May 2009 - Posts
I've applied the "Fix it" workaround and so far no issues noted. This workaround might help corporate and home users until a more permanent patch becomes available. There is also a disabling "Fix it" icon to undo the workaround also
Microsoft DirectShow is Vulnerable
QUOTE: The vulnerability exploits quartz.dll Quicktime parsing. However, you don't have to have QuickTime installed.
Update: Microsoft has published a "Fix It" tool that does the registry changes for you.
Microsoft Direct Show vulnerability (971778) - Fix it Workaround available
QUOTE: To implement the workaround that disables QuickTime parsing automatically on a computer that is running Windows 2000, Windows XP or Windows Server 2003, click the Fix this problem link under Enable workaround. To undo the workaround, click the Fix this problem link under Disable workaround. In either scenario, click Run in the File Download dialog box, and follow the steps in the Fix it wizard.
MORE ON VULNERABILITY
Bing it on: Microsoft overhauls search, again
QUOTE: SEATTLE - Microsoft Corp. is rolling out a redesigned search site in the coming days and hopes it will lure more Web surfers than the two most recent incarnations, Live Search and MSN Search. The new site, Bing, adds touches intended to make everyday Web searching a little less haphazard. Bing also tries to make it easier for people to buy things, book travel and find credible health information.
Bing.com - Microsoft's new Search facility coming soon
First look: Google Chrome 2.0 - Fast but lacking features
Well, for those who like an all-singing, all-dancing browser, Google’s Chrome as always been a poor choice because while the browser packed plenty of power, it was very basic. Chrome 2.0 is no different. Here are some of the most significant newly added features to Chrome 2.0:
-- Ability to delete thumbnails from new tab page
-- Full page zoom
-- Full screen mode (by pressing F11)
-- Autofill for web forms
Google - More information
This is an excellent resource to learn more about MS products or for resolution of issues
Microsoft Blogs - Master Index
As reflected in the charts, malware continues to grow in volume, sophistication, and in numbers of variants (i.e., polymorphism). Technical safeguards and best practices are always required.
Sunbelt - Growth of Malware Statistics
Dramatic Increase due numerous variants within malware families
Hopefully, all phone calls associated with the "second notice of your car's factory warranty is expiring" have now been stopped. I'm glad that the FTC was successful in stoping these fradulent attacks.
FTC shuts down massive robocall scam
QUOTE: We spend so much time worrying about Internet fraud. But it’s easy to forget that many con artists still make their living the old-fashioned way: dialing for dollars. Last week, the Federal Trade Commission shut down one of the biggest and most flagrant telemarketing scams ever. The automated calls (known as robocalls) pitched extended car warranties. They went to phones across the country, including cell phones and home phones on the national Do Not Call Registry. Federal law prohibits such calls.
EXAMPLE OF RECENT ATTACKS
QUOTE: US-CERT is aware of public reports of a malware exploit circulating. This is a drive-by-download exploit with multiple stages and is being referred to as Gumblar. The first stage of this exploit attempts to compromise legitimate websites by injecting malicious code into them. Reports indicate that these website infections occur primarily through stolen FTP credentials but may also be compromised through poor configuration settings, vulnerable web applications, etc.
Andrew Martin's Analysis - Excellent detailed writeup
QUOTE: Responsible for 42% of “all malicious infections found on websites” (Sophos) during a 7 day period, Gumblar (JSRedir-R) has been extremely effective at propagating. Many bloggers have been focusing on the script involved in the attack, not so much on what happens when a client is compromised
F-Secure has announced a new beta AV product for the Mac. They used to offer this previously in the floppy era. Apple PCs should be protected by some AV product, as there are increased threats circulating in-the-wild.
F-Secure reintroduces Apple AV Protection
QUOTE: But look closely and you'll see that the image above is for Mac Protection.
We used to have a Mac solution back in the days of sneakernets. The updates were distributed via floppies. This new Mac Protection (with antivirus) is part of our Technology Preview program and you can download it from our Beta Programs page. An Intel processor based Mac with OS X version 10.5 (Leopard) is a requirement.
Macs are popular, with consumers… and also with malware authors. There's plenty of Zlob codec trojans that will infect a Mac if given the chance. Mac's popularity is such that we feel it's time once again for our own Mac solution.
Hackers are actively exploring this vulnerability and CERT has noted possible attacks for the new IIS vulnerability. While there is no current patch, there are ways of mitigating this (e.g., disabling WebDAV if no applications use it, greater restrictions on anonymous accounts, etc).
IIS 5/6 vulnerability - Hackers actively exploring possible attacks (971492)
Microsoft Security Advisory (971492)
Vulnerability in Internet Information Services Could Allow Elevation of Privilege
QUOTE: Microsoft's Internet Information Services software has a privilege escalation vulnerability that US-CERT says is under attack by hackers. While users wait for a patch, here are ways to mitigate the vulnerability. Exploit code for a vulnerability in Microsoft's Internet Information Services software is circulating around the Web, leaving organizations in search for ways to keep hackers at bay.
