MMPC highlights SIR v15 report and Windows XP vulnerabilities, noting latest Windows versions are safer and more reliable. The popular O/S is now 12 years old and is being retired for improved and more secure control systems for the PC, laptop, or device.
QUOTE: Earlier today we published a blog post that discussed a new metric for analyzing malware prevalence which was introduced in the latest report. This new metric, called the encounter rate, measures the percentage of computers protected with Microsoft real-time antimalware products that come into contact with malware. It is important to note encounters do not equate to infections. Although some computers do report active malware, the vast majority of these encounters represent blocked infections reported by our antimalware products. Another recent blog explained our metrics in more detail.
As shared in volume 15 of the SIR report, more recent operating systems (Windows 7/8) are better hardened for security and can mitigate or prevent most attacks circulating today, with complementary defenses in place (i.e., AV, Firewall, safe user practices, etc)
If you need a strong supporting argument and five good reasons to upgrade, look no further than the Microsoft Security Intelligence Report v15 released today. All you need to do is CTRL+F this doc and search for Windows XP to see what I'm talking about. Here, I'll help, as ripped directy from the SIR v15:
- 9.1 computers cleaned per 1000 scanned by the Malicious Software Removal Tool (MSRT) were Windows XP SP3 32-bit, more than any other system cleaned.
- Windows XP SP3 holds the top spot for infection rate (9.1 CCM) even though it actually has a lower encounter rate (percent of reporting computers) than Windows 7 SP1.
- The disparity between the two metrics above highlights the importance of moving away from older operating system versions to newer, more secure ones. Computers running Windows XP in the first half of 2013 encountered about 31 percent more malware worldwide than computers running Windows 8, but their infection rate was more than 5 times as high.
- #1 threat family affecting Windows XP SP3? INF/Autorun. Yes, that autorun, used by worms when spreading to local, network, or removable drives. Doesn't work on modern versions of Windows in their default configuration.
- Windows XP extended support ends April 8, 2014. That means no more patches, people.
XP has been a beloved operating system for millions and millions of people around the world, but after 12 years of service it simply can't mitigate the threats we're seeing modern-day attackers use."
Intego highlights new version of Ransomware browser locking "prank" that is circulating this month:
QUOTE: Last July, a ransomware prank was found making the rounds on Safari browsers, which tied up the browser window with excessive pop-ups purporting to be from the FBI, demanding users send $300 to have their browser unlocked. The ransomware wasn’t harmful to the user’s system, and it could be easily bypassed. Well, we’re seeing yet another round of this irritating prank, and this time it affects Chrome and Safari browsers. There’s a couple ways to kill this prank from each of the affected web browsers.
Intego highlights important update for Safari browser as follows:
QUOTE: Apple has released Safari 6.1 with patches for 21 vulnerabilities to improve its web browser security. The Safari update addresses a number of Webkit flaws that may lead to information disclosure and cross-site scripting attacks, as well as a Safari vulnerability related to arbitrary code execution.
Trend reports an an increase in spreading of CryptoLocker malware, as follows:
QUOTE: Over the past few weeks, we’ve been seeing an increase in the number of spreading CryptoLocker malware. This new kind of ransomware has been hitting more users over the past few weeks Previously, we discussed how these threats were arriving via email. CryptoLocker can be viewed as a refinement of a previously known type of threat called ransomware. Such “improvements” are in line with our 2013 Security Predictions, where we mentioned that the focus of cybercriminals would be the refinement of existing tools, rather than the creation of entirely new threats.
Recent surveys note that usage of these two specialized social networking sites are growing. Both are popular resources for younger users.
QUOTE: We’re almost 10 years old so we’re definitely not a niche thing any more so that kind of angle for coolness is done for us," Facebook CEO Mark Zuckerberg said just last month at the Newseum in Washington, D.C. Facebook, in its July report to stockholders, noted that losing younger Facebook members to competing social networks is a known problem. Now there's even more statistics to support what you and Zuck already know in your heart: Twitter toppled Facebook as "most important" social site among teens, making the former long-standing champion No. 2. That's according to the semi-annual teen market report from investment management firm Piper Jaffray.
With 26 percent of the teens surveyed choosing Twitter, and 23 percent going with Facebook, the difference doesn't seem like a big one, until you notice how far Facebook's fallen since its all time high of 42 percent teen preference, way way back in 2012. (About 200 years in Internet time.) If this all seems freakishly familiar, it's because Pew Research offered up similar stats in its May report on teens and social media, noting a "waning enthusiasm" for Facebook among U.S. teens. Instagram — that's the third most important social media site for teens, according Piper Jaffray. With 23 percent of teens surveyed choosing Instagram as No. 1, the photo-sharing social service is up from 17 percent in Spring, neck-and-neck with its new owner and growing fast
Kaspersky AV users should update the AV signature files if they encounter this false detection message:
QUOTE: One of our readers has alerted us to the fact that Kaspersky AV has identified tcpip.sys as malware on his Windows 7 32bit hosts - the file is flagged as "HEUR:Trojan.Win32.Generic". Microsoft's Windows File Protection feature prevented it from quarantining this critical file, but his end users were all treated to the error message. Kaspersky has verified that this is resolved in their latest update. If you're seeing this issue, get your AV to "phone home" for the fix!
