Zero Day For IE7 Being used in the wild.

It looks like IE7 patches are being used right now in the wild.  According to TrendMicro:

HTML_DLOADER.AS exploits the CVE-2009-0075 vulnerability, which is already addressed by the MS09-002 security patch released last week. On an unpatched system though, successful exploitation by HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS.

How the IE7 Exploits are being used

[Image from TrendMicro Blog]

[ad#ad2-right]As you can see this this can be very bad for the companies who wait a while.  Internet Explorer is still being used 1 out of 4 users and I see it it all the time on my stats.   The Good news is this isn’t as hard to get rid as the Conflicker but should be taken serious because the writers might start to want to get even more malicious and make it even harder.

This is the next step to prevent yourself from getting caught with your pants down so to speak, you need to patch all systems that have internet access.  I still like the Autopatcher because it will do the job with very little input from the user.   It also makes it easier for people to patch big systems.  You should also consider installing some Free Anti-virus software to help protect the systems you do have.

From the looks of this virus, someone could easily make this into a botnet and you know how that can could affect your systems and your ISP.  So it is best to get this months patches on the floor of your company as soon as possible.

You should also consider telling your users to start using Firefox to prevent infection from even happening. Until you patch, you are vulnerable.

Internet Security Companies Warn about Patch Tuesday and Valentines Day.

With Tomorrow being released some very highly rated Remote Code Execution to become Zero day in very short time. Some researchers are speculating about more viruses will be released in conjunction to Valentines day. According to this one post it will be likely to be E-cards being sent to try to lure you into downloading Malware.
[ad#ad2-right]

Various security vendors, including CA Inc, MX Logic Inc., Trend Micro Inc., and Panda Security, have issued alerts about new Valentine’s Day-themed spam campaigns that try to dupe users into installing the Waledec bot.

Researchers note that many websites which are affiliated to Waledac e-card scam have been recently updated with content based on the Valentine’s Day theme.

Web sites distribute Trojan files which are commonly named love.exe; onlyyou.exe; you.exe; youandme.exe; and meandyou.exe and the list is not exhaustive.
[Via Express Buzz]

So which ones will likely be the exploits they will use? I have a few theories on that and One of them is the INTERNET EXPLORER vulnerability that will be patched and will try to get you to launch the link and will most likely try to launch it in Internet explorer, That would be my guess.    It seems to be Internet Explorer 7 and Below which will be patched so if you want to try out the IE 8 Beta,  You should be safe on that.  Although the best bet is to prevent users from clicking links in emails and also warning them not to open any attachments they are not expecting.    I’d also have the AutoPatcher ready to install the lastest patches for this Tuesday and schedule a time this week to update all the possible systems involved with the Databases.  Although this isn’t one that tries to steal your data it is however a chance the writers to look at what you have and you know how that can be call a data breach.   So if your the IT for the department I’d suggest sending out warnings so they can keep from being caught with their pants down.   I’d also suggest having Anti-Virus and free Firewall installed on all the major systems and it wouldn’t hurt to have the installed on minor systems if at all possible.

Are you patched, Secunia Says NO

Secunia BlogThink you’ve got nothing to worry about, according to Secunia 98% of computers are not fully patched and are vulnerable to some kinda of attack. [ad#digg-right]So I wanted to talk about this a little and give you a few good ways to make sure you are patched.  There are several ways to get your system up to almost 100%.

[ad#ad2-left]Some things to do is make sure you have your Windows systems updated.  This is easy to make sure, if you have an internet connection you can just check for updates.  If you don’t know how to do it, it is quite simple, Just go here.    If you have Windows Vista all you have to do is hit Start and type in the search box “Windows Update” and hit Enter and you will be taken to the update page.


If you have a system that is off of the Net you could use the Clone of Autopatcher Program to do it for you.   You also need to update all your secondary programs such as Audacity, Open Office, and other programs that you use weekly.

