Archive for April, 2012

Microsoft Security Essentials Updates with Better Performance

April 26, 2012

Microsoft Security Essentials Updates with Better Performance, Virus Detection, and Interface Changes

Microsoft Security Essentials is our favorite antivirus software for windows, and a new version is out that’s even lighter and easier to use than ever. Here’s what’s changed.

MSE veterans won’t notice a lot of huge changes in this version, but certain interface elements have changed slightly—the icons along the top are gone, and certain wordings have changed a bit to make the program easier to use. The “Real-Time Protection” setting is now an all-or-nothing checkbox, and SpyNet has been renamed to the Microsoft Active Protection Service to make a bit clearer what it actually does. Microsoft has also baked in some performance improvements and better detection powers.

Microsoft Security Essentials is a free download for Windows only. You can get the new version through Windows Update, or on its home page at the link below.

Microsoft Security Essentials 4

Upgrade from 7GB to 25GB of Free Microsoft SkyDrive Storage While You Can!

April 26, 2012

Microsoft revamped its free online storage service SkyDrive this week (big week for online storage, right?) with new desktop apps and better syncing—but, sadly, a reduced storage limit for new users: from the 25GB previously offered to 7GB. Existing Windows Live account users can claim the 25GB of free space for a limited time. Here’s how.
First, if you’re an existing SkyDrive user already using more than 4GB as of April 1, according to this MSDN blog post, you’re already upgraded and grandfathered into the 25GB storage plan. You’re good.

But if you’re an existing SkyDrive account holder who doesn’t have that much uploaded already, you should log into your account at skydrive.live.com, then click the “Manage storage” link on the left navigation pane. In the next screen, click the “Free upgrade!” button to increase your storage limit from 7GB to 25GB. It’s a quick and painless process.

You may be able to get 25GB of SkyDrive storage even if you’re not a current SkyDrive user. According to a Slickdeals post, if you have a Windows Live account (e.g., @live.com or @msn.com) or Hotmail the upgrade may work for you. Click on SkyDrive from within Hotmail or sign in with your WIndows Live account at the SkyDrive link below for the upgrade.

The new SkyDrive now has a 2GB per file limit rather than 300MB, new paid storage plans, and Dropbox-like single-folder syncing (read more about the changes at MSDN). As before, SkyDrive offers in-browser Microsoft Office document editing and creating capabilities, and if you grab the upgrade before this limited time offer ends (no word on when it expires), a pretty attractive amount of free storage space.

Firefox 12 released – can now update itself

April 26, 2012

Firefox logoMozilla has announced the official release of Firefox 12. In the latest release, Mozilla has included the previously released update service for Windows that spares users the User Account Control (UAC) pop-up. As Firefox is installed in the Programs directory, it requires higher privileges for updating.

Instead of asking users for the required privileges via UAC, it now uses the Mozilla Maintenance Service to update program files. Firefox executes the service with system privileges when it is needed and closes it after the update. An Access Control Entry (ACE) in the update service allows Firefox to launch it with system privileges even though the browser itself does not have them.


Users can change the settings of Firefox’s update service for Windows under Options > Advanced > Update.

Users can enable or disable the service in the Firefox menu under Options ➤ Advanced ➤Update (“Use a background service to install updates”). When this service is combined with the “Automatically install updates” option, Firefox takes care of version maintenance on its own for the most part. If users don’t want to be warned when an update may disable incompatible add-ons, they can also uncheck the corresponding box.

The final result should be an almost silent update that, at most, only alerts users after an update has been successfully applied. How well this actually works will not be known until Firefox is updated to version 13 in six weeks time. For Mac OS X and Linux, Silent Updates are currently planned for version 14. Google’s Chrome browser has updated itself since its initial release, and Microsoft has also been experimenting with updating Internet Explorer through Windows Update without users having to do anything.


Not pretty, but practical: a new tab page displaying frequently visited sites can be enabled in Firefox 12.

Other than the update service, there aren’t many new features affecting average users in Firefox 12. Lines in the page source view now have line numbers, and the title attribute supports line breaks. The new version also has one more well-hidden change. If users go to about:config and set browser.newtabpage.enabled to trueand then enter about:newtab underbrowser.newtab.url, a new Firefox tab will show the most frequently visited web pages, like in Chrome.

