Monthly Archives: April 2011

Fake Windows Diagnosis Programs

I was able to see one of the newest fake Windows Diagnosis infections in the wild, and wanted to warn you about it. There are several of them and you might get all of a sudden one or more alarming windows telling you that your system or hard disk drive has several errors and a scan with an advanced module is in order, and then an attempt to coerce you into paying for that advanced module. All these alerts are of course fake and should be ignored.

One thing this infection does that might freak you out for a moment is the fact that the files in your hard disk seem to disappear. You try to access your documents, or open My Computer, and nothing shows as the contents of it. Don’t worry; The files are there, but the infection has changed an attribute in all files which hides them from normal view. This is reversible but the steps to do so plus the cleanup process are beyond the scope of this article, so contact me if you find yourself in this situation and don’t know what to do.

As usual, exert caution when clicking on links in emails, phony looking websites and any inviting, luring offers to download unknown files/programs to your computer.

Latest Flash Player Vulnerability, and Patch

A few days ago Adobe published a security bulletin admitting there is a new exploit spotted in the wild for Flash player. I wanted to wait until there was a patch available before writing about it, and here it is. As usual Google Chrome readers got the patch before everyone else, yesterday. The latest Google Chrome version, 10.0.648.205, contains this patch. For all other browsers users, you can go here to get the latest version of Flash:

http://get.adobe.com/flashplayer/

If you have any questions as to what version you have and which is the latest one, go here:

http://www.adobe.com/software/flash/about/

Attacks that use the exploit patched by the latest version of Flash have been seen in the wild, in Word and Excel files attached to email messages. Some of the earliest messages in the attack tried to get recipients to open the attached Word or Excel files by claiming they offered information on China’s antitrust laws, or a Japanese nuclear weapons program. Later messages posed as corporate reorganization plans or new company contact lists.

Users beware, and install the latest version of Flash as soon as possible.

Mammoth Set of Windows Updates in April

This month Microsoft is releasing 17 updates meant to patch 64 different vulnerabilities in Windows operating systems as well as Office. The 17 updates tie a record set in December, but the 64 vulnerabilities they’re patching is an all-time record. Out of the 17 updates, 9 are labeled “critical”, the remaining 8 “important”.

Updates are set to be released on Tuesday the 12th at around 10 AM PDT. 6 of the updates will require a computer restart after applied. Other than that, if you have automatic updates on, no other user intervention is required. If you don’t have automatic updates set to on, it behooves you to download and install these updates.

If you were to draw an analogy, applying software patches and updates is like closing open doors and windows ( 🙂 ) that could allow access to your house by thieves. A sound security system (antivirus, firewall etc)  would be like a fence around the house that prevent thieves from entering your property. Even if thieves were to successfully jump the fence and enter your courtyard, they would not be able to get into the house if there was no open entrance.

Theoretically, a fully patched computer could get infected by a virus, but if the vulnerability the virus was set to exploit was patched, no adverse effect would ensue.

Always keep your operating system and main programs up-to-date for a better intrusion prevention security level.

 

Targeted E-mail Attacks Expected

Epsilon, a Texas-based company that runs marketing and customer loyalty campaigns via email for some of the country’s biggest banks, credit card companies and retailers, including American Express, Best Buy, Citibank, Capital One, Kroger, Visa and U.S. Bank, announced a few days ago that a number of names and email addresses they have used in campaigns had been stolen by hackers.

What that means is those names and emails can now be used in targeted email attacks to try and steal information from users, since there are specific, valid email address to send scam/spam emails to. This is sometimes called spear phishing attacks.

You might have received a warning from your bank or credit card company about this. Pay heed and be particularly careful when opening email from unknown sources.  Also expect a possible increase in spam emails in the near future. Click here and here for standard defensive actions in situations like this one.