PDF Zero Day Vulnerability in the Wild

From sources all over the internet, Adobe made a sent out a Security bulletin yesterday:

APSA09-01 (Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat)

[ad#ad2-right]A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe Plans on patching this March 11, 2009

and According to some other reports are saying:

Symantec Security Response has received several PDF files that actively exploit a vulnerability in Adobe Reader. We are continuing to remain in contact with Adobe on this vulnerability in order to ensure the security of our mutual customers.

[via Symantec]

With PDF files being used all over the business world, this will create undo problems with the IT Field.  This also could be used to make Botnets and make the network involved become sluggish.   It must be warned that there are a whole wide variety of possibilities that could be done with this exploit.  Shadowserver Foundation recommends disabling the Javascript in your Adobe Reader.  Until the patch comes out you will need to be careful on what you open up and possibly check each and every PDF with an Anti-virus.  This should help minimize the likely hood of getting a virus or Trojan, but is not going to be a 100%.  The only way you can prevent a 100% right now is not to use PDFS until they have Fixed this problem.

Signs of a Computer Infection!

So I was thinking this morning what I missed and I totally missed on how you might be able to tell if you have a computer virus. It does me no good to talk about a virus if you don’t know you’re infected. I was thinking of the times I had a client who had trouble but wasn’t what I thought.

So How do you know?

Some people would say it depends on factors but here are what I call clues that make me suspect a virus:[ad#ad2-right]

  1. Slow or Sluggish computers —  Here is what I know if the computer is really slowing down and have a dual core or quad core.  If you are running a system and sees a lot of hard drive activity even when the computer is idle then it might be a virus or it could be a program doing what it is supposed to be doing.  So this is somewhat of an indication but not always.
  2. Slow internet connection on the computer or on the network — Due to the fact that most people have a router that is connected to all the computers and if you internet connection on all your systems are slower than normal then you could have a virus.  I use Speed Test website to help determine this.
  3. Corrupt files or Missing files —  Sometimes you have a text documents or files that are missing and you have to pay to get them back.   It’s an old scheme and usually once your files have been encrypted you can’t get them unencrypted.  So this is why I added this one also because it varies from virus to virus.
  4. Programs don’t work like they used to —  This is also a very common association with a virus because virus makers don’t have time to test it out on a variety.   Most of the time if you get a call that a program is no longer working tat would be the first thing I’d look at, if not check to see what other programs have been installed lately.
  5. In some cases more files are the Hard drive —  This can be a indication of a virus because the virus might be using the system to host files or other such illegal activity.   Although this is happening less and less it can still be a possibility and should be checked out.   I like to use a graphical tree size program to determine if that is the truth.
  6. Pop ups or Browser redirects — this is a common thing along the way.  It’s always the same and saying something like “you have a virus” or “You unprotected and you might have a virus”.  The theme here is to scare the user into buying there product that does not do anything.   It sometimes even looks like a real anti-virus program or spyware program but in truth it is just a scam.  In some cases it will send you to a site because it keeps wanting you to buy the product.
  7. DNS Changes on you — Some hackers like to have you go through there server so they can watch everything you do online.  They are wanting to get the sensitive information of bank account, and other important accounts.  This is really the ones that need to get off your system asap.

[ad#ad2-left]These are the signs I’ve seen in the past that would indicate a virus but as with any problem.  You will need to check for all the possibilities.   It is always going to be an issue with people because most people don’t know about the signs, now you do and you can now be a better computer user.  It is you who can only fight viruses by knowing all the possible system and only you can defeat a virus.  In the next article I will talk about the tools to help you find and defeat a virus.   This will be a big blog post because I have so much to teach and explain.   If you like these post by all means leave a comment and help spread the word.

Fix Shutdown Problems in Vista!

[ad]
In the Patch Tuesday update, Microsoft quietly released the patch to fix Windows Vista machine shut problems. This patch should of came sooner.

KB957388

Update for Windows Server 2008 and Windows Vista

Install this update to resolve a set of known application compatibility issues with Windows Server 2008. After you install this item, you may have to restart your computer.

This was not a critical update and it seems to resolve so many issues with compatibility.  One thing it seemed to fix on my system has been the shutdown time.  It is now quite fast, it would normally take me 2 to 3 mins to shutdown, now it does it in less than a Minute.   So if you’ve not installed this update please install it soon.   I would like to know if people are seeing the same thing I am.   I’ve found a great resource on fixing it if you are still having problem, it talks about how to check your system performance. Although this is been doing it lately with these programs not loaded or even running, they still seem to cause problems so now I get the feeling it has to do with legacy programs.  This should fix most of the problem with older programs.

Vista has a new Vulnebility!

According to Techworld.com,  Vista has a new Vulnerability that could let a hacker infect a Vista machine with a rootkit.  The talk from them is quite intriguing.   I will quote it to better let you know what the Vulnerability is:

The vulnerability could allow a hacker to install a rootkit, a small piece of malicious software that is very difficult to detect and remove from a computer, Unterleitner said.

[ad#ad2-left]Phion notified Microsoft about the problem on 22 October. Microsoft indicated to Phion that it would issue a patch with Vista’s next service pack. Microsoft released a beta version of Vista’s second service pack to testers last month. Vista’s Service Pack 2 is due for release by June 2009.
[via Techworld.com]

The way they could do this is through the Device IO Control which in turn could corrupt the Kernel of Windows Vista.  Now we all know that Microsoft will release a patch quicker than 6 months away.  According to this article, people are already looking for the exploit and want to know more about it.  I would be willing to bet they will have a patch out sooner than later.  Probably January or Febuary, which will be a big deal because no one will expect it.  I would also imagine hackers will start trying to figure out how they could install software as quick as possible before Microsoft pushes out the patch.   So what can you do to protect yourself, Get a firewall, a Antivirus and learn how to protect yourself to prevent yourself from getting a computer virus.

AVG Detected a False Positive

[ad#ad2-left]According to Security and The Net:

An update for the AVG virus scanner released yesterday contained an incorrect virus signature, which led it to think user32.dll contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN. AVG then recommended deleting this file; this causes the affected systems to either stop booting or go into a continuous reboot cycle. So far, the problem only appears to affect Windows XP, but there is no guarantee that other versions of Windows don’t have the same issue.

[Via Security and The Net]


[ad#ad2-right]I bring this up because this is a false positive according to AVG. AVG since sent out another update to there Database and you can go and update the database to get rid of this problem. If you need to restore that DLL check out the article Security and The Net, they got some excellent suggestions on fixing the problem.

If you’ve not been affected by this yet, you probably won’t be. It is yet unknown how many people have been affected. I’m blogging about this to tell people about this and to warn people that not all of warnings from AVG are true and that is why you should always ask before you delete or do anything to your system. I always USE google when it comes to these types of questions