Today, variations of the "storm" emails started arriving. The most common was spoke of a greeting card from a "partner" that was waiting to be picked up. Other than that, they had the same details in the message.
I would expect that there will be more variations in the coming days; to be followed by others soon thereafter. Their getting allot of mileage out of this one.
There have been password stealers, Quicktime media directed exploits and attacks, and others. But the latest attack on the popular virtual social scene is altering the victim’s MySpace page and loading a "phishing site". If the visitors’ (usually your friends) PC isn’t patched with the latest Microsoft security updates, malware is uploaded to their PC and execute. This software joins their PCs to a huge network of other infected PCs that are "used" at the pleasure of an unknown remote user (generally other attacks, hosts for phishing sites, spam, etc).
By all suggestions, the infection rate is not going down. Instead it is going up.
Expect more of these types of attacks to come.
Trend Micro has a great article on their blog about a new battery of spam that is circulating on the Internet. Like many of the others, a link in the email promises the reader that he/she can retrieve an electronic postcard sent by a family member. When the user clicks on the link, he is referred to what looks like a harmless blank web page (like we get sometimes browsing the Internet). But instead, the underlying code of the page is JavaScript that attempts vulnerability exploits and malware downloads/execution (oh joy!).
The lesson here is stay away these postcard emails, patch your PCs/software, don’t click on unsolicited links, and keep your anti-virus up to date.
I get well intended ePostcards/eGreetingcards all the time from well intending family members. I haven’t clicked on one in years (back in the days when we clicked on everything we got in the mail). These days, the risks are just too great. Tell your family and friends to resist the urge. Your PC will be allot safer without it.
Regardless of how convincing it may look, Microsoft does not send updates by email. With that being said, be warned that there are emails floating around that claim to be just that; a Microsoft Update. And they are not well intended.
As always, be suspicious of email with attachments; especially unsolicited ones.
A few weeks ago, I had a discussion with someone about laptops and PCs in general. Based on the described needs, I had suggested that he get a Dell. Someone nearby chimed in saying that he should get an Apple, and proceeded to spew the Apple Anti-Microsoft marketing rhetoric about how secure Apples are and how they "never" (his word) have security issues. I proceeded to point out that this simply wasn’t true and he just stopped listening because the commercial told him so.
Well, the fact of the matter is that Apple (and every other OS available; free or paid) has vulnerabilities. The developers simply cant test for every condition out in the real world. So they release it in the best state they can, and we, through our use or testing, find the problem.
What makes the difference in the response and speed of the company that makes it stand out. Obviously the larger the impact of the problem, the more resources that will be applied to it.
On that note, Apple patches vulnerabilities in Cross-site scripting. You can get the patches using the Apple Software Update or you can download them from Apple Downloads.
The vulnerabilities have the following impact in MAC OS X 10:
Visiting a malicious website may allow cross-site requests
Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Attackers have targeted Harry Potter and no amount of magic can pull the secrets back. Yes, as you may have heard, the unofficial word is out about how the newest Harry Potter episode concludes. To me, that isn’t as much of the story as is how that information supposedly became available. If you came here looking for the spoiler information, the only thing we’re spoiling here is the attack method.
A few days ago, on a popular hacking email list, someone claiming to be part of an activist group described how they did it (along with some "spoiler details" about Harry Potter and the Deathly Hallows). This is the real story and should strike fear in IT administrators and computers owners everywhere (including you parents with kids that use a PC on your home network).
The method was as simple as targeting an email address of an employee of Bloomsbury Publishing. Using some sort of engineered temptation to "click on the animated icon", the attack caused an exploit to be downloaded to and executed on the user’s PC. This allowed a reverse shell (think of someone having DOS remote control of your PC) to be created. That gave them total control to do whatever they wanted on (and to) that PC. And the attacker does that with the credentials of the user.
Gloating at the success, the attacker commented how amazing it was to see how many people inside the company have copies and drafts of the book. What this means is that the very same thing can be done to our commercial and home networks. From company secrets to home user documents, email stores, pictures of your family on vacation last year, and protected password files can be accessed.
There’s a number of important lessons here:
This is all scary stuff that is no longer theory or possibilities discussed by security professionals and web sites. Many people take security as an after thought. You may not believe in magic, but Harry Potter and the other wizards now believe in computer security.
On June 19th, 2007, Gateway issued a voluntary recall of batteries for
|
Notebook Model |
Battery Part# |
|---|---|
| 400VTX | 6500760 |
| 450ROG | 6500761 |
This only affects batteries shipped in May 2003 through June 2003. The report that I saw stated risks of overheating and fire. If you have the notebook model with the battery part (or if you have any questions), you should contact Gateway and see what your options are. Considering the heat that usually accompanies battery use on laptops, I wouldn’t use the battery at all after reading this. Gateway states you shouldn’t even have it in the notebook.
More info from the Gateway web site here:
In what is being dubbed the "Italian job", Trend Micro is warning about a fast moving infection that started with users simply browsing legitimate web sites. TM is saying that 10s of thousands of computer users are now infected, and the numbers are climbing. Based on iFrame vulnerabilities, malicious code is dropping keyloggers to steal typed user information (like passwords), turning computers into proxy servers (users can browse the Internet and attack others from your PC; without you knowing), and cause other mischief. Anti-virus software with up-to-date definitions may detect instances of JavaScript downloaders and html iframe malware.
This only reinforces the need for anti-virus protection; especially while browsing web sites; even ones you consider safe.
Trend Micro has made a tool available for administrators to disinfect web servers. It can be found here.
OSG: Bits, Bytes and Packets 