Microsoft issues Advisory KB969136 (Zero Day Exploit in the Wild)

Well, this had to happen sooner or later.  It looks like Powerpoint can be exploited with a Remote Code Execution.   So Microsoft today has issued an Advisory for KB969136.

In there post they say:
[ad#cricket-right-ez]

At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. If you suspect that you were target for such an attack, you can scan your computer with the Windows Live OneCare safety scanner. The malicious PPT files are detected as Exploit:Win32/Apptom.gen. Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Products affected are Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, and Microsoft Office PowerPoint 2003 Service Pack 3. Microsoft Office PowerPoint 2007 is not affected.
[Via Microsoft Blog]

Microsoft has even added a diagram on how an attacker could implement this into an email.

So what do you need to know:

If you receive a Power Point presentation from someone you aren’t expecting either scan it good with a[intlink id=”2205″ type=”page”] free anti-virus[/intlink]. There are no major workarounds to this because Microsoft is telling people not to open the Power Point files directly. I tend to agree you should however know if you are expecting something from someone by either emailing them back or if it’s an office situation pick up that phone for the time being. I am sure Microsoft will issue this patch in the coming months probably May or June at the earliest. I don’t think it will be April Patch Tuesday, they could however make this an out of cycle if enough hackers start to use this.

According to Micrsoft the Windows Live One care picks this up as Win32 Exploit so I am sure other [intlink id=”2205″ type=”page”]Anti-virus Software will do the same[/intlink].   Just for the time being you will want to scan any presentations that come your way.  I will update the blog as more information becomes available!!

Conficker maps of US!

conficker_us_map

The Conficker Work Group has been busy the last few days compiling data of where the [intlink id=”3240″ type=”post”]Conficker Worm[/intlink] is in the world.  I am just showing one of the many pictures they have compiled.

[ad#cricket-right-ez]

Now I must say this isn’t entirely accurate, but it gives a good impression of how many computers in the US have been infected and still need to be removed.   Giving that most of these are business that haven’t updated there Windows Machines, this isn’t surprising.  So I am guessing that if this map is close to what we expected, some of the companies didn’t do anything about[intlink id=”3214″ type=”post”] Conifcker during the hype[/intlink].

That being said, I would like people to answer this question?  Has any technicians had to disinfect systems that had the conficker worm?  Are you seeing a rise in repairs, in regards to conficker related problems?

I was look around there website, the Conficker Work Group, and I stumbled on a really good resource.  It is called Conficker Eye Chart.  If certain images don’t load then you might be infected.   If you want to find out if your infected go check the chart out for yourself.

The Group also has a great list of tools to remove the Conficker Worm.    Although, I have been saying for the past week that the best way to prevent from getting infected is having [intlink id=”2205″ type=”page”]Anti-virus, and Firewalls[/intlink].  You will also need to remember that only you can prevent from getting a computer virus or worm, you’re the last line of defense!!

So it Is April 1, 2009 Now What?

So you survived the [intlink id=”3214″ type=”post” target=”_blank”]April Fools Joke[/intlink] that most people were talking about. Are you more Mindful of what a Virus is and how to best defend against it.  If not let’s go back in the past and talk about some of the necessary Programs:[ad#cricket-right-ez]

  • If you haven’t already installed a [intlink id=”2205″ type=”page”]Free Anti Virus[/intlink], this would be the time to.  Also install a Firewall to better protect you.
  • Never install any software from unknown site — This is most important even though they seem harmless enough there are sites that have [intlink id=”2991″ type=”post”]fake adobe updates or even flash updates[/intlink] that will install Maleware into your system.  So if you have any doubt should visit the main site like Adobe.com to check for updates.
  • [intlink id=”3114″ type=”post”]If something scares you, count to ten[/intlink] —  That is very useful when it comes to scareware sites that like to scare you into buying there fake anti virus software that doesn’t do anything.  I say count to ten because by the time you did you will go looking for information on either that site or that warning and come to the conclusion it was scareware.
  • [intlink id=”2991″ type=”post”]Don’t download untested software[/intlink] —  This is good for those who like to look for programs that are to expensive to buy but they want to have them.  Most of the time Hackers like to use Crackers to infect systems.  Although anything that is questionable can sometimes be infected with a virus so you should stay away from all of them.
  • [intlink id=”3248″ type=”post”]Apple’s OSX isn’t as secure as you may think[/intlink] — I hate when people say they are so glad to have a Mac, and yet it seems to be on the rise.  Macintosh Operating system seems to be getting some attention from Hackers because their more virus and trojans being made for the the Macintosh, so don’t get over confident.

