Category: Windows 7

Zero Day For IE7 Being used in the wild.

Paul

It looks like IE7 patches are being used right now in the wild.  According to TrendMicro:

HTML_DLOADER.AS exploits the CVE-2009-0075 vulnerability, which is already addressed by the MS09-002 security patch released last week. On an unpatched system though, successful exploitation by HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS.

How the IE7 Exploits are being used

[Image from TrendMicro Blog]

[ad#ad2-right]As you can see this this can be very bad for the companies who wait a while.  Internet Explorer is still being used 1 out of 4 users and I see it it all the time on my stats.   The Good news is this isn’t as hard to get rid as the Conflicker but should be taken serious because the writers might start to want to get even more malicious and make it even harder.

This is the next step to prevent yourself from getting caught with your pants down so to speak, you need to patch all systems that have internet access.  I still like the Autopatcher because it will do the job with very little input from the user.   It also makes it easier for people to patch big systems.  You should also consider installing some Free Anti-virus software to help protect the systems you do have.

From the looks of this virus, someone could easily make this into a botnet and you know how that can could affect your systems and your ISP.  So it is best to get this months patches on the floor of your company as soon as possible.

You should also consider telling your users to start using Firefox to prevent infection from even happening. Until you patch, you are vulnerable.

Windows 7 UAC a Security Risk?

Paul

I just got done reading a blog post about how you could with an easy to make script disable UAC all together. According to Long Zheng, he states that how a malicious software could circumvent the UAC by turning it off.   I simply love the new look and feel of the UAC and hope they can come up with a way to fix the problem. [ad#ad2-right]According to him there is a way to fix this and keep all the new features set.  He has provided the proof of concept for turning of UAC without having it ask. You can download it yourself and try it out, but be careful it will disable UAC.
I hope Microsoft fixes this little flaw and makes it more secure than Vista.  According to Microsoft though, they claim UAC functionality is “by Design“.  I don’t know if it is or isn’t but I do know that it could easily let more Malware into Windows 7 before it got enough people on board.  That is one of the reasons I don’t want Windows 7 Released now.  I don’t want this to become a failure in the minds of people.  I want to look back and see this being successful. Hopefully Microsoft fixes this and makes it even more secure in the future.

‘Life Owner’ won’t delete your data!

Paul1 Reply

I received this email from a friend and wanted to talk about this:

VERY IMPORTANT , PLEASE READ THIS

Anyone-using Internet mail such as Yahoo, Hotmail,
AOL and so on.

[ad#ad2-right]This information arrived this morning,
Direct from both Microsoft and Norton

Please send it to everybody you know who has
access to the Internet.

You may receive an apparently harmless e-mail titled ‘Mail Server Report’

If you open either file, a message will appear on your screen saying:
‘It is too late now, your life is no longer beautiful.’

Subsequently you will LOSE EVERYTHING IN YOUR PC,
And the person who sent it to you will gain access to your
name, e-mail and password.

This is a new virus which started to circulate on Saturday afternoon.
AOLhas already confirmed the severity, and the anti virus software’s are not capable of destroying it.

The virus has been created by a hacker who calls himself
‘life owner’.

PLEASE SEND A COPY OF THIS E-MAIL
TO ALL YOUR FRIENDS, And ask them to
PASS IT ON IMMEDIATELY!

THIS HAS BEEN CONFIRMED BY SNOPES.

http://www.snopes.com/computer/virus/mailserver.asp

After doing my little research, I’ve come to the conclusion that this is nothing more than a warning that someone went over board on. I’ve check this on Snopes and it says that:

This latter version is difficult to classify as either “true” or “false”: The virus it references (i.e., the Mail Server Report worm) was a real one, but it’s neither new nor currently rampant (as claimed in the warning text), nor does it manifest itself in the fashion described (since the “symptoms” provided in the warning are merely a reworking of the text of an earlier virus hoax). All in all, that message doesn’t really merit the dire warning to “SEND A COPY OF THIS TO ALL YOUR FRIENDS, And ask them to PASS IT ON IMMEDIATELY!”

I decided to send a reply to my friend who email me this “Warning” and tell him this:

[ad#ad2-left]Although,  This is a real worm.  It however is over hyped and under no circumstances will it delete your files.   I’ll quote from F-secure:

Warezov.W is a mass-mailing worm that sends itself as e-mail attachments to addresses found on the infected computer.

Typically, a mass-mailer arrives on a computer with an infected e-mail message. In some cases, the infected attachment can start automatically. In other cases, the system is infected when the user opens the attachment. When a typical mass-mailer is activated, it installs itself to the system and creates a startup key for itself in the Windows registry. It then stays active in the system’s memory. While active, the mass-mailer searches for specific files (HTML files for example) on all available hard disks for e-mail addresses. Finally, it connects to an available mail server and sends itself to all the addresses it has found.

Aside from this, Warezov.W also downloads another worm variant from a specified website on the Internet.

According to all my sources is if you are worried about this worm, then I highly recommend a good Anti-virus and Software firewall.   This worm is easily detected by all the free anti-virus software out there.    I like AVG because it scans all incoming emails before you even touch the email.   Please don’t forward that to anyone else it seems to be an old email warning that isn’t really a warning anymore.   It seems to be a scare email where there is no real chance of your data going bye bye.   Just thought you’d like to know!!

So I tell you this, if you have any question of the likely hood of any emails you happen to come buy, you best best it to google it or ask your friend before you open the email up.   It is best also to scan all email attachments before even considering opening them.

Valentine’s Day Brings More Malware!

Paul

Panda Labs talks about this new technique where it tries to install W32/Waledac.C.worm under the thought of someone special. It sends out email to people hoping to click links such as:

    [ad#ad2-right]

  • hxxp://goodnewsreview.com

  • hxxp://worldnewseye.com

  • hxxp://www.spacemynews.com

  • hxxp://www.worldnewsdot.com

  • hxxp://www.worldtracknews.com

  • hxxp://www.wapcitynews.com

  • hxxp://linkworldnews.com

  • hxxp://goodnewsdigital.com

  • hxxp://waleprojekt.com

  • hxxp://expowale.com

  • hxxp://topwale.com

  • hxxp://waleonline.com

  • hxxp://goodnewsdigital.com

  • hxxp://wapcitynews.com

  • hxxp://bestgoodnews.com

  • hxxp://spacemynews.com

  • hxxp://linkworldnews.com

Once your at the site,  clicking on the hearts you would then download an file that is the worm!!  SO here are some things to remember.

If you don’t know the person, then it’s probably spam.   If you know the person you need to ask them before you run the program.   You also need to scan any downloads before you run them.  Go to my Malware Page and get a free Anti-virus and Firewall.  For the likely possibility this worm seems to search the computer and harvest email addresses, you should also warn the person who email you the link to let them know that they are infected.