Security

Microsoft is releasing an out-of-band update for their IE vulnerability. Internet Explorer 6 is affected and is being actively exploited in the wild. The patch will be released on the 21st, today, see Microsoft’s Security Bulletin for additional details. Also in Microsoft news, Security Advisory (979682). There’s a vulnerability in Windows kernel privilege escalation. The vulnerability affects all versions of Windows (NT 3.51 up to Windows 7), on non x64-based systems, unless 16-bit application support is disabled. ...

Microsoft has said it will issue an out-of-band patch today for critical vulnerabilities in Internet Explorer that allow remote execution of code. The company said yesterday it would not wait until the February “Patch Tuesday” to fix the vulnerabilities. The much discussed “Aurora” vulnerabilities in IE have been held at least partially responsible for cyber attacks on Google and more then two dozen other major companies. The attacks on Google were aimed at Gmail accounts of dissidents and Google’s source code. The attacks on the other companies were aimed at stealing intellectual property. ...

A day after the disaster that struck the Caribbean nation of Haiti, Rogue perpetrators have once again been busy with their SEO poisoning schemes. Searching for terms related to this earthquake leads to a website that installs a Rogue into the system. It happens when an unsuspecting user searches for Haiti Earthquake details. Happily clicking the link leads to this page: Then this… And this… ...

GhostAntivirus is a new rogue anti-virus application. It is a clone of InternetAntivirusPro.

Notable highlights this month include the shift of the regions of message origin, and changes in the average size of spam messages. In recent months, APJ and South America have been taking the spam share away from the traditional leaders of North America and EMEA. However, North America and EMEA together sent 57 percent of spam messages in December 2009, compared with 50 percent in November 2009. With respect to the average size of the messages, the 2kb – 5kb message size category increased by seven percent, while the 5kb – 10kb message size category decreased by six percent in December 2009. With respect to all spam categories, health and product spam have increased and now account for 52 percent of all spam messages. Click here to download the January 2010 State of Spam Report, which highlights the following trends: ...

Researchers at McAfee labs monitor Koobface activities 24/7 via custom honeypots and while reviewing one such update we noticed a variant that had debug/log features. Unlike the traditional captcha breaking technique to create new accounts, this variant of the worm converts the infected machine to a bot. When we analysed the malware trapped in our botnet, we found that this variant of Koobface has a special feature for logging all activities carried out during the infection process in a log file . Log file is created under system root with date and time stamp for eg, C:\fb_reg20090612.log. ...

With the holiday season behind us, cyber scammers and spammers will now be looking towards the upcoming events and worldwide happenings that they can leverage to form the next waves of online trickery. The noteworthy ones on the horizon include Valentine’s Day, tax-filing season, and the FIFA World Cup – all of which will, in all likelihood, produce their own variety of social engineering techniques, online fraud, malware, fake websites, phishing, and spam. ...

InfoSecurity, a great site for computer security news, just put up a story asking the very old question: “Why don’t AV vendors name malcode consistently.” The lead on the piece was: “…Fortinet, Sunbelt Software, and Kaspersky all published their lists of the most prevalent malware strains for the last month of 2009, but they didn’t match up, leading to an admission that users will inevitably be confused by the results.” Great observation, sort of. ...

Following the addition of Win32/Hamweq to the MSRT last month, MMPC will continue cleaning PCs in 2010 by adding another prevalent worm, Win32/Rimecud, to this month’s removal tool. This is due not only to Win32/Rimecud’s high detection numbers, which immediately follow those of Win32/Hamweq, but also to the similarities the two families share with each other. In fact, as part of its payload, Win32/Hamweq may download Win32/Rimecud, contributing to Rimecud’s suitability as the next target for MSRT. ...

This Black Tuesday was different as anticipated – Microsoft releases only one security bulletin, but other companies “jumped in” and deliver updates now as well. For the windows operating systems, only one Security Bulletin was released. MS10-001 deals with a vulnerability in the decompression routines of the Embeded OpenType Font Engine. This means that especially in Windows 2000, programs like Internet Explorer, Word or PowerPoint for example which render EOT fonts can put the system at risk when viewing manipulated contents. In newer operating systems the flawed code is used differently so that Microsoft assumes that it isn’t exploitable there. ...