April 2008 - Posts
Microsoft targets Windows 7 for 2010
Windows 7 is the code name for the operating system that will replace Vista in the future, as Microsoft's most current version. While beta versions will most likely emerge in 2009, Windows 7 will most likely emerge sometime in 2010 after extensive internal and public testing.
Windows 7 In 2010, Microsoft Says
QUOTE: "We are currently in the planning stages for Windows 7 and development is scoped to three years from Windows Vista consumer" general availability, a Microsoft spokesman said in an e-mail Friday to InformationWeek. Windows Vista was released to consumers in late January 2007. That means Windows 7 would not be released until January 2010, according to Microsoft's statement.
All users of the Opera browser should move to the latest version. In most cases, they will be prompted and version 9.27 offers improved protection for two recently discovered security vulnerabilities (that are rated as critical).
Opera 9.27 - Important Security Release
Changelog for Opera 9.27 for Windows
QUOTE: Changes Since Opera 9.26
* Security - Fixed an issue where newsfeed prompts could cause Opera to execute arbitrary code, as reported by Michal Zalewski. See our advisory.
* Security - Solved an issue where resized canvas patterns could cause Opera to execute arbitrary code, as reported by Michal Zalewski. See our advisory.
* Improved keyboard handling of password inputs, as reported by Trystan S.
* Fixed a BitTorrent transfer stability issue.
* Resolved stability issues with the Acid 3 test.
* Additional stability fixes.
Opera 9.27 - Download site
As Tax preparation season is in full swing in the USA, attacks continue to surface. Sunbelt reports a highly convincing targeted attack, that was made to one of their key financial contacts. The IRS, government agencies, and banks do not use email as a primary method of contact, and when messages are received please avoid selecting any links or attachments. When in doubt on any email message, please contact the originating party by phone.
IRS Phishing Attack - Dangerous new customized scam steals data
QUOTE: This afternoon, we got a highly customized email purporting to come from the IRS, which of course, does nothing more than load malware. The email is made out to a key financial contact here at Sunbelt.
Once clicked, the.scr file downloads several other files and reaches out to several servers including the "Office of the Attorney General - California Department of Justice" - where a PDF file is downloaded from and opened using your default PDF viewer. The entire purpose of this PDF is to make things look official. Otherwise, it’s meaningless, and does not appear to be malicious.
Then, a number of other URLs are contacted to download malware, and the user is left with keylogger on their system. It also appears that malware is downloaded from a number of compromised sites.
The Internet Storm Center team also shares more information:
Internet Storm Center - More on TAX Day based Attacks
EMAIL FORMAT USED:
Dear [Name of Executive]
I am sorry but in order for [Name of Firm] to get a tax refund, all the fields must be completed. Please complete the missing fields on the attached form and re-send it to me.
nicely adorned with bells & whistles to make it look like it really comes from the IRS. Another series uses the old "A tax complaint has been filed against you" line, which probably is less likely to get the Execs to click. But who doesn't want a refund ...
Recently DV Labs sponsored a security contest between laptops using Mac, Vista, and Linux operating systems. Vista did well in these tests, until a new unknown vulnerability in Adobe Flash was discovered. This vulnerability was disclosed only to Adobe and it is not a current threat. It will most likely be fixed quickly .
While this threat is not in the wild, I wanted to better learn how to toggle Flash off and on. In using other complementary browsers, I've gotten along well without Flash or other plug-ins installed. Using Internet Explorer (IE8 beta), I decided to turn Flash off, as this was invoked mainly for advertising purposes in about 90% of websites visited. It worked well in blocking Flash animation.
The only issue is a warning message which asks: "the website is requesting a service, would you like to install?". If you ignore the message and continue, it disappears quickly. I'd rather have the message than the Flash presentation sometimes. Still, when you need Flash restored, it can be toggled back on as noted in the steps below.
Later, Adobe PDF and Windows Media player were added to the list of disabled services in IE, as I rarely start these in browser mode. IE performance improved substantially, as all 3 services are complex. Our family PC is also an older model and these types of service reducing tweaks throughout IE and Windows have helped with throughput. I'm staying with these settings and will toggle them back on, if there's a good requirement to do so.
