Subscribe in a readerSafari Threat
Microsoft would like you to know that using Safari on a Windows PC is dangerous. And of course they’d say that, they have a competing product they’d like you to use (Internet Explorer). So what’s happening?
A few days ago Microsoft published a security advisory of a potential vulnerability in Apple Safari. Technically they’re correct, there is a vulnerability and we’ll look at it in a moment. The flaw hasn’t been exploited yet, at the moment it’s more theoretical. It’s just a little suspicious that they put this much effort into pointing out flaws in a competitor’s product and that they’ve used their security advisory system for what can be seen as a marketing manoeuvre.
So what’s the flaw?
It’s being called Carpet Bombing. Here’s how it works.
A web page is created that has hundreds of hidden download links (in the form of "iframes"). The files are silently downloaded onto the user’s desktop. This can be done without the user’s knowledge.
The vulnerability is that a user’s desktop could be covered with hundreds of icons for malicious programs, making it easy to accidentally click on one and run the malicious program.
Apple says it’s a security issue, not a vulnerability. Microsoft says users should avoid using Safari until researchers have looked further into.
So is this a sneaky marketing ploy from Microsoft? It could be, they’ve done things like this before. Or are they sincere and is Safari really as dangerous as they say?
We’ll know more in a few days, by which time Apple would most probably have a fix. I don’t consider this a high risk vulnerability, just something extra to be cautious about. A good antivirus program help here.
Microsoft’s advisory is here (it’s light on details at the moment): http://www.microsoft.com/technet/security/advisory/953818.mspx
Further info here, here and here.
Ad-Aware 2008
Ad-Aware 2008 is now available. It’s a popular anti-spyware product for Windows that scans your computer for spyware and adware. It comes in three versions:
- Free
- US$26.95, includes features such as real time detection
- US$39.95, includes more advanced features such as network drive scanning
There’s a comparison chart here showing what’s different between the versions. If you’re new to this product and aren’t sure which version you need start with the free version.
Read more about Ad-Aware 2008 here including a download link.
Similar products available for Windows are:
Also note that the larger anti-virus packages such as Trend Internet Security also contain anti-spyware modules.
Yahoo! Malicious Page Alerts
Yahoo! now lets you know if a web site contains malicious content. It works very similar to how Google does it. From a technical perspective Yahoo’s implementation seems better - it scans files that automatically download.
McAfee have provided the malware detection technology, called SearchScan, so it has a company with a good reputation behind it. Below is an example of how it looks when it finds something dangerous:
Yahoo! operates search engines in several countries, and it will be enabled by default for the following countries: Australia, Canada, France, Germany, Italy, New Zealand, UK, USA.
AVG 8.0 Released
AVG has released a new version of their anti virus program. It comes in three versions:
- Free
- US$35
- US$55
8.0 was just released, the main new features are:
- link scanning
- anti spyware
- Email and instant messaging protection
The difference between the three prices are the features included. See this chart for details.
XP Antivirus
XP Antivirus is a fake antivirus program. It looks like an anti virus program and when run it tells you it found a number of threats. It then prompts you to spend money in order to remove the alleged threats. The threats it tells you about aren’t real, it’s a scam to get money from you.
The road to XP Antivirus is:
- A malicious ad appears on legitimate web sites. The operators of the web sites hosting this ad aren’t aware of what it is.
- A message appears offering a product called XP Antivirus. The message reads:
- Attention! If your computer is infected, you could suffer data loss, erratic PC behaviour. PC freezes and creahes.
Detect and remove viruses before they damage your computer!
XP antivirus will perform a quick and 100% FREE scan of your computer for Viruses, Spyware and Adware.Do you want to install XP antivirus to scan your computer for malware now? (Recommended)
(Note: I bolded the typo that appears in the original ad)
- If you say ok then a fake anti virus program is installed.
- The program then informs you about a large number of (untrue) malware on your computer
- You’re then asked to pay to remove them
A few days ago I mentioned a similar scam for Macs called iMunizator. These things will never let up so take care who you trust. Don’t just run or install unknown programs on your computer.
ActiveX Flaw in Symantec Products
Symantec is well known for making security products (they also use the Norton brand for home products). A serious flaw has been found in some of their products including Norton AntiVirus, Norton Internet Security, Norton SystemWorks and Norton 360.
The flaw is in an ActiveX control that gets installed on the PC (the control is called SymAData.dll). This control is normally used for their AutoFix tool, however it was discovered that it can be exploited by adding some malicious code to a website. The exploit allows someone to take over the computer (generally a bad thing).
