| Currently
doing the rounds via spam is an apparent promotion for Microsoft
AntiSpyware (“Download the new beta software from Microsoft
today”) comprising a copy of Microsoft’s spyware index
page with the AntiSpyware download links redirected to the attacker’s
server—ftp.pisem.net, but this most likely changes.
Should
you be unfortunate enough to download and run the linked executable,
you’ll be getting a downloader trojan controlled by 1.dns10.peterhost.ru,
installing a password sniffer that sends sensitive network traffic
to publically-accessible web sites that are currently happily
filling up with Hotmail and internet banking passwords.
So just to re-iterate what every security site says in this situation
and what Larry mentioned at the last meeting, Microsoft does not
send e-mail promoting its downloads like this, and one should
not generally click through links in e-mail, especially not to
downloadable programs.
There’s actually a worse version going around under the
guise of a BBC World news link titled “Attention !!! George
W Bush is dead”, which if clicked through goes straight
to an Internet Explorer security hole exploit. So should you be
unlucky enough to click the link with IE as your default browser
(pre-IE6 Service Pack 2, as it’s the good old ms-its/CHM
exploit) you get the same password-stealing trojan installed from
bflog.net. (Do not visit this site in IE; even the index page
currently contains an exploit.)
This trojan is of a type categorized by Symantec as PWSteal.trojan,
but a number of the domains involved are in the same areas of
the Internet as some well-known CoolWebSearch exploits. Is this
the CWS affiliate gang in action again? Certainly they have been
installing worse and worse software including at least one password
sniffer and several botnet clients recently.
The above information only goes to show how important it is to
keep your system fully updated with the latest security patches.
In the last few days Microsoft has released 8 new security patches
for Windows 2000 that I am aware of. I do not know if the same
applies to other versions
of Windows, but based on my Windows 2000 experience I would be
fairly certain that some updates are available.
If you want to check and make sure your system is up to date with
security patches the best option is to go to Microsoft.com and
follow the Windows Update link that is there. That link will take
you to the update page for your version of Windows, but be aware
if you have not done any updates for some time you could have
some very large files to download.
Derek
Ready
or not, Windows XP update is coming
Microsoft
is alerting customers that it will soon start delivering Windows
XP Service Pack 2 to all customers using Automatic Update, whether
they want it or not.
In response to requests from businesses, Microsoft last year released
a tool that allowed companies to continue using the automatic
update feature but temporarily block the security-oriented update
from downloading.
However, the grace period comes to an end on April 12. Microsoft
has posted a warning on its Web site, alerting people about the
impending deadline.
"Time is running out!" Microsoft said. "Please
note that the mechanism to temporarily disable delivery of Windows
XP SP2 is only available for a period of 240 days (eight months)
from Aug. 16, 2004. At the end of this period (after April 12,
2005), Windows XP SP2 will be delivered to all Windows XP and
Windows XP Service Pack 1 systems."
|
