Category: Windows Update

Michael Jackson Malware on the Rise

Paul

In the last 24 hours the spammers and scammers have begun to distribute spam with the guise to:

    [ad]

  • Harvest Email Addresses —  This seems to used to ask users to respond to the email to get “top secret” information about how he died.  Security experts believe this is an attempt to verify email addresses for future spam attempts.   Although it isn’t wise to reply to people you don’t know about it at least has very little risk with your computer for the time being.

  • Fake Codecs and Hidden Trojans —  Seems this is the main thing they are doing right now to get personal computers on their networks.   So you should never visit a site you don’t know about without having an Anti-virus software and A firewall to better protect your system.

  • Extortion Ware — This one is very interesting, and According to Webroot.  You should avoid sites that you don’t know anything about.   With News of anything major you should keep with the trusted news sites.  This one looks to be the bad guy type.

These seem to be a common ploy with scammers and spammers who want to get money from you in one way or another.   I have been watching the Google searches and haven’t seen any malicious sites but I could of missed one here and there.

You should always have an [intlink id=”2205″ type=”page”]Anti-virus and Firewall[/intlink] available to help protect your system from these types of attacks.   If you had some kind of protection to better protect your computer.  Remember no one can stop computer infections but you.

Hulu Days Of Summer are here again

Paul7 Replies

huludaysofsummer09

So we have it here right now, and it starts out really good.   You can watch Stargate SG1 Season 1 through 4 the whole summer.  The last of the Mohicans was the frst movie they brought out for this event.  I rember last years one where we had to guess the coming week.  Some of the ones that I did last year were:

Now I don’t know all that will come this summer but I would of liked to have clues like we did last year. That would of been really fun.  Oh well, I will keep watch on this and see what comes from this.   I also have been using the Hulu Desktop more and more, it seems to work well with [intlink id=”3059″ type=”post”]A600 Cricket modem[/intlink] really well.  For those who have it, I would suggest using the lowest quality of playback for using it.  It really isn’t bad quality for watching shows and such on.   You really don’t have to worry to much about buffering.  Although you should check your settings on the [intlink id=”1009″ type=”post”]player and change them[/intlink].

On a side note this week and next I will be really busy so I don’t know if I will update as much as I have in the past.  This is summer afterall so it might be off and on this summer until everything goes back to normal in the fall.  I will update the blog when I can this summer, so don’t you fret to much!!

Harry Potter and the Half Blood Prince Movie Spreads Malware

Paul

It seems in anticipation of the release of Half Blood Prince the Malware authors are starting to send for the movie. For example:

harrypotterblogspotfake
As you can see they really try to fool you into think your are going to be able to watch it for free.    They even put it the movie poster to try to get you to click that link. It is on a blogspot page and has a few Google followers, which I am amazed at because what I have found it.   If you were to click that play link (usa-top-news.info) it will redirect your to (world-news-scandals.com) and then to the final destination (tubes-portal.com). Each site is surprisingly in the US and tries to look like it is a real site. It sends you a file called streamviewer.40018.exe, which I am surprised AVG hasn’t picked this up so I went to see if this was a virus and Virustotal showed me this:harrypotterblogspotfake1

[ad]Very few actually detect this trojan downloader even [intlink id=”2205″ type=”page”]AVG[/intlink] hasn’t detected this as being malware.   So you best bet is not try to go watch it early because 9 times out of 10 it will be a virus.  You also should know that there are even some links in Digg.com and other popular websites that are promoting this. The top rated sites are what I call Google Juice to put the blog spot website onto the first page of Google. So you should install a good [intlink id=”2205″ type=”page”]Anti-virus software and Firewall[/intlink]. I also believe this will be coming out on DVD in December according to my sources this movie has been ready for quite some time and they are anxious to have it ready for Christmas so you won’t have to wait long to see it. Afterall they have had this movie ready since last Year.

