Apple’s Not immune after all

In a recent post from the San Internet Storm Center:

Apple

[ad#ad2-right]Apple has said they will not say yes or no to this report and that they will be investigating this fully. I’ve been saying Apple needs to get it’s head out of the sand. According to Apple these effect both Mac’s and Microsoft so they are a software related vulnerability. Soon or later someone will want to create a botnet and infect Macintosh’s with virus or even a worm just to show apple that they could. In a recent article from PcWorld, They talk about a Trojan called OSX.RSPlug.D. This will just increase the fact that they are going to start targeting a OSX because of the lack security. Apple, Needs to get it together and start patching just as much as Microsoft.

In Any case It is time to update the software and maybe think about installing anti-virus software also.  Although the Mpeg-2 Playback Component vulnerability is for Windows Vista, XP SP2 and SP3.  You can see where a hacker would use that for a windows system very easily.   So you must be careful what you click on and remember that your no longer safe.  You know how they will want to test out the waters for OSX just because they could so this year I predict Apple will start having even more Malware and Viruses than ever before.

Security Researchers warn of potential flaws in Windows

I read an article today from Techworld. I wanted to Discuss this in detail. I also found some links that suggest that Techworld is right.

[ad#ad2-right]

Andrew Storms, director of security operations at nCircle Network Security, speculated that the latest bugs were found by researchers using information disclosed in SMB fixes Microsoft released in October and November.[va Techworld]

According to my investigation, and I have been looking. I found a few SMB Vulnerabilities. One of them is CVE-2008-4835 and CVE-2008-4834. These two are capable of Remote Code Execution, and are Consider very High on the Impact list and all.

So Did people find these exploits or vulnerabilities from the last MS 08-067 patch? I would have to conclude it is a real possibility.

Although Microsoft did patch those holes this month.  I grow to wonder just how much these hackers keeping the IT professionals on there toes.    I hope people updated their system to prevent another worm because you don’t want the worm like Downadup Do you?  I am sure there will be a worm or a virus that will exploit this in time, and I think sooner or later someone will use this just like the other one.

More Information on the downadup Worm

If your working to get rid of this Downadup Worm, F-secure is giving out a free removal tool to help with that task.   According to F-Secure Worm:W32/Downadup.gen description which Talks about how bad this worm is.

[ad#ad2-right]Due to companies not updating the MS 08-067 patch, it is the primary way for this worm to get onto a system.

Graham Cluely’s Blog ask a question and got quite a few answers from the users. The results of the poll are 53% believe the hackers are to blame, and 30% think the System Administrators are to blame, and 17% think Microsoft is to blame for this worm.

I have a mix feelings over who is to be blamed for this worm. I think the person who wrote this, did it for a specific reason. We can’t expect any software we use to be 100% safe, even Macintosh are not 100% safe. Microsoft isn’t to be blamed because they tried to patch this as quickly as they could. I know that companies have a hard time keeping up with Microsoft updates, and they really can’t be blamed. I think Hackers are always going to make a virus just because they can. That’s in there nature and we will never be really rid of the virus or worm writers. They are in it for the Money, to boast, to take control of, or steal sensitive information. Windows being the Alpha Dog, people are always going to test the waters because of that.

So who do you think is to be blamed?  I’d like to hear your thoughts on this.

Who do you think is to blame for the Downadup Worm?

1) End Users
2) Microsoft who did patch it
3) The person who Wrote this Worm
4) Companies who didn’t implement updates
5) No one it is going to happen
6) People who pay the writers of Virus/Worms

View Results

Make your own poll

If you think someone else is to be blamed just make a comment.

Please bear in mind that this poll is not scientific and is provided for information purposes only. The comments expressed on this page are those of a subsection of poll participants, and not necessarily those of Tech-linkblog. Tech-linkblog makes no guarantees about the accuracy of the results other than that they reflect the choices of the users who participated.

How Serious is the Downadup.b/Conflicker Worm?

In there latest post F-secure has updated how many people are infect and I’ll quote:

Today’s calculation is a total of 8,976,038 infections worldwide and 353,495 unique IP addresses.

That’s a quite a big difference compared to our last number — there will be a follow up post coming soon to explain the methodology.

[Via F-secure]

F-secure has noticed it went up from 3,521,230 infections worldwide. This Worm has doubled in over a day.  So I have done some twitter searching to see if anyone has recently tweeted about this and I find this one comment:
[ad#ad2-right]

WTF? suddenly my antivirus is popping with warnings about a W32.Downadup.B … but I havent received any attachs or installed anything!

[Via Twitter Mklopez]

I’d thought I show you how important it is for you to get ready for a very hard fight ahead of yourselves.  You see this hasn’t even begun with this worm.

Here’s are some of the tweets:

2 customers, have this conflicker.worm problem and we are trying every possible solution but nothing turned out to be solved

[Via Twitter  Candegger]

@carnal0wnage Hey happy new year, what malware one of my clients just had a large outbreak of the conflicker virus, pretty good virus

[Via twitter MarcoFigueroa]

[ad#ad2-right]This worm doesn’t need to be downloaded because it will use exploits that are currently unpatched in the systems .  This worm seems to be spreading by USB sticks and you should really turn that off. If you think you’ve gotten this virus, please check out my Malware Resources and also some of the other post about this worm:

I hope these resources help you fight that worm and help people get your system back to normal.

Check out my other Posts about Conflicker/Downadup Worm.

Microsoft issues 1 Major update 1-13-09

Well it has been release Microsoft issued an update to the system:

[ad#ad2-right]

Vulnerabilities in SMB Could Allow Remote Code Execution

Microsoft Security Bulletin MS09-001 – Critical (KB958687)

This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

This is one of those updates you really need to install as soon as you can.   You should also get a free firewall or buy one.  I looks to be a vulnerability in the ports and if you’d have a firewall besides windows you should be safe but that is besides the point.   If you are security congenious then you should install this update ASAP.  If your worried this will effect you system then you will need to backup your system before you do this update.  If you feel you’ve might of been infected with this Vulnerability you could always go get a free antivirus program and scan your system.  This is the sure way of fighting a Virus and making sure your safe, although people argue that Paid virus programs are quicker to be updated with virus databases, it’s all in the matter of preferences.