With Tomorrow being released some very highly rated Remote Code Execution to become Zero day in very short time. Some researchers are speculating about more viruses will be released in conjunction to Valentines day. According to this one post it will be likely to be E-cards being sent to try to lure you into downloading Malware.

Various security vendors, including CA Inc, MX Logic Inc., Trend Micro Inc., and Panda Security, have issued alerts about new Valentine’s Day-themed spam campaigns that try to dupe users into installing the Waledec bot.

Researchers note that many websites which are affiliated to Waledac e-card scam have been recently updated with content based on the Valentine’s Day theme.

Web sites distribute Trojan files which are commonly named love.exe; onlyyou.exe; you.exe; youandme.exe; and meandyou.exe and the list is not exhaustive.
[Via Express Buzz]

So which ones will likely be the exploits they will use? I have a few theories on that and One of them is the INTERNET EXPLORER vulnerability that will be patched and will try to get you to launch the link and will most likely try to launch it in Internet explorer, That would be my guess.    It seems to be Internet Explorer 7 and Below which will be patched so if you want to try out the IE 8 Beta,  You should be safe on that.  Although the best bet is to prevent users from clicking links in emails and also warning them not to open any attachments they are not expecting.    I’d also have the AutoPatcher ready to install the lastest patches for this Tuesday and schedule a time this week to update all the possible systems involved with the Databases.  Although this isn’t one that tries to steal your data it is however a chance the writers to look at what you have and you know how that can be call a data breach.   So if your the IT for the department I’d suggest sending out warnings so they can keep from being caught with their pants down.   I’d also suggest having Anti-Virus and free Firewall installed on all the major systems and it wouldn’t hurt to have the installed on minor systems if at all possible.

©2010 . All Rights Reserved.

Offline updater 5.0 has been released a couple months ago and I just realized it now.  This is an excellent tool for IT professionals who want to keep all your Systems up-to-date with the last patches from Microsoft.  The systems it supports are Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 x64, And Windows Vista / Server 2008.(32 bit and 64 Bit updates).

I find this a very useful program for people who have a multitude of problems, from not being able to get on the net to computer virus infections.  This is really good for big businesses that want to update a lot of systems in easy way without having to wait for downloads of updates to install.   You can take a DVD and update on the fly within Mins.   DVD being Cheap or buying them in bulk helps saves time and money for the company.   Less time spent downloading the updates and more time actually getting work done.  As with the Conflicker, Downadup, and to some the Conflickr Trojan, if you got infected with that little worm.  This would help install the updates that it prevented you from doing in the first place.  I also found that once you download do the update the files are kept on the hard drive so you no longer have to redownload them again.  You just update the updates every second Tuesday of the month and it downloads the newest patches and creates a whole new ISO for you to burn.

Q: How can I create the offline update CD images automate, for example via a “scheduled job”?
A: Create a new batch file in the “cmd”, eg “DownloadUpdatesAndCreateISOImage.cmd”. Add the desired calls of

“DownloadUpdates.cmd” and “CreateISOImage.cmd” with the necessary parameters in this new file. The file might for

example have the following contents:

@ echo off
call WXP download updates eng
call CreateISOImage WXP eng

Then set a “time-controlled contract” for the new script “DownloadUpdatesAndCreateISOImage.cmd” to your desired

time. For example, after each Microsoft Patchday create new images, select every second Wednesday of the month.

[Via The FAQ's Documentation (Translated Via Google)]

As you can see you can have it do a script and be ready for you in the morning.  You then just take it out of the drive and install where you need to install the day after the updates are issued. On another Note if you have clients who use Windows office Xp, 2000, 2003, 2007 then this will also help:

This is nice if you have clients who use the Microsoft Office Suites also.  Some Malware will often try to infect people’s systems through a office script or some other vector.   So this will also prevent infections or hackers from getting onto the system by updating this also.  You can have this added to each and every DVD ISO you make to include these as you update the patches also.

