Two notes on the Windows vulnerability patched day before yesterday. There is a trojan in the wild exploiting it and Symantec’s AV definition to detect such an exploit is a bit too paranoid and flags lot’s of emf files as having an exploit for the same. The workaround is to disable emf files from virus scans.
Tag: virus
-
Microsoft November 2005 patch day
That most wonderful day of the month has come when we get an idea of what vulnerabilities we may see exploited…. Seriously, if you run Windows, go to windowsupdate.microsoft.com or ensure you have automatic updates if at all possible. This months most critical update relates to a vulnerability in the way windows renders (draws) images. It appears that an attacker could design a web page with images in such a way as to run arbitrary (anything they want) code (programs) on the victims computer, alter or view data, or simply control the machine (creating/removing user accounts, etc.)
-
Linux network worm…
There is a linux network worm (virus) in the wild, which I’ve mentioned already in an earlier post. I did want to take a few moments to highlight this and dispell a few myths. (This is the first linux virus I recall seeing over at SARC in the last couple years….) Myth #1) linux doesn’t get viruses…. bull, this current worm is proof. Myth #2) if linux had bigger market share there would be tons of linux viruses – Maybe, but remember that much of the internet’s backbone runs on linux (all the machines at my providers webhosting company and indeed MANY others)
-
Microsoft to bundle anti-spyware with vista
Well it shouldn’t come as a big surprise, but Microsoft is expected to bundle their anti-spyware product (which will be renamed windows defender) with Vista when the next version of the OS ships. It’s probably not a big surprise given the headaches that people have with spyware and the potential for a subscription update service. For most people this will probably be the only anti-spyware application they have.
-
More on the Zotob/Mytob identity theft ring
The Security Fix has reported on the unraveling of a ring of identity theives after the arrests of the writers of the zotob and mytob worms. Apparently they have leads on about a dozen different people following the arrests last week of the suspected virus writers.
-
The end of antivirus definition updates?
Well, frankly, there has been talk of the end of definition based antivirus scanning for years. You see the achilles heel of any AV scanner is that it has to have signatures of what known viruses look like, so there will always be a reflex window, where there’s a new unknown virus that people are getting infected with before there’s a reaction from the antivirus vendors. The supposed cure for this dillema was hueristic scanning which was supposed to detect things that “looked” like they might be viruses. A noble goal, but along the path it’s proven innefective mostly, either too aggressive and tagging EVERYTHING as potentially viral, or really unnoticable.
-
Like flypaper for malware..
The diary over at the SANS Institute mentioned an interesting program today. Nepenthes is a program that can simulate a vulnerability so that it can collect samples of malware trying to exploit that vulnerability.
-
US-CERT talks spyware
US-CERT is addressing the issue of spyware. According to Spyware Confidential, they’ve released a document (pdf) on the matter, including techniques to guard against spyware. Education and awareness are two elements that are highly emphasized.
-
Another Massive ID theft ring
It looks like Sunbelt has found ANOTHER massive Identity theft ring. They suspect it’s a trojan from the Dumaru family that is contentedly logging the infromation and promise more details.