News and Views
7/28/10New Facebook Virus????Virus spreading like wildfire on FaceBook!! It is a trojan worm called
koob face. It will steal your info, invade your system and shut it down!
Do NOT open the link Barack Obama Clinton Scandal! If SmartGirl15 adds
you,dont accept it; it is a virus. If somebody on your list adds her
then ......you get the virus too!!
7/30/10
Fake Firefox Page Urges Flash UpdateThe Firefox updated page that automatically pops up after an update has
never lead us wrong before but some enterprising malware writers have
crafted a fake clone of the update page with a catch – it urges the user
to download a flash update. What the victim gets is a fake anti-virus
program that immediately starts spouting warnings and demanding money.
PC Mag reports that the attack is rogue and was discovered by F-Secure.
It isn’t clear from the article what causes the page to pop up in the
first place, my guess is something encountered in the previous browsing
session changes the homepage. The fake page can presumably be seen in
any browser and it displays a recent update version of Firefox but not
the most recent one. The download will try to start automatically, if it
is saved and run the rogue anti-virus “Security Tool” will infect the
computer. F-Secure is already blocking the website that the attack
originates from and the latest database update can detect the rogue AV;
otherwise the best way to avoid it would be to ignore pages like this
and get updates from the source, in this case Adobe’s website.
To see pictures of the attack visit the F-Secure website.
less
Lenovo Support Website Infects Visitors with Trojan
PC manufacturer Lenovo had its support website attacked over the
weekend when some hackers infected the site with a rogue IFrame, reports
Softpedia.com. Visitors looking for drivers have since then been
exposed to several exploits that will infect them with the Bredolab
trojan. The Lenovo site had been confirmed as infected since at least
Sunday afternoon; there are reports of visitors getting antivirus
warnings from the website since Saturday.
The IFrame that was injected into the website points to an exploit
kit hosted on the domain volgo-marun.cn.
The kit would run a few checks to see what software was on the victim’s
computer and then serve an exploit pointed at older versions of
Internet Explorer, Adobe Reader, or Flash. The exploit tries to remotely
execute a file that contains the Bredolab virus. Le Minh Hung, senior
security researcher at Vietnamese antivirus vendor Bkis explains,
These exploit codes attempt to load file hxxp://volgo-marun.cn/pek/exe.exe
which is a virus, onto victim’s computer. The virus is a new variant of
Bredolab Botnet […]. After being loaded onto the computers, the virus
copies itself as %Programs%\Startup\monskc32.exe and receives
commands from C&C server with domain sicha-linna8.com.
The download.lenovo.com
subdomain was blacklisted by Google when the attack was occurring so
Firefox or Google Chrome browsers would display a warning when the site
was visited. After searching for an update about this attack and
visiting the Lenovo support site on my own computer, the attack seems to
be cleaned up by now.
Microsoft Warns of Help Flaw in Windows XP, Server 2003
Posted: 14 Jun 2010 12:08 PM PDT
Microsoft issued a new Security Advisory for a flaw in the Windows Help and Support Center as reported by Ars Technica. The vulnerability only affects Windows XP and Server 2003, Vista and 7 are unaffected.
The worry with this vulnerability is that the help links in the Help Center can be hijacked to run executables on the victim’s computer. The details of the vulnerability and possible attack are as follows:
In Windows XP and Windows Server 2003, clicking on an hcp:// link launches helpctr.exe via a registered protocol handler; this is normally a safe way to launch help content thanks to an allow list that Help and Support Center checks before navigating to a given help page. A Google security researcher discovered, however, that a help page with a cross-site scripting vulnerability can be paired with a mechanism to abuse the allow-list functionality to access that page with an exploit querystring. Thus, clicking on a malicious hcp:// link leverages the XSS vulnerability to circumvent helpctr.exe’s safety controls and ultimately run an arbitrary executable on the machine.
Microsoft says that they are monitoring the problem and is so far unaware of any attacks in the wild. They may prepare a patch for the next Patch Tuesday or it could come earlier. Microsoft has outlined some mitigating factors which are also in the Security Advisory.
- The first is that if the attack is web-based the attacker would host a web page to exploit the vulnerability or host advertisements on another website. Victims can’t be required to visit the pages and the hacker would try to get people to visit with social engineering tactics like emails.
- The vulnerability can’t be manipulated directly from an email, the user would have to click a link.
- A hacker that successfully executed the attack could gain the same user rights as the user logged in. If users aren’t logged in as an admin the damage could be lessened.
Microsoft has one workaround where the registry is edited to unregister the HCP protocol. They detail two methods of doing this in the Security Advisory but they warn that after editing the registry it will obviously break all help links that use HCP.
This vulnerability was discovered by Google who alerted Microsoft to the problem on June 5 and then turned around and kindly disclosed it to the public on June 9. Microsoft was none too happy with Google about that and said:
Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk.
Attackers Exploiting New Adobe Flash Bug
Posted: 06 Jun 2010 05:21 AM PDT
A new attack on a Flash bug has surfaced that would give attackers control of a victim’s computer after crashing it, reports PC World. Adobe put out a Security Advisory about this on June 4. It is categorized as a critical issue and all operating systems with Flash are vulnerable including Windows, Linux, and Apple and it is also found in the recent versions of Reader and Acrobat.
