Critical Security Fix it Released for Windows

If you run Windows Xp, Vista or Windows 7 you need to immediately install a patch. Go to http://support.microsoft.com/kb/2639658 and download and right-click install the Enable Fix it link. If the fix does not install correctly you should re-visit the link and click on the Disable Fix it link.

This threat is serious so don"t fail to install the patch - This “Duqu” Trojan is really nasty.

Peek-a-boo !

Remember the problem back in 2008 that resulted in an Adobe Flash Upgrade? The solution for future attacks targeting users built-in Webcams was to cover it with tape, chewing gum, etc. The USB cams would be made safe by simply unplugging them. Well, keep doing something because the security flaw still exists. Read aout it here.

You're all a bunch of thieving crooks.

A report from the Business Software Alliance (BSA) appears to show that most people have illegal or pirated software on their PC's. A Google news search gives you a good overview.

Tsk-tsk-tsk - you people should be ashamed.

Be aware that you will eventually be plagued with a piece of software containing a virus, spyware, malware, trojan or some other evil bit.

Try using open source software or look into searching for well written applications whose cost is rarely above $50.00 and generally provide years of free updates. Sweet.

IE Exploit for Xmas!

Microsoft's Internet Explorer is the target of a new zero day attack.
Best Practice? If you're using IE, stop.
If you must use IE then perhaps Sandbox it with Sandboxie.
Why not try Firefox (with the awesome No-Script Add-on) or Opera instead?
Safer, Better and hip . . . like the kids say.

Facebook f**k up

Oops. Facebook's new Open Graph API is leaking sez PC World. It's security breaches such as these that will cause problems because of the interrelationship between so many disparate applications and the general mass of users who never check settings. If people don't start taking security seriously before a problem develops the cost and effort to fix the problem could be very high indeed.

Twitter Awareness

The recent cross-scripting attack on the newest buzzword universe called Twitter is merely another bump on the rocky road through Interpipe 2.0

These XSS attacks are the bane of Web 2.0 and will cause disasters for individuals who refuse to become aware of their online surroundings. Compound this with users who remain clueless about what is running on their PC's and you have a large impediment in the push through to Web 3.0 applications.

Now add smartphones and netbooks to the mix ;(

For a fine write up on the Twitter XSS attack see: http://twittercism.com/protect-yourself-on-twitter/

Be sure to check out the fine tip from Twittercism about XSS busting using Firefox browser with the Add-on NoScript with screencaps from Better Safe Than Sorry here.

Downadup Worm Awareness

The nasty worm dubbed Downadup.AL is reaching out and touching many people. F-Secure has a (beta) application to check your Windows system for infection - it's here: ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip. If you use Firefox browser (and why wouldn't you?) using the Add-on No-Script is a wise move to prevent this and other nasties from gaining a foothold into your system. Of course, running a software firewall, hardware router and and Anti-virus application is your best bet to remaining free of doom.

Facebook Botnet Proof of Concept

An application was recently created for Facebook called ‘’Photo of the Day‘’ that displayed a new photo from National Geographic every day. What users were unaware of was that the app turned their PC into part of a botnet that launched a denial-of-service attack on a targeted server. The server was one owned by the creators so no one was harmed but as a concept its frightening.

These co-opted PC's could be used to spread malware, trojans, etc. and are a direct threat the many social nnetworking sites that are now all the rage.

So, always assume that any software, even those online, could be compromised. One of the best ways to protect yourself is to use Firefox browser with the No-script add-on. This would likely have informed users that something weird was up.

Evil Hewlett-Packard support application

If you use an HP computer chances are it has a pre-installed customer support application that has been found to contain multiple security vulnerabilities. The software is designed to make it simple for users to automatically update HP drivers and software. However, flaws in ActiveX components within the HP Instant Support allow drive-by download attacks in cases where users unwittingly visit insecure websites.

HP Instant Support HPISDataManager.dll version 1.0.0.22 and earlier are affected. Users should upgrade to version 1.0.0.24.

To install the upgrade HP users should visit "http://www.hp.com/go/ispe" and choose “launch an online diagnostic session".

Unpatched QuickTime Flaw

Those using QuickTime should be aware that a flaw in the most current version could allow attackers to execute code remotely on users machines. While there is no patch available CERT has posted various workarounds to minimize the risk.

RealPlayer Exploit

User of Internet Explorer under Windows are vulnerable to drive-by downloads simply by visiting an evil Web page. As usual, it is an unknown and unpatched ActiveX component that is causing the problem. Note that both Microsoft Outlook and Outlook Express clients are also at risk. Best practices? Uninstall RealPlayer, use an alternative browser such as Firefox or Opera and use another email client such as Thunderbird or Penelope. Those who just can't part with RealPlayer should visit http://service.real.com/realplayer/security/en/ and (when available) download and install the patch. Ryan Naraine over at ZDNet.com has a great write up with info and fixes.

OpenOffice.org Virus Spreads

A virus written in numerous scripting languages that can affect Windows, Linux, and Mac OS X computers is slowly spreading via infected OpenOffice.org documents. Best practice is, of course, to never accept documents as attachments in email if you were not expecting them. Inform the sender that it is always best to announce attachments before sending. Having a good Anti-Virus and firewall is also an excellent idea just in case nasties end up on your system. Better safe than sorry!

Yahoo Messenger Critical Upgrade

Yahoo Messenger has released an upgrade to fix a known security hole that would allow attackers to execute code on your PC. Please upgrade to version 8.1.0.401 from here: http://messenger.yahoo.com/download.php

Google: 1 in 10 Websites Unsafe

Especially if you use Internet Explorer as opposed to Firefox or Opera. The chance of being nailed by a "drive-by download" is almost non-existent when using any browser other than Internet Explorer. Do yourself a favour and try a safer alternative.

