News and Views
Microsoft Fixes Eight Bugs, Warns Of IE Zero-Day
A light Patch Tuesday brings word of a new zero-day vulnerability in Internet Explorer 6 and 7.
By
Thomas
Claburn
InformationWeek
March 9, 2010 03:39 PM
Microsoft's March patch day arrives as a mixed blessing for IT
administrators. On the one hand, Microsoft is releasing only two
security bulletins to address eight vulnerabilities in Windows and
Microsoft Office.
In terms of severity, both bulletins are merely "important." They affect Windows Movie Maker and Microsoft Office Excel. All versions of Office are affected, including Mac Office 2004 and 2008
That's a welcome relief after last month's set of 13 bulletins addressing 26 vulnerabilities.
On the other hand, Microsoft is also warning about a new zero-day vulnerability affecting Internet Explorer 6 and 7, but not Internet Explorer 8.
Microsoft attributes the problem to an an invalid pointer reference
within Internet Explorer that can, under certain conditions, be
accessed after an object is deleted. An attacker can potentially
exploit this vulnerability for remote code execution.
"At this time, we are aware of targeted attacks attempting to
use this vulnerability," Microsoft states in its advisory. "We will
continue to monitor the threat environment and update this advisory if
this situation changes."
The last zero-day vulnerability in Internet Explorer was
identified in January following Google's disclosure of the "Operation
Aurora" cyber attack from China.
"It's a vote of confidence for IE 8 and a reminder that IE 6 is
at the end of its life and should be," said Andrew Storms, director of
security operations at nCircle Network Security, in phone interview.
With regard to the advisories, Storms says that the "important"
severity rating reflects the need for user interaction to exploit these
vulnerabilities.
Wolfgang Kandek, CTO of Qualys explains in a blog post
that an attacker needs to trick the target into opening a malicious
Excel document to execute the attack. "Exploitability is high for the
majority of vulnerabilities listed, so we suggest to put this patch on
a fast installation schedule," he says.
The situation is similar with Windows Movie Maker, according to
Kandek: The user has to open a malicious file to launch an attack. He
notes that Windows XP and Vista ship with vulnerable versions of the
movie making software, and that while Windows 7 does not, a user could
download and install version 2.6, which is affected. "The bulletin does
not provide a patch for the also affected Windows Producer, a little
used multimedia add-on to PowerPoint," he says.
Storms says that the Excel bulletin is interesting because it's
the first bug addressed in Microsoft's recent Excel 2007 file format.
Older Microsoft Office file formats, he says, are easier to attack.
F1 Virus Alert
http://www.snopes.com/computer/virus/F1key.asp
March Patch Tuesday
Posted: 04 Mar 2010 10:09 PM PST
Microsoft will release two security updates on Tuesday. The small number of updates is a downturn that was not unexpected.
“This is indicative of the on and off cycle that Microsoft uses.
Last month was more OS related, this month they’re patching some
applications,” said Andrew Storms of nCircle Network Security.
The two updates are rated as “important”. The vulnerabilities that
these two patches fix include a way for attackers to insert malicious
code in machines.
Source: COMPUTERWORLD
Antivirus Spam
Posted: 26 Feb 2010 08:58 PM PST
Sophos has posted an article about a free fake antivirus that uses VirusTotal’s reputation to lure its victims. VirusTotal is a free virus and malware online scan service.
The message is included in the article. It says that the user’s computer has virus activities. It threatens the user that if he or she does not scan his or her computer for viruses, he or she will be reported to his or her internet service provider. A link is included in the message which directs the user to site which is supposedly a legitimate free spyware removal online service.
Download-Manager Hole – Patched
Posted: 23 Feb 2010 07:22 PM PST
Adobe released an update to fix a vulnerability in its Flash and Reader Download Manager (DLM) software.
The patch is listed as critical and Windows users are the only ones that need to have the new version of Adobe DLM.
