HP Laptop Support Software

HP laptops come with some software to keep them updated and to help HP provide support. Lately there have been a couple of vulnerabilities discovered in these tools.

A support feature on HP computers is something called HP Virtual Rooms, an online collaboration suite. There’s a flaw in the ActiveX control that it uses and it’s possible to create a web page that lets someone install programs on your computer.

The file at risk is called HPVirtualRooms14.dll. If you have an HP computer you can check the properties of this file (do a search for the file), if it’s version 1.0.0.100 then it’s at risk.

The best defence is to have a good anti virus package, and to update this tool when HP get around to releasing an update.

notebook computerThe second HP vulnerability is with HP’s Software Update utility. This utility keeps the computer patched, which is always a good thing to do. Except that it also has a vulnerability and the computer can be compromised by visiting a web page with malicious code.

The program affected is called HP Software Update Client, version 3.0.8.4.

Again, use a good anti virus program and update the update tool when HP releases a fix.

Heath Ledger Malware

As always whenever something becomes popular with the media dozens of malware sites appear overnight promising to have interesting articles. Instead they link to malicious code that can end up being installed on your computer.

In short, if you search for Heath Ledger and end up at a website asking you to install “A new version of ActiveX Objectclose your web browser immediately.

A good anti-virus package will filter malicious web sites and help protect you.

Symbian Phones

Nokia N95There’s a new worm (malicious code) going around infecting mobile phones that use the Symbian system (see below for a list of phones). There are two variants called the Beselo.A and Beselo.B worms.

It gets transmitted by Bluetooth or by MMS so you can’t really avoid receiving it. It consists of two parts:

  • An attachment with an interesting name, such as beauty.jpg, sex.mp3, or love.rm
  • A text message asking you to “install” the attachment to view it

With MMS messages it’s not necessary to “install” anything to view a picture or to play an audio attachment. What’s really happening is there’s no picture or audio file attached, it’s a malicious program. The wording of the message is just a trick to install the worm (a technique known as social engineering). If it were really a picture you’d be able to see it without installing anything, and likewise for audio attachments.

If you receive a message asking you to install something and it promises to show you a picture or play an audio file, say no. Delete the message.

F-Secure make an antivirus package specifically for phones that use Symbian, and that would detect the file. But common sense and the explanation above should be sufficient to avoid it.

Below are some of today’s popular phones that use Symbian S60. If your phone is on this list then it’s vulnerable to this attack.

  • LG – JoY
  • Nokia – 3250, 5500 Sport, 5700, 6110 Navigator, 6260, 6290, 6600, 6630, 6680, 6682, E50, E51, E60, E61, E61i, E65, E70, E90, N70, N72, N73, N75, N76, N80, N81, N90, N91, N92, N93i, N93, N95, N95 8GB, N82, N81 8GB, 6120, N77
  • Nokia (discontinued) – 6681, 6670, 3230, 7610, 3650, 3600, 3660, 3620, 7650, N-Gage, 6620
  • Panasonic – X800, X700
  • Samsung – SGH-D720, SGH-D730, SGH-i450, SGH-i520, SGH-i550, SGH-i560
  • Sendo – X
  • Siemens – SX1

Digital Picture Frames with malware

Now you also have to be careful when you buy digital picture frames. There have been numerous reports of some of these devices being infected with a virus. When you put in a photo memory card it installs a trojan onto the card. Then later, if you put the card into your computer it can install the trojan onto the computer.

old photoIt then tries to stop any anti-virus system the computer may have and then starts stealing passwords. Pretty serious stuff.

And it seems the digital picture frames came from the factory with this already installed. No one had tampered with the devices beforehand.  This has been happening to quite a few digital gadgets such as MP3 players.

A good anti-virus system will detect this and prevent itself to be disabled, so if you haven’t already done so invest in one. And if you come across such a device have a chat to the store you bought it from, it’s possible they have no idea it’s happening.

Update (26 Jan 08): Best Buy were selling these devices with the brand name Insignia. They’ve just realised and have taken the off the shelf and are trying to contact customers who bought them.

Valentine’s Day Malware Reminder

heart

As with every festive event Valentine’s Day brings a whole new wave of malware. Emails are already being sent around the internet carrying dangerous attachments. While the subject keeps changing, the more common attachments seen so far are:

  • withlove.exe
  • with_love.exe
  • Greeting card.exe
  • love_me.exe
  • porno_03.exe
  • valsday.exe

Never open attachments that end with .exe. Unless you’ve specifically asked someone to send you a file with that exact name, it’s almost certainly malware. Delete it.

False Malware Cleaners

There are some programs that claim to test your computer for malware, then it will always tell you it found something bad. After that it either asks you for money to clean it or does some other misleading action.

tempted by a poison apple Based on some security company’s research there are now 500 of these programs, including some for Mac as well as for Windows.

They look like serious programs, have interesting names, and are complete with websites. Below are some of the more recent ones:

  • AVSystemCare
  • DriveCleaner
  • MalwareAlarm
  • AntiSpywareSheild
  • MacSweeper (written for the Mac)

Avoid all of these programs (don’t download or install them).

Unfortunately this is a growing trend with new products popping up all the time. Use a trusted antivirus package such as the kind that can be purchased from shops.

ADSL Modems in Mexico are being attacked

Yesterday’s article explained how DNS poisoning works. And there’s already quite a bit of it happening. In Mexico there’s an ISP that offers their customers ADSL modems with the brand 2Wire.

There’s an exploit for this particular model making it easy for their DNS settings to be changed, effectively attacking the internet of users. It’s as simple as opening an email with the malicious code.

If your modem is a 2Wire then change the password and filter your emails with a good anti-virus program.

MP3 players sold with malware

Victory LT-200

Some MP3 players sold in the Netherlands have been found to contain malware. The model is "Victory LT-200".

This isn’t the first time gadgets come with viruses already installed (such as Maxtor’s  external drive). There have been USB flash drives, camera memory cards, and even GPS navigators that have been sold with infected files pre-installed.

Often it happens when a computer at the factory is infected and somehow the files end up on the device during testing.

Any good anti-virus program would be able to detect the files and clean them for you.