The affected versions are Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris. Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX. The versions that avoided being affected are Flash Player 10.1 release candidate, link available in the Adobe security advisory, and Acrobat/Reader version 8.x.
The attack isn’t widespread in the wild yet, Adobe has only received two reports of online attacks. Of course the attack is new and may just be starting to ramp up. Adobe will update the advisory when a schedule has been determined for creating a fix.
Until the fix is ready, they tell Flash users that they should use the 10.1 release candidate to avoid attack where Acrobat and Reader 9.x users can downgrade to version 8 or deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.
Microsoft Releases 10 Bulletins for June 2010 Patch Tuesday
Posted: 05 Jun 2010 11:33 AM PDT
It’s June now so we get to look forward to the monthly Microsoft update, which will be next week June 8th. As reported by Ars Technica the patch this month is hefty and Microsoft has released 10 security bulletins in advance about the updates. These 10 bulletins will fix 34 vulnerabilities and MS will host a webcast on June 9 to address customer questions.
Three of the vulnerabilities are marked “Critical” and seven are marked “Important”. Critical vulnerabilities mean that they could be exploited to allow remote code execution allowing the hacker control of the computer. The operating systems included in this update are: Windows 2000, Windows XP (32-bit and 64-bit), Windows Server 2003 (32-bit and 64-bit), Windows Vista (32-bit and 64-bit), Windows Server 2008 (32-bit and 64-bit), Windows 7 (32-bit and 64-bit), and Windows Server 2008 R2. In terms of the Microsoft Office suites, all supported versions are affected on both Windows and Mac OS X.
The exact contents of the bulletins is:
– Bulletin 1: Critical (Remote Code Execution), Windows
– Bulletin 2: Critical (Remote Code Execution), Windows
– Bulletin 3: Critical (Remote Code Execution), Windows, Internet Explorer
– Bulletin 4: Important (Elevation of Privilege), Windows
– Bulletin 5: Important (Remote Code Execution), Office
– Bulletin 6: Important (Elevation of Privilege), Windows
– Bulletin 7: Important (Remote Code Execution), Office
– Bulletin 8: Important (Elevation of Privilege), Office, Microsoft Server Software
– Bulletin 9: Important (Remote Code Execution), Windows
– Bulletin 10: Important (Tampering), Windows
The updates will also include a fix for the April Sharepoint vulnerability and the Februrary IE flaw. There will also be a few non-critical updates released. Keep in mind that since this is preliminary info it is subject to change as MS has been known to rush patches or pull them unexpectedly.
Hackers Can Delete Facebook Friends
Posted: 23 May 2010 05:47 PM PDT
Facebook has been having so many security problems lately, the latest one is a bug discovered on Wednesday by a college student. The bug would allow a hacker access to accounts with the power to delete friends and more. Even though this is a serious bug, as of Saturday it was still unpatched.
The college student, Steven Abbagnaro, wrote up proof-of-concept code of an attack that would get all of a users’s publicly available data from their Facebook page and then delete their friends one by one. However, the attack can’t be started until the user clicks on a rigged link while logged into Facebook.
Abbagnaro won’t release the code until a patch is applied but competent hackers could figure it out on their own. The code is based on a previously discovered vulnerability in Facebook that doesn’t check code from user’s browsers properly to make sure they are authorized to make changes on Facebook. Another possible attack that has arisen out of this bug is the ability of hackers to make users “like” things.
This attack and the others that have been cropping up lately stresses the need to educate users about social engineering techniques and to be suspicious of links from people they don’t know or links from friends that seem uncharacteristic.
Support for Windows XP SP2 Ending in July
Posted: 14 May 2010 04:47 AM PDT
Microsoft announced this week that they will stop supporting Windows XP service pack 2 and Windows 2000 on July 13 as reported by USAToday. Microsoft usually offers 5 years of support for an operating system and 5 years of extended support so the time has wound down for XP SP2 and 2000.
This announcement could be a pain for many people because it is estimated that 50% of Windows XP machines in use by businesses are running service pack 2. While the task of updating tons of SP2 machines may be daunting, it is better than leaving them be. They become sitting ducks for hackers and malware as reported: Infected PCs in corporate settings are in high demand by cyber gangs who place them in networks, or botnets, of thousands of other infected PCs used to spread spam, steal data, hijack online bank accounts and shut down websites for extortion or political reasons.
It is estimated that home users are generally better about having machines with service pack 3 because they often have auto updates enabled. However, I have seen plenty of home computers come on the bench with only SP2 at my job at Call That Girl so there will still be lots of SP2 computers coming into repair shops that cater to home users. The official Microsoft recommendation is to upgrade to Windows 7 but the other option is of course using Windows Update to get XP SP3 or just downloading it from Microsoft. Windows 2000 isn’t so lucky, it looks like its time is up for good.
© Technibble - A Resource for
Computer Technicians to start or improve their
computer businessTo get started with your own computer business, check out our
Computer Business Kit. If you need a website for your computer repair services, check out the
Tech Website Builder.
