Virus Alerts – Panda Security’s June 12, 2009 Report on Viruses and Intruders

Courtesy of Panda Security

This week’s PandaLabs report looks at the XPDeluxeProtector adware, the
Banbra.GII banker Trojan and the Snapper.C worm.

XPDeluxeProtector is a fake antivirus. Like all malicious code of this
type, XPDeluxeProtector simulates a system scan and detects viruses that
actually do not exist on the computer to make users believe they are
infected.

Then, it offers users the option to buy a paid version of the fake
antivirus to ‘get rid’ of these non-existent threats. The objective is
to gain financial benefits by selling the fake antivirus.

Banbra.GII is a Trojan designed to steal passwords for certain Brazilian
banking institutions. To do this, it passes itself off as a legitimate
program that asks for the user’s banking details during installation.
Besides, it also asks for the user’s matrix card data. All this information is then sent to the cyber-criminal by FTP.

Snapper.C is a worm designed to take snapshots of the infected
computer’s screen every 9 seconds. The objective is to watch users’
every move and the passwords they might enter in online services, etc.

However, this can have another harmful effect for targeted users, as all

those images are stored on the user’s own computer.  As the images can be rather large in size, there is the risk that the computer’s memory is soon saturated. The worm spreads via USB drives and shared folders.

More information about these and other malicious codes is available in
the Panda Security Encyclopedia.

Finally, Panda Security has launched a page for users to relate their
experiences with malware (whether they have fallen victim to money or
data theft, etc.). Users who send their comments will receive a free
download of Panda Internet Security 2009 with two months’ services.

Check it out here.

You can follow Panda Security’s activity online on Twitter, and the PandaLabs Blog.

Microsoft Pulls the Plug on Office 2000. How Will This Affect Your System Security?

Guest writer Rick Robinette, one of my favorite Blogging buddies, explains why MS Office 2000 is poised to become a security risk.

You have heard it here, and on other blogs associated with “What’s On My PC…” – “Keep your software up-to-date!” (to protect yourself from potential security vulnerabilities, or weaknesses).

But, what do you do when the software maker stops supporting a specific product version? The common sense approach is to upgrade; however, in some cases where economics (cost to upgrade) becomes a factor, the user will stick with the version that has economically worked for them.  A good example of this scenario are the people still using Microsoft Office 2000.

I really do not know what the numbers of actual users (or businesses) are, but if you are a Microsoft Office 2000 user, be warned that the lifecycle for Microsoft Office 2000 comes to an end on July 14, 2009.

Microsoft initially retired “Mainstream Support” for Office 2000 in mid-2004; however, extended support (for critical updates, patches, and fixes) continue to be available until July 14, 2009.

To put this in perspective:

Office 2000 has been patched 15 times so far this year alone, 12 of which were labeled “critical,” Microsoft’s most serious threat ranking.

Just last week, Microsoft patched 10 bugs in PowerPoint 2000, the presentation maker in Office 2000.

[ Source: Computerworld ]

If you are connected to the internet (or any network for that matter) and are still using Office 2000, after July 14th, 2009, then you are at risk of being targeted for any future potential security vulnerabilities (i.e. hijacking).

In a sense, Microsoft Office 2000 will become a security vulnerability in itself and a potential avenue for bot infections, etc. It is advisable that you upgrade to a newer version of Microsoft Office, prior to July 14, 2009, to protect yourself and other users.

Free alternatives exist to replace Microsoft Office; perhaps the most popular is the outstanding open source application Open Office 3.1. Many software application reviewers consider Open Office to be the equal of MS Office in most respects.

For information on this excellent free suite of office tools, checkout OpenOffice.org for information and download links.

This is a guest post by Rick Robinette, who brings a background as a security/police officer professional, and as an information technology specialist to the Blogging world.

Why not pay a visit to Rick’s site at What’s On My PC. Like me, you’re sure to become a frequent visitor.

How Risky is Peer to Peer (P2P) File Sharing?

Albert Einstein has been quoted as stating “Sometimes one pays most for the things one gets for nothing”.

Nowhere, in my computing experience, has this been more true than in the type of peer-to-peer file sharing where users consider themselves to have scored a coup after having downloaded the latest movie, the latest video game, or the latest music CD, ostensibly for nothing.

The number of times I have been called upon to rescue a friend’s computer because of system damage caused by peer-to-peer downloading, has convinced me to give this form of file sharing, on public file-sharing networks, an automatic “thumbs down”.