This seems to be like the [intlink id=”3448″ type=”post”]Fake Codecs[/intlink], I have talked about.   In order to see this you have to install this software to view this movie.   I don’t even know if it is a true movie but I do expect in the coming weeks to days there will be even more Fake Sites like this trying to promote watching it for Free.  Thank goodness [intlink id=”3385″ type=”post”]we don”t have to worry about Zango anymore[/intlink]. Nothing in life comes free, so be on your guard.  Only you can prevent virus infections on your system.

Link shortening and the new wave malware on Twitter

Paul

I’ve been reading what Sans Internet storm has to say about twitter and how that can bring malware to Twitter. Sans argues that there is no reliable way to determine the information someone says, and that is where I am wanting to talk about the way people are creating what I call Link baiting or Blind links. You ever click on a link in twitter to find it it wasn’t what you thought it was?

[ad]I also thought of what Sopho’s blog about today where someone hijacked 2.2 Million redirect Urls using Cli.gs services to shorten links. I was reading through the Cli.gs blog about the incident and it came from Canada but I don’t think the user of the website who had all that traffic was involved in any way shape or form to the hacking of Cli.gs website. I personally think this was done to prove a point and it is a very good point.

That in the future there will be someone to redirect links to a malware site and it won’t be pretty. Think about it any shorten url service like Tinyurl or others who could have their links all be directed to a website. that is a big number and it worries me. Let us go through the numbers a little bit and see. 98.2% of people go to Tinyurl.com and don’t preview the url first. Half of the clicks in Bit.ly are coming from the US, which means we are more at risk of clicking on a link that could be a virus or malware.

Now I know people don’t have time to check out all the links or forget to check before they click. So I have a few plugins that might help with this.   LongUrl Pluggin  Can use 72 different web services including Bit.ly, Tinyurl, Cli.gs, and a bunch more.  This is a good little plugin to help prevent yourself from clicking those links that you are unsure of.    I would also recommend getting a [intlink id=”2205″ type=”page”]Free Anti-virus and Free Firewall[/intlink] to better protect yoru system.  I wouldn’t use Internet Explorer it seems that is more easier to infect with malware than Firefox.  [intlink id=”3668″ type=”post”]Firefox still has to worry[/intlink] but not as much.

Microsoft Drops a 9 Security updates on Patch Tuesday

Paul

So I get home and here is what they updated for those who would like to keep track:

  • Vulnerabilities in Active Directory Could Allow Remote Code Execution (KB971055) — This update is only for Microsoft Windows 2000 Server, Windows Server 2003, Windows XP Professional and Windows Server 2003.  This one is Rated critical due to Remote Code Execution, which means a program can install malware or viruses on your system and you wouldn’t know it.

  • Cumulative Security Update for Internet Explorer (KB969897) —This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer.

  • Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (KB970483) —This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication.

  • Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (KB969462) — This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object.

  • Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (KB961501) — This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request.

  • Vulnerability in Windows Search Could Allow Information Disclosure (KB963093) — This security update resolves a privately reported vulnerability in Windows Search. The vulnerability could allow information disclosure if a user performs a search that returns a specially crafted file as the first result or if the user previews a specially crafted file from the search results.

  • Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (Kb957632) — This security update resolves a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file.

  • Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (Kb968537) — This security update resolves two publicly disclosed and two privately reported vulnerabilities in the Windows kernel that could allow elevation of privilege.

    • [ad]

  • Vulnerability in RPC Could Allow Elevation of Privilege (Kb970238) — This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately.

  • Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (Kb969514) — This security update resolves two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Word file.

As you can see these are rated from being Critical to Moderate.   Each and every one of these should be updated and can be easily done using [intlink id=”2883″ type=”post”]Autopatcher[/intlink].   Something you should consider before doing these updates is to make a Restore point before proceeding or a [intlink id=”682″ type=”post”]Complete backup[/intlink], just in case.  Also it is suggested to install these at your earliest convenience due to the fact that the malware authors will start using and is called Exploit Wednesday. Also it wouldn’t hurt to install some[intlink id=”2205″ type=”page”] free Anti-virus and Free Firewalls[/intlink] instead of using Windows Firewall. This will help protect your in the future also.