If you want to learn how to repair laptops, check out
these narrated, high definition videos. These would pay for themselves in 1 repair job.
“Sexiest Video Ever” Malware on Facebook
Posted: 19 May 2010 10:13 AM PDT
A new malware attack has been circulating Facebook lately which puts a link on the user’s newsfeed claiming to be the “sexiest video ever”. When clicked the program tries to access the user’s info and if they allow that it will prompt them to install a new version of a FLV video player and starts downloading an .exe.
The file it actually downloads is Hotbar Adware which puts a toolbar in the browser and displays ads based on browsing habits. The Facebook application will also post messages on friend’s walls with the same video link and “sexiest video ever” message.
If the user doesn’t allow the application to access their info they are safe. If a user has gotten the malware the Daily Mail reports that Graham Cluely from security software developer Sophos said: “If you were one of them [that got attacked], you should scan your computer with an up-to-date anti-virus, change your passwords, review your Facebook application settings, and learn not to be so quick as to fall for a simple social engineering trick like this in future.”
Support for Windows XP SP2 Ending in July
Posted: 14 May 2010 04:47 AM PDT
Microsoft announced this week that they will stop supporting Windows XP service pack 2 and Windows 2000 on July 13 as reported by USAToday. Microsoft usually offers 5 years of support for an operating system and 5 years of extended support so the time has wound down for XP SP2 and 2000.
This announcement could be a pain for many people because it is estimated that 50% of Windows XP machines in use by businesses are running service pack 2. While the task of updating tons of SP2 machines may be daunting, it is better than leaving them be. They become sitting ducks for hackers and malware as reported: Infected PCs in corporate settings are in high demand by cyber gangs who place them in networks, or botnets, of thousands of other infected PCs used to spread spam, steal data, hijack online bank accounts and shut down websites for extortion or political reasons.
It is estimated that home users are generally better about having machines with service pack 3 because they often have auto updates enabled. However, I have seen plenty of home computers come on the bench with only SP2 at my job at Call That Girl so there will still be lots of SP2 computers coming into repair shops that cater to home users. The official Microsoft recommendation is to upgrade to Windows 7 but the other option is of course using Windows Update to get XP SP3 or just downloading it from Microsoft. Windows 2000 isn’t so lucky, it looks like its time is up for good.
Targus Recalls Half a Million Laptop Power Adapters due to Burn Hazard
Posted: 07 May 2010 08:20 PM PDT
Beware, Targus just recalled half a million laptop power adapters as reported by Engadget. The adapters are actually made by Comarco and the reason for the recall is that faulty wiring could cause the connector tips to heat and melt their plastic casing, posing a burn hazard to hapless users that try to unplug it. 518 incidents of the tips heating have been reported to Comarco with 53 of the incidents resulting in the plastic casing melting. Eight incidents of a hand or finger tip being burned have been reported.
The recall is for Targus Universal Wall Power Adapters for Laptops and the SKU numbers of the models affected are:
APA23US-02
APA23US-03
APA23US-04
APA63US-03
APA63US-04
APM62US-03
APM62US-04
The SKU number can be found on the bottom of the adapter.
This info site from the US Consumer Product Safety Commission recommends that anyone that has one of these adapters should stop using it immediately and contact Comarco. Contact info for Comarco is posted on that website.
Everything – Fast, Intelligent Search
Posted: 30 Apr 2010 11:34 AM PDT
Everything is small, free and portable application designed to search through a system at crazy fast speeds. It achieves these fast searching speeds by only the searching file names, rather than the contents of the file.
Where this really tears away from the built in Windows search (other than its incredibly fast searching) is that it supports boolean and regex operators. For example, if you want to search for ABC but want it to exclude any file with 123 in its name, you would do: abc !123
Or perhaps you want to search for a file that is named “grey”, but you also might have saved it as “gray”. You could search for both with: gr(a|e)y
It takes a few seconds to archive your files when it is first run (about 15 seconds for the 3TB in this system) but once it has done that, all future search results will appear almost instantly.
Be sure to read Everything’s FAQ to see its full capabilties and the boolean/regex commands it supports.
Screenshots:
Downloads:
Download from Official Site – 272kb
April 2010 Stability and Reliability Update for Windows 7 and Windows Server 2008 R2 is Available
Posted: 04 May 2010 06:37 PM PDT
A new update for Windows 7 and Server 2008 R2 is currently available for download. It will fix a number of stability and reliability issues. According to the Microsoft release it will fix these specific issues:
– Windows Explorer crashes and then restarts when you access a third-party Control Panel item.
– You cannot connect to an instance of SQL Server Analysis Services from an application in Windows 7 or in Windows Server 2008
R2 after you install Office Live Add-in 1.4 or Windows Live ID Sign-in Assistant 6.5.
– Windows Explorer may stop responding for 30 seconds when a file or a directory is created or renamed after certain applications
are installed.
– The Welcome screen may be displayed for 30 seconds when you try to log on to a computer if you set the desktop background to
a solid color.
– You are not warned when you delete more than 1000 files at the same time. Then, the files are deleted permanently and are not
moved to the Recycle Bin.
