Archive for the ‘Virus Alerts’ Category

I received a few emails the other day, and no they weren’t for weight loss pills, but they were about the “Daily Top 10” from CNN. In fact, I have received three emails every day for the past four days or so. Of course, I know I am not subscribed to anything from CNN (oh, and the emails are not from CNN anyway), so I knew to mark them as spam and not pay them any attention.

Others might not know, so…

Thousands (possibly millions) of users are receiving what looks like an innocuous daily missive from CNN.com (it sailed right through my spam filter), offering links to the “Daily Top 10″ stories and videos. Flag these emails as spam, and do not click the links inside. The links will direct you to a malware website and attempt to install dangerous software on your PC.

Thanks to Christopher Null, I now know, and so do you, that the emails are nastygrams from pathetic hackers hellbent on destruction.

Egads, not another vulnerability in Internet Explorer. Say it isn’t so.

One week after hiding Internet Explorer attack code on his Web site, security researcher Aviv Raff has posted details on how to launch the attack.

The bug lies in the “Print Table of Links” feature, which lets IE users print out a Web page along with a list of all the links on the page tacked onto the end. Raff discovered that if an attacker added special scripting code to a Web page, he could then run unauthorized software on the PCs of IE users who printed using this feature.

The flaw affects IE 7 and IE 8, Raff said. Security vendor Secunia said that the bug also affects IE 6.

They have classified this one as “less critical” believing that because of the many steps involved people won’t be as vulnerable. The thing is, people are like sheep. They will do exactly what they are told sometimes. I wouldn’t be surprised if someone reading this post has already clicked the link and is halfway toward running the malicious code.

I imagine that more people get in trouble with Internet Explorer than they do watching women in sexy shoes dance in front of them.

– Powered By Stuffr! –

Yes folks, Service Pack 3 is just another wonderful update from Microsoft.

Users who thought the Windows XP operating system would be more reliable than its younger sibling Vista are being buffeted by reports that the latest update for XP, Service Pack 3, has its own problems.

A variety of complaints about SP3 are being posted on the Web, with users complaining about system crashes, spontaneous reboots, and other issues. On the Windows XP forum at Microsoft.com, for instance, a poster named Doug W. said that, after installing SP3, he had to use system restore “after three attempts, with different configurations each time.” He mentioned that his system has an Athlon chip from Advanced Micro Devices, and other users have reported similar problems with SP3 on AMD machines.

I ran the update the other day and haven’t had any problems. I have an AMD Athlon 64, so I guess I should just shut up and be thankful. It wasn’t like I was trying to install a walk in tub or anything like that.

– Powered By Stuffr! –

There was an interesting piece at PCWorld yesterday…

It’s self-serving, but a new study by McAfee Inc. and the National Cyber Security Alliance has found that 78 percent of consumer PCs in the U.S. are not protected (defined as having up-to-date AV, spyware and a properly configured firewall).

What’s interesting, though is how many people think they are protected: 93 percent according the survey, which is set to be released Monday.

“There’s… a troubling perception among the vast majority of consumers that they’re well protected. And they’re not. ” McAfee says. Translation: buy more of our products.

Maybe on Monday we’ll learn then what percentage of the people who are not protected *think* they’re safe.

I find it ironic that it’s McAfee that did the study, since, even with McAfee fully installed and updated, our systems at the office ended up infected far more often than with any other product before, or since.

I don’t think it matters how many products you buy from McAfee, to be honest.

If this happened to me, I would think that someone had a hidden camera somewhere waiting for my reaction.

A batch of laptops pre-installed with Windows Vista Home Premium was found to have been infected with a 13-year-old boot sector virus.

Those of you with a long memory will vividly recall the year 1994: Nirvana’s lead singer Kurt Cobain died, South Africa held its first multi-racial elections, and Tony Blair became leader of the Labour party. Oh, and Microsoft’s operating system was the quaint, pre-NT Windows for Workgroups.

But it was a year that also saw the arrival of a boot sector computer virus known as Stoned.Angelina which moved the original master boot record to cylinder 0, head 0, sector 9.

Talk about a crapshoot. I think we’d have better luck finding designer knockoffs at some wholesale clothing store than we would avoiding some of the viruses out there.

