According to The Register among other sources, there is a vulnerability in all Acrobat and Reader software prior to the following safe release numbers: Windows and Mac Reader users please install 7.0.3 or 6.0.4 to be fixed (all other 7 series and 6 series versions are vulnerable). Acrobat users on Windows or Mac should update to either 7.0.3, 6.0.4 or 5.0.10 (again, any other 7.x 6.x or 5.x version is vulnerable.) Linux and Solaris reader users should upgrade to 7.0.1 to be secure.
Category: Security
-
Microsoft’s quick response to network worms….
This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have a page titled What you should know about Zotob
-
Phishing scheme aimed at educating users
A number of New York state employees and a number of cadets at West Point were targetted in a recent phishing scheme. This one was perpetrated by the good guys though to wake them up to how realistic a phishing attempt could look. The employees that bit were “given a gentle slap on the wrist”.
-
Esbot and Zotob removal tool
Just a quick note to mention that Symantec has posted a removal tool for Esbot(.A). They previously had manual instructions only. They also have updated their Zotob Removal Tool to cover all current variants .A .B .C@mm .D .E and .F (.E was the big newsmaker yesterday.)
-
Esbot.a
Symantec’s site is also reporting another virus (technically a worm) targetting the MS05-039 vulnerability. This one is called w32.esbot.a and is also rated at level 3 on their 5 level threat assessment scale.
-
Zotob worm bites big media outlets
According to several reports there are several big media outlets seeing what is reported as the zotob worm which exploits a Microsoft Windows vulnerability (MS05-039) disclosed last week. There seems to be no better way for something to make the news than for it to affect the companies that bring us the news…. CNN for one is reporting that the worm has affected their networks as well as ABCnews and the New York Times. The Caterpillar Company is also mentioned.
-
Junk mail can be REALLY nasty
As if you needed another reason to not like SPAM ( no, not the hormel product, we’re talking junk mail here.) A couple days ago I mentioned a post at the sans institute talking about an email that was circulating and the link within that email took you to a malicious site (redirected) and attempted to exploit one of the recently disclosed Windows vulnerabilities. The Security Fix talks about another in the recent round of expoit attempts and this one comes disguised as junkmail.
-
My * messed up my computer
Since the massive id theft ring was uncovered, I’ve been reading the Sunbeltblog frequently. Today, they have an interesting post about the various explanations for spyware on peoples computers. They tag it the “other person syndrome”. I’ve heard this before too. “Well, the neighbors kids were over and ever since then we’ve had all sorts of problems.”, “My son was up from college and since then I just haven’t been able to…”, etc. etc. etc.
-
Infocon Green and apple updates
The Sans institute (incidents.org) has returned to infocon green. Explaining that there are no fundamentally new variations on the exploits that were circulating and the situation is fairly static. (No big moves in infected machines/port scanning activity.) Also, they note that Apple has released several updates. They effect 10.3.9 and 10.4.2 The updates can be found at Apple support.
-
Computer security software nets $2.6 Billion over last two years.
SecurityFix is talking about the computer security industry. Further, computer users spend $9 billion a year on computers repairs from spyware and antivirus. This reminds me of a recent story of a man that threw out a perfectly good machine because it was infested with spyware. For starters, I do computer repair. I charge $40/ hour and even at that rate I’ve had people balk at 3-4 hours of heavy cleaning versus the Dell ads. How many people take this route instead of repairs? It’s hard to say overall. In his blog, Brian Krebs lays part of the blame at Microsoft’s door and I think rightly so.