The vulnerability allows an attacker to install unauthorized software on a user’s PC. According to the person who disclosed the issue, there is also a remote code execution vulnerability but Adobe’s bulletin does not mention any detail regarding this hole.
The update needs a computer reboot.
YouTube’s Support for IE6 Users
Posted: 23 Feb 2010 07:23 PM PST
Internet Explorer version 6 will no longer be supported by YouTube’s services starting on March 13.
Those who are using it are now seeing a warning which says, “On March 13, we are dropping support for your browser. You’ll still be able to watch videos after that date, but new features may not work properly.”
In a relevant issue, Google Docs and Sites will no longer be supported on IE6 by March 1. By the end of the year, Gmail and Calendar would also follow suit.
Free Fix by Apple
Posted: 09 Feb 2010 08:12 PM PST
An Apple customer by the name Michael, has told his story that an Apple Store employee fixed his MacBook problems for free.
“You look like you’ve had a sh*tty day, so, I figured I’d try and help out,” said the employee, Jason.
The MacBook is no longer under warranty and Jason would just pretend
that Michael has the warranty on his computer. The hard-drive was
replaced and a crack in the keyboard was also replaced.
The repairs took a couple of hours.
Source: The Consumerist
Windows
7 RAM Issue
Posted: 19 Feb 2010 09:05 PM PST
Microsoft’s Windows 7 operating system (OS)
does not use RAM effectively according to various tech sites.
“The vast majority of Windows 7 machines over the last several months
are very heavily-memory saturated,” said Craig Barth of XPnet.
“For the OS to be pushing the hardware limits this quickly is
amazing. Windows 7 is not the lean, mean version of Vista that you may
think it is,” he added.
Comparing it with the two previous OSs, it sport an average of 3.3 GB
of RAM which is 0.6 GB higher than Vista and 1.6GB higher than XP.
Source: Tom’s Hardware
New Acrobat and Reader Versions
Posted: 17 Feb 2010 08:06 PM PST
Adobe users can upgrade to the latest Acrobat
and Reader versions. The latest versions, 9.3.1 for both softwares,
fixed serious flaws that existed in the previous versions. One of the
flaws are cross-domian requests.
According to a survey by ScanSafe, malicious PDF files made up about
80 percent of web attacks last quarter of last year which it blocked.
The security operations at nCircle said, “…Adobe’s effort to update
this patch critical vulnerability outside their normal patch cycle will
undoubtedly draw lots of attention from attackers.”
Source: The Register
New computer virus has breached 75,000 computers - study
Feb 18 (Reuters) - A new type of
computer virus is known to
have breached almost 75,000 computers in 2,500 organizations
around the world, including user accounts of popular social
network websites, according Internet security firm NetWitness.
The latest virus -- known as
"Kneber botnet" -- gathers
login credentials to online financial systems, social networking
sites and email systems from infested computers and reports the
information back to hackers, NetWitness said in a statement.
A botnet is an army of infected computers
that hackers can
control from a central machine."
The company said the attack was first discovered in January
during a routine deployment of NetWitness software.
Further investigation by the Herndon,
Virginia-based
software security firm revealed that many commercial and
government systems were compromised, including 68,000 corporate
login credentials and access to email systems, online banking
sites, Yahoo, Hotmail and social networks such as Facebook.
"Conventional malware protection and
signature-based
intrusion detection systems are, by definition, inadequate for
addressing Kneber or most other advanced threats," Chief
Executive Amit Yoran said in a statement.
(Reporting by Sakthi Prasad in Bangalore; Editing by Eric
Auchard in London) ((sakthi.prasad@thomsonreuters.com; within
U.S. +1 646 223 8780; outside U.S. +91 80 4135 5800; Reuters
Messaging: sakthi.prasad.reuters.com@reuters.net))
Windows 7 Activation Update
Posted: 11 Feb 2010 07:56 PM PST
An update to Windows Activation Technologies
will be fed soon to Windows 7 users.
