All Posts by Paul

Microsoft makes Firefox more insecure with the .NET 3.5 Framework (KB951847)!

Paul

Photo by Daniel F. Pigatto

In February, Microsoft quietly installed .NET Framework Assistant (ClickOnce) Firefox Extension. This extension is a bad idea because of what this could do.

This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may’ve originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste.

[Via Annoyances.org]

As you see, this is a way to make Firefox less secure and almost like Internet Explorer.   We’ve seen the problems with all the [intlink id=”2946″ type=”post”]Malware exploits[/intlink] that people have used in the past.   If you want to uninstall it, well you can’t.   Microsoft as went out if its way to prevent users from uninstalling.    Here is what Brad Abrams talked about on his blog:

[ad]We added this support at the machine level in order to enable the feature for all users on the machine.Seems reasonable right? Well, turns out that enabling this functionality at the machine level, rather than at the user level means that the “Uninstall” button is grayed out in the Firefox Add-ons menu because standard users are not permitted to uninstall machine-level components.

If you went to your Addons Menu and then to your extensions tab you would see that the uninstall button is grey out. You can disable it but you can’t uninstall it. It looks like Microsoft has sent out a patch to let regular users uninstall this addon(KB963707).

I am really surprised that Microsoft did this little stunt. I would of expected more from Microsoft, but to their credit they did this for a reason to allow users who don’t use IE8 but Firefox , to be able to use the .net Framework but this plugin makes browsing just unsafe. Don’t forgot about the [intlink id=”1010″ type=”post”]MobileMe apple installed on Vista[/intlink] without your knowledge. Microsoft and Apple have both had problems but this is very disturbing.  This patch they are letting people download to fix the problem doesn’t mean much because it hasn’t been sent out to the Auto updates and requires people go download it manually.  So Microsoft believes if you don’t know, it won’t your.

“Look At This” Twitter Malware Exposed!

Paul

VirusList released information about the[intlink id=”3655″ type=”post”] Justse.Ru Video[/intlink] that people were being warned about last weekend.

It seems that it wasn’t a Cross Site Scripting but an PDF exploit that was [intlink id=”3114″ type=”post”]used to install Scareware[/intlink] but Virus List says it as a Fraudware.

[ad]It looks like they were trying to get people to buy [intlink id=”3607″ type=”post”]fake Antivirus[/intlink] software called “System Security”.    It looks like there was a silent download of the PDF and it tried various exploits to get this software installed.

Virus Total has stated that this looks to be the first time, in which one criminal group is looking at making money off of twitter and Facebook.   This could be the beginning of the onslaught of these types of things to continue in the next few months to years.

That is why it is so important to have an [intlink id=”2205″ type=”page”]Anti-virus software and a good firewall[/intlink] to prevent this sort of thing from happening.  It is important to note to all who have a twitter account that you will need to start being more cautious when it comes to videos being put on twitter.  You May never see another video virus like this or you could see a dozen in one day it depends on how people react to this and try to prevent it in the future.   If you think you have the scareware installed that is System Security.   I have found the Removal instrtuctions for people who want to get it off your system.

Blog Success Spam — What not to Do!!

Paul


Lately I’ve been getting spam emails with the titles:

  • Earning thousands blogging? You could be.

  • Bloggers Paid for Posts

  • Bloggers Wanted

  • Learn to blog for paychecks using this freebie video.

Each link sends me to blogsuccess.com, and looks like this:

blogsuccessspam

“Blog Success founders Jack Humphrey and Peter Lenkefi created this to help bloggers make money.”  This is what I read in searches.    I’ve got to wonder if this is so successful they why do an email spam?   [intlink id=”2833″ type=”post”]Most emails lately have been about scams and virus exploits[/intlink].   I am going to stick to the only way you should advertise by getting people to click links to come to my site.

According to Symantec:

Symantec reported that nearly 58 percent of spam is now coming from so-called botnets –networks of hacked computers that can be misused by criminals to steal financial information, launch attacks or send spam.

90 Percent of E-mail Is Spam, Symantec Says

Now if we do the math at least half of these emails sent to me are from hacked computers and are coming from so-call botnets.   If they are so caviler about using hacked systems to spam people do you really think they are making enough money with this website of theirs?   The old tried and true method for any blogger is TIME, Research and building your community.   Other than that there is no really easy way to make money quickly.   I just hope they release this and start doing it the right way.    This just makes there company become a dark site, in which all you do is bring people in who want to earn money in the bad way.

Juste Goes from Twitter to Facebook

Paul

According to Twitter Spam report:

Best video” not so great — we’re working on it.
No matter how good that “best video” looks, don’t go to any juste.ru domains. We’re aware of the situation and are working on it.

[ad]Some sources have started to report this and how it was being sent out. It seems to be some kind of Virus that is taking control of your Twitter account. Althought this is not unusal, what is Unusual is that some have reported this jumping from Twitter to Facebook.

Juste.Ru seems to have been designed for both platforms and someone must of been logged into both to make this happen.   If you’ve gotten this message on Facebook you should just delete it and tell the person who sent it they need to do a [intlink id=”2205″ type=”page”]system check[/intlink].   Also if you have been hit by this virus, first thing to do is clean your system before you do anything else.   Then reset your password, this way you won’t be giving the virus access to the new password.

I talked about where you need to go tor[intlink id=”3599″ type=”post”] reset your password,[/intlink] and it isn’t to hard to do but in case your need to know just check out the other post about it.  You should always have an[intlink id=”2205″ type=”page”] antivirus and Firewall[/intlink] this might of prevented this.

Microsoft Issues a Security Advisory KB971778

Paul

Microsoft Security Advisory: Vulnerability in Microsoft DirectShow could allow remote code execution

http://support.microsoft.com/kb/971778

The systems that are vulnerable are Windows 2000, Windows XP or Windows Server 2003.   I like this new way Microsoft is helping the less educated.   They now havea Fix it button on the site.  This fix it button is a registry change to there system.   It does all the work for the End user.   Although the corporate field will have to modify the registry there own way.

[ad]It looks like Microsoft is thinking of making this more user friendly.  Here is how to do a manual registry fix for your computer:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.

  2. Locate and then click the following subkeys in the registry:

    • For 32-bit Windows systems:
      HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}

    • For 64 bit Windows Systems:
      HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}

  3. On the File menu, click Export.

  4. In the Export Registry File dialog box, type Quicktime_Parser_Backup.reg, and then click Save.

    Note By default, this will create a backup of this registry key in the My Documents folder.

  5. Press DELETE on the keyboard to delete the registry key. When prompted to delete the registry key in the Confirm Key Delete dialog box, click Yes.

  6. Exit Registry Editor.

This will fix the problem until Microsoft has come out with a patch.  If you are not comfortable doing it this way, you can always go hit the fix it button to have it do it automatically.  This will help prevent someone from using this exploit!!