[Source: The Register via Dvorak]

There is something kind of funny about this story.

A Republican Party Web site has been hacked, and for some time it has been spreading a variation of the long-running Storm Trojan horse to vulnerable visitors, a security researcher said Friday.

This is the first time that Storm has taken to the Web for its victims, said Dan Hubbard, head of research at San Diego-based Websense Inc. “The big news is that Storm has added infecting sites to its arsenal,” said Hubbard.

Storm debuted in January but only cracked the top malware lists early this summer, and has become infamous for its ability to adapt its infection strategies.

I know there’s a joke there somewhere, I just haven’t found it yet. If it’s not a joke, then I need to undergo some drug rehabilitation right quick.

Skype users beware!

Skype users are under attack from a new worm that spreads through the peer-to-peer Internet phone application’s chat feature.

The attack begins when a user receives an instant message containing a link from someone in their contact list or an unknown Skype user, said Villu Arak, a Skype spokesman based in Tallinn, Estonia.

There are several versions of the chat messages, which are “cleverly written” to fool users, Arak wrote on the Skype heartbeat blog. The link appears to contain a JPEG photo file, but if clicked causes the Windows run/save dialog box to appear, which asks whether the user wants to save or run a “.scr” file.

The file is malicious software that can then access a user’s PC via Skype’s API (application programming interface). The malicious file has been named W32/Ramex.A.

“Users whose computers are infected with this virus will send a chat message to other Skype users asking them to click on a web link that can infect” their computers, Arak wrote.

To avoid trouble, users should not download the file. At least two security vendors, F-Secure and Kaspersky Lab, have updated their software to detect the worm, Arak wrote.

Once again, the easiest defense is not opening items in the first place. When will people learn?

This is not the news I wanted to hear while I am sitting here enjoying my weekend.

An old worm known as Slammer, which originated back in January 2003, is still going strong according to Gunter Ollmann, director of security strategy at IBM’s Internet Security Systems (IBM ISS).

Ollmann, the author of the white paper “Old threats never die”, says that Slammer is still the threat most commonly encountered by IBM ISS.

…

“Antivirus systems can handle tens of thousands of new signatures without blinking, but after a few hundred thousand they begin to struggle a bit,” he wrote in a blog post this week. “Now, with several hundred thousand new virus strains each year (and increasing faster than Moore’s Law), things are getting pretty creaky.”

Why doesn’t someone write a virus that attacks other viruses instead? They’re doing it in medicine so it only makes sense that they can do it with computers.

Keep your eyes open people. Make sure your anti-virus software is up to date, and never, NEVER, open email attachments without scanning them first.

Like a summer cyclone gathering force, the Storm e-mail worm is casting an expanding shadow on the Internet.

Storm first spread to e-mail in-boxes in Europe and the USA in January – enticing recipients to click on a link for a fake news story about a deadly storm or other dramatic event. Clicking on the link turned the PC over to Storm’s controller.

As security companies began blocking such e-mail, Storm instead started sending out links to tainted e-cards purportedly from family or friends.

“It’s the perfect example of the cat-and-mouse game where the author modifies the threat to stay ahead,” says Ben Greenbaum, senior research at anti-virus supplier Symantec. (SYMC)

At the Black Hat security conference here, Atlanta-based security firm SecureWorks said Thursday that it has blocked 20 million copies of Storm from hitting e-mail in-boxes at its 1,800 clients since June.

[Source: USAToday via Yahoo! News]

For your information:

Virus hunters have discovered a new Trojan that encrypts files on an infected computer and then demands $300 in ransom for a decryption password.

The Trojan, identified as Cryzip, uses a commercial zip library to store the victim’s documents inside a password-protected zip file and leaves step-by-step instructions on how to pay the ransom to retrieve the files.

It is not yet clear how the Trojan is being distributed, but security researchers say it was part of a small e-mail spam run that successfully evaded anti-virus scanners by staying below the radar.

While this type of attack, known as “ransomware,” is not entirely new, it points to an increasing level of sophistication among online thieves who use social engineering tactics to trick victims into installing malware, said Shane Coursen, senior technical consultant at Moscow-based anti-virus vendor Kaspersky Lab.

[Source: eweek.com]