A new vulnerability is making the rounds, it affects Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP Service Pack 1, Microsoft Windows XP Service Pack 2, Microsoft Windows XP Professional x64 Edition, Microsoft Windows Server 2003, Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 Service Pack 1, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, Microsoft Windows Server 2003 x64 Edition, Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME).
Straight from the Microsoft Security center;
Microsoft is investigating new public reports of a vulnerability in Windows. Microsoft is also aware of the public release of detailed exploit code that could be used to exploit this vulnerability. Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the user’s system by hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site. Microsoft is aware that this vulnerability is being actively exploited.
Microsoft has determined that an attacker using this exploit would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site. In an e-mail based attack, customers would have to be persuaded to click on a link within a malicious e-mail or open an attachment that exploited the vulnerability. In both the web and email based attacks, the code would execute in the security context of the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
I do this myself and need to quit it, as does everyone. Here are the situations in which it can affect you.
In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site.
In an E-mail based attack of the current exploit, customers would have to be persuaded to click on a link within a malicious e-mail or open an attachment that exploited the vulnerability.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
By default, Internet Explorer on Windows Server 2003, on Windows Server 2003 Service Pack 1, on Windows Server 2003 with Service Pack 1 for Itanium-based Systems, and on Windows Server 2003 x64 Edition runs in a restricted mode that is known as Enhanced Security Configuration This mode mitigates this vulnerability where the e-mail vector is concerned although clicking on a link would still put users at risk. In Windows Server 2003, Microsoft Outlook Express uses plain text for reading and sending messages by default. When replying to an e-mail message that is sent in another format, the response is formatted in plain text.
Here is how Microsoft currently suggets you block this exploit, this will just keep Windows picture and fax viewer from automatically starting when an image is clicked.
Note The following steps require Administrative privileges.
To un-register Shimgvw.dll, follow these steps:
Click Start, click Run, type “regsvr32 -u %windir%\system32\shimgvw.dll” (without the quotation marks), and then click OK.
A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with ?regsvr32 %windir%\system32\shimgvw.dll? (without the quotation marks).
Click here for the article from Microsoft.
PandaLabs from Panda Software has detected files that are being shared on peer to peer networks that are supposed to contain music and videos, but really only contain adware.
PandaLabs has detected a series of files being circulated across the Internet that supposedly contain music and videos, but also contain an unwanted gift: in order to get the videos and music, users must install adware. The excuse used is that a license is needed in order to play the files, which involves agreeing to install adware. The files received by PandaLabs up until now do not actually contain any type of video or music. However, this possibility has not been ruled out. These files are detected by Panda Software as WmaDownloader.B.
“Although users are warned that adware will be installed and gives the user the opportunity to read the license agreement, it is formulated in clearly abusive terms, and also exploits the fact that few users are aware of the impact that installing this spyware program can have on their computers, as this spyware allows many other threats to get into the system,” explains Luis Corrons, director of PandaLabs. “What’s more, it is important not to forget that in the samples received by PandaLabs, the system is even more fraudulent, as there is not even a video or music file.”
An active x control is needed to install the toolbar and is displayed if the users security setting are above Low, but if the security is set too low, no warning will be displayed and the control will be installed without asking. Windows Media Palyer 9 is also needed. Source: Yahoo.com
Categories: Spyware Info Tags:
I had posted an article on Realtechnews.com about Wikipedia, and it’s credibility as a serious research tool. The man who posted the false information in one of the two Wikipedia scandals, has confessed and apologized to John Seigenthaler Sr., the former publisher of the Tennessean newspaper and founding editorial director of USA Today.
“I knew from the news that Mr. Seigenthaler was looking for who did it, and I did it, so I needed to let him know in particular that it wasn’t anyone out to get him, that it was done as a joke that went horribly, horribly wrong,” Chase was quoted as saying in Sunday editions of The Tennessean.
Chase said he didn’t know the free Internet encyclopedia called Wikipedia was used as a serious reference tool.
The biography he posted, which has since been replaced, falsely stated that Seigenthaler was linked to the Kennedy assassinations and had lived in the Soviet Union from 1971 to 1984.
Well, at least they know who did it now, hopefully, things like this won’t happen again. Mr. Seigenthaler has said that he will not pursue legal action against Mr. Chase.
In an article posted at News.com, 180 Solutions announced that they have upgraded their security to keep some of their distributors from forcing their crappy software on users.
This is so funny, it’s taken me a couple hours to actually write this. First, if they have distributors who are forcing this stuff on users computers, then you get rid of the distributors, you fix your distribution model, it would be so easy for them to figure out who is doing this stuff. If they would police thier affiliates, it would fix a lot of OUR problems.
“Today’s announcement is the culmination of many months of hard work focused on building technology that is more resistant to unauthorized, nonconsensual installations of our software,” Keith Smith, CEO and co-founder of 180solutions, said in a statement.
Must stop laughing….
In addition to launching the new Seekmo Search Assistant, which will notify 180solutions of fraudulent downloads, the company announced that it will do away with 180search Assistant, one of its more controversial products.
Everybody remember that name “Seekmo Seach Assistant”, as it will probably be the software you will see after you have been blind sided by a driveby install, hehe. And I wonder what they mean by do away with, that probably just means that they won’t be advertising it anymore, it will still be forced on your pc’s by their “affiliates” since they can’t “track” this version. Will still be seeing it five years from now I bet.