There are also seven critical fixes included in Firefox 12 for holes in WebGL, OpenType Sanitizer, font-rendering with Cairo, gfxImageSurface, IBMKeyRange, FreeType and miscellaneous memory usage. Further details of these fixes and the four high and three moderate issues resolved are available on the security advisories page for Firefox. The developers have also fixed a problem with reading plugin metadata in the Mac version of Firefox that had prevented the developers from blocklisting vulnerable versions of the Java plugin on newer Mac OS X versions.

More than 85 improvements have been made to the built-in developer tools. These include the addition of Find and Jump to Line commands to the Scratchpad editor, and transitions in the Style Editor. To see messages and errors in the Web Console, developers no longer need to reload the page.

More details about the update can be found in the release notes. Firefox 12 is available to download from the Firefox home page for Windows, Mac OS X and Linux and can also be downloaded for different systems and languages. Firefox binaries are released under the Mozilla Firefox End-User Software License Agreement and the source code is released under disjunctive tri-licensing that includes the Mozilla Public License, GPLv2 and LGPLv2.1.

Firefox 3.6.x reaches end of life

April 26, 2012

As expected the 3.6.x branch of Mozilla’s open source Firefox web browser reached its end of life on Tuesday 24 April – no further updates, including security updates and critical fixes, will be made available for the series. According torecent Platform Meeting Notes, users running Firefox 3.6.13 to 3.6.28 should have already started receiving “Major Update” prompts asking them to upgrade to the latest stable release of the browser. All of these users are advised to upgrade as soon as possible.

A number of users and organisations previously stayed on the legacy branch of Firefox due to worries over Mozilla’s new Rapid Release process, which sees a new update to the browser arrive every six weeks. For enterprises, this meant they wouldn’t have sufficient time to test and certify any given version before the next one was released. To address these concerns, Mozilla created an Extended Support Release (ESR) of Firefox aimed at enterprises and other large organisations.

Alongside the release of Firefox12 yesterday, Mozilla also updated Firefox ESR, which is currently based on Firefox 10, to version 10.0.4. The update is the first ESR release to complete the qualification phase of the ESR life cycle which is designed to ensure the quality of the release.

The new ESR release fixes various bugs and closes a total of 11 security holes, including six critical vulnerabilities for problems related to WebGL, OpenType Sanitizer, font-rendering with Cairo, gfxImageSurface, IBMKeyRange, FreeType and miscellaneous memory safety hazards. Firefox ESR 10.0.4 is available todownload from the project’s site for Windows, Mac OS X and Linux.

Google launches online storage application

April 24, 2012

Today, Google revealed their newest upcoming product: Google Drive.

Google Drive is an online file storage application similar to Dropbox, but with a twist.

In addition to standard file storage Google Drive offers several additional features including file revision history, built in compatibility with Google Docs, and a powerful search tool to navigate your files.

Google Drive is free to use and comes with 5GB of storage. Additional storage is available for a yearly fee.

Check it out at http://drive.google.com

While Google Drive is not yet available for all Google account holders, it is currently in the process of being rolled out. You can be notified when your Google Drive is available by clicking on the “Notify me” button in the top left corner of the Google Drive page while signed in to your Google Account. […]

Technical Support, how can I help you?

April 17, 2012

CALLER: ‘Last night my computer started making a lot of hissing noises at me so I shut it down. This morning when I turned it on the computer started hissing and cracking, then started smoking and a bad smell, then nothing’.

TECH SUPPORT: ‘I will have a technician come over first thing this morning.
Leave the computer just like it is, so they can find the problem and fix it, or change it out with another computer. Give me your address; phone number and the technician will be there just as soon as he can’.

When the technician got there, the lady showed him where the computer was,
said what happened to it, … this is what the technician found wrong.

Take a look at the pictures… YOU WON’T BELIEVE YOUR EYES ….
And you thought YOU had computer problems!!!

The technician decided: … ‘It must have been after the mouse!’  😉

Adobe, Microsoft Issue Critical Updates

April 10, 2012

Adobe and Microsoft today each issued critical updates to plug security holes in their products. The patch batch from Microsoft fixes at least 11 flaws in Windows and Windows software. Adobe’s update tackles four vulnerabilities that are present in current versions of Adobe Acrobat and Reader.

Seven of the 11 bugs Microsoft fixed with today’s release earned its most serious “critical” rating, which Microsoft assigns to flaws that it believes attackers or malware could leverage to break into systems without any help from users. In its security bulletin summary for April 2012, Microsoft says it expects miscreants to quickly develop reliable exploits capable of leveraging at least four of the vulnerabilities.

