Clear Belief Systems Blog

Microsoft has once again had to patch Internet Explorer with an emergency update, issued yesterday.  Several of these bugs have been known to them for months but are only recently being heavily exploited.  More good reasons to move to Firefox!

Additional Information:
Computerworld Article
Microsoft Security Bulletin

Researchers have discovered a highly coordinated attack that has compromised more than 75,000 systems at 2,500 corporations and governments across the world.  NetWitness, based in Herndon, VA, discovered a huge cache of stolen information gathered by the Kneber botnet.  The Wall Street Journal is reporting that companies like Merck and Co. and Cardinal Health were compromised.

Additional Information:
Wall Street Journal Article
ComputerWorld Article

Adobe has had a lot of issues with the PDF document format and Reader software.  Hackers are using PDF’s as a way to deliver malware to PC’s across the world (see my post from January 8th).  Now according to one firm, ScanSafe located in San Bruno California, 80% percent of the exploits by the end of 2009 were PDF based.  It is extremely important that you keep your anti-virus software up to date to block these attacks.  Also, if you are not running Adobe Reader 9, go to Adobe’s site and install it right away.  While you are there, install the latest version of Flash, it is something else that is frequently the vector for attacks.  Adobe is not great about updating their software, they don’t particularly seem to care that it is being used in this way so it is a great idea to be very careful about what PDF files you open.

Additional Information:
ScanSafe report (registration required)
ComputerWorld Article
Foxit PDF Reader (free safer PDF reader software)
New Adobe Reader and Acrobat Vulnerability
Large-scale attacks exploit unpatched PDF bug
Adobe probes new in-the-wild PDF bug

Microsoft is planning another giant update for February 9th.  This round will contain 13 updates to fix 26 bugs in a range of products.  Five of these updates are rated “critical” by Microsoft meaning that they address very serious security issues.  Please make sure that as you receive Windows Updates you are applying them.

Additional Information:
Microsoft Security Response Center
Microsoft Slates Colossal Windows Update

Microsoft has acknowledged the latest in a long series of critical Internet Explorer bugs.  This one allows remote sites to access files on your computer when Internet Explorer Protected mode is off.  Since many people turn Protected Mode off because they believe it causes performance issues or because of annoying warnings this issue can be serious.

Not sure if Protected Mode is on or off?  Click here for how to tell and how to set it.  Note that the mode only exists in IE 7 and IE 8 on Windows Vista and Windows 7.

Additional Information:
Microsoft Security Advisory
Nasty New IE Bug

A company recently did an analysis of 32 millions passwords that were published on the Internet from a breach at RockYou.com.  This was a very rare opportunity to look at the passwords people select using a large set of data.  The results?  20% of the 32 million password created were from a very small pool of 5000 words.  This is problematic because hackers frequently use tools that conduct multiple logins using a dictionary of common words.  This software can run through thousands of passwords a minute and find accounts it can access.  The hackers then exploit these accounts or sell them to other criminals.

Your best bet?  Use passwords that contain mixed case, letters and numbers, and throw in a special character now and then.  Don’t use your birthday or your family names, including your pets.  And whatever you do, don’t use “123456″ – the most common of the common passwords.

Additional Information:
Simple Passwords Remain Popular
Analysis of 32 million passwords

Adobe has acknowledged a bug in their Reader and Acrobat software that is being used to conduct large-scale attacks against users.  The bug was acknowledged on December 14th but Adobe decided not to fix it until January 12th at the earliest.  Please be very careful about opening PDF files from unknown sources until this is resolved.  I highly recommend that you disable Javascript in Reader, click  here for detailed instructions on how to do this.  If you running Adobe Reader 9 you should get the update automatically when it is released, if you are not running version 9 you should install it.  You can also consider alternative PDF Reader software, Foxit Reader has been well reviewed.  Download it here.

Additional Information:
New Adobe Reader and Acrobat Vulnerability
Large-scale attacks exploit unpatched PDF bug
Adobe probes new in-the-wild PDF bug

Symantec has reported a problem with Symantec Endpoint Protection where anti-virus update files received after 12-31-2009 are not dated properly.  This means that the ant-virus definition files can appear to be out of date even though they are current.  Symantec has implemented a short term fix to ensure that definitions are received until the bug is fixed.  If you are running Symantec Endpoint do not be alarmed if the definitions appear out of date even after an update has been run.

Additional Information:
Symantec Support Site

The FBI is saying that anti-virus scammers have made in excess of $150 million by duping Windows users into buying fake anti-virus software.  The scam usually involves a pop-up window on your PC saying it is at risk and gives you a link to buy software which is really a virus.  Frequently these programs are call Windows AntiSpyware 2009 or something similar.   Even users without administrative permissions can install the virus as it uses unpatched security defects in Windows itself to install.

Additional Information:
FBI: Rogue antivirus scammers have made $150M
Remove Antispyware 2009

A massive spam campaign that poses as a message from the Centers for Disease Control asking people to register for H1N1 vaccinations is occurring.  When you click on the link included in the email from a vulnerable computer the Zbot virus in installed.  Like all other emails based attacks, your best bet is current anti-virus and anti-spam software.  And like the real H1N1 virus, don’t touch that link!

Additional information:

Botnet continues massive H1N1 malware campaign

US-CERT government site warning