Microsoft's Browser Best at Beating Malware - PC World

Microsoft's Browser Best at Beating Malware - PC World:

"While IE8 blocked eight of 10 of the malware-distributing sites that NSS included in its 12-day test, the nearest competitor, Mozilla's Firefox 3.0, caught just 27% of the same sites. Apple's Safari 4.0 and Google's Chrome 2.0, meanwhile, blocked only 21% and 7% of the sites, respectively. Opera Software's browser properly identified only 1%."

“IE8's skills at sniffing out malware sites improved by 17% since March, said Rick Moy, president of NSS Labs, the firm that conducted the benchmarks. The testing was sponsored by Microsoft's security team.

IE8's improvement, and its dominance over competitors, could make some users reconsider their decision to abandon Microsoft's browser for one of its challengers. "Should people rethink that decision?" Moy asked. "By [this] data, absolutely."”
http://www.pcworld.com/article/170260/microsofts_browser_best_at_beating_malware.html?tk=nl_wbx_h_crawl1

Researchers find insecure BIOS 'rootkit' pre-loaded in laptops | Zero Day | ZDNet.com

Researchers find insecure BIOS 'rootkit' pre-loaded in laptops Zero Day ZDNet.com: "“

This is a rootkit. It might be legitimate rootkit, but it’s a dangerous rootkit,” Sacco declared. The research team stumbled upon the rootkit-like technology in the course of their work on BIOS-based malware attacks. At last year’s CanSecWest security conference, the duo demonstrate methods for infecting the BIOS with persistent code that survive reboots and reflashing attempts."

Computrace LoJack for Laptops, which is is pre-installed on about 60 percent of all new laptops, is a software agent that lives in the BIOS and periodically calls home to a central authority for instructions in case a laptop is stolen. The call-home mechanism allows the central authority to instruct the BIOS agent towipe all information as a security measure, or to track the whereabouts ofthe system.

For it to be an effective theft-recover service, Ortega and Sacco explained that it has to be stealthy, must have complete control of the system and must be highly-persistent to survive a hard disk wipe or operating system reinstall.

Computrace LoJack for Laptops a popular laptop theft-recovery service that ships on notebooks made by HP, Dell, Lenovo, Toshiba, Gateway, Asus and Panasonic is actually a dangerous BIOS rootkit that can be hijacked and controlled by malicious hackers.

The service contains design vulnerabilities and a lack of strong authentication that can lead to “a complete and persistent compromise of an affected system,” according to Black Hat conference presentation by researchers Alfredo Ortega and Anibal Sacco from Core Security Technologies.

http://blogs.zdnet.com/security/?p=3828&tag=nl.e539

Microsoft Outlook 2010

Business Contact Manager for Microsoft Outlook 2010 Technical Preview Released

By bcmteam

Image via Wikipedia

Image via Wikipedia
“You have probably seen Office 2010 Technical Preview announcements in the press. Microsoft released a preview of Office 2010 yesterday to a limited number of users. Technical Preview is invitation only program. Office 2010 also comes with a brand new version of the Business Contact Manager. If you have received Technical Preview invitation, we highly recommend that you install new version of the Business Contact Manager, try new features, and give us feedback. You can download and install the Business Contact Manager from Microsoft Connect site (it's listed along with Office 2010 Tech Preview download)

Image via Wikipedia

Image via Wikipedia

Here is a list of some of the top features. We will be writing more about these and many other features in the coming weeks.

1. New User Interface: BCM features a completely redesigned user interface. The new UI is task oriented, and features activity dashboards, business metric gadgets, configurable tabbed views, and customizable preview panes. The User Interface is fully customizable and allows end-users to select the view elements that fit their business needs. The new UI also integrates with the Office Ribbon and the BackStage.

2. Dashboard: BCM offers a fully featured dashboard that enables users to manage their entire business and daily activities. The dashboard is fully customizable and can include a large number of sales, marketing, project management and utility gadgets. The dashboard will help users get a high level picture of their business and manage their priorities and tasks.

3. New Form Designer: BCM provides a new visual form designer that allows users to completely modify all BCM forms. Users can add up to 300 custom fields, remove fields (including default form fields) and add pages to forms. Customizations can be exported, imported, and shared across the organization.

