|
Information Security Newsletter Bulletins posted 6/12/2009 Fake Windows Update e-mails are reported If you receive an email from Microsoft regarding an important security update that contains a link to some executable you should be aware that this is malware and never follow such a link. MX Lab intercepted a new sample of such an email from “Microsoft Corporation” with the subject “Important Windows Xp/Vista Security Update!”. The message warns about a recent outbreak of the Conflicker worm that has infected 15 million Windows users and the fact that this worm has already been updated and harder to detect. The alleged security update notification recommends to install the removal tool remtool_conf.exe that can be downloaded from hxxp://windowsupdate.microsoft.com.ssl3.pop3.ru/remtool_conf.exe. In the email are clear instructions on how to install the remtool_conf.exe: (DO NOT FOLLOW THESE INSTRUCTIONS - THIS IS AN EXAMPLE OF THE SCAM E-MAIL) Obviously (I hope!), this would be a very bad idea on many levels. Watch out for this scam and warn your vulnerable friends and family. From GovernmentSecurity.orgMozilla releases new build of Firefox v3 with security fixes and issues 9 Security Advisories We recommend updating to Firefox version 3.0.11 as soon as possible, either through automatic updating in the browser, or by visiting mozilla's website. From Donna Buenaventura at Donna's Security Flash BlogTwo new Mac attacks surface Sophos on Wednesday discovered a new version of the Mac OS X Tored worm, according to a Sophos blog post On Tuesday, Paretologic warned about a porn site that was downloading malware that targets both the PC and the Mac. Mac users get redirected to the pagemac.php page, which downloads a QuickTime.dmg file, the blog post says. Sophos explained in blog post on Thursday that visitors to the malicious porn site are told they have to download an ActiveX component to view the videos. Instead, a Trojan, dubbed OSX/Jahlavc, gets downloaded. "As we've demonstrated before, and as we'll no doubt explain again, the Mac malware threat is real," writes Sophos security researcher Graham Cluley. "Hackers are deliberately planting malicious code on Web sites, and using social engineering tricks to fool you into installing it onto your computer." Sorry all you comfortable Mac users, you are beginning to be the latest target. Watch out for these type of sites and scams - they won't always be so obvious, as your poor beleaguered PC cousins can tell you from experience! From CNET News - by Elinor MillsBulletins posted 6/11/2009 Microsoft Update Removes Rogue Antivirus Program The company's latest update to its Windows Malicious Software Removal Tool, (MSRT) released Tuesday, adds detection for this dubious program, which masquerades as security software. Like all of these rogue antivirus products, Internet Antivirus Pro tries to trick victims into installing the software. It pops up a fake warning message and then pretends to scan the victim's computer. But instead of scanning for malicious software, Internet Antivirus downloads password-stealing software that looks for FTP user names and passwords, presumably so that its creators can install their software on Web servers. Internet Antivirus installs a browser component that displays fake messages, and it also pops up a fake Windows Security Center, Microsoft said in a blog posting Tuesday. The software has also used the names General Antivirus and Personal Antivirus. Rogue antivirus software has been on the rise over the past year and was among the most-detected unwanted software on Windows PCs during the second half of last year, Microsoft said in its recent Security Intelligence Report. This is a great new tool in the fight against one of the most pervasive threats we've seen recently. It should have been loaded along with your Windows update if you have those set to automatic. But since this is such an important tool, we recommend checking to make sure that it did load and run on your systems. From PC World - by Robert McMillan, IDG News ServiceExtortion Scheme Aimed at Asian Victims Individuals who receive phone calls or e-mails containing threats of violence and their personally identifiable information (PII) are encouraged to contact law enforcement as well as file a complaint at www.IC3.gov. From the Internet Crime Complaint Center (IC3)Bulletins posted 6/10/2009 Virtual-machine exploit lets attackers take over host Penetration-testing company Immunity has exploited a flaw in VMware software that allows malicious code running in a virtual machine to take over the host operating system. Immunity included the attack code in an update to its commercial penetration-testing tool, Canvas 6.47, released on Tuesday last week. The attack code is in a module of the tool called Cloudburst. Cloudburst uses a vulnerability in the virtual-machine display functions of VMware Workstation that can be exploited by a