Mebroot becomes More Stealthier!!

Well Here is something we should all be on the look out for:

Thousands of Web sites have been rigged to deliver a powerful piece of malicious software that many security products may be unprepared to handle.

Mebroot inserts program hooks into various functions of the kernel, or the operating system’s core code. Once Mebroot has taken hold, the malware then makes it appear that the MBR hasn’t been tampered with.

[Via Pcworld Magazine]

I will be updating my Malware Resource for the Prevx Software, but this looks to be a very bad root kit.  From my understanding most of the security related software.   It seems this little program will become even harder to detect and remove.   It also looks like this is ready to start infecting people with this root kit.   You should update every part of your system from Windows Patches to Browser.  Securnia once said that most people are not patched fully!!  Just like the Conficker Worm, if your not fully patched and keeping anti-virus and Firewalls on your system then you might as well be walking on nails.

And the Oscar goes to . . . Not these guys!

Sans Internet Storm is reporting on Anti-virus Scareware tactic. I’ll quote from them:

ISC reader Gary wrote in to let us know that searching for “oscar presenters” and “oscar winners” with Google brings up a prominently ranked result on a web server in Poland, on a subdomain of “beepl”, which – surprise, surprise – includes a malicious JavaScript. The end result currently seems to reside on stabilitytracewebcom, and is yet another incarnation of the “Fake Anti-Virus Program” malware that we have covered repeatedly. Watch out, the EXE has a meager 6/39 on Virustotal.
[Via Sans]

I did my own research and it is true they are at least 3 sites with the .pl Domain that are used to send you to these fake sites. You should consider checking your system for possible viruses if you been to these sites and are worried. You should also report any site like this to Phishtank to fight this type of scare tactics. Please remember if you are worried about your system this is the best time to install software to prevent these types of scare tactics. Remember you don’t always have to buy software to be safe. There are free anti-virus and Firewall solutions at your fingertips, use them well. It is also a good idea to make sure you have the latest updates from Microsoft while your at it.

PDF Zero Day Vulnerability in the Wild

From sources all over the internet, Adobe made a sent out a Security bulletin yesterday:

APSA09-01 (Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat)

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe Plans on patching this March 11, 2009

and According to some other reports are saying:

Symantec Security Response has received several PDF files that actively exploit a vulnerability in Adobe Reader. We are continuing to remain in contact with Adobe on this vulnerability in order to ensure the security of our mutual customers.

[via Symantec]

Microsoft released KB951847 out of Cycle For January

I woke up this morning and found this was released KB951847.  here is what it is:

kb928563 FIX: The System.Net.HttpWebRequest class may not maintain a persistent connection to a proxy in the .NET Framework 2.0
kb943175 FIX: The XmlSerializer class generates an unexpected result when you use the XmlSerializer class to serialize the numeration attribute in the .NET Framework 2.0