4. Custom Entities: With BCM 2010 users can better model their business processes by defining custom “contact” and “account” type entities. For instance, healthcare companies will be able to create “doctors”, “patients”, “practices”, etc. The custom entities benefit from all business functions such as aggregating communication history, reporting, and so forth.

5. Sales Management: Business Contact Manager will allow users to define and track sales processes in an easy and straightforward manner. Users will be able to define multiple sales activities in multiple sales stages. Execution of sales activities is tracked directly on the opportunity and various dashboard gadgets and reports provide comprehensive analysis of sales status.

6. Lead Management: Business Contact Manager for Outlook 2010 helps users track their business leads and the process of converting those leads into contacts and/or business opportunities. Leads in BCM are lightweight (customizable) contacts that also include a lead score which is either manually assigned or calculated based on a set of scoring criteria. Users can set scoring criteria that makes sense in their business, helping track the quality of the lead and optimizing the sales process

7. Call List: With Business Contact Manager 2010, users will be able to manage the process of calling multiple contacts. This feature offers an easy to use user interface that takes the hassle out of tracking the calling process and analyzing its results. Call List will also provide the ability to define a call script that can be used when conducting the call, guiding the caller and providing a template for capturing responses.

8. Improved Reporting: Business Contact Manager will include enhanced business reporting. Reports will offer improved customization, sorting, and filtering, and custom reports can be defined and shared across the organization.

9. Performance & Reliability: Business Contact Manager comes with significant performance improvements.

You can also follow the Office 2010 buzz @ the social community of your choice:

• Facebook: www.facebook.com/microsoftoffice

• Twitter: www.twitter.com/office

• YouTube: www.youtube.com/officevideos

• LinkedIn: http://www.linkedin.com/groups?about=&gid=1913738&trk=anet_ug_grppro ”

Courtesy of Microsoft via Bloglines
http://blogs.msdn.com/bcm/archive/2009/07/14/business-contact-manager-for-microsoft-outlook-2010-technical-preview-released.aspx

Inside AdSense: Now offering AdSense in Google Sites

Inside AdSense: Now offering AdSense in Google Sites:

"Google Sites is a free product that simplifies the process of creating secure group websites, whether you're building a family website or a company intranet. You can publish pages with the click of a button, edit web pages like documents, and add videos, presentations, and calendars to your pages. Information is stored securely online, and you decide who can edit or view the site."

Basically these sites are somewhere in between intranets and extranets. They are not thw public web.

So, does it make sense to put ads on these in order to make a few cents off of family members, or co-workers and employees? Google thinks s, but I don't.

http://adsense.blogspot.com/2009/07/now-offering-adsense-in-google-sites.html

» Google Video search results poisoned to serve malware | Zero Day | ZDNet.com

» Google Video search results poisoned to serve malware Zero Day ZDNet.com:

"From the real-time syndication of hot Google Trends keywords, maintaining AdWords campaigns, to the plain simple blackhat search engine optimization tactics, cybercriminals are constantly looking for new ways to acquire traffic by enjoying the clean reputation of each and every Web 2.0 property. From LinkedIn, Bebo, Picasa and ImageShack, to Twitter, everyone’s targeted efficiently using automated account registration tools.

During the last couple of days, a single group involved in a countless number of blackhat SEO campaigns across the Web, started massively targeting Google Video with a campaign that has already managed to hijack approximately 400,000 search queries in order to trick users into visiting a bogus and malware serving (W32/AutoTDSS.BNA!worm) adult web site.

What’s particularly interesting about this campaign relying entirely on Google Video traffic to flourish, is that instead of sticking to the adult content in their keywords inventory, the cybercriminals have been in fact syndicating legitimate YouTube video titles from a variety of topics. Therefore, the number of legitimate videos used is proportional to the comprehensiveness of the campaign, in this case, over 400,000 search queries, a number that is increasing in real-time since they keep having their bogus content crawled by Google Video.