Unlike Microsoft’s decision on Windows XP where it labeled a similar
update as high-priority security update, the 7 update is optional and
rated as “important.”
The update checks for over 70 “activation exploits” or “cracks.” It
include checks for the “RemoveWAT” and “Chew-WGA” cracks that surfaced
weeks after the launch of the operating system.
Machines running with cracked copies will begin to display a
background colored black according to the article at Computerworld.
Source: COMPUTERWORLD
Fake Antivirus Software
Posted: 09 Feb 2010 08:12 PM PST
A fake antivirus software has been detected by
Sophos. It poses as the Windows Automatic Update facility. According to
the article, it redirects a user from the Windows Security Center to the
interface of the fake AV.
It presents a user with a false scan of his or her computer. After
the scan, it claims that the user’s machine has malware.
The software is supposed to install an XP Internet Security update.
More kinds of this racket will be discovered in the near future
writes Rowland, the author of the article.
Source: Sophos
Free Fix by Apple
Posted: 09 Feb 2010 08:12 PM PST
An Apple customer by the name Michael, has told his story that an Apple Store employee fixed his MacBook problems for free.
“You look like you’ve had a sh*tty day, so, I figured I’d try and help out,” said the employee, Jason.
The MacBook is no longer under warranty and Jason would just pretend that Michael has the warranty on his computer. The hard-drive was replaced and a crack in the keyboard was also replaced.
The repairs took a couple of hours.
Source: The Consumerist
Blue Screen After MS10-015 Update
Posted: 13 Feb 2010 06:51 PM PST
Some users who updated their Windows XP
machines with the MS10-015 update experienced the infamous blue screen
of death.
One of the suggested fixes is to boot from a Windows CD or DVD and
starting recovery sample. Then, uninstall the update which contain 11
fixes in Windows Kernel.
It is not clear why the problem only happen to some users.
Sunbelt, a security firm, advises people to not install the MS10-015
update yet.
Source: The Register

New Office 2011 Mac Details
Posted: 13 Feb 2010 06:50 PM PST
Outlook and the restoration of Visual support
are a couple of the new things that users can expect for the next Office
suite version for the Mac.
“You’ve told us that working together across platforms is a priority
to you and that’s why we are making Office for Mac 2011 the best, most
compatible productivity suite on the Mac,” said Eric Wilfrid, who is the
Macintosh business unit general manager.
Today’s Office for Mac Home and Student Edition costs $149.95 while
competitors such as OpenOffice and Google Apps offer similar software
for free.
Source: The Register
Windows
7 Problems
Posted: 14 Feb 2010 08:49 PM PST
Microsoft has released a detailed report about
some problems in Windows 7 including memory leaks and being frozen.
A memory leak happens when Power Manager opens an ALPC which stands
for Advanced Local Procedure Call port and closes another port. The
operating system should have closed the ALPC. The machine would
eventually crash if this happen.
Another problem occurs if a notebook with a Vista, Server 2008, or 7
is put to sleep.
The third issue affects Intel 5 and 3400 Series with either Home
Premium, Professional, or Ultimate version of Windows 7.
Windows Live Outage
Posted: 16 Feb 2010 06:47 PM PST
An outage occurred today that lasted for about an hour for Hotmail, Xbox Live, and Windows Live users.
The event happened due to the loss of a server according to Microsoft. The company has replaced the lost server within an hour.
The article at latimes.com notes that Twitter users were the first ones who noticed the outage when they tweeted about problems on accessing Windows Live services. Microsoft made a blog post on its Twitter page and said that it would “fully investigate the cause and will take steps to prevent this from happening again.”
Source: Los Angeles Times
New IE Disclosed Vulnerability
Posted: 04 Feb 2010 08:14 PM PST
Sophos has posted an article today about an announcement by Microsoft regarding a publicly disclosed vulnerability that exists in its Internet Explorer (IE) software versions 5 through 8.