The update can be downloaded in Windows Update or manually from the Microsoft site linked above. If you choose the manual download route it requires you to know whether you are running the 32-bit or 64-bit version of Windows. Happy updating!
Foxit Reader Update Blocks New PDF Attack Tactic
Posted: 05 May 2010 11:12 PM PDT
In April a new attack emerged that hid malware in a PDF and used a design flaw in the PDF format to infect computers along with social engineering tactics to get users to open the bad PDF. It exploited the /Launch feature of PDFs to run malware embedded in the PDF and in addition it was reported that methods were found to change the warning text in the reader to trick users into allowing it to run. Users of Adobe Reader, Foxit, and other readers were vulnerable to the attack.
Computer World now announces that Foxit Software has released an update to version 3.3 of their Foxit Reader on May 4 that helps block the PDF exploits. Foxit Reader is a free PDF reader that competes with Adobe Reader. The update adds a safe mode, called the Trust Manager, that is enabled by default. The Trust Manager blocks external commands that may be embedded in a PDF. In the Foxit 3.3 release announcement it says,
This is a follow-up security improvement to the Foxit Reader release on April 2nd, 2010. Earlier this month, Foxit Reader adopted a warning message before running any executable command embedded in a PDF document. Version 3.3 adds a second level of security by giving the user an option for disabling all external commands. The new Trust Manager allows users to select a safe mode operation, once selected; no external commands will be executed by the Foxit Reader.
The Trust Manager does not disable all JavaScript which is frequently used to exploit vulnerabilities but it is partially disabled. Specifically one of the JavaScript functions disabled is the ability of PDF files to execute non-PDF files. It is possible for the user to easily disable/enable Trust Manager.
Adobe so far hasn’t said that they will put out an update to Adobe Reader to counter this exploit, Foxit Reader is the only one to take action against this problem so far. Adobe does say that one solution that users can take is to disable the /Launch feature in Adobe Reader which is turned on by default.
McAfee to Pick Up Repair Bills for Nuked XP SP3 Systems After Bad Update
Posted: 26 Apr 2010 10:18 PM PDT
Last week we posted about a buggy update that McAfee released that deleted a critical system file which caused computers to shut down.
McAfee recently sent out a press release saying that they will pick up the repair bill for the machines effected:
For impacted home or home office customers who have incurred costs to repair PCs as a result of the security update issue, McAfee will reimburse reasonable expenses, such as a visit to a local tech support specialist. Details of this program, including steps to submit a reimbursement request, will be posted on the McAfee Web site within a few days, so please check back.
Additionally, because we value our loyal customers, home or home office users whose PCs were rendered inoperable or severely impaired as a result of the security update will receive a free two-year extension of their current McAfee subscription product at no charge.
If you or your clients were effected by this, here are the steps you can take to get the machine back up and running:
Step 1 – Locate a local toll free support number for your country. A qualified technician is standing by to diagnose your computer’s current status and determine the fastest way to get you up and running again.
Step 2 – If the technician can’t get your system up and running over the phone, we’ll get you the software to get your system up and running again. We can get you the software in one of two methods. You can either download the software fix from a working PC, or we will express deliver a CD to you.
Microsoft Leaves Systems Vulnerable To Prevent BSOD Repeat
Posted: 16 Apr 2010 11:16 PM PDT
Two months ago Microsoft released a security update designed to fix two flaws in the Windows kernel. Unfortunately, this update would cause a Blue Screen of Death on many users computers. After some research, it was discovered that a rootkit was the cause of the crashes and Microsoft stopped automatically serving this update.
Microsoft has since restarted distribution of this update only after it had found out a way to block the rootkit-infected computers from receiving the patches.
Jerry Bryant who is a general manager with the Microsoft Security Response Team said the following:
“If detection logic included in Automatic Update discovers abnormal conditions in certain operating system file configurations, the update will fail and customers will be presented with an error message that offers alternative support options,”
While this will prevent the Blue Screen of Death appearing, it will leave users vulnerable to the exploit the update was originally designed to patch. No exploits of this flaw appear to exist in the wild just yet, but Microsoft warns that exploit code is likely to be developed.
Sun Releases Out-Of-Cycle Java Patch To Prevent Drive-By, In-The-Wild Attacks
Posted: 18 Apr 2010 01:50 AM PDT
A week ago Sun (the makers of the Java platform) told a Google researcher (Tavis Ormandy) that it did not consider a known exploit to be serious enough to patch.
Ormandy said:
Sun has been informed about this vulnerability, however, they informed me they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle.
For various reasons, I explained that I did did not agree, and intended to publish advice to temporarily disable the affected control until a solution is available.
However, in an unexpected turn about, Sun released a patch for this exploit once reports started coming in that users were being infected by drive-by, in-the-wild Java attacks.
The flaw which was discovered independently, occurs because the Java-Plugin Browser is running “javaws.exe” without validating command-line parameters. To protect yourself and your clients from it, update to the most recent version of Java here.