Among those is an interesting weakness (MS12-024) in the way that Windows handles signed portable executable (PE) files. According to Symantec, this flaw is interesting because it lets attackers modify signed PE files undetected.

“In addition, the attacker doesn’t need to worry about controlling memory; once the user runs the content, the device has been infected,” wrote John Harrison, group product manager for Symantec Security Response. “The most common attack will probably be a scenario in which a site offers a free download of a specific program that appears to be legitimately signed.”

Wolfgang Kandek, chief technology officer for vulnerability management firm Qualys, is particularly worried about MS12-027, because the weakness spans an unusually wide range of Microsoft products. Microsoft agrees, calling this patch the highest priority security update this month.

“What makes this bulletin stand out is that Microsoft is aware of attacks in the wild against it and it affects an unsually wide-range of Microsoft products, including Office 2003 through 2010 on Windows, SQL Server 2000 through 2008 R2, BizTalk Server 2002, Commerce Server 2002 through 2009 R2, Visual FoxPro 8 and Visual Basic 6 Runtime,” Kandek said. “Attackers have been embedding the exploit for the underlying vulnerability (CVE-2012-0158) into an RTF document and enticing the target into opening the file, most commonly by attaching it to an e-mail. Another possible vector is through web browsing, but the component can potentially be attacked through any of the mentioned applications.”

Other notable fixes from Microsoft this month include a .NET update, and a patch for at least five Internet Explorer flaws. Patches are available for all supported versions of Windows, and available through Windows Update.

Adobe’s updates fix critical problems in Acrobat and Reader on all supported platforms, including Windows,Mac OS X, and Linux. Users on Windows and Mac can use each products’ built-in update mechanism. The newest, patched version of both Acrobat and Reader is v. 10.1.3 for Windows and Mac systems. The default configuration is set to run automatic update checks on a regular schedule, but update checks can be manually activated by choosing Help > Check for Updates. Reader users who prefer direct links to the latest version can find them by clicking the appropriate OS, WindowsMac or Linux (v. 9.5.1).

As always, if you have any problems installing or applying these updates, please leave a note about your experience in the comments below.

Polymorphic Facebook scam targets users

April 10, 2012
An insidious scam that can result in multiple malware downloads is currently targeting Facebook users, warns Bitdefender.
It starts rather predictably, as users inadvertently share links to a supposedly leaked pornographic video. If their friends follow the link, they are faced with a request to download a Divx plugin in order to watch the video:


“The page recommending users to install the missing plugin features several other elements to encourage users to keep clicking,” points out Bitdefender.

“The video’s name hints that the sex tape belongs to a celebrity; the warning that the user’s antivirus must be disabled works on reverse psychology: though prospective viewers know this action is risky, they do it precisely because they have been warned about it; and the reference to age verification further hints at the salaciousness of the video.”

When run, the downloaded “Extension YouTube” immediately changes all newly opened tabs to a page advertising an adult chat service, then leads the user to to another page that supposedly hosts the video the users wanted to check out in the first place.

But, now the users are asked to download another piece of software – the “7pic Video Premium Player”.

Unfortunately for them, it’s another bogus extension that allows the scammers to access hijack the users’ account by accessing the needed cookie information and propagate the scam further.

“This is an interesting and quite complex type of scam,” says Andrei Serbanoiu, Bitdefender Online Threats Analyst Programmer.

“In data security lingo, this would qualify as a polymorphic attack, which basically means that the malicious content served can be changed by the attacker thanks to the browser extension installed. If one user lands on the adult chat page, another may reach the malware downloader or even a whole different web page set up for phishing.

New ransomware called Anti-Child Porn Spam Protection

April 8, 2012

A new variant of the Malware Protection ransomware has been released called Anti-Child Porn Spam Protection. This ransomware pretends to be from a legitimate government organization that states that the infected computer is sending out SPAM that contains links to child pornography sites. The ransom program then states that in order protect yourself, and others, it has encrypted your data using Advanced Encryption Standards, or AES, encryption. Just like the Malware Protection and the ACCDFISA Protection Programs variants, these files are not actually encrypted but are password protected RAR files. The hackers then require you to send them a Moneypak, PaySafeCard, or Ukash card for values ranging from $500 – 1,000 USD in order to get the password for your files.