specially crafted video file. The malicious file, when executed within a virtual machine, could allow an intruder to take over the host operating system, according to security researchers. The bug itself affects VMware Workstation 6.5.1 and earlier, or the associated Player versions. The software can be running on any host system, including Linux, according to VMware. However, the Cloudburst exploit currently has certain limitations: it will only succeed on Workstation 6.5.0 or 6.5.1 or the associated Player versions. In addition, the guest and host must be Windows-based, among other requirements, Immunity said in its release notes. The bug, which has been assigned the Common Vulnerabilities and Exploits (CVE) reference CVE-2009-1244, was disclosed in January, and VMware issued a patch in April. However, system administrators do not always keep their systems up to date with patches, Immunity said. The bug is dangerous partly because it works with default VMware settings, according to security researchers. Secunia, a third-party security firm, gave the flaw a "highly critical" rating. The flaw was discovered by Immunity researcher Kostya Kortchinsky, and Immunity published a video demonstrating its attack in April. "The exploit is amazing," Immunity chief executive Dave Aitel said in a newslist post announcing the exploit video. As noted above, a patch for this vulnerability was issued back in April. Now this is out there in the wild, so if you haven't patched your VM Ware software yet, it's past time! From ZDNet UK - by Matthew BroersmaeBay Enhanced Picture Uploader ActiveX control vulnerable to arbitrary command execution Description: The eBay Enhanced Picture Uploader ActiveX control is used by the eBay web site to give Internet Explorer users additional functionality when uploading pictures to an auction. This ActiveX control is provided by the file EPUWALcontrol.dll. If an attacker provides a specially-crafted PictureUrls property or initialization parameter, the ActiveX control will execute the commands that are specified. Impact: By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary commands with the privileges of the user. Solution: Apply an update Why is there an update? Getting the update If you are an eBay user and have uploaded pictures, make sure you've applied this patch and that your Window update has been run this month. From Donna Buenaventura at Donna's Security Flash BlogBulletins posted 6/09/2009 Scammers Take Advantage of Air France Tragedy and Carradine Death Now we are seeing Twitter updates about David Carradine's death containing links to poisoned web sites that infect your computer with malware or "scareware" (fake antivirus programs sold by scaring you into thinking you have a virus). The other current scam is hijacking search engine results so that searches about the Air France Flight 447 tragedy point to websites promoting scareware. These are amongst the most disgusting but also the most effective of scams. Be sure you don't fall victim and warn your vulnerable friends and family. New Safari 4.0 fixes more than 50 vulnerabilities If you are using Apple's Safari browser, we recommend updating it to version 4.0 as soon as possible. From SC Magazine - by Angela MoscaritoloMicrosoft Releases 10 Security Bulletins for Patch Tuesday Microsoft has released ten (10) security bulletins for June 2009
They also re-released Security Bulletin:
Note that Microsoft has not released a security bulletin or security update for Vulnerability in Microsoft DirectShow (Security Advisory – 971778). Windows XP, Windows 2000 and Windows Server 2003 are affected by the said vulnerability in DirectShow. Use the provided Fix It Solution or work-around to help protect your systems. We always recommend having automatic updates enabled so that these updates occur as soon as possible. But if you have not done so for whatever reason, we strongly suggest logging into the Microsoft Update site and applying these as soon as possible. It is also advised to use the fix-it work around noted above to protect your computer from this new vulnerability. From Donna Buenaventura at Donna's Security Flash BlogBulletins posted 6/08/2009 Google Chrome Out for Mac and Linux - Just Don`t Download It Yet Google has some advice for the average Mac and Linux user – don’t download Chrome just yet. The versions of the Chrome browser released last night via Google’s development channel still have some kinks in them and were only made available to allow developers to kick the tires, Google officials said. Those who download them will find them with more than a few bugs and lacking some of Chrome's normal security features and capabilities. So, all you Mac and Linux users, hold your horses for now. Unless of course you ARE a developer and like playing with things that don't work and might crash your computer! From eWeek.com - by Brian Prince---------------------------------------- |
