Malware ~ Antivirus

Anti Malware

Multiple Vendors Affected By New Vulnerabilities

March 10th, 2010 by Carolyn Guevarra (Technical Communications) No comments »

The number of serious zero-day vulnerabilities and potential exploits discovered in recent days is higher than normal. This can enable cybercriminals to gain more leverage in their attacks, allowing them to target a considerably large number of users while these vulnerabilities remain unpatched.

As part of its regular Patch Tuesday schedule, Microsoft released two security fixes to address vulnerabilities found in certain versions of Windows Movie Maker and Office Excel. This is the first time in almost two years that Microsoft did not include any critical patch in its release.

Both vulnerabilities allow remote code execution when a user opens a specially crafted Movie Maker or Microsoft Producer project file and a specially crafted Excel file. More information on the security advisories can be found in this Trend Micro Security Advisory page.

While this may be good news, this was somewhat balanced out by the discovery of a new zero-day exploit found in Internet Explorer (IE). This exploit is the second found in the last 60 days. The previous one was discovered just this January. This exploit takes advantage of an invalid pointer reference vulnerability to execute arbitrary code. Only IE 6 and 7 are vulnerable. Users of IE 8 are safe from this threat. Targeted attacks that do exploit this new issue have reportedly been encountered.

But Microsoft is not alone in being hit by vulnerabilities this week.

Alternate browser, Opera, was also found to have a flaw in the way it handles the Content-Length HTTP header. At the very least, this can cause the browser to crash.

Server applications also came under fire. The popular spam blocker, SpamAssassin, was also found to have a security flaw. This flaw can allow code contained in a specially crafted email that was processed by the application to be executed with administrative privileges on an email server. However, as the specially crafted email would have an invalid recipient, it is unclear if properly configured servers are also vulnerable.

Patching vulnerable applications sounds like a solution but that may not be ideal, particularly for enterprise users. Restarting servers is often not as simple for them as it is for home users. In addition, some individuals who discover vulnerabilities believe, wrongly or not, that software vendors take a long time to issue patches as well as downplay the severity of any known flaw. Because of this, some prefer to reveal the flaws publicly to force vendors to release patches as soon as possible.

Trend Micro advises users to keep their software updated and to immediately apply patches once they are released by their vendors. Users can download this month’s Microsoft patches from the official Microsoft Security Bulletin page or run Windows Update to automatically download and apply the patches.

For business users, Trend Micro Deep Security™ and Trend Micro OfficeScan™ users with Intrusion Defense Firewall (IDF) plug-in can be shielded from vulnerabilities, often even before vendor patches are available.

Post from: TrendLabs | Malware Blog - by Trend Micro

Multiple Vendors Affected By New Vulnerabilities

No comments »

Posted in Exploits, Microsoft, SECURITY, Vulnerabilities, malwares

Vulnerability in Internet Explorer could allow remote code execution

March 10th, 2010 by Security articles from Norman No comments »

Microsoft has issued a security advisory about a new vulnerability in Internet Explorer. According to Microsoft this vulnerability could allow remote code execution, and it is being actively exploited in targeted attacks.

No comments »

Posted in malwares

Microsoft Patchday – 8 vulnerabilities fixed

March 10th, 2010 by Avira GmbH No comments »

On March 2010 Patch Tuesday, Microsoft released just two security bulletins. One is about 7 flaws in Microsoft Excel, which affect all supported versions of the software – including the format converters and MS Office for Mac. The other one deals with a important rated issue within Windows Movie Maker and Microsoft Producer 2003. The vulnerabilities are only rated important, as users must open specially prepared files to get infected with malware.

For Microsoft Producer 2003 no update is available yet. According to a security advisory by Core Security, by avoiding opening or removing the file associations for Movie Maker .MSWMM and/or Microsoft Producer 2003 .MSProducer, .MSProducerZ, and .MSProducerBF files systems can be protected. Windows Live Movie Maker which is a downloadable version for Windows 7 is reportedly not affected by this issue.

As Microsoft expects exploits for these vulnerabilities to appear very soon on the net, it is recommended to install the provided updates ASAP.

One new vulnerability in Internet Explorer 6 and 7 is investigated by Microsoft currently. No patch to fix the security hole is available yet. Just by visiting a malicious web site the computer could get compromised. As workaround, use a different browser or update to Internet Explorer 8 which allegedly is not affected by the critical flaw.

Dirk Knop
Technical Editor

No comments »

Posted in Microsoft Patchday, Patchday, Uncategorized, Updates, malwares

No critical updates for Microsoft systems in March 2010

March 10th, 2010 by Security articles from Norman No comments »

In its security bulletin summary for March 2010 Microsoft has published no updates for critical vulnerabilities in its operating systems / applications, however two important updates were published.

No comments »

Posted in malwares

iPad Giveaway Gives Users’ Identities Away

March 10th, 2010 by Ria Rivera (Technical Communications) No comments »

April 3 cannot come soon enough for those who are eager to get their hands on the iPad. If anything, Apple’s recent announcement that the gadget will soon be available in the United States only added to the excitement over the much-talked-about gadget. Unfortunately, spammers are using the current enthusiasm over the iPad to their advantage as well.

In fact, Trend Micro anti-spam research engineers have already seen a number of spammed messages that promise free iPads to lure unwitting users into their scams. In one such spam sample, recipients are being invited to test the iPad at no cost by simply applying to be part of a “word-of-mouth” marketing campaign. They may not have to shell out a single cent but the price they have to pay will be their identities.

The spammed messages instruct users to reply to the email with their personal information, which spammers could easily use for further malicious activities. As Trend Micro anti-spam research engineer, Argie Gallego, recommends, “Users should be suspicious of any freebies offered online, particularly those requiring sensitive personal information such as full name and contact numbers. We have only seen a number of iPad-related spam so far but we expect the numbers to rise as April 3 draws near.”

This recent spam run is no different from how cybercriminals leveraged the iPad launch in January, which led to a FAKEAV variant. Users should thus continue exercising caution in opening email messages from unknown senders. It is also important to be cautious in conducting Web searches on hot topics such as the iPad, as these are often used for blackhat search engine optimization (SEO) attacks as seen in the past. Interestingly, Apple does not own any iPad-related domain names so users should really pay close attention to URLs before they click.

Trend Micro™ Smart Protection Network™ prevents spammed messages from reaching users’ inboxes via the Web reputation service.

Non-Trend Micro product users can also stay protected by using eMail ID, which prevents fake messages from reaching their inboxes. It also helps users quickly find legitimate messages.

Post from: TrendLabs | Malware Blog - by Trend Micro

iPad Giveaway Gives Users’ Identities Away