Parents still need to take an active role to ensure responsible use of home Internet resources. As often shared, don't put anything on a social network you would not want on front page of newspaper.
QUOTE: Facebook has eased its privacy settings for 13 to 17-year-old users, enabling them to now share photos updates and comments with the public. The change went into effect immediately after the announcement on Wednesday. “Teens are among the savviest people using social media, and whether it comes to civic engagement, activism, or their thoughts on a new movie, they want to be heard,”
Facebook wrote in a blog post announcing the change. “While only a small fraction of teens using Facebook might choose to post publicly, this update now gives them the choice to share more broadly, just like on other social media services.” The privacy settings for teenagers were previously set to “Friends of Friends” as a default. Their default will now be set to just “Friends,” a narrower audience, but they will have the choice to make their posts public. However, a small warning will pop up when teenagers try to set their posts to public, giving them one last warning that anyone can see their online content once they make it accessible.
Often users will special posts in their friends messages that ask them to COPY & PASTE certain warnings. Almost all of these are hoaxes that are filled with some factual data so that folks will become concerned and take action. One new variant of a privacy hoax was circulating actively this month. Have just assisted some friends in dispelling this as a hoax. It is captured below
Critical updates for IE, Windows, Office, and other products are available. Corporate and home users should promptly install these updates. The Internet Explorer update is rated as "PATCH NOW" by ISC because it patches an exploit currently circulating on malicious sites
With the TWC initiative, Microsoft introduced an innovative process to continually improve security over time. It provides an important planning date each month for system administrators and well all home & corporate users
QUOTE: This month also marks the 10-year anniversary of the Patch Tuesday program, which Microsoft started in October of 2003. Over the past decade, it has become a model implementation of a patch program in both outreach to vulnerability submitters and predictability for IT administrators, who have been dealing with the increasing number of patches for their computer infrastructures
NY Times shares article on new advanced Facebook timeline search capability
QUOTE: In a blog post on the company’s Web site Monday, Facebook said people could now search “status updates, photo captions, check-ins and comments” from both their own timelines and those of their friends. Facebook said people could search for specific things by, for example, typing in, “Posts about Dancing with the Stars by my friends,” which will bring up any posts by their friends on the service who have commented on or shared content about the show. You could also search for “Pictures of me and my dog” to help find photos in which you’re both tagged, or “My posts from last year.”
On October 1, 2013 major changes in Health Care became law and new fake sites are circulating in addition to legitimate ones. Users should be cautious and watch carefully in conveying any sensitive information.
QUOTE: Security company Trend Micro reported that they're already seeing spam targeted to words like "medicare," "enrollment," and "medical insurance." These terms aren't quite on-point just yet, but Trend Micro's threat communications manager Christopher Budd told SecurityWatch that deep problems with the Marketplace websites could make things much worse.
Budd says that without a clear means to verify if a site is official or not, people are risk of finding themselves duped by convincing-looking fraudulent websites. We've already seen how spammers and scammers are very adept tailoring their messages. And because these websites deal with medical issues and insurance, people are already primed to hand over tons of personal information—like their Social Security numbers. Worse yet, some people will be signing up their whole families, potentially giving thieves access to a lot of personal information.
The main problem, says Budd, is that some of the state websites did not follow best practices for security—or even adequately brand themselves as part of the ACA. "To give credit, the Federal site is professional, well branded, and provides SSL," said Budd, pointing out how HealthCare.gov automatically used SSL.
Facebook has implemented a new EDIT feature (that offers audit trail) ... Originally, posts were locked down so that likes or responses would be in line with original posts (primarily to prevent pranksters from changing content of message to the opposite meaning)
QUOTE: you’ve ever posted something on Facebook that you’ve immediately wanted to tweak or correct, Facebook has a solution for you. This week, the site announced that it would roll out a new feature for its web platform and Android Facebook app allowing users to edit posts and comments. Facebook, a lightning rod of privacy issues lately, has already addressed many people’s primary concern with this feature. Facebook will mark posts that have been edited and allow users to see a history of the changes made to the content. This will prevent users from being suckered into liking a post that is edited after the fact.
Apple recently patched two key mobile applications as follows:
QUOTE: This week on Mobile Threat Monday, we look at two mobile issues related to Apple products—though, interestingly, one of them is on Android. The good news is that both of the two stories we're highlighting today have already been solved, but the bad news is that they existed in the first place.
