News

Quote

The company expects to begin delivering the updated version of the chipset to customers in late February and expects full volume recovery in April. Intel stands behind its products and is committed to product quality. For computer makers and other Intel customers that have bought potentially affected chipsets or systems, Intel will work with its OEM partners to accept the return of the affected chipsets, and plans to support modifications or replacements needed on motherboards or systems. The systems with the affected support chips have only been shipping since January 9th and the company believes that relatively few consumers are impacted by this issue. The only systems sold to an end customer potentially impacted are Second Generation Core i5 and Core i7 quad core based systems. Intel believes that consumers can continue to use their systems with confidence, while working with their computer manufacturer for a permanent solution. For further information consumers should contact Intel at http://www.intel.com on the support page or contact their OEM manufacturer.

Quote

Of the 1,344,669 computers cleaned, this is about 1 in 5, a ratio that’s higher than we typically see even when accounting for the normal, first-month spike which results from adding a new family but not exceptionally so.

To put this in greater perspective the removals of Zbot are almost as many as the removals of the #2 and #3 malware families this month combined (Win32/Vundo and Win32/Bubnix respectively). Approximately 86 million computers have run this version of MSRT as we compile this data so we should expect this number to increase as the month continues.

Quote

The security company's systems had decided that a virus called Huhk-C was present in the explorer.exe file, leading to its confinement or, in some cases, deletion. As Windows Explorer is the graphical user interface (GUI) for Windows' file system, this made it difficult to perform many common tasks within the operating system, such as finding files. David Emm, a senior technology consultant at Kaspersky Lab, told ZDNet UK on Friday that the company was still examining its checklist to find out why the false positive "slipped through the net."

Quote

Once opened, the OpenOffice file, called badbunny.odg, launches a macro that behaves in several different ways, depending on the user's operating system. On Windows systems, it drops a file called drop.bad, which is moved to the system.ini file in the user's mIRC folder. It also executes the JavaScript virus badbunny.js, which replicates to other files in the folder. On Apple Mac systems, the worm drops one of two Ruby script viruses in files respectively called badbunny.rb and badbunnya.rb. On Linux systems, the worm drops both badbunny.py as an XChat script and badbunny.pl as a Perl virus.

Quote

"Daylight saving time arrives a little earlier — March 11 — and stays a little later — Nov. 4 — this year. And it’s bringing a problem along with it that could affect everything from stock trades to airline schedules to your BlackBerry. Software created before the law mandating the change passed in 2005 is set to automatically advance its timekeeping by one hour on the first Sunday in April, not the second Sunday in March. Congress decided that more early evening daylight would translate into energy savings. The result is a glitch reminiscent of the Y2K bug, when cataclysmic crashes were feared if computers interpreted the year 2000 as 1900 and couldn’t reconcile time appearing to move backward. If banks and other institutions aren't properly prepared, automatic stock trades reportedly might happen at the wrong hour, buildings that unlock at a certain time could stay shut, and airline flight schedules could be scrambled."

Quote

The update is part of the Redwood City, Calif., company's quarterly patch cycle. Oracle preannounced its patch release Thursday, when, for the first time, it published an advance notification so customers could plan ahead to apply the fixes. Oracle's actual Tuesday "Critical Patch Update" has one fix less than the company originally announced. Instead of the planned 27 fixes for its database products, 26 vulnerabilities are addressed in the company's flagship software.

Quote

A security advisory from the Redmond, Wash., company said the flaw can be exploited if a user simply opens a rigged Word document. Affected software versions include Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word.

Quote

Malware makers are starting to take advantage of the number of users searching for cracks for the pirated copies of Vista floating around. A new download has started circulating around the crack boards called "Windows Vista All Versions Activation 21.11.06". It purports to be an activation crack for any version of Vista. However, the file is actually a trojan-carrier which will install Trojan-PSW.Win32.LdPinch.aze onto your PC. BitTorrent users who posted reviews of the crack said that a number of antivirus programs detected the malware, though Norton AntiVirus and NOD32 did not.

Quote

RCSR attacks are also actively targeting Microsoft Internet Explorer, however a flaw in Firefox makes the attack much more likely to succeed. The Password Manager component of FireFox can be exploited to send a username and password combination to an attacker's computer without the user's knowledge. Users of both Firefox and Internet Explorer need to be aware that their information can be stolen in this way when visiting blog and forum websites at trusted addresses.