MySpace.com + IE Flaw + Known Exploit = Chaos

It appears Internet Explorer is again being exploited by evil Windows Metafile (.WMF) images. Worse, these images reside on MySpace.com with some 50+ million users. This exploit quickly follows the most recent Microsoft Update forcing drastic action from someone.At out-of-cycle patch from Microsoft or a third-party fix from a two-person shop in Guyana all works for me. Until a fix appears use an alternative browser such as Opera or Firefox.

MS PowerPoint Attachment Trouble

If you receive an email from an unknown Gmail address and it contains an MS PowerPoint presentation then delete it.

Macromedia Flash Player Update

The most recent version is available here:http://www.adobe.com/products/flashplayer/. This fixes a few security boo-boos and is a must have download.

IM Worm Targets Yahoo Users

A worm dubbed yhoo32.explr is spreading across Yahoo's IM network. It forwards itself using the contact lists of people whose computers have already been infected. If installed it hijacks the browser home page steering the users to an evil site that attempts to load spyware.

Poker Players Beware!

If you downloaded RBCalc.exe as distributed by checkraised[dot]com then you have a rootkit on your system! Always check downloads before you make them to ensure they are safe.

Flexispy.A Symbian 60 Trojan / Keylogger

This nasty litle piece of work is actually a commercial product named Flexispy! It records information about voice calls and text messaging sessions. The information is sent to a company server where it can be viewed on the web. Now, I can imagine many scenarios where this type of application could be used in a positive manner but lets get realistic and assume it will be used for nefarious purposes. F-Secure has all the details.

MS to Remove Sony Rootkit via Anti-Spyware & Malicious Software Removal Tool

Microsoft has decided that the Sony Rootkit poses a threat to its operating systems. Future updates to the Microsoft AntiSpyware application and the now commonly updated Malicious Software Removal Tool will contain the signatures required to remove the truly evil Sony Rootkit. Thanks Bill!

Sony Rootkit UNinstaller Almost Worse than Rootkit!

According to Mark Russinovich of Sysinternals.com (the chap who initially discovered the menace) the uninstaller only forces XP to issue the Windows command "net stop" that disables the driver. This inept handling can and has caused XP to crash. The President of Sony BMG's global digital business division Thomas Hesse has explained it all, "Most people, I think, don't even know what a rootkit is, so why should they care about it?" Right. I don't know what Sony stock is either so why should I care if it drops like a rock? Check out the story at The Register here: http://www.theregister.co.uk/2005/11/09/sony_drm_who_cares/ and don't miss the link to the NPR interview with the clueless Sony Prez.

Sony Rootkit Uninstaller Available

Sony is now offering users an uninstaller for the Rootkit that would have secretly installed on their PCs if they had placed a Sony music CD in their CD drive anytime after March 2005. While the Rootkit is (probably) not in itself dangerous it does allow hackers a potential entry point into a users PC and for this reason alone should be removed. Bad Sony, bad dog!

Sony, DRM & Rootkits

Sony BMG is currently using a rootkit-based DRM system on some CD records sold in USA.

The system is implemented in a way that makes it possible for viruses (or any other malicious program) to use the rootkit to hide themselves too. This may lead to a situation where the virus remains undetected even if the user has got updated antivirus software installed.

The quotes above were taken from F-Secure - The whole article is here.

World Of Warcraft = Spyware

It seems the company the produces the popular game World of Warcraft, Blizzard, has been caught reading the processes on users PC's. Now, even though the EULA states this is happening and users could decline it's still a massive invasion of privacy. Read the story here: http://www.eff.org/deeplinks/archives/004076.php and check out the way to "spy on the spy" here: http://www.rootkit.com/newsread_print.php?newsid=371.

Windows Registry Flaw

A recently detected flaw in Windows registry concerns its handling of long string names. A malicious program could hide itself in a registry key by creating a string with a long name which would allow it to remain hidden. Keys added afterwards would also remain obscured so the horror could escalate. The vulnerability affects Windows XP and Windows 2000 even if they are fully patched according to Secunia. A detection tool can be found here: http://isc.sans.org/LVNSearch.exe

Srv.SSA-KeyLogger

If you still use Internet Explorer to surf the 'Net you may be at risk of turning over private information concerning sites you visit such as Paypal or your online bank. Sunbelt Software has discovered a keylogger that can be installed by merely visiting an evil web site where a "drive by download" may occur. The infection opens a backdoor on the system that harvests usernames + passwords that are then sent to repositories. Some 30,000 indviduals have already been victimized. Sunbelt has offered a detection tool. Please consider using an alternative browser such as Firefox or Opera as a way to prevent this type of threat in the future..

CoolWebSearch Spyware Uncovered

Identity theft via CoolWebSearch has apparently been uncovered. If true, and the facts are not yet comfirmed to my satisfaction, this massive illegal harvesting of financial and personal information may hopefully wake folks up regarding the potential security risks when using an unprotected Windows OS. Use a firewall and anti-virus software. Buy a hardware router. Install and run anti-spyware applications. Do not run your Windows in Administrator mode. Get a grip, dammit!

Spyware "calling home" Increasing

The Register reports that the UK firm ScanSafe estimates that around 8% of outbound traffic from PC's is evil Spyware applications attemping to connect to the Internet.
Get thee hence to a firewall, varlet, or thy doom is certain!

MS Anti-Spyware Allows Claria Adware?

It appears that Microsoft's Anti-Spyware application now defaults to allowing these well known purveyors of spyware to exist on users computers. For this reason alone we suggest you always run more than one spyware removal application - consider this as the layered defence. Try Spyware Blaster, HijackThis! and Spybot - Search & Destroy.