kb943412 FIX: You may experience delays when an operating system shuts down if the computer is running a managed service together with the .NET Framework 2.0
kb943804 FIX: Certain Unicode characters returned by the Application.ExecutablePath property in the .NET Framework 2.0 are displayed as “?”
kb944099 FIX: Error message when you use the SQL Native Client data provider to connect to an instance of SQL Server 2005 that is configured to use database mirroring: “Internal .Net Framework Data Provider error 6″
kb944100 FIX: You cannot access tables that are used in a SQL Server transaction if you end the thread that executes the transaction before the transaction is finished in the .NET Framework 2.0
kb944157 FIX: You may experience a significant delay when you make the first request to an ASP.NET Web application that is running on Windows Server 2003
kb946102 FIX: An ActiveX control will not receive keyboard navigation events when you use a System.Windows.Forms.WebBrowser control to host Web pages
kb946223 FIX: The input language in a text box on the Microsoft Expression Design surface does not function correctly when you change the input language to an East Asian language
kb946411 FIX: When you print an XPS file on a Windows XP Service Pack 2 or Service Pack 3-based computer, the characters in the XPS file print incorrectly
kb946503 FIX: Error message when you use the installer tool to install an assembly that is located on a remote computer: “An exception occurred during the Install phase”
kb946660 FIX: The headers attribute of a cell is rendered incorrectly when the cell is associated with multiple headers in an ASP.NET 2.0 Web application
kb946927 FIX: An installation may fail with error 1935 when an .msi file tries to install many policy files on a computer that has the .NET Framework 2.0 installed
kb947148 FIX: Incorrect methods are called when you call some COM APIs that are included in a .NET Framework 2.0-based 64-bit application
kb947317 FIX: In a Windows Forms application that was built by using the .NET Framework 2.0, the CurrencyManager object triggers additional instances of some events when you delete the last row from a table
kb947461 FIX: An update package is available for the .NET Framework 2.0 Service Pack 1
kb947581 FIX: The value of the “WsdlContractConversionContext.WsdlPortType” property is null in the .NET Framework 3.0 Service Pack 1
kb948233 You receive a System.InvalidOperationException exception error when you run a Microsoft .NET Framework 2.0-based application after you install security update MS 07-040 on a computer
kb948646 FIX: Objects are not serialized correctly when you serialize and deserialize the DataSet objects by using the SerializationFormat.Binary format parameter in a .NET Framework 2.0-based application
kb948815 Availability of the .NET Framework 2.0 post-Service Pack 1 hotfix rollup package for System.Data.dll and System.Data.OracleClient.dll
kb948873 FIX: You may receive a System.Xml.XmlException exception when you use one-way Web methods to communicate with Web services in a .NET Framework 3.0-based application
kb948887 FIX: An exception occurs when a Web application that is based on the .NET Framework 2.0 uses the HttpWebRequest class and receives an HTTP 1.0 response that contains the HTTP status code 401
kb949272 FIX: A Windows Forms application that uses ActiveX controls may crash, and a null reference exception occurs after you install the .NET Framework 2.0 Service Pack 1
kb949777 FIX: Error message if you deploy an executable application to a path that contains escape characters in the .NET Framework 2.0: “Absolute path information is required”
kb950230 FIX: You receive a System.ArgumentException exception error message when you use the Sgen.exe tool and the XmlSerializer JIT compiler to generate an XmlSerializer assembly for a Web service proxy in the .NET Framework 2.0
kb950986 FIX: In the .NET Framework 2.0 Service Pack 1, the ModuleBuilder.GetTypeToken method returns an incorrect token
kb951111 FIX: Warning message when you use the SvcUtil.exe tool to import service metadata in the .NET Framework 3.5: “The policy expression was not fully imported because it exceeded the maximum allowable complexity”
kb951113 FIX: The set of values returned from the row.GetColumnsInError method is empty when a client computer that has the .NET Framework 2.0 installed receives a DataSet object from a WCF service
kb952324 FIX: You cannot download the .application file when you deploy an application by using ClickOnce deployment in a secure environment

As you can see this fixes 30 things in this one service pack.  I see one or t wo things that might be exploitable and that is why they released this out early.  The ones that I see are Like the ActiveX controls.   I don’t know why but this is for all systems on windows or at least it doesn’t say anything other wise.  This is .net frame work and should be installed quickly as possible.   You should also consider making a new Autopatch ISO to install into all the necessary computers.  Also if you haven’t installed a Free Anti-virus or goodFree  Firewall now is a good time to install them also.  I would expect this to Service Pack to have to reboot your system but other than that you should be fine.

*UPDATE*

A fan wants to Release Windows 7 Now : My Security Concerns

After reading about this from Kelly Poe) to find out the site he put up and I am quite impressed.    Here are few things that I am concerned about starting with the website.

I love the idea and all but I am quite concerned with the privacy of my email account.  I don’t know if you have to submit your email account but I would caution people not enter one until the site says what it will do with your email address.

Now that being said that’s the only thing I can think of when it comes to security for your email address, you don’t want to someone to give out your email address to spammers. That would just make it even worse for your email account.   You could however use a 10 min Email account to use but that might make it harder for Microsoft to contact you if they want to verify these accounts!!

