Category: system admins

Insanity Run Rampant — Antivirus Pro System (scareware)

Paul

Some of you would want to ask me why I am calling this title an usual title. In fact it is quite simple, I have been at the hospital since early this morning. While I was there I had some intriguing things happen. I was watching a person cruise the internet while they were at work. This is someone who is supposed to answer the phones and such. Then I see this POP UP, this draws my attention. “You SYSTEM Has Spyware”. This was my first thought, Scareware. The Popup said it was for “Antivirus Pro System”.
antivirus-system-pro

Since this was a Hospital computer, I couldn’t get a real screen shot of this but there are plenty examples out there, just like that one above.  Anyways what worries me is how System Admins are allowing employees to surf the web while at work on company time.   It also makes for a bad experience with their family.  It also concerns me about the fact that while that computer is infected some of the patients records could be leaked online.

[ad]If you have this Scareware program, Here is a good explanation on how to remove it.   Hospitals have a duty to protect peoples privacy.   Although I seriously this system had patient records it was being used to keep track of who was in surgery and where they were.

Hospitals should prevent their employees from using the internet and preventing patients or their family’s from using the internet.   While I was there I couldn’t do much but check my email and Maybe watch Twitter using Tweetdeck.   That was how bad the bandwidth was there.  According to some nurses they have a T1 Line.   So you know people are watching movies or other things through the internet.   I also heard from a doctor that people were streaming who were supposed to be at work.

That has been my day,  and am I tired.

I would also suggest people have a f[intlink id=”2205″ type=”page”]ree anti-virus software and a Good free Firewall[/intlink] to help prevent this type of scareware in the future.  Remember your the End User and that means only you can prevent this from happening in the first place.  Never go to suspicious sites or URLS that you don’t know where they go.   If you can prevent these types of attacks then you are much better off.

New Vulnebility in the SQL Server

Paul

Microsoft as Issued a warning on a new Vulnerability for:

Microsoft Security Advisory (KB961040)

[ad#ad2-right]Vulnerability in SQL Server Could Allow Remote Code Execution

Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue.

[Via Technet]

[ad#ad2-left]The workaround for the people who use the servers are to deny access to  sp_replwritetovarbin and only should be done by system admins.   Microsoft will probably issue a patch on the next coming next Patch Tuesday unless they hear of anything in the wild.  This does not look to affect anyone who uses Windows XP Home edition or Vista Home  edition just people who has a Microsoft server and use SQL.  It also seem to be CVE-2008-4270 in the Common Vulnerabilities and Exposure database.  If I find out more I’ll let you know.