Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2062171 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32954
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #75 on: January 08, 2010, 03:58:42 PM »
Hi malware fighters,

Data Doctor is a new encryption cyber crime ransom tool that makes users believe their system does not function properly anymore after letting the OS start up in SafeMode, one has to pay 63 euro to get access to your data again.
Here is a tool to help you to de-encrypt: http://sunbeltblog.blogspot.com/2010/01/data-doctor-2010-encrypted-files-we.html

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline hello123

  • Full Member
  • ***
  • Posts: 156
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #76 on: January 08, 2010, 07:47:39 PM »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32954
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #77 on: January 08, 2010, 10:40:47 PM »
Hi malware fighters,

Milions and millions of Windows computers runs an "unhealthy" kernel, as appeared from a Microsoft survey. The kernel is the heart of the Windows OS and changes to it could have disastrous reults. The most favourite technique to do this is for a rootkit to hide on a machine is making changes to the kernell. The software vendor wanted to know how many systems were actuallly rootkitted. "We found that a gigantic amount of computers is running a unhealthy kernel", according to MS MalwareProtection Center's Randy Treit.  1% of all tested computers , that means millions of machines for the whole of the Windows population.

Treit says it is not only malware that will makes changes to the kernel to destabilize the OS, also legit software can do thist. Whenthe kernel has been hijacked via legit software, a rootkit can hijack a next level, making detecting the malcode harder. Of all infestations 7% were low-level rootkits. For 60% the Alureon family of rootkists was responsible.

64-bit Windows
Acoording to Microsoft-analist the numbers show that 64-bit Windows systems are better protected against rootkits than a 32-bit Windows version (the situation now). Of all rootkits the software vendor found, only 0,67% functioned on a 64-bit platform. "It might well be that even a lower number of rootkits can activate on a 64-bit computer. Signing  drivers and features ;ikes Kernel Patch Protection make 64-bit Windows ea rootkit hostile environment." Treit advizes users that want to outsmart rootkits to change to a  64-bit Windows. At the moment these systems are less risky. "When you could choose, go for the 64-bit."

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #78 on: January 08, 2010, 11:33:20 PM »
@ polonus
Quote
Milions and millions of Windows computers runs an "unhealthy" kernel, as appeared from a Microsoft survey. The kernel is the heart of the Windows OS and changes to it could have disastrous reults. The most favourite technique to do this is for a rootkit to hide on a machine is making changes to the kernell. The software vendor wanted to know how many systems were actuallly rootkitted. "We found that a gigantic amount of computers is running a unhealthy kernel", according to MS MalwareProtection Center's Randy Treit.  1% of all tested computers , that means millions of machines for the whole of the Windows population.

That's what I indicated here with a link to the article:
http://forum.avast.com/index.php?topic=52252.msg451041#msg451041
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32954
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #79 on: January 09, 2010, 01:14:07 AM »
Hi YoKenny,

Then we two are twice forewarned and twice forearmed. The tdsss is a nasty one, and the virus and worms is overflowing with victim messages asking for help, essexboy and oldman have their hands full to eliminate this persistent process hopper rootkit b*gger- also seems firefox WITHOUT noscript is another threat where this malware is concerned,

your friend pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9442
Serious IE and Windows flaws...
« Reply #80 on: January 11, 2010, 01:34:02 PM »
http://www.theregister.co.uk/2010/01/08/jaunaury_patch_tuesday/

Quote
Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks.
w7 - ais7

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: Serious IE and Windows flaws...
« Reply #81 on: January 11, 2010, 01:47:23 PM »
http://www.theregister.co.uk/2010/01/08/jaunaury_patch_tuesday/

Quote
Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks.

Anything on The Register is just there for sensationalism and media hype
Quote
Microsoft's Jerry Bryant said the company is still working on a fix for the SMB flaw and is not aware of any in-the-wild attacks that target the weakness.
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9442
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #82 on: January 11, 2010, 02:40:30 PM »
Quote
Anything on The Register is just there for sensationalism and media hype
it's simply not true  ::) ...do you prefer the Inquirer ?  :D
w7 - ais7

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44958
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #83 on: January 11, 2010, 05:01:29 PM »
Quote
Anything on The Register is just there for sensationalism and media hype
it's simply not true  ::) ...do you prefer the Inquirer ?  :D
It got the "Tiger by the tail" story right....  ;D ;D
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v20H2 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36932
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #84 on: January 11, 2010, 05:23:28 PM »
False Facebook charge group used to spread malware
Alert  Print Post commentMalware pokes outraged users
http://www.theregister.co.uk/2010/01/11/facebook_charging_rumour_malfeasance/


Rogue phishing app smuggled onto Android Marketplace
Alert  Print Post commentGhost in the machine
http://www.theregister.co.uk/2010/01/11/android_phishing_app/

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32954
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #85 on: January 11, 2010, 10:01:32 PM »
Hi malware fighters,

G-Data warns that PDF is an insecure fileformat...
PDF is a nifty, but because of all security leaks an insecure file format , G Data warns. Last year 74 holes were found up for Adobe Reader and Acrobat, twice the number of 2008. The benefits to use PDF are clear. Through all sort of free PDF Readers it can be opened on various systems. Then it is hard to change a PDF file, something to prevent unauthorised changes of the file. Also it is a compact format, making it attractive to send as an attachment with emails.