Download:

• Offline update 5.0 Download site
• Official Site for Offline Update (Translated into English)

©2010 . All Rights Reserved.

I have to talk about this because this is a big deal.   According to Techworld and I’ll quote:

“This one scares me – a lot,” says Eric Schultze, CTO of Shavlik Technologies. “It is a lot like Blaster and Sasser. It is the same exploit vector. If I am an attacker and I can touch NetBios then I can execute code with no credentials.”

[via Techworld]

Now This is due to the fact of what is happening with an update that came a few months ago the MS 08 – 067 that still people haven’t patched their systems.  According to F-secure the Downadup/Conflicker has grown overnight by a million computers being infected.

Now why are they scared of the recent patch (MS 09-001), because of so many vectors of infection, you don’t need any credentials.  The virus  does not  need to know any passwords or user names to gain access.  Just like the Downadup variant that is hitting the internet right now, this virus tries to access accounts by guessing weak passwords or even putting itself on flash drives or other mobile media to get other systems infected.

So why are admins scared over this new patch?

Most  companies don’t patch there system as quickly as Microsoft would like them to.   You see most companies have quite a few computers depending on the size of the company it could be quite a lot.  So many in fact that it would have several IT personal just to keep the system going.

So why don’t they just put the new patches on the systems?

Depending on the size of the company and what they do has a lot to do with them updating there systems.  Some use really special programs or have a network going that is vital.  Even the smallest update to the system could bring the network or the program down.  Most companies liketo test it out on test machine for a while to make sure that the patch doesn’t  prevent the business from doing business.   Here are a few articles that prove why companies do not want to just install patches automatically:

• Windows patch is flawed (Dated March 31, 2005 8:31 AM PST)
• Stealth Windows update prevents XP repair (Dated Sept 27, 2007)
• Patch Tuesday security update causes problems with IE for some (Dated Dec 18, 2007)

Some companies are using older systems like Windows ME or some older Windows Operating systesm.   Although there isn’t anything we can do about those because Microsoft has stopped supporting them with updates and all.  I know we are all thinking thesame question?

Is there a way to fix the problem with Windows Updates?

I personally don’t have an answer but I am sure hackers will find ways to exploit codes so they can get on your system so way.  I’ve recently read a story about Adware Author and now I understand even more about why people do all of this.

This is one of the questions every admin has to ask themselves?  How do we update all of the systems we are responsible for?  There are no easy answers to this.

©2010 . All Rights Reserved.

I just read this on several blogs and thought I’d share the details with you, it seems that Microsoft didn’t know there was a problem with this Bug/Vulnerability.   Computer world has a great article and  says this:

“The updates Microsoft released yesterday do not address this possible vulnerability,” a Microsoft spokesman said today in an e-mail reply to questions, “but I can tell you that Microsoft is investigating these new public claims of a possible vulnerability in Internet Explorer.”

[Via ComputerWorld]

I can only hope that Microsoft fixes this Vulnerability soon, I would take a guess that they will try to get this out on the patch cycle if not they will push it out after.   Some things to remember with IE(Internet Explorer) is only use it with Microsoft Updates.   I also Suggest downloading FireFox and checking out my Anti-virus and Anti-Spyrware Page for ways to prevent from getting a virus.

©2010 . All Rights Reserved.

In the Patch Tuesday update, Microsoft quietly released the patch to fix Windows Vista machine shut problems. This patch should of came sooner.

KB957388

Update for Windows Server 2008 and Windows Vista

Install this update to resolve a set of known application compatibility issues with Windows Server 2008. After you install this item, you may have to restart your computer.

This was not a critical update and it seems to resolve so many issues with compatibility.  One thing it seemed to fix on my system has been the shutdown time.  It is now quite fast, it would normally take me 2 to 3 mins to shutdown, now it does it in less than a Minute.   So if you’ve not installed this update please install it soon.   I would like to know if people are seeing the same thing I am.   I’ve found a great resource on fixing it if you are still having problem, it talks about how to check your system performance. Although this is been doing it lately with these programs not loaded or even running, they still seem to cause problems so now I get the feeling it has to do with legacy programs.  This should fix most of the problem with older programs.