11 Security Bulletins for April’s Microsoft Patch Tuesday
Posted: 08 Apr 2010 11:22 PM PDT
This Tuesday, Microsoft will be releasing 11 security bulletins addressing 25 vulnerabilities. Some of the main vulnerabilities that are going to be patched are:
Along with these security patches, there will also be a few non-security patches marked as high-priority that affect Microsoft Update. An updated version of the Microsoft Windows Malicious Software Removal Tool will also be released.
The exact breakdown of the bulletins is as follows:
- Bulletin 1: Critical (Remote Code Execution) – Affects Windows
- Bulletin 2: Critical (Remote Code Execution) – Affects Windows
- Bulletin 3: Critical (Remote Code Execution) – Affects Windows
- Bulletin 4: Critical (Remote Code Execution) – Affects Windows
- Bulletin 5: Critical (Remote Code Execution) – Affects Windows
- Bulletin 6: Important (Elevation of Privilege) – Affects Windows
- Bulletin 7: Important (Remote Code Execution) – Affects Windows
- Bulletin 8: Important (Remote Code Execution) – Affects Office
- Bulletin 9: Important (Denial of Service) – Affects Windows & Exchange
- Bulletin 10: Important (Remote Code Execution) – Affects Office
- Bulletin 11: Moderate (Spoofing) – Affects Windows
Facebook Password Reset Malware
Posted: 19 Mar 2010 04:41 AM PDT
A fake Facebook password reset email seems to be doing the rounds in the last few days. I The Facebook password reset email says the following:
Subject: Facebook Password Reset Confirmation! Customer Support
Dear user of Facebook,
Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.
Thanks,
Your Facebook.
Instead of having a fake Facebook page to collect the victims passwords (phishing), the email is sent with a malware attachment. The malware is known as “Bredolab” which is a Trojan downloader. In the two computers I repaired today, Bredolab downloaded some rogue antivirus products. However, some sites are saying that it also downloads a password stealing trojan.
change your passwords after the infection has been removed as well.
“Dancing with the Stars Lineup 2010″ Malware
Posted: 16 Mar 2010 11:16 PM PDT
Patrick Croteau of
www.logic1.com sent us an interesting tip today. One of his clients was infected with a typical rogue-antivirus which he went out and cleaned up. However, they managed to reinfect themselves later that day and upon checking their internet history he found this:
When you search for
“dancing with the stars 2010 lineup” on Google, which is a fairly innocent query and probably searched for a lot; the top result is a hacked site with malware hosted on it.
When you visit it, you’ll see your typical “You have 100 viruses” scareware.
Once installed, the malware product appears to be the rogue antivirus “CleanUp Antivirus”.
As Patrick said “I’ll bet its making them a fortune”. Such an innocent query with a malicious site as the top result. If you ever do encounter this infection, BleepingComputer.com have removal instructions for Cleanup Antivirus.
Microsoft Fixes Eight Bugs, Warns Of IE Zero-Day
A light Patch Tuesday brings word of a new zero-day vulnerability in Internet Explorer 6 and 7.
By Thomas Claburn
InformationWeek March 9, 2010 03:39 PM Microsoft's March patch day arrives as a mixed blessing for IT administrators. On the one hand, Microsoft is releasing only two security bulletins to address eight vulnerabilities in Windows and Microsoft Office.
In terms of severity, both bulletins are merely "important." They affect Windows Movie Maker and Microsoft Office Excel. All versions of Office are affected, including Mac Office 2004 and 2008
That's a welcome relief after last month's set of 13 bulletins addressing 26 vulnerabilities.
On the other hand, Microsoft is also warning about a new zero-day vulnerability affecting Internet Explorer 6 and 7, but not Internet Explorer 8.
Microsoft attributes the problem to an an invalid pointer reference within Internet Explorer that can, under certain conditions, be accessed after an object is deleted. An attacker can potentially exploit this vulnerability for remote code execution.
"At this time, we are aware of targeted attacks attempting to use this vulnerability," Microsoft states in its advisory. "We will continue to monitor the threat environment and update this advisory if this situation changes."
The last zero-day vulnerability in Internet Explorer was identified in January following Google's disclosure of the "Operation Aurora" cyber attack from China.
"It's a vote of confidence for IE 8 and a reminder that IE 6 is at the end of its life and should be," said Andrew Storms, director of security operations at nCircle Network Security, in phone interview.
With regard to the advisories, Storms says that the "important" severity rating reflects the need for user interaction to exploit these vulnerabilities.
Wolfgang Kandek, CTO of Qualys explains in a blog post that an attacker needs to trick the target into opening a malicious Excel document to execute the attack. "Exploitability is high for the majority of vulnerabilities listed, so we suggest to put this patch on a fast installation schedule," he says.
The situation is similar with Windows Movie Maker, according to Kandek: The user has to open a malicious file to launch an attack. He notes that Windows XP and Vista ship with vulnerable versions of the movie making software, and that while Windows 7 does not, a user could download and install version 2.6, which is affected. "The bulletin does not provide a patch for the also affected Windows Producer, a little used multimedia add-on to PowerPoint," he says.
Storms says that the Excel bulletin is interesting because it's the first bug addressed in Microsoft's recent Excel 2007 file format. Older Microsoft Office file formats, he says, are easier to attack.