The users who are not running Protected Mode, which is disabled by default in IEs for Windows XP are the ones who are at risk since the mode is enabled by default in Vista and 7.
No patch exists at the moment and users can protect themselves by making sure that the mode is enabled when using the web browser.
iMac Delays Caused By Popularity
Posted: 04 Feb 2010 08:13 PM PST
“The 27-inch iMac has been a huge hit with customers and we are working to increase supply to meet up with strong demand,” an Apple spokesman told The Wall Street Journal.
The company is also working to solve problems with the machine’s display issues.
A firmware was released “to address issues that may cause intermittent display flickering.” Many customers who experienced the display issues are happy since the firmware solved their issues.
However, some people who applied the patch still have problems with their iMacs.
Jan 28 2010
Minimum Specs for Office 2010
The minimum specifications of a computer to be able to run the next
Microsoft Office version has been revealed. Here they are:
Processor: Intel Pentium 500 MHz
RAM: 256 MB PC100 SDRAM
Operating System: Windows XP Professional with Service Pack 3
Video Card: 64 MB RAM with DirectX 9.0c
The video memory requirement is for Excel and PowerPoint. Those who have
machines with multicore processors will run the Office 2010 faster.
iPhone Warranty Phishing Campaign
A phishing campaign about iPhone warranties has been detected by Sophos.
The emails pretend to come from “
iphonewarranty@apple.com”. The
message has three paragraphs after greeting the user. It says that the
user can extend his or her iPhone warranty for free. It also says that
the offer lasts until the last day of this month.
When a user clicks on a hyperlink that is included in the email, he or
she will get a webpage that asks for his or her iPhone information. The
form include blank fields for serial number and IMEI number.
Jan 27 2010
Windows 7 Updates
Posted: 26 Jan 2010 07:48 PM PST
Microsoft has released updates for Windows 7 and Server 2008.
The patch fix issues such as keyboard shortcuts or function keys, such as mute, may not work correctly.
Also, when a computer was configured to display the logon screen on
resume and when it goes to sleep, a black screen is displayed. In this
case, the only way to restart the computer is to hold down the power
button. The patch has fixed this problem.
Updated versions of System Update Readiness Tool for Windows Vista, 7, and Server 2008 were also released.
Source: Ars Technica
Jan 21 2010
17-year-old Windows Bug
Posted: 21 Jan 2010 09:00 PM PST
A 17-year-old Windows bug was disclosed by a
Google Engineer. It is located in the Windows Virtual DOS Machine (VDM)
which is introduced in Windows NT. That was Microsoft’s first fully
32-bit operating system.
64-bit versions of Windows are not affected. An advisory was released
by the company on how to disable the VDM as a way to protect users from
hackers who may try to hijack their PCs.
According to the advisory, “An attacker could then install programs;
view, change, or delete data; or create new accounts with full user
rights.”
Jan 17 2010
Adobe
Patches
Posted: 15 Jan 2010 01:41 PM PST
Three days ago, Adobe released a patch that fix
eight security vulnerabilities. Six of these holes are critical. It is
the third update released since the company announced that it would
release a patch for Reader and Acrobat on a quarterly basis.
One of the patched vulnerabilities was publicly disclosed in
mid-December. Hackers launched limited attacks and conducted campaigns
at a large-scale which affected thousands of users.
The current version of Adobe Reader is now 9.3 while Adobe Acrobat is
8.2.
Source: COMPUTERWORLD

Adobe Vulnerability in IE
Posted: 15 Jan 2010 01:40 PM PST
All versions of Internet Explorer except
version 5 on Windows 2000 are vulnerable to a previously unknown,
unpatched vulnerability in Adobe’s Acrobat and Reader softwares.
The Protected Mode in IE7 and IE8 “limits the impact of this
vulnerability” if the user is using Windows Vista or 7. Otherwise,
the exploit code runs with the same privileges as the user.
