Solution

The H-Online: A Russian AV company, Dr. Web, says it has conducted research to determine the spread of the Flashback trojan on systems running Mac OS X and says that 550,000 systems are infected, mostly in the US and Canada. A later update raised that number to 600,000 and claimed 274 infected systems in Cupertino, California. Dr. Web says it employed a sinkhole technique to intercept the bot installed by the newest Flashback trojan, and directed the bots to its own servers where it could analyse the traffic. Each bot includes a unique ID of the machine it has infected in the query string it sends to the command and control server; it is these unique IDs that Dr. Web has used to calculate the infection count. According to its estimates, of the original 550,000 estimate, 56.6% of the systems were in the United States, 19.8% in Canada, 12.8% in the United Kingdom and 6.1% in Australia. ...

MSDN Blog: On Tuesday, December 14, we released an update (KB2412171) for Microsoft Outlook 2007. We have discovered several issues with the update and want to inform you about problems you might encounter and what corrective steps we recommend. As of December 16, this Outlook 2007 update has been removed from Microsoft Update. This Outlook 2007 update was distributed via Microsoft Update. Many of you receive updates automatically and if you installed the update between Tuesday, December 14, and Thursday, December 16, it is likely that you are affected. ...

Google has just launched Message Continuity, a cloud-based enterprise solution for backing up corporate e-mail whenever Microsoft Exchange goes down. The new product, powered by Google’s 2007 acquisition of Postini, focuses on giving companies another access point to their e-mail accounts. It essentially creates a complete backup copy of Microsoft Exchange Servers and puts those e-mails into a Google Apps account, replicating that information within Gmail, Calendar and Contacts. ...

In this edition of the Windows Desktop Report, Greg Shultz shows you how to use some of the new features in Windows 7’s Event Viewer to investigate boot time and track down issues that can cause a slowdown in the boot process. This download is available as an entry in the TechRepublic Microsoft Windows Blog. Credit to ZDNet.

Media report about a new privacy leak on Facebook which has been found just recently. It is possible to find out with which persons someone is in contact with – therefore one just has to create a fake account using a known email address of the person to spy upon. Facebook doesn’t verify whether the address is real so the new account can already be used. Up to 20 contacts are visible according to the reports. ...

A whole bunch of Windows applications is vulnerable to a so-called binary-planting attack which allows for remote code execution. Microsoft released a security advisory about this issue which isn’t easy to fix properly. This issue arises due to the (defined and well documented) behavior of Windows when loading libraries by an application. A .dll to load gets searched in a certain standard path list. This list also includes the current working directory, which is the place a document gets opened from for example. When a file with the name of a DLL which the corresponding application needs to load is placed into the working directory, it will get loaded – this can be a malicious DLL though. ...

Microsoft has posted an advisory that explains the “DLL preloading attacks” and offers a work-around tool that “allows customers to disable the loading of libraries from remote network or WebDAV shares. This tool can be configured to disallow insecure loading on a per-application or a global system basis.” When an application loads a .dll file, but doesn’t name a full path name,Windows searches a pre-defined set of directories for it. Exploiting this, an intruder could social engineer a victim into loading a malicious .dll from a USB drive or from a network and execute arbitrary code. ...

It should go without saying that the best way to deal with malware is of course, not to get infected in the first place. Being aware of what products are being targeted by the bad guys may help you as well, so it may be useful to know that at the moment Adobe products are virtually the number one target across the world with millions of PCs being hit by infected Adobe PDFs. Others are being pwned via Adobe Flash ads via Facebook and other social media web sites. ...

Putting laptop in sleep mode is a common thing that we do to save power and perform our work at a later stage without much delay. But for some users there is a problem while they try to resume from sleep mode. As the resuming begins, a blank screen appears with a mouse pointer and stays until you press any key or click the mouse. This problem may be fixed by a HotFix named KB958685 released by Microsoft for Vista and Windows7 users and should be only used if you are facing this problem. ...

We have a tool available to do just that. Click Here. How to use dd2010_decrypter.exe to do batch processing: Place the encrypted files in a directory (i.e. c:\encrypted_files\) Copy dd2010_decrypter.exe into another directory and FROM THAT DIRECTORY, run the following command: for %f in (“c:\encrypted_files\.”) do dd2010_decrypter.exe %f %f.decrypted All files in the encrypted_files folder will be processed and the new decrypted files will have the same name but their extension will be “.decrypted.” ...