Used legitimately of course, peer-to-peer file sharing can provide computer users with access to a wealth of information.

All that’s required to participate in Peer to Peer file sharing is the installation of the necessary file sharing software such as LimeWire, FrostWire, or Ares, that connects your computer to an informal network of other computers running file sharing software.

Millions of users could be connected to each other through this type of software at any one time. File sharing applications are often free, and easily accessible as a download on the Internet.

Risk factors

Privacy: When you are connected to file-sharing programs, you may unintentionally allow others to copy confidential files you did not intend to share. So be sure to setup the file-sharing software very carefully.

If you don’t check the proper settings when you install the software, you could allow access not just to the files you intend to share, but also to other information on your hard drive. Information such as your tax returns, email messages, medical records, photos, and other personal and financial documents.

It’s extremely important to be aware of the files that you place in, or download to, your shared folder. Don’t put information in your shared folder that you don’t want to share with others. Your shared folder is the folder that is shared automatically with others on peer to peer file sharing networks.

Copyright Issues: You may knowingly, or otherwise, download material that is protected by copyright laws and find yourself caught up in legal issues. Can this really happen? You bet.

Copyright infringement can result in significant monetary damages, fines, and even criminal penalties. Some statistics suggest as many as 70% of young people between the ages of 9 – 17, regularly download copyrighted digital music. If you are a parent, you bear the ultimate responsibility for this illegal activity.

Adult Content: Again, if you are a parent you may not be aware that your children have downloaded file-sharing software on the family computer, and that they may have exchanged games, videos, music, pornography, or other material that may be unsuitable for them. It’s not unusual for other peoples’ files to be mislabeled, and you, or your children, can unintentionally download these files.

Elsewhere in this Blog you can read an article on child safety on the Internet, and download a free parental control program that comes highly recommended.

Go to: Free Internet Child Protection – Parental Control Bar.

Spyware: There’s a good chance that the file-sharing program you’re using has installed other software known as spyware to your computer’s operating system. Spyware monitors a user’s browsing habits and then sends that data to third parties.

Frequently the user gets ads based on the information that the spyware has collected and forwarded to these third parties. I can assure you that spyware can often be difficult to detect and remove.

Before you use any file-sharing program, you should buy, or download, free software that can help prevent the downloading or installation of spyware, or help to detect it on your hard drive if it has been installed.

Elsewhere on this Blog you can read an article on free anti-malware programs, including anti-virus software, and you can download those that may suit your needs.

Go to: Free Windows Software You Can’t Afford Not to Have!

Viruses: Use and update your anti-virus software regularly. Files you download could be mislabeled, hiding a virus or other unwanted content. Use anti-virus software to protect your computer from viruses you might pick up from other users through the file-sharing program.

Generally, your virus filter should prevent your computer from receiving possibly destructive files. While downloading, you should avoid files with extensions such as .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.

Default Closing Behavior: It is critical that you close your connection after you have finished using the software. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and will increase your security risk. Be sure to turn off this feature in the programs “preferences” setting.

What’s more, some file-sharing programs automatically run every time you turn on your computer. As a preventive measure, you should adjust the file-sharing program’s controls to prevent the file-sharing program from automatically starting.

For more on the potential dangers involved in peer to peer file sharing, check out the FBI’s web site.

If you decide peer to peer file sharing is for you, the following free applications are spyware free when downloaded from reputable download sites such as Download.com, or Sourceforge.net.

LimeWire: Download at Download.com

Ares: Download at Sourceforge.net

FrostWire: Download at Download.com

Secunia PSI – Checks for Software Vulnerabilities

Not all of us, it seems, make use of Microsoft’s Windows Update so that we are current with operating system critical updates, and security fixes. More to the point, few of us have given consideration to the vulnerabilities that exist in our currently installed productivity applications and utilities.

In a recent survey, Secunia, the Danish computer security service provider, well known for tracking vulnerabilities in software and operating systems, concluded that less than one in 50 Windows driven computers, are totally patched.

Secunia goes on to report that the rate of patching and updating compliance, is even less than in previous years.

Virtually on a daily basis, critical vulnerabilities continue to be discovered in popular software applications. Some recent application vulnerabilities include, Mozilla FireFox, Apple iTunes, QuickTime, Skype internet phone, Adobe Acrobat Reader, Sun Java Run-Time, Macromedia Flash, AOL Instant Messenger, Windows/MSN Messenger, Yahoo Instant Messenger, Bit Defender, and RealPlayer.

