Thursday, March 26, 2009

New Firefox Vulnerability Found

New attack code has been released today targeting the Firefox Browser. This new attacks has sent Firefox developers scrambling to patch the flaw. Until it is patched, this code could be modified by attackers and used to install unauthorized software onto a Firefox user's machine.

This bug affects Firefox on all operating systems, including Mac OS and Linux. This vulnerability tricks the user into viewing a maliciously coded XML file. The attacker could than use this bug to install unauthorized software on a victim's system. This kind of drive-by download, has become increasingly popular in recent years.

Firefox users will be issued a fix for this vulnerability its it's upcoming 3.08 version release. It is recommended users update as soon as it's released.

Wednesday, March 25, 2009

Adobe Zero Day Exploit Patch

There was a security hole found in Adobe Acrobat Reader and Acrobat 9. Adobe reports..

This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue has been being exploited for over 2 months.

This patch is important.

Many of us disable auto-updates, or just don't bother to install the newest version of the software we're using. This exploit in Adobe reader 9.1 and Acrobat 9.1 can be triggered with no action from the user. It can use the Windows Indexing Service to trigger the bug.

This vulnerability can be triggered simply by sending someone a malicious PDF document, and using Windows Explorer's ability to read the file automatically.

I would suggest getting the patch asap.

Sunday, March 22, 2009

Internet Explorer Causes Your Computer to Restart

The Problem

Interesting job I had in the shop today. Windows XP Home sp2 and Internet Explorer 7 on an old hp. The computer would restart everytime Internet Explorer was opened. It never even fully loaded. The computer has AVG 8 free edition so my first thought was a Windows issue. But I have a system diagnostic routine I follow on every machine so using my own security tools, Malwarebytes anti-malware and avast anti-virus I find that 309 files are infected.

Internet Explorer had 4 toolbars installed. Several instances of Vundo, and several generic trojans.

The Fix
Begin by removing all toolbars in add/remove. There is no telling which one is casuing the issue, you can always install the one you really want later.

Download and run Malwarebyte Anti-Malware Here
Let it remove what it can.

Disable or remove any anti-virus software you have installed
Download and install Avast Anti-Virus Here
On installation schedule a boot time scan.
When asked to reboot Cancel.
Open Avast and update it. When the update is complete restart your computer.
Follow the scan as it will ask for your permission on the action for each infection found.

When the scan is finished and the computer has been cleaned it will boot to Windows.
Run a final full scan of both programs to be sure you found all infected files.

Hope this helps some of you :)

Thursday, March 12, 2009

E-mail Scam IRS Stimulus Payments

Per usual scammers are using e-mail scams to try to steal your personal information. Social Security numbers, Bank Account information and more. The new scam comes as an e-mail appearing to be from the IRS asking you to provide personal data to ensure delivery of your stimulus payment. The IRS or any government agency will ever solicit this type of information by e-mail.

Users receiving this type of fraudulent IRS e-mail are encouraged not to click on any links contained therein and to forward the message and the website URL to the IRS at phishing@irs.gov.

Wednesday, March 11, 2009

Bad Symantec update leads to trouble for users

Hackers took advantage of a Symantec issue today to flood search engines with more troublesome redirection to rouge anti-virus sites. Apparently Symantec periodically sends its users PIFTS known as Product Information Framework Troubleshooter which is a diagnostic program that anonymously collects information such as the operating system and version number of the product being used in order to get a snapshot of its user base. This time however the file wasn't digitally signed cauing many firewalls to flag it, including Symantec's own firewall.

So my advice for the time being. Don't install PIFTS.exe. If you visit a website and are advised your computer is infected, CTRL, ALT, DEL and end task on your browser process. Then run a good anti-virus software and anti-spyware program like Avast and Malwarebytes.



Monday, March 2, 2009

Update Win32.Vitro

It appears this nasty peice of work is causing many issues. As I have mentioned in my previous post, at this time it cannot be removed and a format is necessary.
From my research The transmition of this virus seems to come from an infected movie type file. This file informs you you'll need a codec to view it, when you agree it infects your system.

When installed it injects code into running processes than hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess

This vitro virus then infects every program you open. While good firewall and security software is essential to your online safety, they alone are not enough. Use caution when asked to download codecs or add-on's.

If you do get infected with this virus. DO NOT use previous backups. Perform a full clean install of Windows and your programs.