©2010 . All Rights Reserved.

A report from last week brought to AppleInsider‘s attention by French technology site ElectronLibre asserts that it’s now “clear” Apple will spark new interest in its music store by removing DRM from tracks published by Sony, Universal and Warner on December 9th.

[Via Apple Insider]

Although, this is somewhat unlikely I’ve got my own theories on this.  You see If Apple did this tomorrow that would be a BIG deal, due to the fact that Microsoft will be releasing there patches on the same day.  I find it would be a momentous occasion.

©2010 . All Rights Reserved.

I wanted to get prepared for the updates for this Tuesday and I thought I’d go through them and list what Microsoft said about each.   These are what’s been said on Technet and I am sure there will be more.   Each one of these don’t look to serious but I will post Tuesday if there is anything I’ve missed on this post.   As you might know this is not set in stone but just the direction of Microsoft for this Months Release.

KB955839

Update for Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP

Install this update to resolve an issue that is caused by revised daylight saving time laws in many countries. This update enables your computer to automatically adjust the computer clock on the correct date in 2008. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Server 2008 License Terms.

Update for Windows Server 2008 and Windows Vista

Install this update to resolve a set of known application compatibility issues with Windows Server 2008. After you install this item, you may have to restart your computer.

KB890830

Windows Malicious Software Removal Tool

Microsoft released the Microsoft Windows Malicious Software Removal Tool to help remove specific prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000. After you download the Microsoft Malicious Software Removal Tool, it runs one time to check your computer for inflection by specific prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection it finds. Microsoft releases a new version of the tool every month.

KB905866

Update for Windows Mail Junk E-mail Filter [November 2008] (KB905866)

©2010 . All Rights Reserved.

According to PC World and I’ll quote:

According to FireEye chief scientist Stuart Staniford, detection rates are so poor that, on average, only around 40 percent of security software can detect binaries during the period of greatest infectivity and danger, namely the first few days after a particular variant starts being used by botnet builders.

[via PC World]

In a recent virus storm, We have people finding my site because of a Good Firewall.   No if he didn’t have anything but Windows firewall then it would of gotten through and you would not of known about it.  So let’s talk about how to prevent botnet attacks.   This is relatively easy and if you follow some common rules.   You to could be less likely to be infected.  I will say this most people don’t do these common tips and they should do them.

Make sure you update Windows regularly.  Having seen this time and time again, if you don’t keep windows updated then you lose the battle.  If you have a system that needs updating, I suggest downloading the Clone to Autopatcher.  This little program will download the files needed to update your system without having to be online.  Although, you can have windows update automatically every month but that might not update the recommended updates only the ones that are hot.  It doesn’t matter which way you prefer to update, as long as you do to update regularly, Like every 2nd Tuesday of the Month.

One last tip you should also keep your Firewall and Anti-virus updated.  There is a little program that will do that, it’s call AppSnap.  If you follow all these recommendations you will greatly reduce your chances of getting a virus on your system.

©2010 . All Rights Reserved.

I woke up this morning and found there was an update.  I thought to myself this isn’t the second Tuesday, that was last week.  So I click on my update tab to see what it was all about? Wouldn’t you know it, an update to Silverlight 2.

I will be looking into the new Microsoft Silverlight.   I have heard on the wind, that this might be due to the PDC coming Oct 27-30.   This has something to do with Windows 7, I’m almost sure of it.   I am sure as you can see this is most interesting. I’m also sure this has to do with some security fix but why push it out now when there is no need too.  This update effects Windows Xp/Vista/and 2000  so we will see what they have in mind the coming weeks.

©2010 . All Rights Reserved.