Now my main concern is Windows 7  right now and Security.   You know the Conflicker/Conflickr/Downadup Worm is currently loose on the internet.  It uses the the Ms 08-067 Exploit and currently Windows 7  does not protect against this Worm in fact Microsoft has released information that you would need to install the updates manually to fix this problem.

Microsoft released KB960714 to fix THE IE Problem

This is the update to fix the IE Vulnerability and if you have any questions please make sure to check my other post about this little update.   This was sent out today and should be patch ASAP, on all systems.  If you want to patch the easy way, I suggest downloading Clone to Autopatcher.  This seems to help make an ISO file on a DVD so you don’t have to update a system the old way.

Microsoft to Release KB961051 on the Dec 17, 2008

According to McAfee and I will quote:

December 16, 2008: Microsoft has announced an out-of-cycle patch release for a critical, remote-code-execution, vulnerability in Microsoft Internet Explorer (CVE-2008-4844). The patch, to be released on December 17, will address the vulnerability across multiple versions on Internet Explorer running on supported Windows platforms.

[via McAfee Threat Center]

From what I am understanding it will be KB961051 and will be a critical update on all Windows platforms.  Microsoft issued a security advisory for this on there Technet support website.   This will probably be put online sometime tomorrow and will be available to download after 10am PST although this is just a rumor because when I go to that article they talk about the work around and how to fix it temporary until they release the patch.  This is releated to the IE Vulnerability that is in the wild and has been causing havok on the internet.

Inside understanding of win32.netsky.q

Netsky.Q is a worm that spreads through e-mail. It is distributed as a 28,008 byte Win32 executable, compressed with PEtite, which drops a 23,040 byte DLL file. It also distributes itself inside ZIP archives.

I saw this on on the net and through we should talk about and let people know how you could get that the worm off your computer. It seems to be a self-replicating worm, it will continue to send out fake messages to people with the subject lines Like:

• Delivery Error
• Delivery Failure
• Delivery
• Mail Delivery failure
• Mail Delivery System
• Mail System
• Delivery
• Delivered Message
• Error
• Status
• Failure
• Failed
• Unknown Exception
• Delivery Failed
• Deliver Mail
• Server Error
• Delivery Bot

And with each message there is the reciepts email address at the end.  This worm seems to be spreading like wildfire today.   It is because people have not install

Internet Explorer still has a Vulnerability after Tuesday Patch!!

I just read this on several blogs and thought I’d share the details with you, it seems that Microsoft didn’t know there was a problem with this Bug/Vulnerability.   Computer world has a great article and  says this:

“The updates Microsoft released yesterday do not address this possible vulnerability,” a Microsoft spokesman said today in an e-mail reply to questions, “but I can tell you that Microsoft is investigating these new public claims of a possible vulnerability in Internet Explorer.”

[Via ComputerWorld]

I can only hope that Microsoft fixes this Vulnerability soon, I would take a guess that they will try to get this out on the patch cycle if not they will push it out after.   Some things to remember with IE(Internet Explorer) is only use it with Microsoft Updates.   I also Suggest downloading FireFox and checking out my Anti-virus and Anti-Spyrware Page for ways to prevent from getting a virus.

Fix Shutdown Problems in Vista!

In the Patch Tuesday update, Microsoft quietly released the patch to fix Windows Vista machine shut problems. This patch should of came sooner.

KB957388

Update for Windows Server 2008 and Windows Vista

Install this update to resolve a set of known application compatibility issues with Windows Server 2008. After you install this item, you may have to restart your computer.

This was not a critical update and it seems to resolve so many issues with compatibility.  One thing it seemed to fix on my system has been the shutdown time.  It is now quite fast, it would normally take me 2 to 3 mins to shutdown, now it does it in less than a Minute.   So if you’ve not installed this update please install it soon.   I would like to know if people are seeing the same thing I am.   I’ve found a great resource on fixing it if you are still having problem, it talks about how to check your system performance. Although this is been doing it lately with these programs not loaded or even running, they still seem to cause problems so now I get the feeling it has to do with legacy programs.  This should fix most of the problem with older programs.