Quote

The vulnerability lies in the way the open-source browser handles JavaScript code. Viewing a rigged Web page will cause the browser to exit, a representative for Mozilla, the publisher of the software, said Wednesday. Contrary to claims on security mailing lists, the bug cannot be exploited to run arbitrary code on a PC running Firefox 2, the representative said. This flaw in the JavaScript Range object is different from the denial-of-service vulnerability in Firefox 2 that was confirmed by Mozilla last week. That bug is related to a more serious security hole, which was fixed in earlier versions of Firefox, the organization has said.

Quote

The code, which was posted on the Internet early Sunday morning, could be used to disable the Windows Firewall on a fully patched Windows XP PC that was running Windows' Internet Connection Service (ICS). This service allows Windows users to essentially turn their PC into a router and share their Internet connection with other computers on the local area network (LAN.) It is typically used by home and small-business users. The attacker could send a malicious data packet to another PC using ICS that would cause the service to terminate. Because this service is connected to the Windows firewall, this packet would also cause the firewall to stop working, said Tyler Reguly, a research engineer at nCircle Network Security Inc., who has blogged about the issue.

Quote

The browser flaw could affect users who visit a trusted site by opening a pop-up window in that site but containing malicious code. This is the second IE 7 flaw that has been discovered since Microsoft released the browser two weeks ago. Last week, a security flaw was discovered in IE 7 that could spoof the address of a pop-up window. The two IE 7 flaws, if used in conjunction with each other, can easily dupe all but the most security-minded users, said Thomas Kristensen, chief technology officer of security company Secunia, which discovered the flaws.

Quote

The company said that a small number of video iPods made after Sept. 12 included the RavMonE virus. It said it has seen fewer than 25 reports of the problem, which it said does not affect other models of the media player, nor does it affect Macs. The Cupertino, Calif.-based company apologized on its Web site for the problem, but also used the opportunity to jab at Microsoft, its operating system rival. "As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it," Apple said on its site.

Quote

The code takes advantage of a weakness in core parts of Mac OS X and could let a user gain additional privileges. Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then. "It appears to have been written well before the vulnerability was fixed," said Dino Dai Zovi, a researcher with Matasano Security who was credited by Apple with discovering the flaw when the patch was released. "It appears to be a zero-day exploit and may have been distributed before the patch was released."

Quote

Microsoft worked with the Department of Homeland Security on the alert, a company representative said. "Microsoft...encourages customers to deploy this update on their systems as soon as possible, given that we are aware of targeted exploitation of the vulnerability," the representative said. Microsoft deems the vulnerability critical for all versions of Windows. However, users of Windows XP with Service Pack 2 and Windows Server 2003 with Service Pack 1 should be protected by the Windows Firewall if they do not use file sharing and printer sharing, Christopher Budd, a security program manager at Microsoft, said in an interview Tuesday.

Quote

The bulk of the Mac OS X flaws affect both the client and server versions of the operating system. Attackers could exploit several of the vulnerabilities, specifically those related to image processing and file compression, by crafting malicious files and tricking people into opening them, Apple said. This attack method is seen often on computers that run Microsoft's Windows operating system. Other flaws could expose user data, let a malicious user gain elevated privileges on a system running Mac OS X, or cause a crash, Apple said.

Quote

Internet Explorer users who visited a Web page containing this ad and whose IE was not equipped with the WMF patch would not get that warning. Rather, their machines would silently download a Trojan horse program that installs junk software in the PurityScan/ClickSpring family of adware. This stuff bombards the user with pop-up ads and tracks their Web usage. Only a little more than half of the anti-virus programs used at anti-virus testing service AV-Test.org flagged the various programs that the Trojan tried to download as malicious or suspicious.

Quote

The company already knows of some problems and expects others. Only about 40 percent of Windows XP applications can run without any modification, for example. A good chunk of the remainder require only very slight tweaks. Many of those incompatibilities have already been fixed, either through workarounds put in place by Microsoft or in collaboration with the application's maker.

Quote

Virgin, one of the first providers to offer such a service, hopes the service will appeal to its often cash-strapped customers, 65 percent of whom are younger than 30 years old. "Very practically speaking a lot of our customers are value conscious. They manage budgets that are finite," said Howard Handler, the company's chief marketing officer.

