Security Threat News

I have mentioned many times before of the need to update your computer Operating Systems, Anti-Virus and Anti-Spyware applications.

But I also must mention again to please update your applications as well – ESPECIALLY ADOBE PRODUCTS.

A 2009 Global Threat Report from ScanSafe, a Cisco company, shows that in the 4th quarter of 2009 80% of all web-based exploits were malicious PDFs! It’s not surprising that the PDF number is large, but this number is so large it’s hard to believe, especially in as much as Flash exploits were 18%!
Those are some frightening numbers!

PDFs and Flash are ground zero for malware on the web these days. Just by keeping up to date on your client software you can protect yourself against almost all of it.
Here is the advisory from Adobe.

Users should update to versions 9.3.1 or 8.2.1, the links to which are in the advisory. Alternatively, you can “Check for Updates” in the Help menu.

MORE CONFLICKER – CHECK FOR INFECTION

CONFLICKER UPDATE:

Symantec’s got a pretty simple (and free) tool specifically for Conficker:
Download this file on an uninfected computer, follow the steps, and you should be okay.

Or.

Doxpara Research has release a ‘scanner’ to check for conflicker infection.

Security expert Dan Kaminsky, working with the Honeynet Project’s Tillmann Werner and Felix Leder, have discovered an easier way to detect if a machine on a network is infected by Conflicker.
Dan writes:”What we’ve found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it’s infected with Conficker, and it will tell you.

Go here:
http://www.doxpara.com/
download the scanner:
http://www.doxpara.com/scs.zip
Extract to folder and run it against your workstaions and servers:
Open command window – Start>run>type ‘cmd’

Navigate to the exanded directory and ‘run’ the scanner on each individual computer.
Example:
C:\ yourdesktop \scs\scs>scs.exe 192.168.31.2
[For the admins out you can use a host file for a range of IPs]

If you are unsure of how to find your IP address.
Open up command windows – – Start>run>type ‘cmd’ then type in “ipconfig /all”
[If you don’t know how to navigate in the DOS window check this out:
http://www.online-tech-tips.com/computer-tips/how-to-use-dos-command-prompt/ ]

Update – Another way to scan:
1. Download and install Python 2.6.1: [www.python.org] [python.org]
2. Download Impacket from [oss.coresecurity.com] [coresecurity.com] (or maybe [pypi.zestsoftware.nl] [zestsoftware.nl] or some other mirror)
3. Download the scanner from [iv.cs.uni-bonn.de] [uni-bonn.de]
4. Unpack Impacket into a folder, then install Impacket from a command line with c:\python26\python setup.py install
5. Run the scanner with the command c:\python26\python scs.py [starting_ip] [ending_ip]

Conflicker Protection

The hype and realities of the Conlicker Worm.

Yes folks, this is very dangerous worm. In fact Microsoft is offering a bounty for the capture and prosecution of the author!
But once again it’s spread is caused by all the usual suspects – un-patched systems, out of date Antivirus and Antispyware software and POOR computing practices. The hype regarding the ‘Conflicker’ worm is real. But can be mitigated with a few prudent actions.
Here are all of the tasks that should be done. And when I say all, I mean ALL. Not doing one or two will leave you open to attack.

Disable ‘Autorun’For XP, 2003, Vista and Win2000.
One of the first things I do on every system I build or manage, for over 14 years, is to disable autorun, and you should too. Microsoft has some simple ‘patches’ and instructions here:
http://support.microsoft.com/kb/953252

Make sure your antivirus is up to date – run a live update DAILY.
Run a full scan NOW and at least once a week.

Make sure your anti-spyware application is up to date – run a live update DAILY.
And run a full scan NOW and at least once a week.

Make sure your Windows is up to date – run windows update at least WEEKLY (Tuesdays are the day MS releases updates)
Download and install/run the latest MS Malicious Software Removal tool RIGHT NOW!!!!:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang;=en

Use CCleaner http://www.filehippo.com/download_ccleaner/download/86e6a458e780243c3a944b66ec60b319/

to clean out temporary files at least once everyday.
I run it EVERYTIME I close my browser!

Never, ever install ‘special viewers/browser helper objects’. By that I mean if a site tells you you have to download/install a plug-in to ‘view/watch’ a particular file – YOU DON’T NEED IT!

And finally make sure you change your passwords regularly, and make sure they are ‘secure’; containing upper and lower case letters, numbers and symbols.

After you have done all of the above check out Microsoft’s Conflicker page for some more great information.
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

If you follow these steps you should be OK.
Remember most ‘hacks’ happen because of user actions – being tricked/suckered into installing the trojan or by users not keeping their protection software and operating system up to date.
Don’t become a statistic.

Good luck and safe computing.
Peace.