The Important Windows patches Released Today

As many of you know we talked about the Non-critical patches that Microsoft will release today.  IF you want to read those please go and check it out.   I’ll be talking about the REALLY important ones that Microsoft has kept tight until now.    These are the more important ones but I will list the ones that I previous talked about to better help people recognize the non-important ones:

KB955839

KB957388

KB890830

KB905866

These are just the tip of the iceberg. although this list are not A lot.  I’d wanted to let people know about what people coin “Exploit Wednesday“.  I really don’t know if this is a Myth or actually does exist but I’d figure we discuss the problems associated with installing the critical updates and try to tell you which ones should be installed As soon as possible.  Though people have in the past used a Virtual Machine to see if there is any problem, that should be your first step if you don’t want to have any problems with these updates.  I don’t suggest testing it more than a couple days.  Here are some good Virtual Machine software to try out yourself:

Rumor is that Itunes will Remove DRM!

A report from last week brought to AppleInsider’s attention by French technology site ElectronLibre asserts that it’s now “clear” Apple will spark new interest in its music store by removing DRM from tracks published by Sony, Universal and Warner on December 9th.

[Via Apple Insider]

Although, this is somewhat unlikely I’ve got my own theories on this.  You see If Apple did this tomorrow that would be a BIG deal, due to the fact that Microsoft will be releasing there patches on the same day.  I find it would be a momentous occasion.

I can only guess why and the guess is just a guess.  If Itune’s did remove there DRM the same time as Microsoft Patch Tuesday, I’d have to guess they will co-inside because of the difficulty of using the DRM, Digital Rights Management, on other products.  For example, Windows Media Player .  If Apple decided to approach Microsoft and come up with a way to make sure all DRM is stripped this would be the ideal situation.   Although this is highly unlikely, I’d have to think Apple wouldn’t wait till tomorrow to strip the DRM.  They know Microsoft schedule.  We will have to find out in the coming days.

Upcoming Patch Tuesday

I wanted to get prepared for the updates for this Tuesday and I thought I’d go through them and list what Microsoft said about each.   These are what’s been said on Technet and I am sure there will be more.   Each one of these don’t look to serious but I will post Tuesday if there is anything I’ve missed on this post.   As you might know this is not set in stone but just the direction of Microsoft for this Months Release.

KB955839

Update for Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP

Install this update to resolve an issue that is caused by revised daylight saving time laws in many countries. This update enables your computer to automatically adjust the computer clock on the correct date in 2008. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Server 2008 License Terms.

KB957388

Update for Windows Server 2008 and Windows Vista

Install this update to resolve a set of known application compatibility issues with Windows Server 2008. After you install this item, you may have to restart your computer.

Microsoft issues Vista patches out of Monthly Patch Cycle!

Microsoft issues Out of cycle patch for Vista.   These patches are as Followed:

Kb957321

An update rollup is available for the Microsoft Windows Imaging Component (WIC) in Windows Vista or in Windows Server 2008. This update rollup resolves the problems that are documented in the following articles in the Microsoft Knowledge Base:

954708 An update to add support for the serialization of complex Extensible Metadata Platform (XMP) data types in the Windows Imaging Component

945060 There may be inconsistencies in the Extensible Metadata Platform (XMP) and Exchangeable Image File (EXIF) values for an image file in Windows Vista and in Windows XP

KB959108

The Windows Portable Device (WPD) API collects and transfers Software Quality Metrics (SQM) data to Microsoft servers. The SQM data is collected only on an opt-in basis through the Microsoft Customer Experience Improvement Program. An update is available that disables the collection and transfer of SQL data to Microsoft servers.

This update affects Windows Vista-based computers, Windows Vista Service Pack 1 (SP1)-based computers, and Windows Server 2008-based computers that are in the Microsoft Windows Media Player Customer Experience Improvement Program.

Vista has a new Vulnebility!