According to US-CERT, attacks leveraging the vulnerability are already under way, though Microsoft said in an advisory it was unaware of any exploits. Still, US-CERT urged users waiting for a patch to consider disabling WebDAV.
These rogue AV products are not truly security applications, but designed to trick users into sharing their credit card or PayPal account information with fake "you are infected" pop-up messages. F-Secure describes how UA strings may be manipulated to provide information on the specific version back to malicious websites.
AntiVirus 2009 - May actually update User Agent information
QUOTE: How big an issue are Rogue antivirus applications? Some rogues modify the browser's user agent. We've seen hundreds of AntivirXP08 string variations. The modified string is possibly used to identify the affiliates responsible for the installation which drives "business" to the rogue's website.
How many infected user agents are out there? Toni examined one of our sinkholes and its April 2009 logs contained 63,000 unique IP addresses using agents that contain AntivirXP08. And that doesn't include other strings we've seen such as "Antimalware2009". It's a small measure of a very large problem.
How to test your UA Information
What is UA Information?
Gaining confidence in yourself in 3 easy steps
IT professionals must also work with people in addition to machines
This article provides some key advice in working with others effectively
Gaining confidence in yourself in 3 easy steps
QUOTE: It is a common misconception that self-confidence is innate. While it is true that some people are naturally self-assured or have had the luck or the upbringing to trust in their own abilities, self-confidence is a craft, and must be learned like any other.
There are three easy steps to teaching yourself self- confidence
1) Know yourself
2) Do your research
Additional discussion in ALLPM forums
Always obtain any software product or update from the true website.
Fake Adobe Flash Update closely resembles real site
QUOTE: One of our Web Security Analysts came across a website (118,000 ranking in Alexa) that drives users into installing a fake Adobe Flash Player file. The site prompts a message requesting the user download "a new version of Adobe Flash Player" in order to view a video on the site. Based on a reverse domain lookup on the malware link, the fake site is hosted in Bulgaria. Updates to the latest antivirus definitions to detect this threat.
The Powerpoint application within Office has a number of critical patches this month. Some of the patches will help safeguard against in-the-wild targeted zero day exploits that have been circulated. So far, the updates are working well on my corporate system.
Microsoft Security Update - May 2009
QUOTE: This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system.
Study - Software Piracy growing worldwide
QUOTE: Software piracy grew last year, accounting for 41 percent of all PC software installed, with losses to companies estimated at $53 billion, the Business Software Alliance said on Tuesday. Worldwide piracy rates rose from 38 percent of software in business and home computers in 2007 to 41 percent in 2008 despite successes in fighting piracy in China and Russia, according to the study done by market researcher IDC for the BSA. Global PC software sales grew 14 percent last year to $88 billion.
Windows 7 may be released this year if security, functionality, and OEM support requirements are properly met.
Windows 7 - Possible during for 4th quarter 2009
QUOTE: Microsoft officials are finally admitting what many company watchers, customers and partners have known for a while: Windows 7 is going to ship in 2009. Specifically, Windows 7 is going to be generally available in time for holiday 2009. Windows Server 2008 R2 will ship “in the same timeframe,” officials are conceding.
Waledac - New Variant uses Swine Flu Vaccine theme
QUOTE: Other spam email subjects seen so far:
Anti-swine flu drugs are available here
Anti-viral treatment for swine flu
Are you worried about swine flu?
Are you worried about swine flu? buy medicine!
Be quick! anti-swine flu drugs are almost sold out
Buy medicine that prevent you from getting swine flu
Buy medicine to prevent swine flu
Buy new effective medicine against swine flu
Buy the most effective treatment for combating the new swine flu
Do you want to prevent yourself from swine flu?
Do you want to protect yorself against swine flu?
Dont stand in line for swine flu medicine
Get swine flu medicine here
Get the swine flu medicine right here
Hurry up! swine flu drugs are almost sold out
Keep your family from getting swine flu
New medicine to prevent swine flu
New vaccine helps to prevent swine flu
New vaccine to prevent swine flu
Order anti-swine flu medicine today
Order new medicine against swine flu
Order now vaccine against swine flu
Prevent infections with swine flu viruses
Prevent yourself from cathcing swine flu
Protect your family against swine flu!
Protect yourself from swine flu
Stop risk of being killed by swine flu!
The vaccine protecting against swine flu
You can buy swine flu drugs here
You can order anti-flu drugs treaing swine flu here
You can order anti-swine flu drugs on-line
You can protect yourself against swine flu!
The W/7 FAQ by Tech Republic shares hardware guidelines, what's new in the RC build, and some links to key resources.
Windows 7 RC - FAQ by Tech Republic
Microsoft - Window 7 Home Page
More Posts Next page »