PC-Armor Computer Security News Blog

Be very careful before you open .FLAC Audio Files!

US-CERT and eEye Digital Security have released a warning about a serious vulnerability with FLAC audio files that could result in remote code execution capable of installing Trojans and other malware!  The systems that are currently affected include:

• America Online
• Cog
• dBpoweramp
• FLAC
• Foobar2000
• jetAudio
• PhatBox
• Yahoo

You can read the US-CERT advisory at:

http://www.kb.cert.org/vuls/id/544656

The eEye Digital Security can be found at:

http://research.eeye.com/html/advisories/published/AD20071115.html

The estimated date for an update to patch the vulnerabilities, according to eEye Digital Security, will be around December 26, 2007. 

Be very careful before you decide to open any .FLAC files attached to an email!

Malicious PDF File Outbreak Today

There are a Couple of things worth mentioning today: The malicious Psycho Kitty eCard is still circulating, because I received one today with the subject of:

Subject: You have yet to open your ecard.

The body of the email reads, “Someone sent you this Psycho Kitty card. It is Hilarious!” and of course, there is a link the criminals want you to click that points to an IP Address.

The other notable news from today is about a PDF Malware Spam outbreak throughout the Internet.  My F-Secure Anti-virus program has a nice little feature called “Security News” and during high levels of malicious activity, a balloon will pop up by the system clock with a warning to the consumer.

Today, the balloon popped up with an F-Secure Level 2 Security Alert and it read,

“Malicious PDF files being spammed out in volume. The files have “report” themed subjects and CVE-2007-5020 exploit that they use to download further components from the net.“

As usual, F-Secure protects against this threat; but other Anti-virus program may not, so please be aware that malicious PDF files are currently being spammed and you need to be extra cautious before opening them.

Also, Make sure you have the latest version of Adobe Acrobat and Acrobat Reader, because Adobe recently released security patches to address a critical vulnerability that if exploited, could have given the attacker complete control of the infected system.

To learn more about the latest PDF Threat, visit the F-Secure advisory at:

http://www.f-secure.com/v-descs/exploit_w32_adobereader_k.shtml

Or the SANS advisory at:

http://www.f-secure.com/weblog/archives/00001303.html

Stay safe out there…cyberspace is a hostile place!

SiteKey Vulnerable to Man-in-the-Middle Attacks

M. E. Kabay wrote an interesting article titled “Pesky SiteKey problems” illustrating weaknesses in this authentication method that if exploited, would allow an attacker to steal the personal information of the victim’s account.

The beauty of this article is that is shows how volunteers were tested using the SiteKey authentication method and the outcomes of each test. If you have online accounts using a SiteKey for authentication, it would be in your best interest to read this article…it will open your eyes and possibly help you avoid a potentially disastrous mistake.

You can read the article on the Forum of Incident Response and Security Teams web site at:

http://www.first.org/newsroom/globalsecurity/97260.html

Microsoft Releases Advisory Today

There are reports of targeted attacks exploiting a vulnerability in the way Windows handles animated cursor files.

This could be a Web-based attack where an attacker hosting a Web site could integrate a Web page designed to exploit this vulnerability; the attacker could coerce a user to view a specially crafted e-mail or open an e-mail attachment; or the attacker could compromise a legitimate Web site and set it up to serve Web pages containing malicious content designed to exploit this vulnerability.

Per the usual advice, be very careful and selective when choosing which Web site(s) to visit and which e-mail messages to view and be absolutely certain e-mail attachments are legitimate and safe BEFORE you open them.

You will find the Microsoft advisory at:

http://www.microsoft.com/technet/security/advisory/935423.mspx?pf=true

If you use Vista’s Windows Mail…Be Careful when Clicking Links

ComputerWorld.com warns of a newly discovered “Exploit-for-Sale” that when launched using Windows Mail in Microsoft Vista, could infect the PC with software designed to steal identities or a backdoor Trojan horse.

You can read the story here:

The article reinforces the smart security practice of not opening e-mails from sources you do not know and not clicking links within e-mail messages.

If you use Vista, you should probably read the article.

If you use Cisco Routers for your Small Office/Home Office…READ THIS!

Cisco released an advisory February 15, 2007, warning their customers to immediately change the default user name and password on 77 of their 80 Router products.  Many people do not change these settings and if you are one of those people, you should read the following advisory:

http://www.cisco.com/warp/public/707/cisco-sr-20070215-http.shtml

Changing default user names and passwords for any device or software is not only good common sense; it is absolutely necessary in today’s Internet-connected world. 

 Protect yourself and your electronic assets and make this simple change now!

If you use a Broadband Router for your High Speed Internet…you better Change the Default Password!

There’s a new type of attack known as “Drive By Pharming” that targets weaknesses in broadband router passwords.  Obviously, if you have never changed the default password in your router, you are at the greatest risk.  How do the attackers compromise this weakness?  They simply lure unsuspecting computer users into visiting a malicious site that has JavaScript designed to allow the attackers to change the DNS settings on the router.  This in turn, redirects them to sites that are very good copies of legitimate sites, where they will be able to steal user account information.

How can you protect yourself?  Change your broadband router password every couple of months to a strong password and be careful when deciding which web sites to visit.

Strong passwords should be at least 14 characters in length and the best passwords will be random numbers, characters, and upper/lower case letters.

Have you ever wondered what a Zero-day Word Exploit Does?

There are currently FIVE Zero-day Microsoft Word Vulnerabilities and if you are one of the unfortunate people who opens an infected Word document designed to exploit one of these vulnerabilities, Symantec has created a video demonstration of what you can expect.

This is a great tutorial showing what happens and you can view it here:

This video is a great learning tool and will show you what happens IF an infected Word document is opened.

Enjoy the show!

You might want to think twice before opening Microsoft Word Attachments!

According to eEye Digital Security, there are currently three “active” Zero-Day Vulnerabilities for Microsoft Word, which are vulnerabilities that have been publicly disclosed and/or used in attacks and do not have any published vendor-supplied patches.  You can find this listing at:

http://research.eeye.com/html/alerts/zeroday/index.html

Continue reading You might want to think twice before opening Microsoft Word Attachments!…

Critical Apple QuickTime Vulnerability

2007 is starting out with quite a bang…a new Apple QuickTime player vulnerability affecting versions 7.1.3 and earlier has been discovered and you can read the details and recommended solution here: http://projects.info-pull.com/moab/MOAB-01-01-2007.html

Continue reading Critical Apple QuickTime Vulnerability…