Harry Potter and the Half Blood Prince Movie Spreads Malware

It seems in anticipation of the release of Half Blood Prince the Malware authors are starting to send for the movie. For example:

harrypotterblogspotfake
As you can see they really try to fool you into think your are going to be able to watch it for free.    They even put it the movie poster to try to get you to click that link. It is on a blogspot page and has a few Google followers, which I am amazed at because what I have found it.   If you were to click that play link (usa-top-news.info) it will redirect your to (world-news-scandals.com) and then to the final destination (tubes-portal.com). Each site is surprisingly in the US and tries to look like it is a real site. It sends you a file called streamviewer.40018.exe, which I am surprised AVG hasn’t picked this up so I went to see if this was a virus and Virustotal showed me this:harrypotterblogspotfake1

[ad]Very few actually detect this trojan downloader even [intlink id=”2205″ type=”page”]AVG[/intlink] hasn’t detected this as being malware.   So you best bet is not try to go watch it early because 9 times out of 10 it will be a virus.  You also should know that there are even some links in Digg.com and other popular websites that are promoting this. The top rated sites are what I call Google Juice to put the blog spot website onto the first page of Google. So you should install a good [intlink id=”2205″ type=”page”]Anti-virus software and Firewall[/intlink]. I also believe this will be coming out on DVD in December according to my sources this movie has been ready for quite some time and they are anxious to have it ready for Christmas so you won’t have to wait long to see it. Afterall they have had this movie ready since last Year.

This seems to be like the [intlink id=”3448″ type=”post”]Fake Codecs[/intlink], I have talked about.   In order to see this you have to install this software to view this movie.   I don’t even know if it is a true movie but I do expect in the coming weeks to days there will be even more Fake Sites like this trying to promote watching it for Free.  Thank goodness [intlink id=”3385″ type=”post”]we don”t have to worry about Zango anymore[/intlink]. Nothing in life comes free, so be on your guard.  Only you can prevent virus infections on your system.

Link shortening and the new wave malware on Twitter

I’ve been reading what Sans Internet storm has to say about twitter and how that can bring malware to Twitter. Sans argues that there is no reliable way to determine the information someone says, and that is where I am wanting to talk about the way people are creating what I call Link baiting or Blind links. You ever click on a link in twitter to find it it wasn’t what you thought it was?

[ad]I also thought of what Sopho’s blog about today where someone hijacked 2.2 Million redirect Urls using Cli.gs services to shorten links. I was reading through the Cli.gs blog about the incident and it came from Canada but I don’t think the user of the website who had all that traffic was involved in any way shape or form to the hacking of Cli.gs website. I personally think this was done to prove a point and it is a very good point.

That in the future there will be someone to redirect links to a malware site and it won’t be pretty. Think about it any shorten url service like Tinyurl or others who could have their links all be directed to a website. that is a big number and it worries me. Let us go through the numbers a little bit and see. 98.2% of people go to Tinyurl.com and don’t preview the url first. Half of the clicks in Bit.ly are coming from the US, which means we are more at risk of clicking on a link that could be a virus or malware.

Now I know people don’t have time to check out all the links or forget to check before they click. So I have a few plugins that might help with this.   LongUrl Pluggin  Can use 72 different web services including Bit.ly, Tinyurl, Cli.gs, and a bunch more.  This is a good little plugin to help prevent yourself from clicking those links that you are unsure of.    I would also recommend getting a [intlink id=”2205″ type=”page”]Free Anti-virus and Free Firewall[/intlink] to better protect yoru system.  I wouldn’t use Internet Explorer it seems that is more easier to infect with malware than Firefox.  [intlink id=”3668″ type=”post”]Firefox still has to worry[/intlink] but not as much.

Microsoft Drops a 9 Security updates on Patch Tuesday

So I get home and here is what they updated for those who would like to keep track:

  • Vulnerabilities in Active Directory Could Allow Remote Code Execution (KB971055) — This update is only for Microsoft Windows 2000 Server, Windows Server 2003, Windows XP Professional and Windows Server 2003.  This one is Rated critical due to Remote Code Execution, which means a program can install malware or viruses on your system and you wouldn’t know it.
  • Cumulative Security Update for Internet Explorer (KB969897) —This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer.
  • Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (KB970483) —This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication.
  • Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (KB969462) — This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object.
  • Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (KB961501) — This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request.
  • Vulnerability in Windows Search Could Allow Information Disclosure (KB963093) — This security update resolves a privately reported vulnerability in Windows Search. The vulnerability could allow information disclosure if a user performs a search that returns a specially crafted file as the first result or if the user previews a specially crafted file from the search results.
  • Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (Kb957632) — This security update resolves a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file.
  • Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (Kb968537) — This security update resolves two publicly disclosed and two privately reported vulnerabilities in the Windows kernel that could allow elevation of privilege.
  • [ad]

  • Vulnerability in RPC Could Allow Elevation of Privilege (Kb970238) — This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately.
  • Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (Kb969514) — This security update resolves two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Word file.