Windows Server 2003 and 2008 users have limited impacts due to
Enhanced Security Configuration.
According to Microsoft, it is aware of “limited, active attacks
attempting to use this vulnerability against Internet Explorer 6.”
Source: PCMAG
Windows
7 SP1 Images
Posted: 17 Jan 2010 12:50 PM PST
Redmondpie.com has posted screen shots of the
upcoming first service pack for Windows 7.
The service pack contain approximately 150 critical updates.
At the moment, the pack is only available to a few selected testers.
The beta version, which will be released publicly, is expected to be
released sometime in summer.
The screen shots are mainly about the installation process. The first
one shows what probably would be the first screen that users would see
when they install it. The next one shows that it is downloading files.
On the last image, it shows that the installation was successful.
Haiti Earthquake Donation Scams
Posted: 17 Jan 2010 12:50 PM PST
Sophos has an article about donation scams
regarding the recent earthquake in Haiti.
The first example shows a long message which is supposedly from UK
Red Cross. It wants the reader to send money via Western Union. SavioL,
the author of the article, notes that the “From” email address does not
say Red Cross. Also, the “Reply-to” adress is a webmail account which is
typical of other scams such as the Nigerian/410 scams.
The second example also wants the reader to send money using Western
Union.
Jan 6 2010
Holiday Greeting Malware
Posted: 06 Jan 2010 05:41 PM PST
Sophos has posted an article about a holiday
spam that it received two days ago.
The email contain a greeting message and a white screen with a Play
button in the middle. When a user clicks on the button, it will display a
fake error message.
The error says that the user must download the latest version of
Flash Player and he or she can do so by clicking on the Download button
provided in the error message. It will attempt to download the alleged
Flash update if the user clicks on the Download button.
The file is detected as Troj/Dropr-CL.
Jan 01 2010
Running Snow Leopard in 7
Posted: 01 Jan 2010 08:57 PM PST
A website has posted 10 steps on how to install
a Mac OS X 10.6 Snow Leopard operating system in Windows 7.
To start off the process, a user need to download and install a
software which is VMware Workstation 7. Also, there are two files that
need to be downloaded.
VMware Workstation is the program that was used in the guide to
install the Apple OS. There are five screen shots included in the
article to help a user choose where and what option to press/choose.
Joke Spam
A spam campaign has been detected by Sophos about a video which is supposed to contain jokes.
The message invites the reader to click on a link which is supposed to be the best video about animals. It also says that the user is subscribed to the “ebooksandmore” group in Google Groups.
The two URLs in the message are not shown fully in the post at Sophos. When a user clicks on the first link, he or she will be shown a webpage and then there would be a pop-up that says the user need the latest version of Flash Plugin to watch a media file.
Source: Sophos
Dec 22 2009
Two Malware Campaigns
Posted: 16 Dec 2009 09:22 PM PST
A blog entry was posted at Sophos a few days ago about an e-card from a friend and one from a bank. Both are emails that contain a link to a malware.
The first one tells the user that he or she has received a Hallmark E-Card. The link shows that it is pointing to a hallmark domain but it actually redirects a user somewhere else. The user will be given an option to download a file called Christmas.exe if he or she clicks on the link.
The second email comes from “Online Banking Team.” It has no hyperlinks but it shows a site link which ends in xmas2.exe.
Dec 10 2009
Adobe Patches Flash Player
Posted: 09 Dec 2009 08:09 PM PST
A patch was released yesterday to fix seven vulnerabilities in Adobe Flash Player. Six of them are critical bugs.
The update was the first for the software since July.
One of the bugs that were fixed is in the Flash Player ActiveX control for IE. An attacker can pilfer information by taking advantage of the hole.
“Overall their security advisories are on par with Apple’s. Well actually, I might have to give Apple a few notches up over Adobe,” said Andrew Storms of nCircle Network Security.
