Microsoft - Again!!

Nigerian scams, chain letters, pyramid schemes and anything not auction related.
User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: Microsoft - Again!!

Post by Foggyone » Sun Jan 02, 2011 7:31 am

For some time it has been obvious that hackers are taking the M$ patch Tuesday patches and re-engineering them to find the holes in the M$ sieves.

Microsoft warns of Office-related malware.
"One of the most dangerous aspects of this vulnerability [in M$ Word} is that a user doesn't have to open a malicious e-mail to be infected," Joshua Talbot, security intelligence manager at Symantec Security Response, said at the time. "All that is required is for the content of the e-mail to appear in Outlook's Reading Pane. If a user highlights a malicious e-mail to preview it in the Reading Pane, their machine is immediately infected. The same holds true if a user opens Outlook and a malicious e-mail is the most recently received in their in-box; that e-mail will appear in the Reading Pane by default and the computer will be infected."
Ouch. If you have M$ Word on your computer, make sure all the patches are up to date. How not to write software!
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

The Chinese "Know"!

Post by Foggyone » Mon Jan 03, 2011 6:27 pm

There is an undisclosed bug in IE discovered by a security expert (one of about 100 affecting several browsers) that is known to Chinese hackers.

Story here.

This is in addition to the other critical unpatched bug that M$ commented on before Christmas. Just more worries for their victims (er... customers).

And in another story, M$ has admitted details of the first cloud data breach. This will not help those looking to deploy data into the ether. I still can't get my head around putting critical data into some unknown repository.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Wed Jan 05, 2011 4:00 am

MS have released an advisory...
Microsoft is investigating new public reports of a vulnerability in the Windows Graphics
Rendering Engine. An attacker who successfully exploited this vulnerability could run
arbitrary code in the security context of the logged-on user. An attacker could then
install programs; view, change, or delete data; or create new accounts with full user
rights.

http://www.microsoft.com/technet/securi ... 90606.mspx" onclick="window.open(this.href);return false;
Ars Technica has more info on the flaw released by a Google employee.
Read the full story...

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

You Need This Security Update Like a Hole in The Head

Post by Foggyone » Wed Jan 05, 2011 6:27 pm

Fake Microsoft security update carries Autorun worm

While no one who is savvy would fall for it, there are bound to be plenty who would.

And here is another story about an email sent to various US government employees that installed the Kneber botnet, which was used to steal sensitive government documents.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

RTF This Time

Post by Foggyone » Fri Jan 07, 2011 7:51 am

RTF (Rich text format) has been shown to allow hackers complete control of victims computers. And there is an exploit now in the wild.

Exploit code for critical MS Office flaw exploit found in the wild
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Tue Feb 01, 2011 12:50 am

Microsoft themselves have admitted that 900m Internet Explorer users are
vulnerable to another hack.
Microsoft said it was working on a security update to patch the flaw but in the
meantime users should install the temporary fix. Users are only protected if
they find and install the patch themselves as Microsoft has yet to deliver an
automatic update.

http://www.stuff.co.nz/4604034/Yet-another-MS-ballsup" onclick="window.open(this.href);return false;
Naturally the story contains no clues on finding the patch. You might follow this
link for some help: http://support.microsoft.com/kb/2501696" onclick="window.open(this.href);return false;

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: Microsoft - Again!!

Post by Foggyone » Tue Feb 01, 2011 1:54 am

In what may be the master of understatement.....
"The main impact of the vulnerability is unintended information disclosure," said Microsoft's Angela Gunn in an accompanying blog post.
Just how much of your computers guts will it spill?

Thank goodness I'm just about M$ free these days.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Another Zero Day

Post by Foggyone » Thu Feb 17, 2011 9:01 pm

Microsoft confirms Windows BROWSER protocol zero-day

The report suggests (by M$) that the fault is more likely to impact server systems, but it can apparently affect any M$ system.

How long to patch Tuesday??
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: Microsoft - Again!!

Post by Foggyone » Tue Mar 01, 2011 6:29 pm

An interesting story about how fraudsters use legitimate sites to serve malware (This technique is called malvertising).

The compromised ads contacts a fraud site which serves several exploits that target Internet Explorer, Adobe Acrobat Reader, and Java. The exploit kit used is very similar to an exploit kit called "Blackhole".