The new software from 180solutions tracks and identifies compromised distribution channels through several different sources, including customer feedback. If the data reveals a potential fraud, then the company will notify customers who may be affected and will allow them to uninstall the software with “one-click removal,” the company said in statement.
Now there is an innovation, allow the user to uninstall it with one click, if every piece of software was this easy to uninstall…. wait, most software is that easy to uninstall. Most software allows removal thru the control panel, ah well, maybe they will catch up one day, we can’t blame them, they just write the stuff….wait, we can blame them.
“This takes away the financial incentive of fraudulent downloads,” said Sean Sundwall, a spokesman for 180solutions.
Hehe, it doesn’t take away the financial incentive for 180 solutions, we’ll still be seeing this stuff for years, who are they trying to kid.
Speaking of big ugly green worms, 180 solutions has filed suit against Zone Labs, for, and I quote,
At the heart of 180solution’s suit is the assertion made by San Francisco-based Zone Labs that 180′s products try to monitor a user’s “mouse movements and keyboard strokes.”
I posted about this on the RealTechNews website and they accused me of sloppy reporting because I was talking about other things they were doing, not wether they are keylogging or not. Well, who cares? Only 180 and everyone they give a paycheck too. I have not looked at the Zone Labs product, but I am assuming when they are listed as high risk, they are automatically removed, and maybe when they aren’t flagged as high risk, they are not automatically removed. Anyone who uses the product want to tell me for sure?
Such a characterization has damaged the reputation of the products, 180solutions contends, prompting one potential business partner to postpone a deal and many of 180solutions’ users to uninstall the software, according to a copy of the suit obtained by CNET News.com.
Damages their reputation, excuse me while I finish laughing…..
Okay, how can anyone damage their reputation? Search for 180solutions and see what comes up on google and any other search engine.
The suit comes as 180solutions attempts to improve its public image and continues to take fire from anti-spyware groups, which characterize many adware products as computer-privacy time bombs.
Now, 180solutions is firing back. In the lawsuit, filed in the Superior Court of King County, Wash., last month, the company claimed that Zone Labs identified both the Zango and 180search Assistant applications, which deliver pop-up ads to users as they perform Web searches, as a “potential threat to the user’s security and/or privacy.”
They are a threat to users, they have to know where the users are going to pop up those ad’s, if they didn’t know what or where, then how would they pop up targetted ad’s?
Just look at some of the recent evidence from some of the esteemed spyware researchers, Spyware Warrior, Sunbelt and Wayne Porter. Read some of the older stuff you can find on google and you’ll see what they were like, so they’re not that much different now, they are just trying to fly under the radar. I don’t know why I am getting myself all worked up about it, I’ll just keep removing them from every pc I come in contact with, and maybe someday, somebody somewhere will finally decide this stuff is illegal and they will go away, until they come up with some other scheme to make money.
Anyway, if you ever see any pop ups on your computer that mention zango, 180solutions, search assistant, etc, then you have their programs installed and they can be removed by all of the free programs, like adaware and spybot, search and destroy.
Your computer is like this big red shiny apple, and spyware is the ugly fat green worm eying it. If the apple has no protection (insecticide) the worm will invade it, take chunks out of here and there until the apple reaches a point where it cannot be sold or eaten. It gets thrown away & destroyed.
Spyware will equate a computer to the same fate as the apple: useless and unwanted. Unfortunately, the Internet has become this field of nothing but ugly worms. Sure, there are some clear patches here and there, but for the most part if your computer has no spyware protection – it might as well be an apple left in the middle of a worm farm. Yes. It’s that bad.
It didn’t used to be that bad; however, spyware has grown ever more complicated over the years. It used to be a simple feat to rid a computer of it. However, spyware is now being packaged (bundled) into software from even the most seemingly innocuous places and companies.
For example, Sony has just landed (November, 2005) in a pot of hot-water for releasing a software package that installed a root level spyware program whereby Sony neither disclosed its installation, nor offered a means to uninstall it until the public demanded it. Many companies sadly have alternative agendas counter to their public personas.
A computer actively surfing the internet with no spyware protection will become so infected with spyware in no time that it will essentially become unusable. Try to go to Google to do a search. Nope. Try to do some shopping. Nope. Try to disconnect from the Internet. Nope, can’t do that either. Spyware will control a computer, track wherever the surfer visits, and open a nice and wide two-way door for uploading and downloading whatever data it wants.
All hope is not lost. There are some good insecticides out there to protect your shiny apple, as well as the hair on your head; because if you get a malicious spyware program on your computer, you’ll be pulling it out by the handfuls.
One of the best programs out there for preventing the installation of spyware, as well as cleaning-up spyware infected computers, is a software package from Panda Software (www.pandasoftware.com). Panda Software fully understands how spyware works, so well in fact that their Platinum Internet Security 2006 Suite won the coveted PC WORLD?s “Best Buy” title in their November 2005 magazine issue.
Panda Software went up against all the big names; Norton, McAfee, Trend Micro, and Zone Labs and walked away as the top choice. The Panda Platinum Internet Security 2006 Suite was the only one to eliminate 100% of running processes ahead of all the others. It is a surefire worm killer.
More details about the recent report as well as where and how to buy it can be located here.