Although these are just a few steps to consider when dealing with virus, trojans, and Worms.  It all depends on the End user to prevent this from happening.   So if you want to protect your identity and system you should consider using the right software.  If your a Vista you should also make sure your not running as an Admistrator, this will also protect your from getting infected.

Just Google Conficker and you’d be surprise

Countdown to March First is on it’s way or already depending on your location and People have been sending tweets about the 60 Minutes coverage of the Conficker:

conflickermarch

As you can tell over the last week Google trends is showing a mountain of people looking for this information.  I am so glad the media has talked about this but it has mad a hysteria or frenzy of people trying to find information on this little worm or some are calling a virus.

[ad#cricket-right-ez]

Now I must remind you that [intlink id=”2715″ type=”post”]Conficker.a[/intlink], [intlink id=”2754″ type=”post”]Conflicker.B[/intlink], [intlink id=”3214″ type=”post”]Conficker.C[/intlink], and [intlink id=”3236″ type=”post”]Conficker.D[/intlink] are the only worms or viruses out there and that you should really [intlink id=”2205″ type=”page”]protect yourself from every virus[/intlink] because there are more viruses or worms out there than this one.

There are several Free Anti-virus options Available:

  • Clamwin — I’ve been trying this one out over the past month and it seems to work just as good as the others.
  • Avast Home Edition — AVG does better than this one but people seem to like this so I have to add this for people who like this better than the others.
  • AVG Anti-Virus Free Edition 8.5.283 — This is another free one that can remove viruses really easily. Download this and you don’t have to worry to much.
  • Avira Antivirus — This is a free anti virus software that some people like.  I like AVG myself, it’s all user preference on which one you want to use.

As you can tell I have sever options available in my [intlink id=”2205″ type=”page”]Malware Resource page[/intlink] for you to use this is just a few that can be helpful when trying to protect your system.  With Conflicker disabling your windows update and if you have a lot of systems you need to update your patches, I’d go with [intlink id=”2883″ type=”post”]Autopatche[/intlink]r this little program will help install the necessary Windows updates.  You should follow Microsoft advice when you are trying to fix the your system with regards to the Conflicker.    Remember this is not the only computer threat out on the internet but be vigilant with where you go and what you.   You are the last line of defense when it comes to protecting your money, your identity, and you computer.

Although if you have a lot of systems that your are worried has the conflicker worm, Arstechnica released information on easily detecting this worm.  This looks like a positive step in stoping this worm.

Conficker Discussion Part 2 – Even more stuff to talk about

We’ve heard in the[intlink id=”3214″ type=”post”] coming days there will be an update for the Conficker.C Worm[/intlink] and Microsoft has Released even more information about it: For Instance:
[ad#cricket-right-ez]

Win32/Conficker.C is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.(was reported to Microsoft on February 20, 2009.)

Win32/Conficker.D is a variant of Win32/Conficker. Conficker.D infects the local computer, terminates services, blocks access to numerous security related Web sites and downloads arbitrary code. Conficker.D can relay command instructions to other Conficker.D infected computers via built-in peer-to-peer (P2P) communication. This variant does not spread to removable drives or shared folders across a network (as with previous variants). Conficker.D is installed by previous variants of Win32/Conficker. (was reported to Microsoft on March 4, 2009.)

As you can tell, this seems to be two different Variants starting to emerge.  Now let’s go a little bit more deeper shall we.  According to US-CERT(United States – Computer Emergency Readiness Team) , They claim that this is Widespread infection and have posted about it on there website TA09-088A.

My one questions is Why is the US getting ready for this Conlicker worm, are they worried that what happened to the Parliament will happen to some branch of the White House.  This seems to be an even more hype building over this worm.  Everyone will tell you the same thing, they are not sure what will happen on April 1, 2009.  I think it will be a normal day and all because with all news about the Conficker worm, the person who wrote this won’t want the light shined on them before they get there foot hold in systems.  So you will most likely not notice anything special on April Fools day due the awareness of the worm.

But don’t forget to update your [intlink id=”2205″ type=”page”]Anti-virus software[/intlink] and also might be time to add a good [intlink id=”2205″ type=”page”]free firewall to help protect yourself[/intlink] from this worm.