Quote

My Computer>Properties>Advanced>User Profiles
Click on Settings

Under "Profiles stored on this computer" will be entries for every account that has logged on to the machine (representing the saved profile associated with the local or domain account).

Periodically a profile with a name of "unknown" will appear in the list (it should not).

If you select the "unknown profile" and click on delete, the currently logged in profile will be deleted with no warning to save the contents of the "My Documents" folder.

Quote

F-Secure said on Friday that it was aware of seven sites that had been defaced by the worm, which appears designed to combat the Santy worm. The anti-Santy worm searches Google for sites that use the PHP Bulletin Board (phpBB) software exploited by the earlier worm, infects the sites and attempts to make the sites more secure by installing a patch.

Quote

This follows reports on Tuesday that a number of variants of the Cabir worm have been detected and that these offshoots have evolved beyond their comparatively benign predecessors. The worm affects phones running the Symbian operating system that use Bluetooth wireless technology.

Quote

Microsoft has had significant problems securing its Web browser in 2004. As a result, the freely available open-source browser Firefox has gained market share. Security experts have recommended that computer users consider other browsers and some schools have told their students to use a non-Microsoft browser.

Quote

A loophole in the Windows Media DRM process allows companies to create ersatz media files and link them to adware. Normally, when you download a protected Windows Media file, you also receive a license that lets you play it. According to Caulton, if Windows Media Player can't find a valid license on your PC, it checks in with a remote system running Microsoft's Windows Media DRM Server.

Quote

The fixes for the glitches in the Windows operating system will appear on Dec. 14, according to the posting. Microsoft typically releases patches on the second Tuesday of each month, a schedule it decided upon more than a year ago.

Quote

Secunia Research has reported a vulnerability, which affects most browsers. The vulnerability can be exploited by a malicious web site to "hi-jack" a named browser window, regardless of which web site is the true "owner" of the window.

Quote

"This is certainly something that is bypassing some of the security features that are meant to be there. It is a way of bypassing the dialogs in IE. It will result in the (malicious) file being saved on the user's computer," said Richmond, who added that the matter would be worse if that file could be saved in a computer’s start-up folder.

Quote

The new worm, Sasser.B, like its predecessor Sasser.A, takes advantage of a vulnerability in unpatched versions of Windows XP and Windows 2000 systems. The worms infect vulnerable systems by establishing a remote connection to the targeted computer, installing a File Transfer Protocol (FTP) server and then downloading themselves to the new host.

Quote

Sober.d arrives as e-mail pretending to be from Microsoft with a patch for the MyDoom worm. Microsoft does not e-mail its customers with new patch information. The subject line could be in either German or English, with random letters or words in some variation of "new Microsoft security patch." The body text, also in German or English, reads:

Quote

According to a message posted by SecurityGlobal.net LLC's Security Tracker Web site, a vulnerability was reported in Microsoft Internet Explorer Version 5 that lets a "remote user execute arbitrary code on the target system."

Quote

Last year, there was almost one major virus attack every month, including the well-known Slammer worm, which shut down Internet service providers in South Korea, disrupted plane schedules and knocked out automatic teller machines in January. The Lovegate Internet e-mail worm surfaced in February, while the Bugbear and Sobig viruses, which spread via infected e-mail, appeared in June.

Quote

Perhaps the most serious flaw is a memory error in the Windows Workstation service, a software component that facilitates access to network resources such as printers and files. The vulnerability could allow an attacker to gain control of a person's PC via the Internet in much the same way the MSBlast worm was spread to hundreds of thousands of computers in August.

Quote

The third is a denial-of-service flaw that affects a component known as the remote procedure call (RPC) process. The RPC process facilitates activities such as sharing files and allowing others to use a computer's printer. By sending too much data to the RPC process, an attacker can cause the system to grant full access to its resources. By using the flaws in tandem, a hacker could load unwanted programs onto computers through the buffer overrun flaws and then use the infected computers to launch a denial-of-service attack.

Quote

Several other alerts also involve Office applications. A vulnerability in recent versions of Word could allow hackers to automatically run macros, which are mini-programs typically used to automate routine tasks. The flaw--classified as "important"--requires opening a maliciously crafted document, according to the security bulletin. Customers using Word 2002, 2000, 98 or 97 or Works Suite 2003, 2002 or 2001 are urged to apply the patch, as described in the bulletin.