Dear Friend Spam Emails from Yahoo

The email from our[intlink id=”3233″ type=”post”] old friend has come back[/intlink] into now compromising Yahoo accounts by sending out this email:

Dear friend:
What are u doing these days?I am going to recommend a Eshop to you.Yesterday I found a web of a large trading company from China,which is an agent of all the well-known digital product factories,and facing to both wholesalers, retailsalers,and personal customer all over the world. They export all kinds of digital products and offer really competitive and reasonable price and high quality goods for their clients,so i think you will make a big profit if you did business with them.And they promise they will provide the best after-sales-service.If you are interested to do business with them,in my opinion, you can make a trial order to test that.
Their Web address: www.nekcn.com

In what seems to be the way of this advertisment company, it seems they have been doing what they did with Hotmail.  Deleting your contact list and emailing your friends with this message.  Now I am thinking it is being done by them [intlink id=”2660″ type=”post”]Phishing for the password and Account name[/intlink], they probably set up an web page to look like Hotmail or Yahoo.  One thing to remember to do is check to see that you address bar looks like this:

yahoomailloginYou should make sure you see the “https”, meaning that is a encrypted login and also make sure you see either Mail.yahoo.com or Login.yahoo.com.  If you see anything else included in your the screen like maybe a .ru or .pl then you aren’t logining into the true yahoo account.  Obviously the website shouldn’t be trusted until they advertise the right way, and find ways to advertise online other than spam.  If you get an email saying you need to do something with your Hotmail account or yahoo mail account you should not click any links and go to the site manually to investigate the problem.  You should never click links in email that you don’t know where they are going.  Thanks to Jazzcorner for Alerting me that they have started to do this with yahoo.  I am betting the next one will be for Google Mail, or Gmail as some will call it. It wouldn’t hurt to have a [intlink id=”2205″ type=”page”]firewall and Anti-virus[/intlink] and also check your system out just to be sure.

Patch Tuesday List for April 14, 2009

So Microsoft has released the patches for April and here they are:

  1. Vulnerabilities in Windows Could Allow Elevation of Privilege (KB959454) — This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.
  2. Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (KB960803) — This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  3. [ad#cricket-right-ez]Cumulative Security Update for Internet Explorer (KB963027) — This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker’s server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  4. Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (KB959426) — This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances.
  5. Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (KB961759) — This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packages to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.
  6. Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (KB961373) –This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  7. Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (KB960477) — This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word.
  8. Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) — This security update resolves a privately reported and a publicly disclosed vulnerability. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

As you can see there are Eight updates and it seems Microsoft isn’t pushing anything else with this update.   We also have the Malicious Software Removal tool for this month as well as the Junk Filters.   If you want to keep your system secure I’d suggest getting a [intlink id=”2205″ type=”page”]Free Firewall and Free Anti-virus[/intlink].   If you have a lot of systems to update, I’d also suggest what I have been calling[intlink id=”2883″ type=”post”] Clone of Autopatcher[/intlink].  This will download them onto a ISO for you to burn and use around all the systems that are offline.

Small Towns are breeding grounds for Computer Viruses

I grew up in a small town, at the time the population of the town was like 29,000.  That isn’t really that small some of you might say, you’ve probably gone through towns that only had 500 or 100 people in it.   Which brings me to my point, Small towns are always going to be behind large towns in technology.

Most of us who have worked on computers or even been in the field for some time knows how hard it is to explain to the uneducated why they need to keep their systems up to date.  It gets really hard explaining to companies in small towns why they need to worry about security.   You try to explain this to a company Representative and you see t he glassy eyed stare that tells you they aren’t even listening anymore.

I’ve been debating talking about this post from the Washington Post, Security Fix.  Now the reason I’ve been having trouble is that the article talks about a town that I grew up, I think of this town as a hometown for me.  I remember Hopkinsville, Ky as a great experience, because the teachers at my school was not comfortable with the computer nerds.  Most of the time, I am sure they felt woefully uneducated about computers.

In my experience here are three reasons why Small towns will always be behind in Technology:

    [ad#cricket-right-ez]

  1. Education System — This is where we start, most of us know that it is our education that gives us our community understanding of the problem.   The education of the system of small towns will always be the last to get the newest stuff or the best stuff, in part because of grants from the local Government.  Nothing new there, because small towns can’t raise a lot of money with very few people in terms of taxes.
  2. Internet availability — You’ve probably experienced this in your lifetime.  You  go to a city or town and there is not a lot of places for you to get on the internet.  You get to a small town and have only 1 or 2 places you can go to check your email or do business stuff.   We are beginning to become an internet dependent society.  In the way of getting our information from the Internet.
  3. Local Government —  This is the most important aspect of why small towns will be behind in technology.  Most Governments in small don’t have the resources to require school systems to incorporate the newest technology or the fastest possible internet speeds.  I love to watch the Show Everwood, it actually speaks some very good truths about small towns.  They aren’t worried about the nation, they are only worried about what is going on Locally.  Until this changes they will never embrace technology like the big city.

Although some of this might of changed in the last few years, I don’t think so because of the report from The Washington post.   Companies in Small towns need to worry about Security.  They need [intlink id=”2205″ type=”page”]Anti-virus Software and Firewalls,[/intlink] even if it is Dialup they need something to keep them protected.  Remember there are eight levels of security, and you’re the last level!!

Mikeyy Worms stills going around Twitter

It seems Mikeyy has spawned a new and improved little advertisement:

Twitter, hire Mikeyy! (718) 312-8131 🙂

As you can see from tweets:
mikey12

It seems this is the new campaign started earlier this morning around 1am or so for Mikeyy and people have found this rather annoying but it is teaching Twitter a lesson, this would be good PR if they hired Mikeyy. Obviously he has a lot to offer but I guess who ever wrote this variant for the Mikeyy Worm went and found his number on a stickcam website:

mickstickcam

Anyone who just Google the number right now could find out the stickcam profile, so I won’t direct you to it. I just hope this doesn’t keep up to much longer. If you’ve been infected with this worm I would refer to my other [intlink id=”3308″ type=”post”]post about removing the worm[/intlink]. I do know if you aren’t logged into twitter through your browser you will not get the worm. This is a simple exploit where they use your browser cookies to infect your Twitter account. So if you view any twitter accounts just keep logged out of Twitter in your browser and you should help prevent this from happening until Twitter gets this under control.

StalkDaily.com was the culprit afterall!!

In my previous post, [intlink id=”3308″ type=”post”]about StalkDaily[/intlink] I thought they were the innocent party in all this:
stalkdaily3

[ad#cricket-right-ez]Now he talks about how he did this and claims responsibility for the Twitter calamity. According to him he did this out of boredom, and needed a way to make money. I am wondering if Twitter will do some legal actions against him for the time it took to fix the problem and fact that it caused so much widespread panic for people to not trust Twitter makes me think that Twitter would have a real good case against a 17 year old who was trying to gain the system.

Then the people who have lost followers or have had problems with their twitter are going to be mad to, They were the innocent party and did not know about the Cross Site Scripting Vulnerability, although it doesn’t appear to have gotten any passwords or sensitive data.

Although It does prove a p0int that the no script addon in Firefox is looking to be more and more needed as people search through the web.