According to Techworld.com,  Vista has a new Vulnerability that could let a hacker infect a Vista machine with a rootkit.  The talk from them is quite intriguing.   I will quote it to better let you know what the Vulnerability is:

The vulnerability could allow a hacker to install a rootkit, a small piece of malicious software that is very difficult to detect and remove from a computer, Unterleitner said.

Phion notified Microsoft about the problem on 22 October. Microsoft indicated to Phion that it would issue a patch with Vista’s next service pack. Microsoft released a beta version of Vista’s second service pack to testers last month. Vista’s Service Pack 2 is due for release by June 2009.
[via Techworld.com]

The way they could do this is through the Device IO Control which in turn could corrupt the Kernel of Windows Vista.  Now we all know that Microsoft will release a patch quicker than 6 months away.  According to this article, people are already looking for the exploit and want to know more about it.  I would be willing to bet they will have a patch out sooner than later.  Probably January or Febuary, which will be a big deal because no one will expect it.  I would also imagine hackers will start trying to figure out how they could install software as quick as possible before Microsoft pushes out the patch.   So what can you do to protect yourself, Get a firewall, a Antivirus and learn how to protect yourself to prevent yourself from getting a computer virus.

Windows update is getting a revision!

According to Computer World, dated Oct 31, 2008 and I’ll quote:

“Over the next couple of months, we’ll be rolling out another infrastructure update to the Windows Update agent (client code),” said an unidentified Microsoft employee on the Windows Update team’s official blog. “This update makes it possible for users to install more than 80 updates at the same time.”

[via Computer World]

Now if your like me and have several computers who need to be updated at a given schedule, you sometimes worry about these updates that come along that might just break your system. I have been using a program call Offline Updater, which does what Autopatcher does really nicely. So why is Microsoft sending out this patch? Two reasons, one they want you to be able to update your operating System without hurting your system integrity.

Now lets talk about the integrity of having to reboot your system. You see, every time you reboot the system, it causes the system hardware some strain.  It is something like having starting up a car, sooner or later you will have the starter go out, because of to much start up.

Microsoft Releases MS08-062 to the Public a Month Early!

Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (KB953155)

This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

This update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses this vulnerability by changing the way that memory is allocated within the Internet Printing Protocol (IPP) service. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

[via Microsoft Bulletin]

Now from what I understand, if you have a Network attached printer on your system this would make you more vulnerable to someone taking control over your system. So this patch is supposed to fix that. I am recommending to all to update this and fix this update ASAP. I do not know if you don’t have one what that would do so just install this update, because you will undoubtedly still be runing the Internet Printer Protocol even if you don’t have a printer.

Microsoft Windows Server Service Vulnerability (MS08-067)

A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to take complete control of an affected system. This issue is caused by an error in the Server service that does not properly handle specially crafted RPC requests, which could be exploited by attackers to crash an affected system or execute arbitrary code via a specially crafted request.

On Windows Vista and Windows Server 2008, the vulnerability is only exploitable by authenticated users.

Note: This vulnerability is being exploited in targeted attacks.

[via FrSirt]

This was just discovered and needs to let people know. I will do more research on it and maybe come up with a way to fix the problem. According to my sources there is a patch that will fix the problem!!

*UPDATE*
According to Microsoft:

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.
[Via Microsoft Security Bulletin]

Is Spore Worth 49.99?

So I been doing a little digging and trying to find out what the heck people are complaining about and I found some great reviews telling me exactly why people hate EA.  They don’t necessarily hate Spore or Will Wright, but the Security around The Spore game.

So In a couple of these comments.  These reviews talk about Creating the creatures and All.  I’ll submit some of the reviews that I thought was relevant and let you decide for yourself.  I would however wonder the one big question?  Is Spore Worth the Money?   Here’s the details that I know of right now:

1. You can only install it 3 times before you have to call EA to get an override code.  (Although I heard rumors that if you unistall it, you will get a credit for an Install)
2. You can not Install new hardware or upgrade your hardware because if you do, it’ll count as an install, According to this one person.
3. The game only allows 1 login per Install.  So you can’t have more than one character and one universe according to this person.