…Moreover, based on the fact that they maintain a portfolio of 21 publisher domains with bogus and non-existent video content currently crawled, a simple tactic that they’re using could entirely hijack a search query at Google Video. How come? By simply duplicating the content on their publisher domains, the top 5 search results for a particular video can be easily served from any of the 21 publisher domains, making it look like different sites have the same content.

The search engine results poisoning works as follows. Upon clicking, a Google Video user coming across to any content from any of their 21 publisher domains, is taken to a single redirection point (porncowboys .net/continue.php), then to the well known adult site template abused by cybercriminals (xfucked .org/video.php?genre=babes&id=7375), where the user is told that “Your Flash Version is too old. Your browser cannot play this file. Click “OK” to download and install update for Flash Video Player” and the malware is served if he’s tricked into it (trackgame .net/download/FlashPlayer.v3.181.exe)."…

http://blogs.zdnet.com/security/?p=2433&tag=nl.e539

Ten things to know about Microsoft’s Live Mesh | All about Microsoft | ZDNet.com

Ten things to know about Microsoft’s Live Mesh All about Microsoft ZDNet.com: by Mary Jo Foley

"Microsoft took the wraps off Live Mesh at 9 p.m. PDT on April 22, just ahead of the service’s official debut at the Web 2.0 Expo this week.

(Here’s a bunch of screen shots of what testers can expect to see when Microsoft kicks off its Live Mesh tech preview later this week)

Live Mesh is an ambitious initiative — a combination of a platform and a service — and one that’s been more than two years in the making, according to company officials with whom I spoke earlier this week. I’d go so far as to say Live Mesh will be Chief Software Architect Ray Ozzie’s “make it or break it” project, given Ozzie has been setting the stage for Live Mesh since October 2005, when he outlined his pie-in-the-sky goals for it (without calling it Live Mesh) in his “Internet Services Disruption” memo to the troops.

But back here on earth, what, exactly, is Live Mesh and what do developers, customers and partners need to know about it? Here are 10 things that grabbed me about Live Mesh, after distilling my notes from chatting with some of the Softies involved in bringing Live Mesh to fruition."

http://blogs.zdnet.com/microsoft/?p=1355&tag=nl.e539

Microsoft Issues Warning On Home Server - Software - IT Channel News by CRN and VARBusiness

Microsoft Issues Warning On Home Server - Software - IT Channel News by CRN and VARBusiness:

"In December Microsoft warned customers and partners that using certain applications to save files to Home Server could result in their files being corrupted. At that time, Microsoft said it the glitch affected Vista Photo Gallery, Windows Live Photo Gallery, Office OneNote 2007, Office OneNote 2003, Office Outlook 2007, Money 2007, and SyncToy 2.0 Beta.

In an updated Knowledge Base article posted Thursday, Microsoft revealed that 14 additional applications could trigger the bug, including its own Excel, Windows Media Player 11, and Zune Software, as well as Adobe Photoshop Elements, Adobe Lightroom, Apple iTunes, Mozilla Thunderbird, and WinAmp.

In the article, Microsoft said it's still trying to confirm that these apps trigger the glitch, and noted that the issue only affects Windows Home Server systems with more than one hard drive added to the server. However, until an update is available, Microsoft is recommending that users refrain from using these applications to save or to edit program-specific files that are stored on a Windows Home Server-based system."

http://www.crn.com/software/206801170

"Quis Custodiet Ipsos Custodes?"

ICANN to Probe Network Solutions` Domain Registration Policies:

Quis custodiet ipsos custodes? is a Latin phrase from the Roman poet Juvenal, variously translated as "Who will guard the guards? ...

"Questions remain.

ICANN will investigate Network Solutions’ domain registering policy in the wake of reports that the company was automatically registering domains based on user searches.

ICANN’s decision to investigate comes just as Network Solutions reportedly is changing the policy.
In a brief note to eWEEK, ICANN (Internet Corporation for Assigned Names and Numbers), the international body in charge of TLDs (top-level domain name registrants) and Internet addressing, stated that it will be looking into Network Solutions’ new policy of registering any domain name that is searched for on its site.

However, Network Solutions told ICANN about this policy change before it implemented them.

