Alert

But don’t. Please don’t!… just…. don’t!… Instead, why don’t you apply the out-of-band patch ( MS10-002 ) that Microsoft has just released…?!!! Patching remote-code-execution vulnerabilities is usually “a good idea” to say the least. But, considering that: Microsoft rushed to get this patch out…… ( Thank you Microsoft! ) And that, this patch addresses several Internet Explorer vulnerabilities – of which includes CVE-2010-0249 – the infamous “Aurora attacks” related vulnerability that’s well known to be making the rounds in the wild. ...

I dislike salesmen. The look on their faces irks me when I can feel the dollars flicking in their eyes. I hate it when my car insurance company ask if i want to get home insurance as well. I do not like it when my credit card company tries to sell me a great new insurance product. In general, I hate to be a victim of cross selling. Malware authors are just like salesmen. They cross-sell as well. A fake AV tried to do the same to me. Besides offering great AV protection, it wants me to get some useful codecs so that I can watch all my legit DVDrips. Thus, someone decided that in order to get me to install their codecs, he/she will have to terminate all processes related to media players. ...

Security firm Imperva of Redwood Shores, Calif., found a unique way to gage the quality of the passwords that Web users select: they analyzed the 32 million passwords in the unencrypted file of passwords that miscreants stole from the servers of RockYou.com in December and posted on the Internet. RockYou creates and distributes entertainment widgets that work with social networking networks. What they found wasn’t good, according to their report. “Key findings: — About 30% of users chose passwords whose length is equal or below six characters. _ _ — Moreover, almost 60% of users chose their passwords from a limited set of alpha-numeric characters. _ _ _— Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). _ _ _ The most common password among Rockyou.com account owners is “123456”. ...

Now here’s an interesting turn of events. In the middle of all the attention to the “Operation Aurora” attacks, we’re now seeing new targeted attacks that are using this very event as the lure to get the targets to open a malicious attachment! Here’s the email we saw: The attachment Chinese cyberattack.pdf (md5: 238ecf8c0aee8bfd216cf3cad5d82448) is a PDF file which exploits the CVE-2009-4324 vulnerability in Adobe Reader (again, this is the one which was patched last week). ...

We just blogged about a highly targeted attack against military contractors. Now we saw one against the intelligence sector. This attack was done with a PDF file. Again. It was targetting the CVE-2009-4324 vulnerability. Again. When opened, the PDF file (md5: c3079303562d4672d6c3810f91235d9b) looked like this: What really happens in the background? Just like last time, the exploit code drops a backdoor in a file called Updater.exe (md5: 02420bb8fd8258f8afd4e01029b7a2b0). Now, what is the document talking about? President’s day? DNI Information Sharing Environment? We don’t know, but a quick web search tells us that apparently there is going to be an Intelligence fair & expo in Germany next month. ...

Microsoft is releasing an out-of-band update for their IE vulnerability. Internet Explorer 6 is affected and is being actively exploited in the wild. The patch will be released on the 21st, today, see Microsoft’s Security Bulletin for additional details. Also in Microsoft news, Security Advisory (979682). There’s a vulnerability in Windows kernel privilege escalation. The vulnerability affects all versions of Windows (NT 3.51 up to Windows 7), on non x64-based systems, unless 16-bit application support is disabled. ...

Microsoft has said it will issue an out-of-band patch today for critical vulnerabilities in Internet Explorer that allow remote execution of code. The company said yesterday it would not wait until the February “Patch Tuesday” to fix the vulnerabilities. The much discussed “Aurora” vulnerabilities in IE have been held at least partially responsible for cyber attacks on Google and more then two dozen other major companies. The attacks on Google were aimed at Gmail accounts of dissidents and Google’s source code. The attacks on the other companies were aimed at stealing intellectual property. ...

A day after the disaster that struck the Caribbean nation of Haiti, Rogue perpetrators have once again been busy with their SEO poisoning schemes. Searching for terms related to this earthquake leads to a website that installs a Rogue into the system. It happens when an unsuspecting user searches for Haiti Earthquake details. Happily clicking the link leads to this page: Then this… And this… ...

With the holiday season behind us, cyber scammers and spammers will now be looking towards the upcoming events and worldwide happenings that they can leverage to form the next waves of online trickery. The noteworthy ones on the horizon include Valentine’s Day, tax-filing season, and the FIFA World Cup – all of which will, in all likelihood, produce their own variety of social engineering techniques, online fraud, malware, fake websites, phishing, and spam. ...

Following the addition of Win32/Hamweq to the MSRT last month, MMPC will continue cleaning PCs in 2010 by adding another prevalent worm, Win32/Rimecud, to this month’s removal tool. This is due not only to Win32/Rimecud’s high detection numbers, which immediately follow those of Win32/Hamweq, but also to the similarities the two families share with each other. In fact, as part of its payload, Win32/Hamweq may download Win32/Rimecud, contributing to Rimecud’s suitability as the next target for MSRT. ...