Two ways to fix this problem are:
- Engage in an online chat session with Symantec’s technical support team
- Download the patch from Symantec’s website, https://www-secure.symantec.com/techsupp/asa/install.jsp
Earlier we wrote about problems with ActiveX and suggested you disable it.
HP Flash Drives Ship With Malware
Hp flash drives were found to contain malware. These devices were sent as promotional items with new Proliant Servers.
Both 256MB and 1GB USB drives were infected with worms (W32.Fakerecy and W32.SillyFDC), and the worm can copy itself to all other mapped drives on your network.
This is particularly bad because IT technicians generally install these servers and generally have access to quite a few network drives.
HP’s software security response team admitted to the fault and has issued the following list of servers that shipped with the infected USB drive:
ProLiant BL20pG4; ProLiant BL25pG2
ProLiant BL45pG2
ProLiant BL260c
ProLiant BL460c; ProLiant BL465c; ProLiant BL465cG5; ProLiant BL480c
ProLiant BL680cG5; ProLiant BL685c; ProLiant BL685cG5
ProLiant DL120G5; ProLiant DL140G3; ProLiant DL145G3; ProLiant DL160G5;
ProLiant DL165G5; ProLiant DL180; ProLiant DL180G5; ProLiant DL185G5
ProLiant DL320G5; ProLiant DL320G5p; ProLiant DL320s; ProLiant DL360G5;
ProLiant DL365; ProLiant DL365G5; ProLiant DL380G5; ProLiant DL385G2;
ProLiant DL385G5
ProLiant DL580G4; ProLiant DL580G5; ProLiant DL585G2; ProLiant DL585G5
ProLiant ML110G4; ProLiant ML110G5; ProLiant ML115; ProLiant ML115G5;
ProLiant ML150G3; ProLiant Ml150G5
ProLiant ML310G4; ProLiant ML310G5; ProLiant ML350G5; ProLiant ML370G5
ProLiant ML570G4
IP Console Switch with virtual media
Server Console switch
Server Console Switch with virtual media
TFT7600 (USB Pass-through)
1U Rackmount Keyboard with USB
This kind of threat isn’t limited to HP customers. Any device you plug into a USB port can potentially carry malware. Therefore you should always have a good antivirus program running on your computers.
A while back we reported on similar incidents: Digital Picture Frames with malware, MP3 players sold with malware
Fake Anti Spyware
Brave Sentry is a fake anti spyware product that’s been going around a lot lately. It’s also known by these names:
- Brave Sentry
- Spy Sheriff
- Spyware Quake
- SpyFalcon
Once it gets onto your computer it tells you it found a large number of threats. For example, it could say “BraveSentry Scan found 138 threats“. This is false, following its instructions takes you to a site asking for money to remove the spyware.
Here’s a procedure on how to remove Brave Sentry, if you happen to become infected.
And to avoid infection follow these tips:
- Install a good (and well known) anti virus/anti spyware product.
- Avoid using Internet Explorer. Use one of the current alternative browsers such as:
Another Symbian Virus
There’s a new virus affecting mobile phones (cell phones) that use Symbian series 60. It’s been detected in China and is called Kiazha-A Trojan.
It gets transmitted through Bluetooth or MMS messages so you can’t completely avoid receiving it but you can delete it if it arrives on your phone.
It first deletes all text messages in the phone then displays a message asking for RMB 50 yuan (US$7) to get them back.
We have a list here showing some of the more popular phones that are vulnerable. If your phone uses Symbian S60 then be aware of virus messages like this one and delete them if you receive it.
It’s also a good idea to backup your phone’s contents to a memory card every couple of months.
Windows powered phones are also susceptible to viruses, as we’ve mentioned here.
PayPal Phishing
There’s a new phishing attack targeting PayPal customers. It begins with an email like the following:
Subject: PayPal Account Review Department
Dear PayPal customer,
We recently reviewed your account, and we suspect an unauthorized transaction on your account
Protecting your account is our primary concern. As a preventive measure we have temporary limited your access to sensitive information.
Paypal features. To ensure that your account is not compromised, simply hit “Resolution Center” to confirm your identity as member of Paypel.
- Login to your Paypal with your Paypal username and password.
- Confirm your identity as a card member of Paypal
Please confirm account information by clicking here Resolution Center and complete the “Steps to Remove Limitations.”
All typos and grammatical errors are from the original email.
If someone was to click on the link provided in the email they would be taken to a hacked copy of PayPal’s site and they’d be asked to provide their bank’s name, ATM PIN code, mother’s maiden name, birth date,and social security number. All very personal information that the real PayPal doesn’t need.