IE Settings - Disable/enable add-in services (e.g., Flash)
Tools >>> Internet Options >>> Program Tab >>> Manage add-on options button >>> Filters >>> Add-ons that run without requiring permission >>> Select Shockwave Object >>> Click Disable button at bottom
To re-enable Flash, all you need to do is follow the steps in green above and select Enable button in last step. If desired, you can also disable Adobe PDF Reader and Windows Media Player from starting within IE. They will still work properly in starting outside of IE if desired. As the settings work like the Flash process noted in green above, these services can also be toggled back on if needed.
CAUTIONARY NOTES IN SETTINGS ABOVE:
1. Avoid making these changes unless you are familiar with IE settings and understand the technical steps noted in green.
2. Avoid setting off other services as it could affect or break browser functions.
3. Flash might be used often in an email website or forum you might be posting frequently to, and the warning message could appear often.
4. The technical settings were specifically for IE 8 and they should work for IE 7. I'm not certain if IE 6 supports service disabling in the same manner as described above. If the technical settings don't match up well, users should avoid making these changes.
Virus, Trojan Horse, and Worm attacks have changed substantially in the past couple of years. Previously, malware authors seeded "true" viruses that replicated from PC to PC, manipulating unpatched email or system vulnerabilities. This still occurs, however most attacks are massively spammed to trick users into selecting a malicious web link or attachment.
Most current attacks usually don't spread to other vulnerable PCs from an infected system, although there are still many "true" viruses circulating (e.g., network walkers, USB flash drives, email worms, etc). However Botnets using fast-flux servers (i.e., that hide the true malware master servers) are creating highly polymorphic (i.e., rapidly changing) malware threats. Each attack wave is spammed with a unique MD5 hash., that AV vendors key on in some cases to detect malware (along with pattern matching algorithms).
Botnets (e.g., Storm Worm) use a master malware "template" approach. These master blueprints can change hourly on the fast-flux servers to create new variants that AV software may or may not detect. Wave after wave of unique malware can be spammed out which is creating the potential for one million different viruses in 2008.
In reality, there are only a few thousand active virus families, but some of these families have several thousand variants within them. Still, each of the million unique MD5 patterns must be handled successfully by the AV vendors. This new attack style is challenging and explains why only 30% of AV vendors may provide coverage shortly after a new virus wave is massively spammed to the public.
F-Secure expects possibly one million unique viruses in 2008
QUOTE: Finnish antivirus software vendor F-Secure has published its statistics for the first quarter of 2008. The company estimates that a total of a million new viruses will be born this year – 25,000 malicious programs per day have made their way onto the firm's servers.
This number agrees with other research. Service provider AV-Test last year had already registered viruses at the same daily rate, but from all antivirus vendors and other sources such as honeypots combined. According to AV Test general manager Andreas Marx, in the 13 hours to one o'clock on Tuesday 21,439 unique samples – viruses with a unique MD5 "fingerprint" – had already made their way onto the company's servers.
Folks should delete these messages and avoid selecting any links, malware can be automatically and silently installed on vulnerable PCs.
Storm Worm - April Fools version circulating
QUOTE: Well, it's that time again. April Fools day tomorrow and prime time for those in control of the Storm botnet. Again a various list of subjects come with this release:
All Fools' Day
Doh! All's Fool.
Doh! April's Fool.
Gotcha! All Fool!
Gotcha! April Fool!
Happy All Fool's Day.
Happy All Fools Day!
Happy All Fools!
Happy April Fool's Day.
Happy April Fools Day!
Happy Fools Day!
I am a Fool for your Love
Join the Laugh-A-Lot!
One who is sportively imposed upon by others on the first day of April
Surprise! The joke's on you.
Today You Can Officially Act Foolish
The download is a binary, also with varying names:
While anti-virus protection was 18% at the time of the sample, this trend will improve as AV vendors respond to this new threat.
Storm Worm (Poor coverage by AV vendors of 18% at time of sample)
More Posts « Previous page