Category: Windows Vista

Time to update Adobe Flash Player 10.0.22.87

Paul

Adobe has issued a patch for some of the exploits in the wild. This should be installed on any system that isn’t up to the date with Adobe’s player. If you want to check your systems version you can go here and it will tell you what your version is and what the current version is.

If it doesn’t look like this:

adobe1002287

[ad#ad2-right]Then your on the wrong website.   According to Adobe this fixes CVE-2009-0519, CVE-2009-0520, CVE-2009-0522, CVE-2009-0114, CVE-2009-0521.

This update resolves a buffer overflow issue that could potentially allow an attacker to execute arbitrary code. (CVE-2009-0520)

This update resolves an input validation issue that leads to a Denial of Service (DoS); arbitrary code execution has not been demonstrated, but may be possible. (CVE-2009-0519)

An update to the Flash Player settings manager display page on Adobe.com has been deployed to avoid a potential Clickjacking issue variant for Flash Player. The Settings Manager is a special control panel that runs on your local computer but is displayed within and accessed from the Adobe website. (CVE-2009-0114)

This update resolves a Windows-only issue with mouse pointer display that could potentially contribute to a Clickjacking attack. (CVE-2009-0522)

This update prevents a potential Linux-only information disclosure issue in the Flash Player binary that could lead to privilege escalation. (CVE-2009-0521)

[Via Adobe Website]

Although this is due to the problem with the exploits in the Windows environment, this however won’t stop virus writers from using this exploit for the Macintosh and Linux Distro’s.  This should be updated on there system also.

Microsoft Updates the Autorun Patch KB967715

Paul

The updates offered in this article correctly disable the Autorun features. These features were not correctly disabled if you followed previously published guidance. The updates that are offered in this article have been distributed to the following systems through the Windows Update and Automatic update distribution channels:

* Microsoft Windows 2000
* Windows XP Service Pack 2
* Windows XP Service Pack 3
* Windows Server 2003 Service Pack 1
* Windows Server 2003 Service Pack 2

[ad#ad2-right]This will help with the Conflicker Worm, also known the new variant Conflicker B++. Microsoft released this patch to better help the Administrators deal with the problem at hand. That the Conflicker worm exploits the autorun feature in most system. The Administrators need to disable the Autorun feature the right way, or it will not prevent infections.

Microsoft releases the necessary registry keys to edit and how want updates are needed to make this work. This will make it much harder for any program to exploit the Autorun feature in Windows.

This information is provided to help the Admins prevent from getting infected and should not be done by anyone who isn’t comfortable with editing the registry. If you’re not sure how to do it, please take it to someone who can do it. You could potentially make the system unstable messing with registry.

And the Oscar goes to . . . Not these guys!

Paul

Sans Internet Storm is reporting on Anti-virus Scareware tactic. I’ll quote from them:

[ad#ad2-right]

ISC reader Gary wrote in to let us know that searching for “oscar presenters” and “oscar winners” with Google brings up a prominently ranked result on a web server in Poland, on a subdomain of “beepl”, which – surprise, surprise – includes a malicious JavaScript. The end result currently seems to reside on stabilitytracewebcom, and is yet another incarnation of the “Fake Anti-Virus Program” malware that we have covered repeatedly. Watch out, the EXE has a meager 6/39 on Virustotal.
[Via Sans]

I did my own research and it is true they are at least 3 sites with the .pl Domain that are used to send you to these fake sites. You should consider checking your system for possible viruses if you been to these sites and are worried. You should also report any site like this to Phishtank to fight this type of scare tactics. Please remember if you are worried about your system this is the best time to install software to prevent these types of scare tactics. Remember you don’t always have to buy software to be safe. There are free anti-virus and Firewall solutions at your fingertips, use them well. It is also a good idea to make sure you have the latest updates from Microsoft while your at it.

You won’t make money from W32:Sality.ao

Paul

People should be cautious of the making money because there is a variant out there trying to leverage the users into thinking they can make money.

McAfee Says “W32/Sality.ao is a parasitic virus that infects Win32 PE executable files. It infects files (*.exe and *.scr files) on the local, network and removable drives by overwriting code in the entry point of the original file and saving the overwritten code in its virus body. It then appends the virus body to the host file.”

Aliases for this Virus is:

  • Virus.Win32.Sality.y (Ikarus)

  • W32/Sality.AE (Norman)

  • W32/Sality.AH (Panda)

  • W32/Sality.AK (F-Prot)

  • Win32.KUKU.a (Rising)

  • Win32/Sality.AA (VET)

These links should help people understand it it.   You can visit my Malware Resources to help remove this virus.  Something to consider before removing this is to disable your restore points.

Remember there’s no easy to make money, the only real way is to work hard.  According to my research the Anti-virus companies have ways to remove this virus and as long as you update your database.

PDF Zero Day Vulnerability in the Wild

Paul

From sources all over the internet, Adobe made a sent out a Security bulletin yesterday:

APSA09-01 (Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat)

[ad#ad2-right]A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe Plans on patching this March 11, 2009

and According to some other reports are saying:

Symantec Security Response has received several PDF files that actively exploit a vulnerability in Adobe Reader. We are continuing to remain in contact with Adobe on this vulnerability in order to ensure the security of our mutual customers.

[via Symantec]

With PDF files being used all over the business world, this will create undo problems with the IT Field.  This also could be used to make Botnets and make the network involved become sluggish.   It must be warned that there are a whole wide variety of possibilities that could be done with this exploit.  Shadowserver Foundation recommends disabling the Javascript in your Adobe Reader.  Until the patch comes out you will need to be careful on what you open up and possibly check each and every PDF with an Anti-virus.  This should help minimize the likely hood of getting a virus or Trojan, but is not going to be a 100%.  The only way you can prevent a 100% right now is not to use PDFS until they have Fixed this problem.