Survey statistics:

Survey sample size – 20,000 users

User exposure – 98.1% have one or more insecure programs

User exposure – 30.27% have one to five insecure programs

User exposure – 25.07% have six to ten insecure programs

User exposure – 45.76% have eleven or more insecure programs

It has been my experience, that when a malware infection occurs, it is generally safe to say, the user is often responsible for their own misfortune. This survey points out, once again; computer users, by and large, are not up to the task of securing their computers in order to ensure their own Internet safety and security.

The Secunia Personal Software Inspector (PSI) can help dramatically with this task. PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine”. In my view, this is not an overstatement.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

Quick facts:

The Secunia PSI is free for private use.

Downloaded over 800,000 times

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

System Requirements: Windows 2000, XP 32/64bit, and Vista 32/64bit

Download at: Download.com

As an added bonus for users, Secunia provides a forum “where PSI users can discuss patching, product updates, exploits, the PSI, and anything else security-related”.

Windows Patch Tuesday – April 2009

Microsoft released 8 security bulletins on Tuesday (April 14, 2009) to fix remote code execution and denial of service vulnerabilities.

We have always recommended, on this site, that users ensure that Windows Automatic Update is enabled as a major step in maximizing operating system security.

It is not an overstatement to say; an unpatched Windows system is an invitation to disaster.

If you have updates enabled, patches will be downloaded routinely. Careful users will verify that patches, have, in fact, been applied.

If Windows Automatic Update is not enabled on your system, then you should logon to the MS update site and download and apply these patches immediately.

Vulnerability issues and the corresponding patches:

MS09-010/KB923561 – Important (XP, 2000, 2003): There are four bugs (two previously disclosed publically, two previously undisclosed) that affect a variety of word processing documents, that can allow remote code execution exploits to occur.

MS09-011/KB961373 – Critical (XP, 2000, 2003): This patch closes a hole that let attackers execute a remote code execution attack through MJPEG files; the bug is in DirectX 8.1 and 9.0x.

MS09-012/KB952004/KB956572 – Important (XP, Vista, 2000, 2003, 2008): This patch resolves four holes in Windows that have already been publically disclosed. The hole allows an attacker who is already logged onto the system to escalate their privileges and take full control of the system.

MS09-013/KB960803 – Critical (XP, Vista, 2000, 2003, 2008): This patch addresses three bugs in the Windows HTTP Services system; one of them allows remote code execution which allows an attacker to completely own a system. This is a “must patch” item for all Windows systems.

MS09-014/KB963027 – Critical (XP, Vista, 2000)/Important (2000, 2003): This is a cumulative security update for Internet Explorer 5, 6, and 7. Some of the fixes address already public bugs, some deal with privately disclosed exploits. You should install this patch immediately. Users with IE8 do not need this patch.

MS09-015/KB959426 – Moderate (XP, Vista, 2003, 2008)/Low (2000): This patch takes care of a problem with the Windows Search Path function that could enable an escalation of privileges.

Inventive FaceBook Scammers Trick You Out of Money with Trojans

Do you take the same pains to protect your FaceBook details online, that you do your banking info?

A recent case involving a Microsoft employee from Seattle, Bryan Gutberg, highlighted the need to protect your FaceBook details in the same way, and be as wary surfing around FaceBook as you are the rest of the net.

This story was first reported by Bob Sullivan, respected cyber-scam reported for MSNBC. In the tale, hackers somehow gained access to Gutberg’s login and password – most likely through a keylogger, or a Trojan such as Zlob or Vundo.

They logged into his FaceBook account and posted a status update saying “Bryan IS IN URGENT NEED OF HELP!” They had also emailed all of his contacts, saying that he had been robbed and that he was in need of money to get home. Many of his friends were ‘defriended’ on FaceBook, so he wasn’t able to have them post messages on his wall letting his FaceBook-contact only friends know that they were the victims of a scam.

One of Gutberg’s friends did fall for the scam – his good-heartedness cost him US$1,200. He wired $600 through Western Union, and then a further $600 at the scammers’ behest.

Trojans and other malware that are designed to steal passwords can quite easily obtain your FaceBook account details from your computer. You can fight these infections by ensuring that you regularly use anti-malware software (certified, not rogue!), keeping all of your programs updated and patched, and taking online browsing precautions like not installing extra codecs.