Myvue.com and Autotrader.co.uk (among others) infected with malvertising

This is one of the ways that windows computers get infected, without ever going near a sleazy site!
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Huge SQL Attack

Post by Foggyone » Fri Apr 01, 2011 6:56 pm

There are reports this morning of a huge SQL attack underway.

The injected script redirects users that have landed on the various infected pages to the domain in the script, which then redirects them further to a website simulating an anti-malware check and peddling a rogue AV solution.

This google search will reveal many of the compromised sites.

<script src=http://*/ur.php>
About 92,400,000 results

Many of the sites revealed are tagged by Google as potentially harmful to your (Windows) computer.

The sites set to serve the scripts appear to be offline at present, but it's thought they will be activated, and other SQL's added pointing to new sites.

So be careful!
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Why Windows Sucks!

Post by Foggyone » Fri Apr 15, 2011 3:16 am

Just surfing the net, idly looking for malware when I can across a site the redirected me to here (Care, it's live though I have disabled it with a couple of spaces)

http://www1.unium" onclick="window.open(this.href);return false; -up.0ze.net/pbq9?58urmygnkh=Wabk69zupNbQ1efly9yTot7UcmunqpPp0NKom5vPy9ffare9hV7h5aqql6WR1%2Bir4OvCm8DepK%2FjmM%2Fiy6vNx7u0j9%2FfkdnRcqbX39rijdHOpcPIj97 daqegaGamqKSnmKKhlqefm5vgodbkqquyo5Pw0NKooKyhj%2BnhmbLTZpmq1p3cnp6knZvi3LKeYKWibWuqpp6ujdLa1dbX17LkpOykY6rk4eHazNOYz%2BTazaPWoNzimmbW5pPt2tCo1dbYy9jSU%2BfVm3Xd5uHpjKGsjae0jqezjuHVm53n5pvxzJzO4Jqgr6ebnd3gWQ%3D%3D

This site ran (unasked) a scan on my computer and reported a number of M$ viruses

Image

The site encouraged me to download their cure for these malwares.

Image

Jotti reports the file ( ms_update107_328.exe ) as harmless

Image

Despite getting a clean bill of health, this will be a scareware programme or downloader. Running this would cause a great deal of heartache.

This type of cr@p would trick inexperienced users every time. No wonder M$ is the home of 65,000 new viruses every day.

These turkeys do not check that the OS being used is not Wondoze, but in my case Linux.

And Later:

The result of Virus Total scan showed only one positive:
Fortinet 4.2.257.0 2011.04.15 W32/Injector.fam!tr
So this particular sample would have gone straight past almost all the virus checkers, including M$'s offering.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Microsoft Patch Tuesday Used By Crooks!

Post by Foggyone » Tue May 10, 2011 7:20 pm

Fake Patch Tuesday alert leads to Zeus infection

This was a dead cert in my mind, that something like this was bound to happen.

Only an 11% detection rate on Virus Total which uses a whole bunch of virus checker engines. That gives this malware an excellent chance of slipping past the mandatory M$ Windows defence to infect.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: Microsoft - Again!!

Post by Foggyone » Thu Jun 16, 2011 7:29 pm

In a dazzling display of how slow Microsoft is, this story has hit my inbox this morning.

Microsoft investigates emerging Internet phone scam

The story is interesting not only for the speed with which M$ has (not) reacted, but also the amount of average loss, and the percentage of those contacted who fell for the scam.

This also staggered me. Surely it would not cost this much to just reformat and reinstall.
The average cost of repairing damage caused to computers by the scammers was $1,730 — rising to $4,800 in the U.S.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Reprise of the above

Post by Foggyone » Thu Sep 29, 2011 11:23 pm

In a show of how slow the deep south denizens are, this story appeared on stuff today.

Stuff must be hard pressed to produce this breathless blurb. This is oh so last year!

The only new fact was the calls are coming in over skype. As though you needed to be a brain surgeon to work that out as the most likely avenue!
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Fri Sep 30, 2011 12:57 am

Scam calls? Just say 'No!'

Someone suggested the perfect response to these calls the other day. You just answer "No" to every question
the scammers asks.

Q: Do you use Microsoft Windows?
A: No.

Q: You don't have a Windows operating system?
A: No.

Q: Does that mean you use another operating system?
A: No.

Q: Is that Mr (name)?
A: No.

And so on. If you can keep it up, it could get quite amusing and the scammer will eventually hang up.

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests