Adobe Reader Vulnerability

If you use Windows XP and have Adobe Reader version 7 – 8.1 you need to patch it. Use Adobe’s built in patching system to update it.

The vulnerability was discovered last month and there are already exploits that can allow attackers to take over your computer. Interestingly one of the known vulnerabilities was created by a Russian online crime syndicate called RBN (Russian Business Network). They’re responsible for a large amount of online crime.

A bulletin from Adobe is here, for reference.

Skype Defender

There’s a new trojan going around that is disguised as a Skype plugin called Skype Defender. If you install it, it will take your username and password and send it to a hacker.

It seems it only affects Windows users, and you recognise it by looking at the login button on Skype (the real one has a red bordeR). This document from Skype shows exactly what it looks like. It gets installed by a program called 65404-SkypeDefenderSetup.exe.

Skype Defender Trojan

PCLive – A Free Security Suite

One of the best methods of encouraging people to upgrade their computer’s security is to provide the tools for free. This security suite, PCLive Security, bundles a free antivirus product (ClamAV), a personal firewall and a popup (and adware) blocker. I haven’t had a chance to test it but it certainly looks promising.

There’s a paid version that also offers support, a hard drive maintenance module and a file optimisation module and a few other extra features. The price is US$4.95 a month, which is on par with other packages.

There’s a review here with a response from the CEO of PCLive providing a better idea of what it can do.

“Microsoft Security Update” Emails

There have been some bogus emails recently with a subject of “Microsoft Security Update“. It contains a whole lot of text encouraging you to click on a link to install a security update. If you look at the email carefully you might notice that it contains a link to a website not owned by Microsoft, and instead it will attempt to download and install a virus.

How are you supposed to know it’s false? For a start Microsoft probably doesn’t know who you are or what your email address is. If you’re a home user it’s very uncommon (and unnecessary) to register your address with them. And even if you did, email is not the method Microsoft uses to advise you on updates or to distribute the updates.

For business users, you have an IT department that takes care of all updates. You shouldn’t be trying to install security updates so treat any such email as bogus.

Bottom line: delete these emails. Any good spam or virus filter should catch most of them, and it’s best to be cautious.