[ad#ad2-right]If you don’t know what you need to update sometimes just having a program check for you can make a really good difference.   The one that I like to use is Appsnap and it actually searches you computer to see what might need to be updated.   I also suggest for the final suggestion is check out my Anti-Virus and Anit-Spyware Resources and make sure you have a firewall and anti-virus software.  This will greatly reduce your chances of getting a virus but that isn’t all you have to be careful on what you click on read this article on Some Important programs to prevent yourself from having viruses and Malware!! Read that carefully to better understand how you can protect yourself in the future.

Stop botnets in its tracks With a Firewall!

According to PC World and I’ll quote:

According to FireEye chief scientist Stuart Staniford, detection rates are so poor that, on average, only around 40 percent of security software can detect binaries during the period of greatest infectivity and danger, namely the first few days after a particular variant starts being used by botnet builders.

[via PC World]

[ad#ad2-left]Now let’s talk about this, having been seeing recent surges of people getting infected.  I’ve come to the conclusion that companies like AVG and other Anti-Virus companies are keeping up.   Now true if all you have is an Anti-virus and nothing else that greatly increases your likely hood of getting a virus.

In a recent virus storm, We have people finding my site because of a Good Firewall.   No if he didn’t have anything but Windows firewall then it would of gotten through and you would not of known about it.  So let’s talk about how to prevent botnet attacks.   This is relatively easy and if you follow some common rules.   You to could be less likely to be infected.  I will say this most people don’t do these common tips and they should do them.

[ad#digg-right]So what should you do to help prevent from getting a Virus or Malware.  This is really simple, you want to find an Anti-virus Software that you like, and Firewall that you like also.  You’ll also want to download the tools to better help you in case you do get infected.  Some of these tools I recommend are Hijackthis, Spybot Search and Destroy, Hitman Pro, and Ad-aware 2007 Edition (FREE).  Then Go buy a Sandisk USB memory Stick and put those on there for later use!!  You will always want to keep a backup of those just in case you get infected.

[ad#ad2-right]Make sure you update Windows regularly.  Having seen this time and time again, if you don’t keep windows updated then you lose the battle.  If you have a system that needs updating, I suggest downloading the Clone to Autopatcher.  This little program will download the files needed to update your system without having to be online.  Although, you can have windows update automatically every month but that might not update the recommended updates only the ones that are hot.  It doesn’t matter which way you prefer to update, as long as you do to update regularly, Like every 2nd Tuesday of the Month.

One last tip you should also keep your Firewall and Anti-virus updated.  There is a little program that will do that, it’s call AppSnap.  If you follow all these recommendations you will greatly reduce your chances of getting a virus on your system.

How to disable autorun the easy way!!!

I read a report from Cnet about USB devices spreading Virus and I will quote:

The bad guys are intentionally developing new flavors of malware designed to propagate through USB devices,” said Gunter Ollmann, chief security strategist for IBM’s ISS security division. “They are today’s floppy drives.”

[ad#ad2-right]An infected computer can spread a virus to a clean USB thumb drive that is inserted. That USB drive will then be spreading the virus onto other computers if the operating system on those machines has an AutoRun-type feature enabled. The AutoRun function in Windows launches installers and other programs automatically when a flash drive or CD is inserted. The Mac has an equivalent function, according to Ollmann.

[Via Cnet]

In order to disable “autorun“, which in Vista is called Autoplay. In order to disable Autoplay from starting when you insert media into your computer here is how you do it:

You will need to be Logged in as Administrator before this can be done:

Next click start and type “Autoplay” without quotes. It will bring up a screen but all you have to worry about is this:

Vista autorun

You will need to make sure there  is no check mark for “Use AutoPlay for all media and Devices”.   Click save and close.

[ad#ad2-left]Once that is done, you will have no more Autoruns from USB devices.  If you want to disable Autorun in XP, I’d suggest reading some of these articles for XP.

These are just a few and are really nice to articles but there are others out there that might be more to your liking.  I suggest searching Google for them.   I hope this helps you out!!!