Anti-Malware

Microsoft has issued a warning to the 900 million users of it’s Internet Explorer web browser admitting that they are at serious risk of having their PCs hacked and their private information stolen by attackers.

Microsoft has also confirmed that they haven’t developed a permanant patch for the exploit yet, however users are advised to apply a temporary fix that will prevent hackers from being able to exploit the vunerability and install malcious software (aka malware) which can infect a users PC simply by visiting a rouge of infected website.

According to Microsoft’s Angela Gunn “an attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicked that link, the malicious script would run on the user’s computer for the rest of the current Internet Explorer session”.

She went on to say that “such a script might collect user information (eg., email), spoof content displayed in the browser, or otherwise interfere with the user’s experience”.

Althought Mozilla Firefox and Google Crome have made inroads into the PC browser market, Microsoft’s Internet Explorer still remains the most widely used browser with over 50% marketshare.

For more information, visit the Official Microsoft blog post regarding this issue.

Continue Reading

Microsoft proudly has announced that the SmartScreen Filter found in Internet Explorer 8, which helps prevent malware attacks has successfully blocked it’s one billionth malware download attempt.

The SmartScreen filter, similar to those found in other browsers such as Mozilla Firefox works buy cross-checking websites against a white list of known good sites to protect the user and then accessing any new sites a user visits for suspicious behaviour. If  a user insists on visiting a known suspicious site, IE8 will block any download attempts by the website from harming the users PC.

“Socially engineering attacks like malware are a growing threat on the internet and are one of the most common risks to people’s safety online. We introduced malware protection in Internet Explorer 8 as part of the SmartScreen Filter and have talked about it on the Windows Experience Blog a couple of times over the last year”, said James Pratt on the Microsoft Blog.

“1 billion malware blocks is an amazing milestone and an example of two things. First socially engineered attacks like malware continue to be a real threat for users on the web. Second, to help keep you safe online your browser needs to continually enhance and improve its service. We have got better and better at blocking malware through the SmartScreen Filter because we have continued to invest in our back end service since we released IE8 in March 2009. It’s this investment that has kept us at the top of the socially engineering malware charts according to NSS Labs and has helped our customers stay safe online.”

For further reading, see the official Microsoft blog post.

Continue Reading

Exploits for the recently discovered Windows shortcut vulnerability are now fully out in the wild and affecting users. While earlier samples were seen in more narrowly targeted attacks, the new samples Trend Micro analysts found are now aimed at broader audiences and pose a threat to users at large. Indonesia and India have been particularly hard-hit by this attack, accounting for more than 75 percent of the total number of infections.

In addition, a recent update to Microsoft’s advisory has added a new vector for this vulnerability. File formats that support embedded shortcuts (e.g., Microsoft Office documents) can now be used to spread exploits as well. This means that users who download and open such files could find themselves the latest victim of this vulnerability. It has also been reported that this attack could be used in drive-by attack scenarios, further increasing risks.

However, the good news is that Trend Micro proactively detects shortcut files that exploit this security flaw as LNK_STUXNET.SM. The malware’s payloads are also proactively detected as WORM_STUXNET.SM. Earlier variants were already detected as LNK_STUXNET.A, RTKT_STUXNET.A, and WORM_STUXNET.A. This mitigates the risks faced by users dealing with this threat.

According to the Microsoft security advisory page for this vulnerability, this hole presents a number of possibilities for attackers. This is scary and intriguing at the same time. Below is a summary of these possibilities:

1. USB drive infection. That is, in the same style as the autorun trick without needing autorun.inf. This is the most obvious application of the hole. It is a local attack so it needs to have access to the computer in the form of a USB drive or even a CD/DVD.
2. Network shares. The hole can be exploited through the network by copying the malicious shortcut file to a shared network location frequently used by users in a Windows network. If the first infected user has administrator rights, there is another application of the hole. If that infected user can access other people’s hard drives (either by having access rights or by guessing other user’s password), it can copy the .LNK file onto the Windows Start menu folder so that the malicious shortcut is displayed and executed when the user clicks the Start button. DOWNAD already used the password-guessing method but this vulnerability helps by dealing with the execution part.
3. Malicious website. If the bad .LNK file is placed on a website that displays file icons, it can force Internet Explorer to check the right icon to be displayed, thus triggering exploitation. The likely candidates are pages that let users upload and download files such as a webmail client. This would affect the user as soon as the email with the attached shortcut file is opened without the need for the user to actually download the file. It is a real possibility that some Web mail software might encounter if they try to display the shortcut’s icon. We cannot confirm if this is a real scenario yet, however.
4. Documents. Office productivity suites (including but are not limited to Microsoft Office) allow files to be embedded within documents. If a bad shortcut file is packaged into some kind of document, the software accesses the icon file so that it can be displayed. This allows the possibility of an email attack by means of a regular document file with an embedded shortcut. In addition, some email clients might be affected when displaying attached files.

Cybercriminals are always after the biggest bang for their buck and an unpatched vulnerability such as this provides a prime target that, if left unchecked, could earn them a lot of money while causing great pain and inconvenience to computer users worldwide. We will almost certainly continue to see a slew of attacks taking advantage of this issue.

Enterprise users can also benefit from the additional protection offered by Deep Security and OfficeScan with the Intrusion Defense Firewall (IDF) plug-in. Rules released earlier this week prevent this vulnerability from being exploited via network shares and WebDAV.