'Network Solutions informed us when they launched this process,' said Jason Keenan, ICANN's media adviser. It was only after Network Solutions quietly implemented this policy and users noticed the change and protested about it online that ICANN took note of it. Now, 'ICANN has begun looking into the matter to see if it is in compliance with the Registrar Accreditation Agreement,' said Keenan."

Who will investigate ICANN?

http://www.eweek.com/c/a/Security/ICANN-to-Probe-Network-Solutions-Domain-Registration-Policies/?kc=EWKNLENT011108STR1

eventdv.net: NewTek Offers More than 10 Hours of Free LightWave Training

eventdv.net: NewTek Offers More than 10 Hours of Free LightWave Training:

"NewTek Offers More than 10 Hours of Free LightWave Training

NewTek, Inc., manufacturer of industry-leading 3D animation and video products, today announced the availability of over 10 hours of free online training. These tutorial videos provide practical steps to accomplish a broad range of 3D projects including: general modeling, hard surface modeling, organic modeling, surfacing, texturing, animation, particles, dynamics, lighting, rendering and compositing. The tutorials created by William Vaughan, DAVE School instructor and LightWave® evangelist are freely available at: www.newtek.com/3dtutorials.

These tutorials represent the first 10 hours of an extensive series. Throughout 2008 additional tutorials will be added that cover other aspects of 3D artistry and will include tutorials specifically requested by users. "The goal is to make 3D accessible to everyone," comments William Vaughan. "There are so many amazing things you can do with LightWave, but the learning process can be a bit daunting. With these tutorials we keep it simple, direct and you can always return to them for reference."

"Truly these are all outstanding techniques. I just watched the cloth video with the shirt and the buttons and tried a few things and had great results... but all the others I've watched have been tremendously helpful as well," said Michael James, LightWave user and NewTek forum member. "And I love the way you've kept them straight to the point, my knowledge of LightWave has more than doubled since watching the tutorials. And each one of those videos has opened a world of possibilities I really never knew could be so straightforward and simple."

At $895.00 US Lightwave hardly wualifies as a tool everyone should own, but it has becaome one of the standards in professional 3D. The tutorials are worth a first second and third look.

http://www.eventdv.net/Articles/ReadArticle.aspx?ArticleID=40499

Brokers Wield Automated Tools In Battle For Online Tickets - Security - IT Channel News by CRN and VARBusiness

Brokers Wield Automated Tools In Battle For Online Tickets - Security - IT Channel News by CRN and VARBusiness:

"What do Colorado Rockies fans, music lovers, and parents with young daughters caught up in the Hannah Montana craze have in common? They've all recently endured the frustration of being unable to buy event tickets through online ticketing systems, an experience often accompanied by smashed keyboards and the shouting of expletives.

Organizations that choose to sell tickets online often do so in the interest of fair access, but industry experts say online ticketing systems have weaknesses that are easy to manipulate. By using bots, or software that automates the process of buying tickets online, brokers can buy up mass quantities of tickets and re-list them on auction sites for prices well in excess of face value.

A relatively recent wrinkle is the ability for bots to get around captchas, which commonly take the form of squiggly text strings that Websites use in online ticketing forms to prevent abuse of the system. "

http://www.crn.com/arrnl/security/202601656

63% of Malware Emerges from U.S. Sites, Report Says

63% of Malware Emerges from U.S. Sites, Report Says:

"U.S.-based Web sites hosting malware are responsible for the majority of malware distributed on the Internet, according to a report by security company Cyveillance. (PDF) The company's 'Online Financial Fraud and Identity Theft Report' found that Web surfers visiting sites based in the United States are more at risk from malware attacks and online identity theft than visitors to sites based in other countries, with more than 63 percent of malware distributed to visitors via tainted U.S.-based Web sites.

In addition, 25 percent of malware-hosting sites, where the actual binary malware files are hosted and served up, are based in the United States. China leads the way with 34 percent of malware-hosting sites, the report found.

"We believe that this is simply a case of following the money," said Todd Bransford, vice president of marketing at Cyveillance, based in Arlington, Va. "The criminals want access to the computers of U.S. citizens so they can eventually tap into their financial resources. Therefore, they distribute malware on sites visited by U.S consumers."