F1 Virus Alert
http://www.snopes.com/computer/virus/F1key.asp
March Patch Tuesday
Posted: 04 Mar 2010 10:09 PM PST
Microsoft will release two security updates on Tuesday. The small number of updates is a downturn that was not unexpected.
“This is indicative of the on and off cycle that Microsoft uses. Last month was more OS related, this month they’re patching some applications,” said Andrew Storms of nCircle Network Security.
The two updates are rated as “important”. The vulnerabilities that these two patches fix include a way for attackers to insert malicious code in machines.
Source: COMPUTERWORLD
Antivirus Spam
Posted: 26 Feb 2010 08:58 PM PST
Sophos has posted an article about a free fake antivirus that uses VirusTotal’s reputation to lure its victims. VirusTotal is a free virus and malware online scan service.
The message is included in the article. It says that the user’s computer has virus activities. It threatens the user that if he or she does not scan his or her computer for viruses, he or she will be reported to his or her internet service provider. A link is included in the message which directs the user to site which is supposedly a legitimate free spyware removal online service.
Download-Manager Hole – Patched
Posted: 23 Feb 2010 07:22 PM PST
Adobe released an update to fix a vulnerability in its Flash and Reader Download Manager (DLM) software.
The patch is listed as critical and Windows users are the only ones that need to have the new version of Adobe DLM.
The vulnerability allows an attacker to install unauthorized software on a user’s PC. According to the person who disclosed the issue, there is also a remote code execution vulnerability but Adobe’s bulletin does not mention any detail regarding this hole.
The update needs a computer reboot.
YouTube’s Support for IE6 Users
Posted: 23 Feb 2010 07:23 PM PST
Internet Explorer version 6 will no longer be supported by YouTube’s services starting on March 13.
Those who are using it are now seeing a warning which says, “On March 13, we are dropping support for your browser. You’ll still be able to watch videos after that date, but new features may not work properly.”
In a relevant issue, Google Docs and Sites will no longer be supported on IE6 by March 1. By the end of the year, Gmail and Calendar would also follow suit.
Free Fix by Apple
Posted: 09 Feb 2010 08:12 PM PST
An Apple customer by the name Michael, has told his story that an Apple Store employee fixed his MacBook problems for free.
“You look like you’ve had a sh*tty day, so, I figured I’d try and help out,” said the employee, Jason.
The MacBook is no longer under warranty and Jason would just pretend that Michael has the warranty on his computer. The hard-drive was replaced and a crack in the keyboard was also replaced.
The repairs took a couple of hours.
Source: The Consumerist
Windows 7 RAM Issue
Posted: 19 Feb 2010 09:05 PM PST
Microsoft’s Windows 7 operating system (OS) does not use RAM effectively according to various tech sites.
“The vast majority of Windows 7 machines over the last several months are very heavily-memory saturated,” said Craig Barth of XPnet.
“For the OS to be pushing the hardware limits this quickly is amazing. Windows 7 is not the lean, mean version of Vista that you may think it is,” he added.
Comparing it with the two previous OSs, it sport an average of 3.3 GB of RAM which is 0.6 GB higher than Vista and 1.6GB higher than XP.
Source: Tom’s Hardware
New Acrobat and Reader Versions
Posted: 17 Feb 2010 08:06 PM PST
Adobe users can upgrade to the latest Acrobat and Reader versions. The latest versions, 9.3.1 for both softwares, fixed serious flaws that existed in the previous versions. One of the flaws are cross-domian requests.
According to a survey by ScanSafe, malicious PDF files made up about 80 percent of web attacks last quarter of last year which it blocked.
The security operations at nCircle said, “…Adobe’s effort to update this patch critical vulnerability outside their normal patch cycle will undoubtedly draw lots of attention from attackers.”
Source: The Register
New computer virus has breached 75,000 computers - study
Feb 18 (Reuters) - A new type of computer virus is known to have breached almost 75,000 computers in 2,500 organizations around the world, including user accounts of popular social network websites, according Internet security firm NetWitness.
The latest virus -- known as "Kneber botnet" -- gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information back to hackers, NetWitness said in a statement.
A botnet is an army of infected computers that hackers can control from a central machine."
The company said the attack was first discovered in January during a routine deployment of NetWitness software.
Further investigation by the Herndon, Virginia-based software security firm revealed that many commercial and government systems were compromised, including 68,000 corporate login credentials and access to email systems, online banking sites, Yahoo, Hotmail and social networks such as Facebook.
"Conventional malware protection and signature-based intrusion detection systems are, by definition, inadequate for addressing Kneber or most other advanced threats," Chief Executive Amit Yoran said in a statement. (Reporting by Sakthi Prasad in Bangalore; Editing by Eric Auchard in London) ((sakthi.prasad@thomsonreuters.com; within U.S. +1 646 223 8780; outside U.S. +91 80 4135 5800; Reuters Messaging: sakthi.prasad.reuters.com@reuters.net))
Windows 7 Activation Update
Posted: 11 Feb 2010 07:56 PM PST
An update to Windows Activation Technologies will be fed soon to Windows 7 users.