FaceBook is also urging customers to be aware when they click on links in emails to access their accounts. FaceBook regularly sends these emails with links, so they are a ripe target for scammers. Pay extra attention that the FaceBook login page looks as you remember it, and access your account by opening a new browser window and typing in the address directly wherever you can.

Guest Writer: This is a guest post by Kristopher Dukes of 411-Spyware.com – an invaluable asset in the battle against malware. Pay a visit to 411-Spyware.com, and I’m convinced you’ll become a regular visitor.

The content of this article is copyright 2009 © by Dukes Media, LLC All rights reserved.

Internet Explorer 7 – Crucial Patch from Microsoft

If you are still using IE 7 (start thinking FireFox), as your Internet browser in Windows XP or Vista, then you need to download and apply the MS09-002 patch from Microsoft, immediately.

This patch, released on February 11, 2009, protects against 2 critical vulnerabilities which according to Microsoft “could allow remote code execution if a user views a specially crafted web page using Internet Explorer”.

We have always recommended, on this site, that users ensure that Windows Automatic Update is enabled as a major step in maximizing operating system security. If you have updates enabled, this patch will be downloaded routinely.

If Windows Automatic Update is not enabled on your system, then you should logon to the update site and download and apply this patch immediately.

This critical patch was only one of four, released by Microsoft, on what has become known as “Patch Tuesday”. Microsoft’s Exchange Server, SQL Server, and Visio have also had patches released to shore up vulnerabilities.

Regular readers of this site know that we have always recommended that users run with restricted privileges while surfing the internet.

This latest vulnerability in IE confirms, once again, the value in doing so.

According to Microsoft “users whose accounts are configured to have fewer user rights on the system, could be less impacted than users who operate with administrative user rights”.

If you are looking for hard data on the benefit of running as a standard user, then checkout these stats from a recent study conducted by BeyondTrust, an enterprise level software developer, which showed:

• 69% of all published vulnerabilities of any severity could be mitigated by running as a standard user.
• 92% of Microsoft critical vulnerabilities were mitigated
• 94% of Microsoft Office vulnerabilities were mitigated
• 89% of Internet Explorer vulnerabilities were mitigated
• 53% of Microsoft Windows vulnerabilities were mitigated

So, if you have not made it a practice to run as a standard user while surfing the Internet, I have only one question for you – what are you waiting for?

Monster.com Hacked – Irresponsible Response

OK, so let’s say your Doctor’s (substitute a professional of your choice), office was burglarized and all medical records, including yours, were stolen.

Your Doctor, nice guy that he is, didn’t want to cause you unnecessary anxiety, so he didn’t advise you that your confidential records were now out in the wild blue.

Can’t, or won’t happen, you’re thinking. Think again.

Monster.com, a web site that bills itself as the “world’s leading career network” is a web site used by people looking for a new job. Information required to register with the site includes, user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data.

According to Patrick Manzo of Monster Worldwide, Monster.com suffered a database penetration (sometime this month – no date given), during which “certain contact and account data were taken”. So let me rephrase that for you – Monster was hacked and personal information stolen.

Simply put – if you have an account with Monster.com, your confidential information is now freely available to the vast hoards of cyber criminals who trade in this currency.

Your minimum expectations, if you are registered with Monster.com, should be that you would be notified of such a serious breech. Not too much to expect, I would suggest.

But no, Monster’s view is, since there is no direct evidence of misuse of the stolen information (yet), a small notice of this occurrence posted on their main page is sufficient notice. No other notification that your personal information is now at risk. Bizarre!

Note to Monster: Hey, don’t worry about this massive penetration of your data base – these cyber criminals just dropped in to have a look around your obviously under protected database environment.

Your attitude flies in the face of reality. Get real! You obviously need to be dragged, kicking and screaming into the real world of cyber crime.

As a consequence of this penetration, if you are a Monster.com customer, you need to do the following at once:

Change your password for ALL your accounts, not just Monster.com.

Be on guard against “phishing” fraudulent emails, and fraudulent telephone calls in the near term.

It’s not very often that I’m struck speechless by the shenanigans pulled by some of the larger Internet entities but this one; well it’s just too calculated, too condescending, too….. too damn stupid!

Massive Patch Tuesday – 28 Vulnerabilities Patched

There are currently 28 vulnerabilities in unpatched Microsoft Windows, Internet Explorer and Microsoft Office, that could allow cyber-criminals to launch malicious attacks on your computer.