Malware drop sites collect sensitive and personally identifiable information; 50 percent of sush sites are hosted in the United States, the report found. The percentage surprised Bransford, who explained that researchers expected to see a higher percentage of these sites in Eastern Europe and Asia.

"Obviously, a drop site hosted in the United States can be accessed from anywhere in the world, so the high percentage of U.S.-based drop sites may be more a factor of the simplicity and level of automation afforded by U.S. service providers to criminals … with a stolen credit card number," he said.

The report includes data collected and analyzed between April 1 and June 30, 2007, based on information collected from more than 200 million unique domain name servers and 150 million unique Web sites. Some 2 million URLs were found to be distributing malware. "

http://www.eweek.com/article2/0,1895,2173456,00.asp

Blog This: » Make this an open source Christmas | Open Source | ZDNet.com

Blog This: » Make this an open source Christmas Open Source ZDNet.com

Make this an open source Christmas by ZDNet's Dana Blankenhorn -- Don't think of this as just a Christmas gift. Follow-up. Make certain this new account is serviced. See to it that workers there are trained, and that they train others. Toss in some old books on computer programming, either from your own library or from others.

Trackback URL for his post: http://blogs.zdnet.com/open-source/wp-trackback.php?p=857

Yesterday, I installed Ubuntu (Dapper Drake) in an old Dell Optiplex that had a 10 Gig hard drive and 256 Megs of Ram. My state representative Monique D.Davis bought about twenty of these boxes from a suburban Chicago School that was upgrading its network so the OS had already been removed. Some of them only have 128 Megs, so I'll either have to go with an older version of Ubuntu or use a different distribution, but I really like Drake. Haven't tried the Eft but I've put in an order for the disks at http://shipit.ubuntu.org. I'm going to have to either do a lot of downloading or use GParted and do some imaging, since for reasons unknown my last order for disks was cancelled. Maybe I should hace used the community center's address, but I had no problems ordering to my home the first time around.

Security Watch from PC Magazine - Dealing With Downloaders

Security Watch from PC Magazine - Dealing With Downloaders:

"Downloaders are very simple programs that do nothing harmful directly by themselves. Instead, they go out to other sites and download a second payload and execute it."

This article is a cautionary tale and a must read for anyone responsible for a network or server.

http://www.pcmag.com/article2/0,1895,2061213,00.asp

Dark Reading - Desktop Security - The Ten Most Dangerous Things Users Do Online - Security News Analysis

Dark Reading - Desktop Security - The Ten Most Dangerous Things Users Do Online - Security News Analysis:

"No matter how many times they train them, no matter how many classes they hold, most IT professionals still watch helplessly as end users introduce new malware because they 'just couldn’t resist looking at the attachment.' Security pros cringe as their users download software for personal use, turn off firewalls to speed up a connection, or leave their passwords stuck to their laptops.

Wouldn’t it be nice if you could give end users a list of the most dangerous things they do online every day, and then tell them why those activities are particularly risky?"

Contents:

• Page 2: Clicking on email attachments from unknown senders
• Page 3: Installing unauthorized applications
• Page 4: Turning off or disabling automated security tools
• Page 5: Opening HTML or plain-text messages from unknown senders
• Page 6: Surfing gambling, porn, or other legally-risky Websites
• Page 7: Giving out passwords, tokens, or smart cards
• Page 8: Random surfing of unknown, untrusted Websites
• Page 9: Attaching to an unknown, untrustworthy WiFi network
• Page 10: Filling out Web scripts, forms, or registration pages
• Page 11: Participating in chat rooms or social networking sites

http://www.darkreading.com/document.asp?doc_id=107771

from Security Watch in PC Magazine - Change the Privileges of an Application

Security Watch from PC Magazine - Security Tips Galore: "Change the Privileges of an Application"

"From a security standpoint, running with your user privileges as low as possible is always best. On the other hand, running as an Administrator is especially bad. But even if you supervise a network and need to do much of your work logged in as an administrator, you still shouldn't run certain dangerous applications—most prominently Internet Explorer—as Administrator.