As you can see these are rated from being Critical to Moderate.   Each and every one of these should be updated and can be easily done using [intlink id=”2883″ type=”post”]Autopatcher[/intlink].   Something you should consider before doing these updates is to make a Restore point before proceeding or a [intlink id=”682″ type=”post”]Complete backup[/intlink], just in case.  Also it is suggested to install these at your earliest convenience due to the fact that the malware authors will start using and is called Exploit Wednesday. Also it wouldn’t hurt to install some[intlink id=”2205″ type=”page”] free Anti-virus and Free Firewalls[/intlink] instead of using Windows Firewall. This will help protect your in the future also.

Ms Patch Tuesday For June 2009

Photo by Andrew Magill Photo by Andrew Magill

Microsoft has released the upcoming patch information for this Tuesday, and boy does it look like a big one. It looks like there will be 10 bulletins this time around:

  • Bulletin 1: Critical (Remote Code Execution):   Windows
  • Bulletin 2: Critical (Remote Code Execution):   Windows
  • Bulletin 3: Critical (Remote Code Execution):   Windows, Internet Explorer
  • Bulletin 4: Critical (Remote Code Execution):   Office
  • Bulletin 5: Critical (Remote Code Execution):   Office
  • Bulletin 6: Critical (Remote Code Execution):   Office
  • Bulletin 7: Important (Elevation of Privilege):        Windows
  • Bulletin 8: Important (Elevation of Privilege):        Windows
  • Bulletin 9: Important (Elevation of Privilege):        Windows
  • Bulletin 10: Moderate (Information Disclosure):    Windows

It will also include one or more updates on WSUS and Windows update, and Microsoft Windows Malicious Software Removal Tool.   This looks to be quite a big set of updates.   Each one is very serious and will probably be a big download.   If your in corporate IT you may want to get ready the [intlink id=”2883″ type=”post”]Autopatcher program [/intlink]this will help update all the important files on each system without having to have a internet Connection.

[ad]We don’t know what they will be until they have dropped from Microsoft, but we can guess that the Latest Directx vulnerability isn’t going to be one of them.  I wouldn’t be surprised if this was going to be pushed out of cycle but that is going to have to wait a see.

The Affected systems are Windows 2000 Through Windows Vista and Server 2008.   Which means if you have windows it most likely will need to be updated.   Although on a side not the Office suite from 2000 to 2008 also will be patched and that includes the Macintosh systems.

It also looks like 7 out of the 10 will require restarts, so the autopatcher will save you time.  I wouldn’t expect this to notbe exploited on Wensday because most of them are Remote Code Execution which means it is easy for a hacker to take control of your system.   These should be installed ASAP and you also should have a [intlink id=”2205″ type=”page”]Firewall and Antivirus installed[/intlink] to better protect your system.

Microsoft makes Firefox more insecure with the .NET 3.5 Framework (KB951847)!

Photo by Daniel F. Pigatto

In February, Microsoft quietly installed .NET Framework Assistant (ClickOnce) Firefox Extension. This extension is a bad idea because of what this could do.

This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may’ve originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste.

[Via Annoyances.org]

As you see, this is a way to make Firefox less secure and almost like Internet Explorer.   We’ve seen the problems with all the [intlink id=”2946″ type=”post”]Malware exploits[/intlink] that people have used in the past.   If you want to uninstall it, well you can’t.   Microsoft as went out if its way to prevent users from uninstalling.    Here is what Brad Abrams talked about on his blog:

[ad]We added this support at the machine level in order to enable the feature for all users on the machine.Seems reasonable right? Well, turns out that enabling this functionality at the machine level, rather than at the user level means that the “Uninstall” button is grayed out in the Firefox Add-ons menu because standard users are not permitted to uninstall machine-level components.

If you went to your Addons Menu and then to your extensions tab you would see that the uninstall button is grey out. You can disable it but you can’t uninstall it. It looks like Microsoft has sent out a patch to let regular users uninstall this addon(KB963707).

I am really surprised that Microsoft did this little stunt. I would of expected more from Microsoft, but to their credit they did this for a reason to allow users who don’t use IE8 but Firefox , to be able to use the .net Framework but this plugin makes browsing just unsafe. Don’t forgot about the [intlink id=”1010″ type=”post”]MobileMe apple installed on Vista[/intlink] without your knowledge. Microsoft and Apple have both had problems but this is very disturbing.  This patch they are letting people download to fix the problem doesn’t mean much because it hasn’t been sent out to the Auto updates and requires people go download it manually.  So Microsoft believes if you don’t know, it won’t your.