So avoid traps like these by never giving out sensitive information like the above, not trusting emails you didn’t ask for, and most of all use a good antivirus package that also scans web sites for attacks such as this. Also have a look at the new version of Haute we discussed recently, available for free.
There are thousands of phishing emails such as this and over time the quality of them gets better, such as the tax scams we wrote about earlier (Australian version here, US version here) and the student phishing attack last month.
Haute Secure
Haute Secure is a security service developed by 3 former Microsoft security specialists. It’s designed to filter the web pages you browse and it blocks any websites known to contain malware.
It’s free for people to download and install on their computers. If you run a website they charge money so they can scan your website and alert you if it gets hacked and infected with malware.
Most of the good antivirus packages have had this feature for a long time, and it’s a good idea to invest in one of these.
If you really believe it’s not worth spending money to keep your computer secure and you insist on using free antivirus programs, then this will make a good addition since free antivirus programs don’t usually filter web sites.
MonaRonaDona
There’s a malware program called MonaRonaDona, if you end up installing it (by being tricked into downloading something you don’t really need) it causes a bit of havoc with your computer.
It then suggests you try an antivirus program called Unigray. This is one of those fake antivirus programs that have been appearing lately. All it does is mess up your computer, and you’re asked to pay $39.90 for it.
So stay away from MonaRonaDona and Unigray. Use one of the popular antivirus packages (such as those you can buy in a computer shop).
Free Online Health Check from F-Secure
F-Secure is a security software company that has been making good products for a long time. They have published a new tool that scans your computer for vulnerabilities and provides a report on what programs you need to update.
The application runs inside Internet Explorer and requires Window XP or Vista. Try it out here, http://support.f-secure.com/enu/home/onlineservices/fshc.shtml
Note that this doesn’t replace anti-virus software. It only checks which programs on your computer are vulnerable to attacks and need to be updated.
New Vulnerability in Adobe Reader
It’s not news that PDF files can contain viruses. As useful as PDF files are the flaw is with the reader program, called Adobe Reader (previously called Adobe Acrobat Reader).
It’s possible to embed code in PDF files and it’s been shown that this code can download malicious programs from the internet and install them on the computer. At the moment the latest malicious code comes from Netherlands, and as with all things on the internet it can move or spread quickly.
If you have one of the following programs then you’re at risk. According to Adobe’s notice it affects all platforms (Windows, Mac, etc).
- Adobe Reader 8.1.1 and earlier versions
- Adobe Acrobat Professional 8.1.1 and earlier versions
- Adobe Acrobat 3D 8.1.1 and earlier versions
- Adobe Acrobat Standard 8.1.1 and earlier versions
The vulnerability has been fixed in version 8.1.2 so update all your computers to avoid this one. Antivirus software can also protect you if you keep it up to date and use a well established product.
Another fake anti spyware site
All these fake sites and applications are becoming a bigger problem. The latest is called removal-tool . com (warning, do not try going to this site). It appears to be a collection of spyware removal tools except that it actually tries to install quite a few different bits of malware on your computer. It’s a malicious web page in disguise.
The web site looks nice, contains a blog, a news section, and reviews. The authors went to some effort to make it look convincing. Most of the links on the site even work. It would be difficult to tell that this site will compromise your computer.
Good anti virus software these days has the option to filter all web pages and they stop most of these sites before your web browser starts loading them. It’s a good investment.
Another technique to avoid these traps is to use a less popular web browser such as Firefox or Opera, or to use a less popular operating system such as Mac OS or Linux.
At the moment the majority of malicious code is designed to target Windows and Internet Explorer. That’s not to say that other systems are immune, malware is just less common on them.
HP Laptop Support Software
HP laptops come with some software to keep them updated and to help HP provide support. Lately there have been a couple of vulnerabilities discovered in these tools.
A support feature on HP computers is something called HP Virtual Rooms, an online collaboration suite. There’s a flaw in the ActiveX control that it uses and it’s possible to create a web page that lets someone install programs on your computer.
The file at risk is called HPVirtualRooms14.dll. If you have an HP computer you can check the properties of this file (do a search for the file), if it’s version 1.0.0.100 then it’s at risk.
The best defence is to have a good anti virus package, and to update this tool when HP get around to releasing an update.
The second HP vulnerability is with HP’s Software Update utility. This utility keeps the computer patched, which is always a good thing to do. Except that it also has a vulnerability and the computer can be compromised by visiting a web page with malicious code.
The program affected is called HP Software Update Client, version 3.0.8.4.
Again, use a good anti virus program and update the update tool when HP releases a fix.
-
-
Ads
-
-
Stats