Over the years the PDF file format got more features, adding greatly to the complexity of the software. Resulting in finding exploits and security holes a lot easier. Through simple toolkits like there are Eleanor, Liberty Exploit System or Elfiesta, it is quite easy to produce infested PDF-files. Such programs can be run without almost any technological insight from the side of the cyber criminals.

Attack
The majority of exploits will use an embedded JavaScript that will be executed upon opening the file. The malicious Javascript will use the so-called Heap Spray-method to overload memory with NOP-commands (No Operation-commands) and also by reloading the shellcode over and over again. The JavaScript-vulnerability in the PDF file can be used to run the shellcode and execute it. The executed shellcode will then download the malicious payload, for instanced botnetcomponents.

User that want to be protected are advised to use another leaner PDF-reader, but the av vendor asks users to install a av scanner and disable JavaScript at the same time or use the Windows DEP-function (Data Execution Prevention). "Well it is a pity that a lot of legit software won't run under mentioned settings."

Also a security warning for PDF documents, forewarned is forearmed, folks,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1620
Re: Serious IE and Windows flaws...
« Reply #86 on: January 11, 2010, 10:42:06 PM »
http://www.theregister.co.uk/2010/01/08/jaunaury_patch_tuesday/

Quote
Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks.

Anything on The Register is just there for sensationalism and media hype
Quote
Microsoft's Jerry Bryant said the company is still working on a fix for the SMB flaw and is not aware of any in-the-wild attacks that target the weakness.

'Anything' in this sense would suggest everything put out by The Register is hype which is plainly not true.

But I get your point YoKenny. I get The Register, and it is most times sensation hard sell that is nonetheless most times accurate enough (give or take some occasional near misses). And heaps less bundled with the soft bloat / hard sell that epitomizes many of the other publications that make up my tech feeds.

Notably, each page is a clean page - you can go to the previously viewed page without having to first negotiate a pile of hidden iframes.
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32954
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #87 on: January 11, 2010, 11:19:15 PM »
Hi YoKenny and mkis,

Hackers may use the exploit to crash Windows. “We are developing an update to solve this problem”, according to Bryant on his blog. The old workaround, shutting down ports 139 and 445, (use the wwdc tool) is the only possibility so-far to keep the OS secure against this denial-of-service-attack.

nCircle main spokesman Andrew Storms commented, that he had expected the SMB-problem to be patched this month, if only as a PR-thing.
“On the other hand it is to be understood that MS did not, because it is "only" just a DoS-attack.” The main issue SMBv2 was patched with http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx  
during October last; the issue that still remains unpatched is this: http://www.microsoft.com/technet/security/advisory/977544.mspx

So if not paying attention users will mix things up... but Microsoft "is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk." not further commenting on it only criminalizing the disclosure of the vulnerability,

polonus


« Last Edit: January 11, 2010, 11:20:54 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9442
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #88 on: January 12, 2010, 12:09:05 AM »
thanks Polonus and mkis  ;)

mkis, I see the register exactly how you described it.
Polonus, good job with the additional info, confirming my post.
« Last Edit: January 12, 2010, 12:13:54 AM by Logos »
w7 - ais7

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1620
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #89 on: January 12, 2010, 12:12:51 AM »
Hi YoKenny and mkis,

Hackers may use the exploit to crash Windows. “We are developing an update to solve this problem”, according to Bryant on his blog. The old workaround, shutting down ports 139 and 445, (use the wwdc tool) is the only possibility so-far to keep the OS secure against this denial-of-service-attack.

nCircle main spokesman Andrew Storms commented, that he had expected the SMB-problem to be patched this month, if only as a PR-thing.
“On the other hand it is to be understood that MS did not, because it is "only" just a DoS-attack.” The main issue SMBv2 was patched with http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx  
during October last; the issue that still remains unpatched is this: http://www.microsoft.com/technet/security/advisory/977544.mspx

So if not paying attention users will mix things up... but Microsoft "is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk." not further commenting on it only criminalizing the disclosure of the vulnerability,

polonus


Yes I think the security issue at the moment  http://secunia.com/advisories/cve_reference/CVE-2009-3103/
 with the Microsoft thing as well  http://www.microsoft.com/technet/security/advisory/977544.mspx and at the same time people getting infected

I've been picking up bits and pieces on the forum now and then but not really much up with the play. Makes interesting reading though. Lots to be learned amongst this lot.
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.