Source: COMPUTERWORLD
Adobe Patches Flash Player
Dec 5 2009
No Fix for Black Screen
Posted: 04 Dec 2009 08:39 PM PST
Various websites have reported that a fix for the “black screen of death” problem on Windows 7 will not be included on the set of patches that will be released on Tuesday.
“Microsoft has investigated reports that its November security updates made changes to permissions in the registry that are resulting in system issues for some customers,” said a spokesman for Microsoft in response to the issue that the problem started to occur after the November updates. He also said that the behavior is not a not “a broad customer issue.”
Source: Information Week
No Fix for Black Screen
Autorun Worm W32/AutoRun-AVH
Posted: 05 Dec 2009 09:14 PM PST
An article was posted at Sophos about an autorun worm.
The worm renames “Internet Explorer” to “Internet Exploiter” and it also fakes the content of the Startup folder. When a user with an infected machine checks out the Startup folder from the Start menu, he or she will see that it is “(Empty)”. However, by going to the properties of the startup folder, the properties window would show that it is not true. The folder shortcut actually points to an executable file, KHATRA.exe.
Source: Sophos
Autorun Worm W32/AutoRun-AVH
![]()
Fake Microsoft Update
Posted: 05 Dec 2009 09:13 PM PST
Vanja Svajcer of Sophos has posted a blog entry about a fake email from Microsoft’s Director of Security Assurance, Steve Lipner.
The email is professionally written and it contains a link to a file. Svajcer notes that Microsoft emails never links directly to a file that ends in .exe or have that type of file as an attachment. Therefore, it is a sign that the email is probably fake.
The file was proactively detected as Mal/EncPK-LL.
Svajcer found that it is a Delphi executable and it was made using a custom packer.
Source: Sophos
Fake Microsoft Update
This festive season, beware of the Koobface malware that can infect your PC.
Websense Security Labs ThreatSeeker Network has discovered that the Koobface malware campaign is now using a Christmas theme. Recent developments by Koobface have included use of Google Reader.
The Koobface website offers a video posted by 'SantA'. The usual ruse of requiring a codec to watch the video is used to encourage the user to install and run a file called setup.exe (SHA1:a2046fc88ab82abec89e150b915ab4b332af924a). This file is currently detected by 16 out of 41 antivirus products, according to VirusTotal.
Screenshot of the Koobface website:

On the compromised Facebook page, the user is presented with a link to ch[removed]cher.ch, which is a compromised site in Switzerland. The user is redirected to one of several Koobface websites through a malicious Flash movie file hosted on the compromised site.
Screenshot of the malicious wall posts:

If the user runs the infected file, the worm will automatically login to their Facebook, MySpace, and several other social networking sites and send messages to all their friends.
This is not the first time that the Koobface worm has infected social networking websites. Cases of the same have been reported in the past too.
Images courtesy: Websense
MS Office 2007 $80 Discount
Posted: 25 Nov 2009 09:33 PM PST
Microsoft is offering a discount of $80 on its Office Home and Student 2007 software suite. The regular price is $149.99. Therefore, the sale price is $69.99. Word and Excel are included in this package.
The news follows an announcement about the Mac promotion which has various discounts depending on which Office edition. The authorized resellers that participates in this offer include Apple and Best Buy.
The stores that will participate in the Office Home and Student 2007 software include Best Buy, Frys, Amazon, and Dell.
Microsoft also re-iterated that the new version of Office will be released next year.
Web Attacks: How Hackers Create and Spread Malware
The web has become the key vector for online attacks and even trusted websites are no longer safe. With hackers continually changing tactics, the majority of businesses are left unprotected against modern web-based malware. Businesses can no longer get by with just protecting their email and endpoint systems.
Join this live TechRepublic Webcast to learn how web threats are created and spread, and the impact they have on your business.
Web Attacks: How Hackers Create and Spread Malware
11/24/09
Many personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.
Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.