Another IE Spoofing Hole Found — sigh!:
"Security researchers are warning of another spoofing vulnerability in Internet Explorer, this time one that allows an attacker to mask the true file extension of malicious downloads.
The file-extension spoof means that an attacker could lull a user into opening a malicious file from a Web site by making the file appear as a legitimate extension, such as a PDF or MPEG, researchers said on Wednesday.… "
Users can avoid the vulnerability by first saving a download to a folder, rather than directly opening it, when prompted by IE. Saving the file reveals its true file name.
A Microsoft Corp. spokeswoman said the company is investigating the file-name spoofing vulnerability but could not say whether a fix would be ready at the same time as a planned patch for another IE spoofing vulnerability.
The other vulnerability, disclosed in December, could allow attackers to fake URLs in the Web browser's address bar and convince users to disclose sensitive information.
Microsoft officials have said they have a patch ready to fix that vulnerability but are testing it for multiple versions of IE on various platforms and for various languages.…
http://www.eweek.com/article2/0,4149,1473145,00.asp
Saturday, January 31, 2004
Friday, January 30, 2004
Antivirus feature creates a burden - News - ZDNet:
"A common antivirus feature that automatically replies to e-mails infected with a virus--to inform the senders that they are infected--is obsolete and should be disabled, because it creates almost as much trouble as the virus itself, according to security experts.
When an antivirus application detects malware in an e-mail, such as the recent MyDoom worm, it can automatically reply to senders of messages to inform them that they have been infected. However, virtually all modern e-mail viruses disguise the original senders' addresses by spoofing the 'to' field of the reply message with stolen, but valid, e-mail addresses. This means that users receive e-mails telling them that they are infected when they are not, resulting in significant quantities of unnecessary traffic. "
This additional traffic is a further burden on administrators, because it occurs when companies are trying to clean their systems from the virus attack. Jack Clark, technology consultant at McAfee, an antivirus division of Network Associates, estimates that "bounce-back" e-mails play a significant part in slowing down corporate networks and says the feature should be disabled immediately.…
http://zdnet.com.com/2100-1105_2-5148995.html
"A common antivirus feature that automatically replies to e-mails infected with a virus--to inform the senders that they are infected--is obsolete and should be disabled, because it creates almost as much trouble as the virus itself, according to security experts.
When an antivirus application detects malware in an e-mail, such as the recent MyDoom worm, it can automatically reply to senders of messages to inform them that they have been infected. However, virtually all modern e-mail viruses disguise the original senders' addresses by spoofing the 'to' field of the reply message with stolen, but valid, e-mail addresses. This means that users receive e-mails telling them that they are infected when they are not, resulting in significant quantities of unnecessary traffic. "
This additional traffic is a further burden on administrators, because it occurs when companies are trying to clean their systems from the virus attack. Jack Clark, technology consultant at McAfee, an antivirus division of Network Associates, estimates that "bounce-back" e-mails play a significant part in slowing down corporate networks and says the feature should be disabled immediately.…
http://zdnet.com.com/2100-1105_2-5148995.html
Wednesday, January 28, 2004
Breaking Virus News: MyDoom Hobbles Internet E-mail:
"Removing/Blocking MyDoom
The easiest way to remove MyDoom and Novarg is to update your antivirus program. As of 1/27, most antivirus vendors have added at least beta detection and deletion to their pattern definition updates. If you don't have an antivirus, we have confirmation that TrendMicro's freely available Housecall http://housecall.trendmicro.com, has been updated to detect the virus, but you'll have to manually remove the registry entries as outlined below. Panda Software also has a free removal utility (registry required) for MyDoom, http://www.pandasoftware.com/ virus_info/encyclopedia/
overview.aspx?idvirus=44140. McAfee's stinger http://vil.nai.com/vil/stinger/ has also been updated to detect and remove MyDoom. Note that you need to reboot after running Stinger to completely repair your system."
http://www.pcmag.com/print_article/0,3048,a=117496,00.asp
"Removing/Blocking MyDoom
The easiest way to remove MyDoom and Novarg is to update your antivirus program. As of 1/27, most antivirus vendors have added at least beta detection and deletion to their pattern definition updates. If you don't have an antivirus, we have confirmation that TrendMicro's freely available Housecall http://housecall.trendmicro.com, has been updated to detect the virus, but you'll have to manually remove the registry entries as outlined below. Panda Software also has a free removal utility (registry required) for MyDoom, http://www.pandasoftware.com/ virus_info/encyclopedia/
overview.aspx?idvirus=44140. McAfee's stinger http://vil.nai.com/vil/stinger/ has also been updated to detect and remove MyDoom. Note that you need to reboot after running Stinger to completely repair your system."
http://www.pcmag.com/print_article/0,3048,a=117496,00.asp
Chicago Tribune | Computer users worldwide fall victim to worm:
"A rapidly spreading worm has infected personal computers worldwide, clogging e-mail traffic at an unprecedented pace.
Known as MyDoom, the worm is sent as an attachment and is contained in about one of every 12 e-mails sent, according to one security firm. Other experts said the message accounts for one in nine sent globally."
That volume makes MyDoom the most prolific worm or virus ever, according to security firm MessageLabs, surpassing last year's SoBig virus. SoBig was detected on one out of every 17 e-mails.
