This is funny. McAfee posted a new scam on their blog. I’ve got to say, this is one of the most imaginative scams I’ve seen since the virus that encrypted your PC, for which the author was willing to "sell" you the decryption key.
Now, Russian spammers have a new twist on social engineering. For the small fee of a dollar ($1.00), they are willing to "unsubscribe" you from their spam. Unfortunately, the spam arrives in Russian. Stay tuned for the English version!
OSG has always recommended that users exercise diligence when handling emails; especially ones with attachments.
This is especially true today. A new virus has been circulating around the Internet. Infection rates are pretty high at the moment. Additionally, within the first few hours, variants of this virus have been observed. These emails arrive with the promise of a video involving
The attachments are executables (.exe extensions). Anti-Virus companies are catching and releasing new definitions. It’s up to users to go get them (GO GET YOURS). This is one of the reasons that we recommend Anti-Virus products that have frequent (at least daily) definition releases. Kaspersky, our favorite, provided hourly patches.
Back to this virus…expect more variants. Users should never accept attachments that are executables.
1/19/2007 21:10 EST UPDATE: The purpose of this infections has the appearance of building a large peer-to-peer network.
I’ve been working on a PC for the last few days that really emphasizes the need for diligence when browsing the Internet and downloading programs. I cleaned what I thought was all of it, and but decided to give it one last check. Hooking it up to my virus network, I was very annoyed to find MySearchBar buried in my http requests! This was a painful reminder that malware (especially if left untreated) is becoming more "efficient".
"Fun Web Products" are nothing new. But for some reason, nothing was detecting it as malware or a virus/Trojan. Not even Microsoft Defender. This shakes my faith in it. I understand that Fun Web Products are usually installed by user intervention (or accompanied with something else), but Defender, and all those others that claim to be around to help us, should throw up some kind of flag.
MS disclosed patches for vulnerabilities that were discovered in Excel, Outlook, and IE (also Office 2003 if you run the Brazilian grammar checker). Each of these are needed patches, but the IE one is one that you should stop reading and go get now. It affects all recent versions of Windows EXCEPT Vista. That’s right, I said it doesn’t affect Vista. Woot, there’s one!
Get the patches from Windows Updates when prompted, or go to http://update.microsoft.com. While your there, get the Malicious Software Removal Tool.
I’m a firm believer in "not casting stones if you live in a glass house"; especially if you are in the software development business. That holds true for everyone that jumped on the bandwagon to attack Microsoft. Apple is no exception, especially with their cute MAC commercials touting their "features" (like bugs and security) over a WinTel PC. Well, three days into the new year (Happy New Year by the way), Apple is working to plug two holes in their software. The first is a Quicktime RTSP URL handler vulnerability. Using a specifically crafted string in the URL, the attacker can cause an overflow, allowing remote code to be executed.
A second bug was found in VLC Media player. According to http://applefun.blogspot.com/
"A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC."
What I find interesting is that this bug is in VLC v0.8.6, which was just released on December 10th, 2006 (released with "many bug fixes"). VLC is a free cross-platform player, that is released under GNU. It should be said that this vulnerability impacts OSX and Windows. I don’t know many Windows users of VideoLAN-VLC. If you do, we’d like to hear from you. Tell us why.
If you were one of the wise folks that took my advice and downloaded Windows Defender Beta 2, you may be leaving yourself unprotected if you did not upgrade. Chances are that the upgrade happened seamlessly, but if you don’t leave your PC powered up and logged on, the update may not have happened and the program may now be disabled. Check! This is important. Start the program (right now). If it is expired, you will get a window that says that the beta has expired. If you do, you can get the update from the MS Security At Home website.
Defender is worked very well as a Beta. I have no reason to expect that this won’t continue. I use it and continue to recommend it.
New Year’s eve, a cross-script vulnerability was reported to Google about its popular GMail tool. The bug allowed specially written code to gain access to the Gmail contact list if the user was logged on to Gmail. Google was very quick to respond by posting a "fix". But, the vulnerability was only partially fixed, according to a blog on ZDnet. The blog recommends that you log out of GMail when you’re not using it. Makes perfect sense.
OSG: Bits, Bytes and Packets 