid-way through his week of database 0day on the Intevydis blog:

“[January 25 - February 1] – week of database bugs, inspired by our research for DBJIT Toolset, 0days in Mysql, IBM DB2, Lotus Domino, Informix, Oracle(?)…and hopefully more”

Internet Explorer's latest vulnerability is causing Germany and France to advise against its use.

That's a bit overkill, though, we do recommend using another browser by default.

We're curious, how many of our readers have tried the option of turning off Internet Explorer 8 in Windows 7?

Microsoft recently announced a new vulnerability in certain versions of its Internet Explorer web browser. If exploited, the vulnerability (CVE 2010-0249) can allow remote code execution.

Announcement of this vulnerability follows on the heels of last week's targeted zero-day attacks against a number of companies.