Apple has released a new version of QuickTime for Windows and Mac. It fixes 11 vulnerabilities so if you have QuickTime installed on your machine it makes good sense to update it now.
The new version is 7.4.5
Note that QuickTime is usually installed with iTunes, so if you use iTunes you probably also have QuickTime installed.
See Apple’s website for more details.
XP Antivirus is a fake antivirus program. It looks like an anti virus program and when run it tells you it found a number of threats. It then prompts you to spend money in order to remove the alleged threats. The threats it tells you about aren’t real, it’s a scam to get money from you.
The road to XP Antivirus is:
Detect and remove viruses before they damage your computer!
XP antivirus will perform a quick and 100% FREE scan of your computer for Viruses, Spyware and Adware.
Do you want to install XP antivirus to scan your computer for malware now? (Recommended)
(Note: I bolded the typo that appears in the original ad)
A few days ago I mentioned a similar scam for Macs called iMunizator. These things will never let up so take care who you trust. Don’t just run or install unknown programs on your computer.
Symantec is well known for making security products (they also use the Norton brand for home products). A serious flaw has been found in some of their products including Norton AntiVirus, Norton Internet Security, Norton SystemWorks and Norton 360.
The flaw is in an ActiveX control that gets installed on the PC (the control is called SymAData.dll). This control is normally used for their AutoFix tool, however it was discovered that it can be exploited by adding some malicious code to a website. The exploit allows someone to take over the computer (generally a bad thing).
Two ways to fix this problem are:
Earlier we wrote about problems with ActiveX and suggested you disable it.
2Wire is a DSL modem manufacturer. Earlier we reported that a Mexican ISP offers 2Wire modems to their customers and that there was a vulnerability in them affecting their customers. The vulnerability is called DNS poisoning.
Many other ISPs also offer this modem to their customers including AT&T. AT&T has taken some positive action to fix the issue, so if you’re an AT&T customer using a 2Wire modem then have a talk to them and see if your modem needs patching.
An AT&T spokesman, Seth Bloom, responded to a Slashdot article and had the following to say:
“The majority of our customers did not have gateways affected by this vulnerability. For those that did, as soon as we became aware of the issue, we expeditiously implemented a permanent solution to close the vulnerability. In fact, we’ve already updated the majority of affected 2Wire gateways, and we’re nearing completion of the process. We’ve received no reports of any significant threats targeting our customers.”
People that have Adobe’s Flash player version 9.0.115.0 or earlier, or 8.0.39.0 or earlier, need to update it now. A new exploit for these versions has been discovered and can allow someone to take control of your computer just from visiting a website that has malicious code.
The new version that you need is 9.0.124.0 and it fixed this new vulnerability.
AIR1.0 is also affected because it includes a Flash player built in. If you use AIR upgrade to version 1.0.1.
Adobe’s security bulletin says that this affects all platforms, so that would include all versions of Windows, Macs, and Linux.
iMunizator is an application for the Mac that claims to scan the computer and report problems.
iMunizator actually searches the computer for important files and tells the user that they are dangerous. It then offers to remove them.After removing them the computer is no longer usable.
In other words, iMunizator is a malicious program. Don’t ever run this program on a Mac.
It’s actually another version of MacSweeper, which we warned you about earlier this year.
Imunizator’s website
Where do stolen credit card numbers go?
One place is a web site called SellCVV2. Recently credit card details were discovered being sold on this site. Prices range from US$38 for a small set of credit card details. This is a fairly professional service offering guarantees and volume discounts on the stolen information.
It now seems that the site’s illegal contents have been cleared out since this information was made public. This doesn’t mean that the black market for stolen credit card numbers has disappeared, it’s only moved to another place.
This is how the site appears now.
Symantec, a large security company, have reported that there are now more malware writers than legitimate software writers.
They state that 65% of the 54,609 Windows applications released to the public in the past 6 months were malicious.
Another interesting statistic from this report is the percentage of browser plug-in vulnerabilities:
What this means is that by disabling ActiveX from your web browser (Internet Explorer) you can avoid 79% of web browser plug-in attacks. Here’s an article on how to disable ActiveX.
As for the other types of plug-ins, keep them patched and up to date to reduce the risk of infecting your computer.
Here is Symantec’s internet security report.
Recent Comments