You can drop the privileges for such applications, though, using a capability that is new in Windows XP and Windows Server 2003, but not exposed in the user interface. A Microsoft Engineer has written a program to expose the facility and also penned an explanation in his article "Browsing the Web and Reading E-mail Safely as an Administrator".

Download and install the DropMyRights.msi file, which will install both the dropmyrights.exe program, and its source code on your system"

Dropmyrights.exe is a command-line utility that takes the program you want run as its first argument. The second argument is 'N,' 'C,' or 'U.' These correspond to Normal user (the default), Constrained user, and Untrusted user. For example:

DropMyRights.exe "c:\Program Files\Internet Explorer\iexplore.exe" c

runs Internet Explorer as a constrained user. For convenience, you can create a Windows shortcut that executes the command line and give the shortcut a descriptive name like "Internet Explorer (Constrained)." You'll find details about what these user levels mean in the Microsoft article.

Voice Extention Via Internet Protocol

I only pay a dollar a month for long distance, so I haven't given up my long distance carrier. I need my landline for DSL, but, the day naked DSL comes to Chicago, I'll have to give it serious consideration.

I used to limit my long distance calls to Sundays when the rates were lowest. Then I got Skype and made calls when
I needed to talk at just 2¢s ($.02) per minute. Now I call whenever I feel like talking to anyone in the U.S or Canada, at least until December.

I make most of my calls from my laptop. It's not as convenient as a cellphone, but it works for me. Just try taking notes and doing research, while recording the call from a cell.

Googles GTalk just added voicemail capability and it works. You can send voice messages to any Gmail account whether or not they have the GTalk client. The only problem I have with it is that there isn't a Mac client, so if your in a mixed (Mac/PC) relationship you can text chat, but only one of you can send voicemail.

Yes, I know Skype offers voicemail and has clients for both platforms, but Skype's voicemail isn't free and Gmail is everywhere.

Between the two platforms even a whisper can be heard around the world.

From VARBusiness | Phishers Snare Victims With VoIP

VARBusiness Security, Convergence News Phishers Snare Victims With VoIP: "By Antone Gonsalves, TechWeb.com
Tue. Apr. 25, 2006

A security firm on Tuesday reported discovering a phishing scheme in which the scammers used spam disguised as coming from a small bank in a large East Coast city, Cloudmark Inc., a messaging security firm, said. The message asked the recipient to dial a telephone number to talk with a bank representative.

The number went to an automated voice system that asked for an account number and personal identification number, or PIN, in order to access the caller's finances. The number was obtained through a regular provider of voice over Internet protocol services"

I'd say the other shoe just dropped, wouldn't you?

The scheme is the first Cloudmark has seen using Internet telephony. An investigation showed that the scammers used open-source software called Asterisk to convert a computer into aprivate branch exchange, or PBX, running an automated phone information system. The system sounds exactly like the bank's phone tree, directing callers to extensions, according to Adam J. O’Donnell, senior research scientist at Cloudmark.

He believes it's likely the phishers were using virus-infected computers that had been converted into a botnet to take calls over the Internet.

http://www.varbusiness.com/sections/news/breakingnews.jhtml?articleId=186701129

Mozilla users warned--upgrade now | Tech News on ZDNet

Mozilla users warned--upgrade now Tech News on ZDNet:
“The Computer Emergency Readiness Team (CERT) warned on Monday that earlier versions of Firefox, and other Mozilla software based on Firefox code, contain a clutch of vulnerabilities that expose users to attack.

The Mozilla Foundation released a new version of Firefox last week, version 1.5.0.2, which it said contained fixes for several security flaws.

According to security firm Secunia, there are a total of 21 flaws in the older versions of Firefox, such as Firefox 1.5, some of which it described as critical.

CERT advises people who use Mozilla's e-mail software, Thunderbird, and the Internet application suite Seamonkey to also upgrade to the latest versions (Thunderbird 1.5 and Seamonkey 1.0.1). CERT warned that any other products based on older Mozilla components, particularly the Gecko rendering engine, may also be affected.”

Is this the end of Faith-Based web browsing?