Anti-Child Porn Spam Protectionscreen shot
Click to see full screen of the Anti-Child Porn Spam Protection Ransomware

When first run, this program will scan your computer for data files and convert them to password protected RAR .exe files. These password protected data files will be named in a format similar to test.txt(!! to decrypt email id 712113261 to security11220@gmail.com !!).exe. It will then use Sysinternal’s SDelete to delete the original files in such a way that they cannot be undeleted using file recovery tools. It will also set a Windows Registry Run entry to start c:\dvsdlk\svchost.exe when your computer starts. This program is launched immediately when you logon and blocks access to your Windows environment. If you boot your computer using a Windows Recovery disk or another offline recovery CD, you can delete or rename the c:\dvsdlk\svchost.exe file in order to regain access to your Windows Desktop. This “lockout” screen will also prompt you to send the hackers the ransom in order to get a passcode for the system lockout screen and for your password protected files.

The files that this infection creates when it is installed are:

c:\Documents and Settings\All Users\Desktop\fvd31234.bat
c:\Documents and Settings\All Users\Desktop\fvd31234.txt
c:\dvsdlk\svchost.exe
c:\ProgramData\rbnedwdels\svchost.exe
c:\ProgramData\sgcvsap\svchost.exe
c:\ProgramData\tcvedwdcv\ghzsrwhbfg.dlls
c:\ProgramData\tcvedwdcv\udsjaqsksw.dlls
c:\ProgramData\thcgds\dkpslqhnsoa.dll
c:\ultimatedecrypter\dc.exe
c:\WINDOWS\system32\cfwin32.dll
c:\WINDOWS\system32\csrss32.dll
c:\WINDOWS\system32\csrss64.dll
c:\WINDOWS\system32\default2.sfx
c:\WINDOWS\system32\NoSafeMode.dll
c:\WINDOWS\system32\nsf.exe
c:\WINDOWS\system32\sdelete.dll
c:\WINDOWS\system32\svschost.exe

The Anti-Child Porn Spam Protection ransomware will also create a Windows service with a service name offdPHosts, a display name of Function Discovery Provider Host Records, and a imagepath ofC:\WINDOWS\system32\svschost.exe. This service will run in the background created password-protected copies of new data files that are created on the computer and then delete the originals. Therefore, once you regain access to your computer you should immediately disable this service.

Unfortunately, at this time there is no method to create the passcodes, though one may be created in the future.

Urgent Fix for Zero-Day Mac Java Flaw

April 5, 2012

Apple on Monday released a critical update to its version of Java for Mac OS X that plugs at least a dozen security holes in the program. More importantly, the patch mends a flaw that attackers have recently pounced on to broadly deploy malicious software, both on Windows and Mac systems.

Distribution of 550,000 Flashback-infected Macs. Source: Dr.Web.com

The update, Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7, sews up an extremely serious security vulnerability (CVE-2012-0507) that miscreants recently rolled into automated exploit kits designed to deploy malware to Windows users. But in the past few days, information has surfaced to suggest that the same flaw has been used with great success by the Flashback Trojan to infect large numbers of Mac computers with malware.

The revelations come from Russian security firm Dr.Web, which reports that the Flashback Trojan hassuccessfully infected more than 550,000 Macs, most which it said were U.S. based systems (hat tip to Adrian Sanabria). Dr.Web’s post is available in its Google translated version here.

 

Flashback is an increasingly sophisticated malware strain that sniffs network traffic in search of user names and passwords. Early versions of it prompted Mac users to enter their password before it would run, but the most recent strains will happily infect vulnerable Mac systems without requiring a password, writes Ars Technica, among others. F-Secure has additional useful information on this Trojan attack here.

As Ars notes, although Apple stopped bundling Java by default in OS X 10.7 (Lion), it offers instructions for downloading and installing the Oracle-developed software framework when users access webpages that use it. If you need Java on your Mac only for a specific application (such as OpenOffice), you can unplug it from the browser by disabling its plugin. In Safari, this can be done by clicking Preferences, and then the Security tab (uncheck “Enable Java”). In Google Chrome, open Preferences, and then type “Java” in the search box. Scroll down to the Plug-ins section, and click the link that says “Disable individual plug-ins.” If you have Java installed, you should see a “disable” link underneath its listing. In Mozilla Firefox for Mac, click Tools, Add-ons, and disable the Java plugin(s).

I can’t stress this point strongly enough: If you don’t need Java, remove it from your system, whether you are a Mac or Windows user.