On Patch Tuesday, December 9, 2008, Microsoft released security patches to address these issues.

Vulnerability issues and the corresponding patches:

MS08-070 (critical; 6 vulnerabilities fixed): This update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls), which could allow remote code execution if a user browsed a Web site that contains specially crafted content.

MS08-071 (critical; 2 vulnerabilities fixed): This update resolves two privately reported vulnerability in Windows, which could allow remote code execution if a user opens a specially crafted WMF image file.

MS08-072 (critical; 8 vulnerabilities): This update resolves eight privately reported vulnerabilities in Microsoft Office, which could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file.

MS08-073 (critical; 4 vulnerabilities fixed): This update resolves four privately reported vulnerabilities in Internet Explorer, which could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

MS08-074 (critical; 3 vulnerabilities): This update resolves three privately reported vulnerabilities in Microsoft Office, which could allow remote code execution if a user opens a specially crafted Excel file.

MS08-075 (critical; 2 vulnerabilities): This update resolves two privately reported vulnerabilities in Windows, which could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL.

MS08-076 (important; 2 vulnerabilities): This update resolves two privately reported vulnerabilities in Windows, which could allow remote code execution.

MS08-077 (important; 1 vulnerability): This update resolves one privately reported vulnerability in Microsoft Office SharePoint, which could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack could result in denial of service or information disclosure.

It is not an overstatement to say; an unpatched Windows system is an invitation to disaster. If you have Windows Update turned on you’re covered, if not, I highly recommend that you download manually immediately.

Updated December 12, 2008:

The details being published about this weeks IE 0-day is incorrect and
insufficient to protect users, read more:
http://secunia.com/blog/38/

The updated Secunia Advisory is available here:
http://secunia.com/advisories/33089/

Shocking – 98% of Computers are Insecure

Recently, both I, and fellow Blogger Rick Robinette, over at What’s On My PC, have written on Secunia Personal Software Inspector (PSI), a free application that ensures all installed applications on your computer are either patched, or up-to-date.

Here’s one more reason to bring this free application to your attention once again. According to Secunia, the Danish security firm responsible for PSI, 98% of computers running Windows operating systems, are open to a successful malware attack.

Not all of us, it seems, make use of Microsoft’s Windows Update so that we are current with operating system critical updates, and security fixes. Even worse, virtually none of us have given any consideration to the vulnerabilities that exist in our currently installed productivity applications, and utilities.

Less than one in 50 Windows driven computers, according to Secunia’s released statistics, are totally patched. Secunia goes on to report that the rate of patching and updating compliance, is even less than in previous years. Now, how dumb is that?

Virtually on a daily basis critical vulnerabilities are discovered in popular software applications. Some recent application vulnerabilities include, Mozilla FireFox, Apple iTunes, QuickTime, Skype internet phone, Adobe Acrobat Reader 7.02, 6.03, Sun Java Run-Time, Macromedia Flash 7, WinZip 8.1, AOL Instant Messenger 5.5, Windows/MSN Messenger, Yahoo Instant Messenger 6.0, Bit Defender, and RealPlayer.

Just this morning, for example, according to anti-malware company BitDefender, a new Trojan horse program identified as Trojan.PWS.ChromeInject.B which works as a Firefox plug-in, has been discovered.

Two files, one Javascript and one Windows executable, are being used to steal user logon credentials when logging on to one of 103 bank domains. Scary.

Survey statistics:

Survey sample size – 20,000 users

User exposure – 98.1% have one or more insecure programs

User exposure – 30.27% have one to five insecure programs

User exposure – 25.07% have six to ten insecure programs

User exposure – 45.76% have eleven or more insecure programs

It has been my experience, that when a malware infection happens, it is generally safe to say, the user is primarily responsible for their own misfortune. This survey points out, once again; computer users, by and large, simply refuse to take responsibility for their own Internet safety and security.

The following are the essential details from a recent article on Secunia Software Inspector.

Check Software Vulnerabilities – Free Secunia Software Inspector v1.0 Released

The Secunia Personal Software Inspector (PSI) constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

(Click pic for larger)

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine”.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

(Click pic for larger)

Quick facts:

The Secunia PSI is free for private use.

Downloaded over 800,000 times

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

System Requirements: Windows 2000, XP 32/64bit, and Vista 32/64bit

Download at: Download.com

As an added bonus for users, Secunia provides a forum “where PSI users can discuss patching, product updates, exploits, the PSI, and anything else security-related”.