I seriously doubt it.

http://news.zdnet.com/2100-9588_22-6062713.html?tag=nl.e589

Do You Trust Yourself? - Highly Critical IE Flaw In The Wild

Security Watch from PC Magazine - Highly Critical IE Flaw In The Wild:

"Executive Summary
Name: Critical IE Flaw: 'Vulnerability in the Way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution'
Affects: All Internet Explorer versions on all current versions of Windows

Security researchers have found and publicized a vulnerability in all current versions of Internet Explorer on Windows. The vulnerability in the handling of the 'createTextRange()' method call applied on a radio button control is easily exploitable. Exploits are already circulating and by this past weekend, malicious Web sites began to appear to compromise computers through it.

Microsoft has announced that they are testing a patch for the vulnerability. At present it is scheduled to be released on the next regularly scheduled patch day, April 11, 2006, but the company will consider an earlier release if circumstances warrant. Such circumstances would probably involve widespread exploitation."

Do you trust your own judgement?

Do you run everything in administrator mode?

Do you feel lucky?

If you trust yourself, set Active Scripting to prompt. If you click first and ask questions later, set it to disable.

This vulnerability cannot be spread through HTML e-mail except through very old versions of e-mail clients which have not been patched in at least 5 years. Current Internet Explorer-based mail clients default to a model where scripting is blocked in all messages unless this setting is changed by the user.

To be exploited, the user would have to visit an affected Web page using Internet Explorer or an IE-based application. It is likely that many of the users who will be affected by this flaw have adware on their systems which will serve them advertisements containing the flaw. Such users, already compromised by the adware, are especially vulnerable to further attacks.

Consider the fact that this zero day exploit can turn your machine into somebody else's machine…!

http://www.pcmag.com/article2/0,1895,1943175,00.asp

VM Rootkits: The Next Big Threat?

VM Rootkits: The Next Big Threat?: "By Ryan Naraine
Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system.

The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation.

Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system, according to documentation seen by eWEEK.

…

Today, anti-rootkit clean-up tools compare registry and file system API discrepancies to check for the presence of user-mode or kernel-mode rootkits, but this tactic is useless if the rootkit stores malware in a place that cannot be scanned.

"We used our proof-of concept [rootkits] to subvert Windows XP and Linux target systems and implemented four example malicious services," the researchers wrote in a technical paper describing the attack scenario.

"[We] assume the perspective of the attacker, who is trying to run malicious software and avoid detection. By assuming this perspective, we hope to help defenders understand and defend against the threat posed by a new class of rootkits," said the paper, which is co-written by researchers from the University of Michigan.

Stealth rootkits are bombarding Windows XP SP2 systems. Click here to read more.

A virtual machine is one instance of an operating system running between the hardware and the "guest" operating system. Because the VM sits on the lower layer of the operating system, it is able to control the upper layers in a stealthy way.

"[T]he side that controls the lower layer in the system has a fundamental advantage in the arms race between attackers and defenders," the researchers said.

"If the defender's security service occupies a lower layer than the malware, then that security service should be able to detect, contain and remove the malware. Conversely, if the malware occupies a lower layer than the security service, then the malware should be able to evade the security service and manipulate its execution."

The group said the SubVirt project implemented VM-based rootkits on two platforms—Linux/VMWare and Windows/VirtualPC—and was able to write malicious services without detection.

The paper describes how easy it is to get the VM-based malware on a target system.

For example, a code execution flaw could be exploited to gain root or administrator rights to manipulate the system boot sequence.

Once the rootkit is installed, it can use a separate attack operating system to deploy malware that is invisible from the perspective of the target operating system.

"Any code running within an attack OS is effectively invisible. The ability to run invisible malicious services in an attack OS gives intruders the freedom to use user-mode code with less fear of detection," the researchers said.

The group used the prototype rootkits to develop four malicious services—a phishing Web server, a keystroke logger, a service that scans the target file system for sensitive information and a defense countermeasure to defeat existing VM-detection systems.

The researchers also used the VM-based rootkits to control the way the target reboots. It could also be used to emulate system shutdowns and system sleep states.

While the prototype rootkits are theoretically offensive in nature, the researchers also discussed ways to defend against malicious use of VM. "

http://www.eweek.com/print_article2/0,1217,a=173285,00.asp