The worm propagates through cleverly written e-mail, Internet security analysts say. When opened, the worm replicates itself on e-mail addresses it finds and is sent on to new potential victims.
The worm doesn't exploit any flaws in the Windows operating system, but once inside a computer it releases a virus that allows the attackers to gain access and use the computer to launch an attack.…
The worm and its variant strains all have the same target: software firm SCO Group, of Lindon, Utah.
Infected computers are set to swamp SCO's Web site beginning Sunday in what is known as a denial-of-service attack. A successful denial-of-service attack causes a Web site to become inaccessible, effectively shutting it down. The attack is scheduled to start Sunday and continue until Feb. 12.
SCO owns the Unix computer operating system and maintains that Linux, a popular free operating system, infringes on its copyright by incorporating Unix features. SCO has gone to court to assert its ownership rights, angering some computer hackers who see Linux as an alternative to Microsoft's Windows.…
This is a pretty darned sophisticated worm," said David Perry, global education director for Trend Micro, a computer security company. "It is very well socially engineered."
Social engineering is a way of saying the worm is adept at getting users to open e-mail and activate the program.
The worm was first noticed Monday on the computer networks of major corporations, Perry said. That means the person who created MyDoom knows that corporate users can have hundreds or thousands of e-mail addresses on their computers, while home users typically have far fewer.
"If a corporate desktop gets infected, it can send out 5,000 or 6,000 e-mails in a tenth of a second," Perry said. He said that hundreds of thousands of computers have since become infected, in part because of MyDoom's rapid reproduction.
Many people know not to open suspicious e-mail or to click on e-mail attachments from strangers. But MyDoom "spoofs" its recipients by sometimes using the return e-mail address of an individual known to the target.
And the e-mail's message can be deceptive.
The subject line in some e-mails reads "Mail Transaction Failed," and the message includes "Partial message is available" and an icon to click.
Perry said such e-mail is a lot more likely to be opened than a typical spam message.…
http://www.chicagotribune.com/technology/chi-0401280318jan28,1,1664606.story?coll=chi-newsnationworld-hed
"A rapidly spreading worm has infected personal computers worldwide, clogging e-mail traffic at an unprecedented pace.
Known as MyDoom, the worm is sent as an attachment and is contained in about one of every 12 e-mails sent, according to one security firm. Other experts said the message accounts for one in nine sent globally."
That volume makes MyDoom the most prolific worm or virus ever, according to security firm MessageLabs, surpassing last year's SoBig virus. SoBig was detected on one out of every 17 e-mails.
The worm propagates through cleverly written e-mail, Internet security analysts say. When opened, the worm replicates itself on e-mail addresses it finds and is sent on to new potential victims.
The worm doesn't exploit any flaws in the Windows operating system, but once inside a computer it releases a virus that allows the attackers to gain access and use the computer to launch an attack.…
The worm and its variant strains all have the same target: software firm SCO Group, of Lindon, Utah.
Infected computers are set to swamp SCO's Web site beginning Sunday in what is known as a denial-of-service attack. A successful denial-of-service attack causes a Web site to become inaccessible, effectively shutting it down. The attack is scheduled to start Sunday and continue until Feb. 12.
SCO owns the Unix computer operating system and maintains that Linux, a popular free operating system, infringes on its copyright by incorporating Unix features. SCO has gone to court to assert its ownership rights, angering some computer hackers who see Linux as an alternative to Microsoft's Windows.…
This is a pretty darned sophisticated worm," said David Perry, global education director for Trend Micro, a computer security company. "It is very well socially engineered."
Social engineering is a way of saying the worm is adept at getting users to open e-mail and activate the program.
The worm was first noticed Monday on the computer networks of major corporations, Perry said. That means the person who created MyDoom knows that corporate users can have hundreds or thousands of e-mail addresses on their computers, while home users typically have far fewer.
"If a corporate desktop gets infected, it can send out 5,000 or 6,000 e-mails in a tenth of a second," Perry said. He said that hundreds of thousands of computers have since become infected, in part because of MyDoom's rapid reproduction.
Many people know not to open suspicious e-mail or to click on e-mail attachments from strangers. But MyDoom "spoofs" its recipients by sometimes using the return e-mail address of an individual known to the target.
And the e-mail's message can be deceptive.
The subject line in some e-mails reads "Mail Transaction Failed," and the message includes "Partial message is available" and an icon to click.
Perry said such e-mail is a lot more likely to be opened than a typical spam message.…
http://www.chicagotribune.com/technology/chi-0401280318jan28,1,1664606.story?coll=chi-newsnationworld-hed
Tuesday, January 27, 2004
HANDWRITING FONTS TO LOAD:
"How about borrowing somebody else's handwriting (especially if yours isn't all that neat to begin with)?"
Download the font you like, unzip the .zip file, and copy the .ttf file to your Fonts folder in your Windows directory.
http://pro.wanadoo.fr/dephitro/telechf1.htm
"How about borrowing somebody else's handwriting (especially if yours isn't all that neat to begin with)?"
Download the font you like, unzip the .zip file, and copy the .ttf file to your Fonts folder in your Windows directory.
http://pro.wanadoo.fr/dephitro/telechf1.htm
Subscribe to:
Posts (Atom)
Posts