Unlike Microsoft’s decision on Windows XP where it labeled a similar update as high-priority security update, the 7 update is optional and rated as “important.”
The update checks for over 70 “activation exploits” or “cracks.” It include checks for the “RemoveWAT” and “Chew-WGA” cracks that surfaced weeks after the launch of the operating system.
Machines running with cracked copies will begin to display a background colored black according to the article at Computerworld.
Source: COMPUTERWORLD
Fake Antivirus Software
Posted: 09 Feb 2010 08:12 PM PST
A fake antivirus software has been detected by Sophos. It poses as the Windows Automatic Update facility. According to the article, it redirects a user from the Windows Security Center to the interface of the fake AV.
It presents a user with a false scan of his or her computer. After the scan, it claims that the user’s machine has malware.
The software is supposed to install an XP Internet Security update.
More kinds of this racket will be discovered in the near future writes Rowland, the author of the article.
Source: Sophos
Free Fix by Apple
Posted: 09 Feb 2010 08:12 PM PST
An Apple customer by the name Michael, has told his story that an Apple Store employee fixed his MacBook problems for free.
“You look like you’ve had a sh*tty day, so, I figured I’d try and help out,” said the employee, Jason.
The MacBook is no longer under warranty and Jason would just pretend that Michael has the warranty on his computer. The hard-drive was replaced and a crack in the keyboard was also replaced.
The repairs took a couple of hours.
Source: The Consumerist
Blue Screen After MS10-015 Update
Posted: 13 Feb 2010 06:51 PM PST
Some users who updated their Windows XP machines with the MS10-015 update experienced the infamous blue screen of death.
One of the suggested fixes is to boot from a Windows CD or DVD and starting recovery sample. Then, uninstall the update which contain 11 fixes in Windows Kernel.
It is not clear why the problem only happen to some users.
Sunbelt, a security firm, advises people to not install the MS10-015 update yet.
Source: The Register
New Office 2011 Mac Details
Posted: 13 Feb 2010 06:50 PM PST
Outlook and the restoration of Visual support are a couple of the new things that users can expect for the next Office suite version for the Mac.
“You’ve told us that working together across platforms is a priority to you and that’s why we are making Office for Mac 2011 the best, most compatible productivity suite on the Mac,” said Eric Wilfrid, who is the Macintosh business unit general manager.
Today’s Office for Mac Home and Student Edition costs $149.95 while competitors such as OpenOffice and Google Apps offer similar software for free.
Source: The Register
Windows 7 Problems
Posted: 14 Feb 2010 08:49 PM PST
Microsoft has released a detailed report about some problems in Windows 7 including memory leaks and being frozen.
A memory leak happens when Power Manager opens an ALPC which stands for Advanced Local Procedure Call port and closes another port. The operating system should have closed the ALPC. The machine would eventually crash if this happen.
Another problem occurs if a notebook with a Vista, Server 2008, or 7 is put to sleep.
The third issue affects Intel 5 and 3400 Series with either Home Premium, Professional, or Ultimate version of Windows 7.
Windows Live Outage
Posted: 16 Feb 2010 06:47 PM PST
An outage occurred today that lasted for about an hour for Hotmail, Xbox Live, and Windows Live users.
The event happened due to the loss of a server according to Microsoft. The company has replaced the lost server within an hour.
The article at latimes.com notes that Twitter users were the first ones who noticed the outage when they tweeted about problems on accessing Windows Live services. Microsoft made a blog post on its Twitter page and said that it would “fully investigate the cause and will take steps to prevent this from happening again.”
Source: Los Angeles Times
New IE Disclosed Vulnerability
Posted: 04 Feb 2010 08:14 PM PST
Sophos has posted an article today about an announcement by Microsoft regarding a publicly disclosed vulnerability that exists in its Internet Explorer (IE) software versions 5 through 8.
The users who are not running Protected Mode, which is disabled by default in IEs for Windows XP are the ones who are at risk since the mode is enabled by default in Vista and 7.
No patch exists at the moment and users can protect themselves by making sure that the mode is enabled when using the web browser.
iMac Delays Caused By Popularity
Posted: 04 Feb 2010 08:13 PM PST
“The 27-inch iMac has been a huge hit with customers and we are working to increase supply to meet up with strong demand,” an Apple spokesman told The Wall Street Journal.
The company is also working to solve problems with the machine’s display issues.
A firmware was released “to address issues that may cause intermittent display flickering.” Many customers who experienced the display issues are happy since the firmware solved their issues.
However, some people who applied the patch still have problems with their iMacs.
Jan 28 2010
Minimum Specs for Office 2010
The minimum specifications of a computer to be able to run the next Microsoft Office version has been revealed. Here they are:
Processor: Intel Pentium 500 MHz
RAM: 256 MB PC100 SDRAM
Operating System: Windows XP Professional with Service Pack 3
Video Card: 64 MB RAM with DirectX 9.0c
The video memory requirement is for Excel and PowerPoint. Those who have machines with multicore processors will run the Office 2010 faster.
iPhone Warranty Phishing Campaign
A phishing campaign about iPhone warranties has been detected by Sophos.