1. iMessage Chat -- Apple's iMessage is the system that allows users to send text messages to other iOS users over Wi-Fi or data network. It's an appealing service since it's free, automatic, and syncs with iMessage on OS X (and also can't be read by the FBI, though that's up for debate), but it does leave Android users out in the cold.
An old expression "there are no free lunches on the Internet" applies in the newly updated scam currently circulating
QUOTE: Apple unveiled details of its long-awaited new iPhone models this week, announcing the iPhone 5S and the iPhone 5C. While the impending September 20 release date for the phones has been a cause for celebration online, social media users should beware of fake offers for new iPhones cropping up on Facebook. In fact, as Trend Micro reports, these spam messages have already been appearing in users’ inboxes. The emails attempt to look like an Apple Store notification email and tells users that they’ve “won” the iPhone 5S plus an iPad. A link in the email then takes users to another website, where they’re asked to input their email address and password. So far, the scam has spread across southeastern Asia, though as the buzz around the new phones increases as the release date draws nearer, Facebook users around the world can expect to see more of these same kinds of scams.
Facecrooks security shares an awareness of this new analytical process:
QUOTE: Facebook is constantly seeking ways to better analyze its users’ posts and find ways to target its advertising and content. Last week, it was revealed that the site is investigating deep learning (i.e., artificial intelligence) techniques that can create a “simulated neural network” to better understand the emotions behind users’ posts and better sort their News Feed. The system is a massive network of interconnected computers intended to simulate the human brain with learning algorithms. “Research into understanding images, text, and language has been going on for decades, but the typical improvement a new technique might offer was a fraction of a percent,” Facebook’s chief technology officer, Mike Schroepfer, told the MIT Technology Review. “In tasks like vision or speech, we’re seeing 30 percent-plus improvements with deep learning… The data set is increasing in size, people are getting more friends, and with the advent of mobile, people are online more frequently.”
ESET reports report a major Banking trojan is currently spreading and targets 24 different banking systems. Users should ensure they are malware free in all ecommerce transactions.
A stealthy banking Trojan known as Caphaw or Shylock has resurfaced
- and is attacking customers of 24 American banks
. It’s armed with defensive and stealth abilities including the power to “restore” itself during shutdown
. The malware is described as “one of the few that can steal money while a user is accesing his bank acount
,” by ESET Security Intelligence Team Lead, Aleksandr Matrosov
, who published a detailed analysis of the malware this year.
“It is an interesting financial malware family: one of the few that has autoload functionality for automatically stealing money when the user is actively accessing his banking account. An infected user can’t recognize that his money is being stolen,” Matrosov writes. “This threat has many techniques for bypassing security software and evading automated malware samples processing.” Zscaler said in a blog post, “Over the last month, the ThreatLabZ researchers have been actively monitoring a recent uptick in the numbers of Win32/Caphaw (henceforward known as Caphaw) infections that have been actively targeting users’ bank accounts since 2011.
ESET reports new BOTNET has emerged that appears to be spreading using malicious Facebook links:
QUOTE: There is a new bot on the block. ESET identifies it as Win32/Napolar while its author calls it solarbot. This piece of malware came to our attention mid-August because of its interesting anti-debugging and code injection techniques. It recently attracted general attention when it was discussed on various reverse engineering forums. This malware can serve multiple purposes. The three main ones are to conduct Denial of Service attacks, to act as a SOCKS proxy server, and to steal information from infected systems. The malware is able to hook into various browsers to steal information that is submitted in web forms.
We have uncovered many details about this bot since it became active at the end of July, with in-the-wild infections starting mid-August. There have been reports of thousands of infections, many of them in South America. The countries with the most infections are Peru, Ecuador, and Columbia. More information on the geographical distribution for this threat can be found on virusradar. The author of Win32/Napolar uses a website to promote it. The website looks very professional and contains detailed information about the bot, including the cost ($200 USD for each build) and even a complete change-log of the evolution of the code. Although we have not yet directly seen Win32/Napolar being distributed in the wild, it seems likely that this threat has been spread through Facebook.
These New TDL rootkit Variants capitalize on Exploit CVE-2013-3660
QUOTE: Last year, ESET mentioned a TDL4 variant (some AV vendors refer to it as Pihar) that employs new techniques to bypass HIPS as well as to elevate a process's privileges to gain administrator access. The droppers of the variants we recently saw also use the same techniques mentioned in ESET's blog post, but with some minor updates. TDL4 exploits the MS10-092 vulnerability in Microsoft Window's Task Scheduler service to elevate the malware's process privileges in order to load the rootkit driver. The new variants instead exploits the CVE-2013-3660 EPATHOBJ vulnerability discovered by security researcher Tavis Ormandy
FREE CLEANING TOOL: Bitdefender antimalware researchers have updated the free rootkit remover to deal with the latest TDL clones
More Posts « Previous page
- Next page »