Category: Windows Update

I hate Snopes Spam

Paul

As you know Snopes is used to find out about urban Legend and Rumors:

I received a Virus alert from my RSS feed about Email virus warning.  It even adds a Snope URL.  The Author just copies and pasted the virus warning into the blog without even going to Snopes.
[ad#ad2-right]

According to Snopes and I’ll quote:
Although the Postcard virus is real, it isn’t a “BIG VIRUS COMING” (it’s already been around in multiple forms for a long time now), it will not “burn the whole hard disc” of your computer, CNN didn’t classify it as the “worst virus” ever, and it doesn’t arrive in messages bearing a subject line of ‘Invitation.’

[Via Snopes]

Now as you can tell the link described in the blog post was “http://www.snopes.com/computer/virus/postcard.asp”. If you went there, you’d have seen this as a not really true and some parts of this might be but that part about burning your Hard drive or even consider the Worst virus isn’t true.

Some things you need to consider before forwarding anything is:

  • Is it completely True?

  • Is it Legitimate?  (True blown warning about something like a product recall  or something important like that)

  • Does it Say to Forward? (if so it is probably not wise)

  • is it from a Friend (If so you might want to remind the friend nicely that it isn’t nice to send spam)

If you follow some of these suggestions you’ll be making the Internet a far better place for everyone.  Remember if you don’t know, it’s time to learn.  if you do know, it is time to teach.  These are the fundamental aspects of using the internet the right way.  Also if it is a fake virus warning you should tell them to get a Free Anti-virus and Firewall to better protect them.  Also  remind them that if they keep their system updated then they shouldn’t be too worried.  Remember only you can prevent a Computer Virus and it’s up to you keep your system up to date.

Microsoft Releases the Patch Information for March

Paul

Microsoft Has Released the Patch information For march and This is what is expected to be patch on March 11, 2009:

  • Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (Kb949029) — This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  (affected System : Microsoft Office)

    • [ad#ad2-right]

  • Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (Kb949031) — This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane. (affected System : Microsoft Office)

  • Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (Kb949030) — This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (affected System : Microsoft Office)

  • Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (Kb933103) — This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  (affected System : Microsoft Office)

These Four are all Critical and should be applied the week of March 11, 2009.  Their are Seven Patches coming out, but these are the main focus.   According to Microsoft they have released MS08-014, MS08-015, MS08-016 and MS08-017 to better help you find out which ones are affected.

Now is the time to get AutoPatcher ready and make sure it is up to date on any patches that might of came out this month that you didn’t know about.  Also consider downloading the new version of Anti-virus and Firewall software while you are it.  In case you come accross a rogue virus and need to disinfect it!!  Some of these patches for this month is due to the EXCEL vulnerability that is out right now and is in the wild, so that should be your top priority once Tuesday come around.  Remember hackers will start exploiting these patches on Wensday and you will be racing against the clock.   One last bit of information for the Mac Users you should also apply these patches they are vulnerable to according to Microsoft.  I’ll update as more information becomes available!!

Cracking and Warez sites are Host of Trouble!!

Paul2 Replies

It is nothing to laugh at and should be understood that gamers have no freedom right now.   That said this new Variant to Virux Trojan is in regards to Win32/Vitro Trojan.  It seems tobe infecting .exe and .Scr files just like this.

According to Trend Micro:
[ad#ad2-right]

The downloaded malware include variants under the FAKEAV, TDSS, and VUNDO families. Infection chains, however, are notable for the presence of VIRUT and VIRUX malware. VIRUX and VIRUT attacks were initially about the volume of infected PCs. The numbers are massive enough to worry Web users and security researchers: around 20,000 PCs are infected per day
Read more: “Crack Sites Distribute VIRUX and FakeAV

Now it seems to be more and more sites with getting computer infected. It also seems the Malware writers are using these servers for helping infect essentially gamers computers. So for the time being, if you have a favorite game and you want to:

  • No-CD Crack (This is good for those who want to play the game without the CD)

  • Key Gen Cracks (This is used for pirated version of a game)

  • Update Cracks (This is used to prevent CD checking or Also prevent Version Checking)

  • Game Cheats (This is usually a small program like a bot or some other way for the gamer to cheat)

And should not be Downloaded or USED!! I don’t say that lightly, because Gamers feel they should be able to play any game they want. Although this post will probably make the Gamer developers happy, I do this to tell people that these virus writers are using the gamers to distribute the Virus.   I encourage all the gamers out there, that don’t want to loose their games to not download any more of these types of cracks.  It seems the virus writers are wanting to infect systems and slow you down.  You don’t want to slowed down do you?  Please consider getting a Firewall and a Free Anti-virus software to better protect your system.

Microsoft Updates the Autorun Patch KB967715

Paul

The updates offered in this article correctly disable the Autorun features. These features were not correctly disabled if you followed previously published guidance. The updates that are offered in this article have been distributed to the following systems through the Windows Update and Automatic update distribution channels:

* Microsoft Windows 2000
* Windows XP Service Pack 2
* Windows XP Service Pack 3
* Windows Server 2003 Service Pack 1
* Windows Server 2003 Service Pack 2

[ad#ad2-right]This will help with the Conflicker Worm, also known the new variant Conflicker B++. Microsoft released this patch to better help the Administrators deal with the problem at hand. That the Conflicker worm exploits the autorun feature in most system. The Administrators need to disable the Autorun feature the right way, or it will not prevent infections.

Microsoft releases the necessary registry keys to edit and how want updates are needed to make this work. This will make it much harder for any program to exploit the Autorun feature in Windows.

This information is provided to help the Admins prevent from getting infected and should not be done by anyone who isn’t comfortable with editing the registry. If you’re not sure how to do it, please take it to someone who can do it. You could potentially make the system unstable messing with registry.

PDF Zero Day Vulnerability in the Wild

Paul

From sources all over the internet, Adobe made a sent out a Security bulletin yesterday:

APSA09-01 (Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat)

[ad#ad2-right]A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe Plans on patching this March 11, 2009

and According to some other reports are saying:

Symantec Security Response has received several PDF files that actively exploit a vulnerability in Adobe Reader. We are continuing to remain in contact with Adobe on this vulnerability in order to ensure the security of our mutual customers.

[via Symantec]

With PDF files being used all over the business world, this will create undo problems with the IT Field.  This also could be used to make Botnets and make the network involved become sluggish.   It must be warned that there are a whole wide variety of possibilities that could be done with this exploit.  Shadowserver Foundation recommends disabling the Javascript in your Adobe Reader.  Until the patch comes out you will need to be careful on what you open up and possibly check each and every PDF with an Anti-virus.  This should help minimize the likely hood of getting a virus or Trojan, but is not going to be a 100%.  The only way you can prevent a 100% right now is not to use PDFS until they have Fixed this problem.