The emails pretend to come from “
iphonewarranty@apple.com”. The message has three paragraphs after greeting the user. It says that the user can extend his or her iPhone warranty for free. It also says that the offer lasts until the last day of this month.
When a user clicks on a hyperlink that is included in the email, he or she will get a webpage that asks for his or her iPhone information. The form include blank fields for serial number and IMEI number.
Jan 27 2010
Windows 7 Updates
Posted: 26 Jan 2010 07:48 PM PST
Microsoft has released updates for Windows 7 and Server 2008.
The patch fix issues such as keyboard shortcuts or function keys, such as mute, may not work correctly.
Also, when a computer was configured to display the logon screen on resume and when it goes to sleep, a black screen is displayed. In this case, the only way to restart the computer is to hold down the power button. The patch has fixed this problem.
Updated versions of System Update Readiness Tool for Windows Vista, 7, and Server 2008 were also released.
Source: Ars Technica
Jan 21 2010
17-year-old Windows Bug
Posted: 21 Jan 2010 09:00 PM PST
A 17-year-old Windows bug was disclosed by a Google Engineer. It is located in the Windows Virtual DOS Machine (VDM) which is introduced in Windows NT. That was Microsoft’s first fully 32-bit operating system.
64-bit versions of Windows are not affected. An advisory was released by the company on how to disable the VDM as a way to protect users from hackers who may try to hijack their PCs.
According to the advisory, “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Jan 17 2010
Adobe Patches
Posted: 15 Jan 2010 01:41 PM PST
Three days ago, Adobe released a patch that fix eight security vulnerabilities. Six of these holes are critical. It is the third update released since the company announced that it would release a patch for Reader and Acrobat on a quarterly basis.
One of the patched vulnerabilities was publicly disclosed in mid-December. Hackers launched limited attacks and conducted campaigns at a large-scale which affected thousands of users.
The current version of Adobe Reader is now 9.3 while Adobe Acrobat is 8.2.
Source: COMPUTERWORLD
Adobe Vulnerability in IE
Posted: 15 Jan 2010 01:40 PM PST
All versions of Internet Explorer except version 5 on Windows 2000 are vulnerable to a previously unknown, unpatched vulnerability in Adobe’s Acrobat and Reader softwares.
The Protected Mode in IE7 and IE8 “limits the impact of this vulnerability” if the user is using Windows Vista or 7. Otherwise,
the exploit code runs with the same privileges as the user.
Windows Server 2003 and 2008 users have limited impacts due to Enhanced Security Configuration.
According to Microsoft, it is aware of “limited, active attacks attempting to use this vulnerability against Internet Explorer 6.”
Source: PCMAG
Windows 7 SP1 Images
Posted: 17 Jan 2010 12:50 PM PST
Redmondpie.com has posted screen shots of the upcoming first service pack for Windows 7.
The service pack contain approximately 150 critical updates.
At the moment, the pack is only available to a few selected testers. The beta version, which will be released publicly, is expected to be released sometime in summer.
The screen shots are mainly about the installation process. The first one shows what probably would be the first screen that users would see when they install it. The next one shows that it is downloading files. On the last image, it shows that the installation was successful.
Haiti Earthquake Donation Scams
Posted: 17 Jan 2010 12:50 PM PST
Sophos has an article about donation scams regarding the recent earthquake in Haiti.
The first example shows a long message which is supposedly from UK Red Cross. It wants the reader to send money via Western Union. SavioL, the author of the article, notes that the “From” email address does not say Red Cross. Also, the “Reply-to” adress is a webmail account which is typical of other scams such as the Nigerian/410 scams.
The second example also wants the reader to send money using Western Union.
Jan 6 2010
Holiday Greeting Malware
Posted: 06 Jan 2010 05:41 PM PST
Sophos has posted an article about a holiday spam that it received two days ago.
The email contain a greeting message and a white screen with a Play button in the middle. When a user clicks on the button, it will display a fake error message.
The error says that the user must download the latest version of Flash Player and he or she can do so by clicking on the Download button provided in the error message. It will attempt to download the alleged Flash update if the user clicks on the Download button.
The file is detected as Troj/Dropr-CL.
Jan 01 2010
Running Snow Leopard in 7
Posted: 01 Jan 2010 08:57 PM PST
A website has posted 10 steps on how to install a Mac OS X 10.6 Snow Leopard operating system in Windows 7.
To start off the process, a user need to download and install a software which is VMware Workstation 7. Also, there are two files that need to be downloaded.
VMware Workstation is the program that was used in the guide to install the Apple OS. There are five screen shots included in the article to help a user choose where and what option to press/choose.
Joke Spam
A spam campaign has been detected by Sophos about a video which is supposed to contain jokes.
The message invites the reader to click on a link which is supposed to be the best video about animals. It also says that the user is subscribed to the “ebooksandmore” group in Google Groups.
The two URLs in the message are not shown fully in the post at Sophos. When a user clicks on the first link, he or she will be shown a webpage and then there would be a pop-up that says the user need the latest version of Flash Plugin to watch a media file.
Source: Sophos