Skip navigation

Monthly Archives: November 2008

Microsoft reveals details about malware from unpatched MS08-67 hosts

A month after Microsoft warned about a vulnerability in MS Operating Systems (MS08-067), a warning was posted today that customers are reporting infections from the vulnerability. Although, hosts that were patched were not infected.

In the spirit of the renewed fight against malware, MS documented the attacks. They can be found at the following links:

http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A
http://www.microsoft.com/security/portal/Entry.aspx?Name=Backdoor%3aWin32%2fIRCbot.BH

This is only the beginning. Make sure these are patched right away if they are not already.

Microsoft Onecare bites the dust

Almost a year and a half after launching the paid service for PC protection, Microsoft squashed the Live OneCare product. Microsoft’s spin is that the move is "to address a growing need for a PC security solution tailored to the demands of emerging markets…". Many feel that this was really about the failure of OneCare to take off the way MS had hoped.

The MS effort now shifts to a project code named "Morro". This will be a "FREE" product and promises to be smaller requiring less resources; a common complaint about AV products.

It won’t be available until mid 2009 and is expected to be a combination of many free AV products available now. You can keep an eye on it here: http://windowsonecare.spaces.live.com/

Acrobat PDFs under attack

Earlier last week, Adobe released a "Security Update" (a patch) for a vulnerability that was discovered in Adobe Reader AND Acrobat Professional versions previous to v9 (Adobe Reader 8.1.2 and earlier). Details of the update can be found here:
http://www.adobe.com/support/security/bulletins/apsb08-19.html

It did not take long for the vulnerability exploits to begin circulating through the internet. What is more concerning is the absence of AV/Malware detection. See the ISC article here:
http://isc.sans.org/diary.html?storyid=5324.

The nature of the exploit allows for execution of the code of choice or denial of service (DOS).

In light of the favorable use of PDFs and the deployment of Acrobat in this space, this is a considerable risk. At present, the payload has been for infection purposes. Don’t expect it to stay this way. There is a reasonable expectation for larger consequences.

Remember, when considering protection, public deployment of PDFs exist on web sites as well as in emails in the form of attachments.