Update as of July 24, 2010, 8:06 PM (UTC)

Not only are new malware being created to utilize this vulnerability to spread malware, old malware are also being updated to employ this new routine. We’ve been able to take hold of three new samples that use crafted .LNK files to spread malware:

WORM_VOBFUS.AI is very much similar to the existing STUXNET variants— it drops malicious .LNK files we now detect as LNK.STUXNET.SMB.

We’ve also found other malicious .LNK files detected as LNK.STUXNET.SMB that executes a DLL we detect as TROJ_CHYMINE.A. The said Trojan connects to a remote site to download a malicious .EXE file which is also detected as TROJ_CHYMINE.A.

Lastly, we found a version of the AUTORUN malware that has been updated to spread using the LNK vulnerability.

According to Threat Research Manager Ivan Macalintal, the usage of .LNK files is really more of an abuse of a flaw, rather than a vulnerability. “While most of the industry is still referencing this as being a vulnerability, really, it’s a flaw – an abused flaw in the strictest sense” commented Macalintal, “and this is one of the reasons delivering a patch is proving a challenge for Microsoft.”

Either way, the said technique will surely be more widely abused in the next coming days or so.

Continue Reading

Spyware blocking software has quickly become one of the mandatory tools used in internet security. It is no longer just users that are targeted, but corporate websites are under constant attack.

In the last few months we have seen popular Australian websites such as Daily Deals be infected with malware by hackers – a costly exercise for any business with the potential to lose Google ranking, have Anti-Virus plug-in display “this website is potential unsafe” warnings or a PR disaster.

These high traffic websites are the perfect target for criminal hackers as if they successfully penetrate a servers defences, which is often doing automatically they can distribute their malicious code to hundreds of thousands of users in a short time span.

Spyware has evolved quickly and now takes many forms such as:

• Websites and banner advertising serving up malware
• Spyware, Spam, Phising & Viruses
• Instant Messaging & Skype malware
• P2P file sharing malware
• Hijacked Facebook accounts & malicous Facebook applications

The criminal creators of the spyware are constantly innovating to gain an advantage over security vendors. Web attacks have seen a dramatic increase is recent years which has meant large websites such as Facebook have had to take more precautionary measures with the way users distribute links amongst themselves.

Continue Reading

By: Jason Bell

Did you know that you can easily maintain a healthy, high-speed computer, just by taking a little initiative and performing a few PC performance tips? Let me show you how!

Keep Your Windows Updated

Microsoft releases regular updates to incorporate new features and patch up any security vulnerabilities in their products. These security vulnerabilities are usually exploited by hackers and other malicious software to attack your system. To prevent this, you must regularly install Windows updates on your computer. If your computer is always connected to the Internet, you can enable the Automatic Windows Update feature by using the Security Center option in Control Panel. By keeping Windows updated, you are one step closer to preventing a faulty Windows registry and the slow PC performance that follows.

Get Rid of Viruses, Spyware And Malware

Anti-malware tools, such as anti-virus and anti-spyware programs are a must for all Windows users. This is because in addition to adding malicious data to your computer, malware programs, such as Trojans and spyware also slow-down your system by exhausting the system resources. They are also responsible for undesired spam e-mails, popup ads, and other unwanted activities that hamper your work and cause slow PC performance. To prevent this, you must choose an anti-malware tool that:

• Offers a live update feature – this helps to ensure that your system is protected against the latest malware.
• Provides real-time protection – helps by blocking any external malicious intrusions to your system.
• Enables scheduling full-system scans – provides you with peace of mind by performing regular full system scans to ensure that your system stays free of malicious information that cause the dreaded PC performance problems.

Clean the Registry

Faulty Windows registry problems can occur due to an accumulation of massive junk information are one of the major causes of slow PC performance. This junk information gets in the registry due to:

• Frequent Adding/Removing of programs installed on the computer.
• Downloading and installing unknown and unsecure program files from the Internet.System crashes.
• Faulty software and device drivers.
• Malfunctioning hardware, such as bad RAM or a faulty CPU.
• Malware infections.

To prevent this junk information from harming your computer, you need to regularly scan the registry with the help of reputable PC repair software program. Using this software will weed out all this unwanted information from the faulty Windows registry. We highly recommend a program called Registry Easy, although there are a variety of suitable PC repair programs out there.

Clean the Hard Disk

As your PC gets older, it fills up with an abundance of files and programs that you no longer need. As a matter fact, there may be several programs (spyware/adware) that may be installed even without your knowledge. The first step in cleaning the disk is to get rid of all these unwanted programs. You can uninstall these programs either by using the Add or Remove Programs option in the Control Panel or by using a reliable third-party uninstaller tool. Next, clean up the unwanted files by using the Disk Cleanup tool. Finally, use the Disk Defragmenter tool to further optimize the hard disk by defragmenting all fragmented files. A clean and defragmented hard disk speeds up data access and thus improves the slow PC performance that has been affecting your computing experience.

Author Resource:-> The Windows registry has been an area of confusion for most PC users. Luckily, they no longer need to deal with the the slow PC performance that a faulty Windows registry can cause. If you are one of the many who suffer from this same problem, there is a new website with an abundance of PC performance tips and software. For more information, including a free scan of your Windows registry, visit www.quickregistrycleaner.com

Article From PROPERTY INVESTOR LANDLORD

Continue Reading