Viruses, Trojans, Spyware, etc
With all the virus infected emails being sent with Valentine’s Day themes now’s a good time to remind you not to save or run anything just because it asks you to. Especially if the filename ends with .exe
Some examples of what not to run, download or save:
And recall our earlier warning on Valentine’s Day malware.
Apart from this, have a great Valentine’s Day 🙂
Skype has released up update that fixes some issues including (like the one reported earlier). The new version is 3.6.0.248, all Windows users should upgrade to it.
Skype’s announcement is here.
It’s not news that PDF files can contain viruses. As useful as PDF files are the flaw is with the reader program, called Adobe Reader (previously called Adobe Acrobat Reader).
It’s possible to embed code in PDF files and it’s been shown that this code can download malicious programs from the internet and install them on the computer. At the moment the latest malicious code comes from Netherlands, and as with all things on the internet it can move or spread quickly.
If you have one of the following programs then you’re at risk. According to Adobe’s notice it affects all platforms (Windows, Mac, etc).
The vulnerability has been fixed in version 8.1.2 so update all your computers to avoid this one. Antivirus software can also protect you if you keep it up to date and use a well established product.
All these fake sites and applications are becoming a bigger problem. The latest is called removal-tool . com (warning, do not try going to this site). It appears to be a collection of spyware removal tools except that it actually tries to install quite a few different bits of malware on your computer. It’s a malicious web page in disguise.
The web site looks nice, contains a blog, a news section, and reviews. The authors went to some effort to make it look convincing. Most of the links on the site even work. It would be difficult to tell that this site will compromise your computer.
Good anti virus software these days has the option to filter all web pages and they stop most of these sites before your web browser starts loading them. It’s a good investment.
Another technique to avoid these traps is to use a less popular web browser such as Firefox or Opera, or to use a less popular operating system such as Mac OS or Linux.
At the moment the majority of malicious code is designed to target Windows and Internet Explorer. That’s not to say that other systems are immune, malware is just less common on them.
HP laptops come with some software to keep them updated and to help HP provide support. Lately there have been a couple of vulnerabilities discovered in these tools.
A support feature on HP computers is something called HP Virtual Rooms, an online collaboration suite. There’s a flaw in the ActiveX control that it uses and it’s possible to create a web page that lets someone install programs on your computer.
The file at risk is called HPVirtualRooms14.dll. If you have an HP computer you can check the properties of this file (do a search for the file), if it’s version 1.0.0.100 then it’s at risk.
The best defence is to have a good anti virus package, and to update this tool when HP get around to releasing an update.
The second HP vulnerability is with HP’s Software Update utility. This utility keeps the computer patched, which is always a good thing to do. Except that it also has a vulnerability and the computer can be compromised by visiting a web page with malicious code.
The program affected is called HP Software Update Client, version 3.0.8.4.
Again, use a good anti virus program and update the update tool when HP releases a fix.
There’s another bit of malware spreading through MSN’s messaging network (MSN Messenger and Live Messenger), known as the IRCBOT-RB Trojan, also called a worm because of how it spreads.
It works by showing people a message with links to pictures on MySpace and Facebook. It includes messages such as "Wanna see my pictures before i send em to facebook?". Clicking on the link takes the user to a web page with malicious code.
This particular worm/trojan changes the message into different languages, depending where the user is located.
Once infected a user’s machine waits for instructions from the malware author and will let them control the machine at will.
As always whenever something becomes popular with the media dozens of malware sites appear overnight promising to have interesting articles. Instead they link to malicious code that can end up being installed on your computer.
In short, if you search for Heath Ledger and end up at a website asking you to install “A new version of ActiveX Object” close your web browser immediately.
A good anti-virus package will filter malicious web sites and help protect you.
There’s a new worm (malicious code) going around infecting mobile phones that use the Symbian system (see below for a list of phones). There are two variants called the Beselo.A and Beselo.B worms.
It gets transmitted by Bluetooth or by MMS so you can’t really avoid receiving it. It consists of two parts:
With MMS messages it’s not necessary to “install” anything to view a picture or to play an audio attachment. What’s really happening is there’s no picture or audio file attached, it’s a malicious program. The wording of the message is just a trick to install the worm (a technique known as social engineering). If it were really a picture you’d be able to see it without installing anything, and likewise for audio attachments.
If you receive a message asking you to install something and it promises to show you a picture or play an audio file, say no. Delete the message.
F-Secure make an antivirus package specifically for phones that use Symbian, and that would detect the file. But common sense and the explanation above should be sufficient to avoid it.
Below are some of today’s popular phones that use Symbian S60. If your phone is on this list then it’s vulnerable to this attack.
Skype, the popular internet phone software, has a new vulnerability with the way it handles video links. There aren’t any reported exploits yet but as always it’s only a matter of time.
Skype is susceptible to this vulnerability if all of the following happen:
The damage from this is still unproven but it’s fair to say that if someone can write the required malicious code they could use it to any effect they like (such as installing spyware on your computer or taking over its control).
Skype has responded with disabling adding new videos to their Dailymotion gallery. This will slow down the chance of an exploit spreading. And Skype will release a new version soon to fix the vulnerability.
Skype’s report is located here.