I didn’t exactly expect a parade staged by Microsoft for the writer of the unofficial patch for this WMF vulnerability, but…. eweek tells us that Microsoft says “beware of unofficial WMF patch” It also mentions that behind the scenes Microsoft officials are furious that the threat has been overblown. Personally, I think they’ve downplayed the issue in their recent security bulletin and frankly, I’ve seen quite a bit of overblown hype. (*virus threatens every windows os shipped since 1990…)
Tag: virus
-
Microsoft advisory on Sober “Awakening”
Microsoft has posted a security advisory (912920) on the previously reported “awakening” of the Sober worm, expected January 6th.
Systems that are infected with Win32/Sober.Z@mm may download and run malicious files from certain Web domains beginning on January 6, 2006
Further they give the following note….
(more…) -
WMF exploit virus detection revisited
Yesterday, when I was testing the WMF exploit against a Windows 98 virtual machine, I sent samples through virus total and the only antivirus product to detect each of them was “TheHacker” from hacksoft. This evening I was revisiting the exploit (with the new rule for metasploit) and saved 20 samples which I also tested with virustotal. The results this evening are better. This evening 4 antivirus products detected each one.
-
Cleaning up after WMF Exploit – summary
Can I say enough times that after a bad trojan infestation you should format and reinstall? I’ve cleaned up the infested image that I “sacrificed” to the WMF exploit and as I’ve said you’re pestware install will likely be somewhat different. An exploit is just the road, the spyware and viruses are the cars. Once the road is built, just about any car can use it…. Hopefully the series has been helpful on working through some of the problems with a system cleaning.
-
Network Security guide for the home or small business network – Part 13 – Your own worst enemy
Once upon a time I did an article about the biggest computer security vulnerability ever. I’ve also passed along the old “the most dangerous part of a car is the nut behind the wheel” joke. If you haven’t got it yet, the computer user can be the “weakest link”. Let’s face it, you’ve got antivirus, a firewall, all the current windows updates, antispyware and a website pops up. The website looks like Windows security center and says you have a virus and need to get official antivirus software.
-
Network Security guide for the home or small business network – Part 12 – Antispyware
I’ve talked about Antivirus software as an essential. Today we’re going to look at Antispyware software. There is a difference. By definition a virus is a piece of software that infects other files or copies itself. A worm is a virus that spreads without user intervention. (From one open network port to another for instance.) Spyware is not necessarily in either category. Spyware is the name given to software that tracks online behavior, some may track online searches, some may be more invasive and track anything typed in to the computer!
-
Wow serious VMWare vulnerability HOST system infection
A flaw in vmware could allow malicious code to be run on the host machine according to Sunbeltblog and citing VMWare’s knowledge base. This is pretty big since this is something that’s not considered as a threat. (Many people use vmware and other virtual machines for malware/virus/spyware investigations because they’re supposed to be isolated from the host machine.)
-
Serious Symantec Antivirus Vulnerability
A few things to catch up on this afternoon, but first up is a Serious vulnerability in Symantec Antivirus. (It’s always serious when security software has a vulnerability.) The securityfix is reporting that a vulnerability has been discovered in the way Symantec deals with rar archived files. A specially made rar archive could make a hidden virus or worm in the archive run. It could be exploited remotely, in other words, as Symantec scans the file/attachments in email, the specially crafted rar file could make Symantec run the enclosed bug.
-
Disinfecting a PC… part 4
So, AVG has been scanning away finding things we’ve really got a foothold on the system and the malware has a fight on it’s hands. It’s good to see progress. Up to this point we’ve had multiple Spool32 errors (printer related). These errors are what prompted the system to be brought in initially. There’s a lexmark system tray item that loads on boot. No time to investigate that yet. Here’s the log of the AVG antivirus scan…
-
Another beagle virus variant
Incidents.org is reporting this as well…
A new Beagle variant is making the rounds. It comes in an almost empty email, as a ZIP attachment containing the worm as an EXE. The attachment name, email subject and sole text content of the email all seem to be male or female surnames. Keep your eyes peeled, especially if your users are reading their mail over webmail, as it seems to take another couple of hours until the AV vendors have their patterns lined up.